How to make getting started with configuring easier

@dlakelan You're right. I'm cloning my note from the other thread to continue the "initial setup" question here. Thanks.

@thompdre841 I love stories like this. It shows the value that OpenWrt can bring to thoughtful people even when they are new to the project.

The challenge lies in the balance between simplifying everything as much as possible (but no further) to produce a basic router that is secure, robust, and does "the things people need". Let's take @anon50098793's suggestion about a wizard to the extreme:

How few questions can we require for a "good-enough secure router" setup? I think the minimum is Login Password and Router name . Let's call it the Essential Secure Router:

  • Could the router auto-fill the SSID's based on the router name?
  • Could the device automatically determine up/download speeds to set SQM?
  • Could the router automatically configure a Guest Wi-Fi network?
  • What other settings could be automatically set in a 'basic secure router' to minimize the expertise required?
  • (Of course, the additional OpenWrt GUI or settings in /etc/... allow experts to extend the router.)

But if we could design a system where people could get a good-enough secure router running with a minimum of hassles, we would have accomplished something really important.

And to address some of the questions asked in the other topic:

Who decides which packages...? - We can decide and make a recommendation for essential packages for Recommended devices. We act as mentors in the forum every day: we answer people's questions on the forum, we know the essentials that everyone should have.

What's essential? My list includes routing, enabling both radios with sensible SSIDs and credentials, SQM for low latency, tight firewall rules for V4 & V6 (remember these are "Recommended" devices.) It would be "just a router" - but a secure one, that really worked.

What about ...? Adblock, VPN, guest network, printers, external storage, etc. We're not taking anything away from OpenWrt. If someone wants more from their router after it's up and running, they can always add those packages and configure as they do today.

Let's hash out the full list of "essential packages" here on this thread.

Finally, as @dlakelan points out above, most of the essential features are already in place/easily installed, and only require some form of "discovery" to enable/configure them to good settings.

2 Likes

To nobodies surprise, I am all for this, since it is small and potentially useful. I need to point out though, that due to the need to set the shaper rates for ip- and downlink manually, we will not be able to activate sqm by default, but it is debatable whether this policy decision is not better left to the local admin.

@moeller0, could the script/package here be used to automatically insert the required numbers (lets say with 80% of the measured speed). It's about easy config, not fine-tuning, which could be done after the initial setup if the user requires.

We can certainly activate fq_codel by default but that may already be the default... Not sure.

I'm working on a little Lua script to do monitoring of connection performance, I can imagine a push button on Luci that runs the monitor continuously for say 10 minutes while the user surfs and runs speed tests etc and then auto configs the SQM. At least here the user wouldn't need much knowledge.

The Luci script could offer a link to dslreports speed test, monitoring that for even a minute would be enough to infer a lot about the connection settings.

I'm using some MT7621 targets which have hardware NAT. Unfortunately that still isn't compatible with SQM. I am hoping that we will see hardware NAT soon on some atheros targets as well. This conflicts with SQM (unfortunately). I guess, for the "easy-setup-wizards", priority will (should) be SQM.

@dlakelan also mentioned swarms... somewhere anyway....

re-iterating....

let's say, a small selection of the community uploaded config backups.....

anonymously..... a spider can go through those...... and determine

-what settings are most commonly set
-what services are most commonly enabled

etc. etc. conversly it can see what is rarely set, so in "basic" UI mode those options aren't even shown to a user......

this then becomes an "xml" template... or whatever.... depending on the level of UI chosen.... ( basic, advanced, expert ), clicking the preset button in basic, just;

-populates the settings and show what is necessary only
-or settings that commonly vary

with that and a few of those deterministic scripts you mention....

the job is almost done....

Hi All,

drbrains Richard
March 7
@moeller0, could the script/package here be used to automatically insert the required numbers (lets say with 80% of the measured speed).

IMHO not robustly, running netperf on an underpowered router will cost noticeable amounts of CPU cycles resulting in a rather noticeable drop in measured bandwidth. Given how sensitive users are to the bandwidth sacrifice required by sqm I would advise against trying to automate this. This is a policy decision a user needs to make consciously IMHO.

It's about easy config, not fine-tuning, which could be done after the initial setup if the user requires.

This is more than just fine-tuning though...

I love your enthusiasm. But yes the idea of allowing people to voluntarily contribute some kind of summary of their configs, like metadata: how many SSIDs are they using, what modes, how many networks, what kind of WAN connection (pppoe, vlan tags, etc), what speeds, SQM, etc would be useful for understanding what people really like to use.

I agree, but I also think about the idea of iterative refinement, and making it easy for a user to start from a good starting point so fewer iterations are required. For some users a single automated iteration at a push of a button, if done well, might be ok.

My current idea is to write my little lua script, it wakes up every so often, it sends a few pings, and collects the bandwidth and cpu usage, and logs it to a sqlite database. Through time it builds up a picture of what the max speeds are, and what the cpu usage is at various speeds.

If you click a button and tell this script to run now for a while, and then run a dslreports speed test, it should collect enough information that it can estimate your real bandwidth capacity, and your CPU capacity, and provide reasonable suggested defaults for a piece_of_cake config I think.

1 Like

dlakelan Daniel Lakeland
March 7
moeller0:
that due to the need to set the shaper rates for ip- and downlink manually, we will not be able to activate sqm by default

We can certainly activate fq_codel by default but that may already be the default... Not sure.

I believe OpenWrt already defaults to fq_codel, but unless BQL is in effect and the internet link runs at the wan NICs rate this is not going to help much.

I'm working on a little Lua script to do monitoring of connection performance, I can imagine a push button on Luci that runs the monitor continuously for say 10 minutes while the user surfs and runs speed tests etc and then auto configs the SQM. At least here the user wouldn't need much knowledge.

Creating the load with another machine will help by retaining cycles for the actual shaper, so certainly a step in the right direction. Even though, it might be easier to run the speedtest manually and also manually plug in the resulting numbers into the sqm GUI, after all I strongly believe that this is a policy decision that at least should be opt-in (I assume that nobody here disagrees).

The Luci script could offer a link to dslreports speed test, monitoring that for even a minute would be enough to infer a lot about the connection settings.

There is some judgement required before accepting the test results as "sufficiently truthful" so I am not sure how well that can be automated.

P.S.: Using a leading tab for anything else than to indent a paragraph is a rather peculiar default...

I don't disagree with anything you say about the policy and opt-in, I'm optimistic that monitoring the connection on the router (which should cost at most 1% of cpu I think) would help a lot in configuring SQM. The proof will be in the pudding I think. Let's see what I can put together in the next couple days. Perhaps someone here will volunteer to test it :wink:

1 Like

+1
+1
+1

Complete agreement with @vgaetera on this one.

1 Like

It sounds like the direction where this is moving towards would be some sort of "Run Setup Wizard" button in LuCI, which will initiate something akin to those "First Run" OOBE wizards commonly found on systems e.g. Windows and macOS. Go through a guided series of screens which ask users for certain pieces of information, and then install/configure additional packages/services based on the user inputs.

1 Like

As per forum guidelines https://forum.openwrt.org/guidelines#keep-tidy:

Rather than posting “+1” or “Agreed”, use the Like button.

By the way, your triple +1 reminded me of those who were raising both hands when they get to vote :slight_smile:

1 Like

Wait, you mean you don't raise both your hands when you vote? :exploding_head:

The biggest issue I see is those who accidentally use (old) routers already severely underpowered for simple NAT/firewalling duties and expect sqm to do wonders for them will complain about their router not being able to keep up with the internet link's bandwidth. That is more of a communication issue though, and I am sure can be easily combined with your intended LUA approach, so I am all for it.

I've been putting in several hours trying to get a monitor loop going in lua today. I just got it to insert its first fake values into a DB so it's only a few string processing lines away from something someone could actually run and collect data with...

Ok, it's collecting cpu usage data and ping times no problem. I need to parse out the bandwidth / packet transfer on each device but that should be pretty easy ...

Ok it's collecting interface stats as well... I'll post some code for people to try out tomorrow.

Some thoughts I had today. I was installing something on a travel router that is rarely used, and I forgot what IP subnet I'd assigned it. in the end, I pinged ff02::1%eth0 and connected to the device on IPv6.

This made me think about the future of getting started on OpenWrt, and also reverting to factory on OpenWrt. With an out of the box ipv6 configuration, if you plug any computer with an OS made since 2002 or so into the router, it will get a ULA and immediately be able to connect to the router on some address. By default the router should advertise its ipv6 ULA as the DNS on the LAN with the router advertisements.

If that happens, http://openwrt.lan/ will work, without ever even needing to get an ipv4

Now, out of the box, the default ipv4 subnet choice of 192.168.1.0/24 conflicts with lots of things. But, IMHO we should instead of using this consistent 192.168.1.0/24 number, generate a random number 10.x.y.0/24 and use that similar to what we do for ULA. Since this will rarely be changed by the typical beginner user, we reduce the chance of conflict and confusion where people try to connect to other devices like their landlord's router or a hotel or whatever.

I don't think we need to do a lot to make this work, but I suspect mostly it would be documentation changes. Any thoughts on whether this is a good idea?

Doesn't that happen already?


$ cat /etc/resolv.conf 
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 172.xxx.yyy.1
nameserver fdxy:xxxx:yyyy::1
search xyz.example.com

Yes, at least I thought so, my point was more like, hey look we can use DNS. Also I'm not sure it does this in safe mode but I think it should.

For example can we change all the docs to encourage people to login via name rather than IP address, even in safe mode?