How to make getting started with configuring easier

dlakelan · March 2, 2019, 4:35pm

It's possible to make an opinionated default that works well and offers more security and features by default, but this still doesn't mean you can get away from all the many questions we see here on the forum asking how to configure unusual use cases:

connect to my Android phone to get a wwan
Cascade a separate router to provide a subnet for my roommate which has no access to my LAN
put my business servers on a DMZ
distribute internet connection from my house to my 4 rural neighbors who have no connection over wireless bridge links...
put my kids on a separate wired network with a squid proxy that limits access by time of day and has a blacklist of sites.

Etc etc. An expert system would be a good thing. Who is going to do this work is a separate question. I've seen a lot stupider stuff get Kickstarter funded...

fantom-x · March 2, 2019, 4:43pm

It is not possible to save the world all at once and these usecases are on the advanced side while the simplest one is not solved yet.

dlakelan · March 2, 2019, 4:47pm

A tool that condenses some knowledge to make it easier to do these things will also make solving the simple default case trivial. I agree we can't solve the world's problems all at once, but I think how many peoples problems get solved by people asking in the forum and getting guided through a few steps, less than 10, and the vast majority of longer threads the person didn't do what was asked or similar, most of what we do in the forum is automatable at the right level of automation.

fantom-x · March 2, 2019, 6:08pm

I do not think that this advanced capability should be a part of the default simple setup, but it is a good next step for a non standard use case.

dlakelan · March 2, 2019, 6:14pm

Right I actually think it's a network wide config idea so it's something that can live elsewhere than the router itself. It could be put on the router but doesn't need to be.

fantom-x · March 2, 2019, 6:42pm

One thing that most are missing in these discussions is that we are not forever and one day we all will fail to pass a bus test or something similar.
We can keep on building very complicated and secure setups that no one else has the knowledge to support or even has access to our passwords to login into the devices.
Then one day all of sudden someone else has to take over and what do you think is gonna happen? All the equipment becomes inaccessible and gets replaced with an off the shelf router
So it all has to be simple.

vgaetera · March 2, 2019, 6:49pm

I think this assumption is a bit stretched, unless many vendors begin officially support OpenWrt with LuCI, preinstalling it on the significant number of devices.

dlakelan · March 2, 2019, 7:52pm

I think we should assume a person who is not a network engineer or Linux specialist but at least knows say the difference between TCP and UDP and knows the difference between an Ethernet Jack and a telephone jack, and can distinguish between an internet service provider and Facebook or Twitter. Etc

vgaetera · March 2, 2019, 8:29pm

Non-technical audience doesn't even care what firmware their router runs.
The person you described should be able to follow guides and use forum if he faces an issue.
If he can't, most likely our documentation quality is not good enough and we should improve it.

fantom-x · March 2, 2019, 8:30pm

In my experience the best one to use as an example of how to do it mostly right is Peplink Pepwave Surf Soho MK3 Router. I would be seriously considering it if it had SQM support. It is limited to 120Mbts and that is the router I would recommend to any non-technical person.

Hegabo · March 2, 2019, 8:49pm

How about the idea of having a "wizard" that will take user requirements, download the packages and build the image?

I understand it's a big job, and could be a bit more complicated for Windows users, but that could make it a lot easier to new users, at least for the most popular features for a basic user (USB support, miniDLNA, SMB, repeater mode etc) so the out-of-the-box functionality isn't missing anything that's included in mid-range routers stock.

Talking form personal experience, when I first flashed OpenWrt few mnoths ago, I found out that I need to download a package for DLNA, another for SMB, struggle with USB and NTFS support (and some wiki page suggest that I need to re-format the disk), so I thought that's not for me. That happened although I have some background in programming and basic knowledge of Linux.

dlakelan · March 7, 2019, 4:30am

@richb-hanover-priv and @fantom-x and @drbrains following on here from the conversation around Maintaining an OpenWrt Router

Instead of asking questions and "auto-configuring" could we maybe have more "discovery" in LuCI? ie. we could ask very informal questions, like "Do you want a separate wifi network for guests and friends?" and "Do you want to share files with other computers from the router?" and blablabla, and then make a list of recommended packages with some descriptions of them and links to howtos?

I think this would not require that much development work as it doesn't try to do all that much except ask questions and identify packages to educate the user about their existence or usefulness or function.

Also, I think SQM should be pre-installed on all images, it's basically an essential feature of a router in my biased opinion, and it's not that big, 20-25kB?

richb-hanover-priv · March 7, 2019, 1:36pm

@dlakelan You're right. I'm cloning my note from the other thread to continue the "initial setup" question here. Thanks.

@thompdre841 I love stories like this. It shows the value that OpenWrt can bring to thoughtful people even when they are new to the project.

The challenge lies in the balance between simplifying everything as much as possible (but no further) to produce a basic router that is secure, robust, and does "the things people need". Let's take @anon50098793's suggestion about a wizard to the extreme:

How few questions can we require for a "good-enough secure router" setup? I think the minimum is Login Password and Router name . Let's call it the Essential Secure Router:

Could the router auto-fill the SSID's based on the router name?

Could the device automatically determine up/download speeds to set SQM?

Could the router automatically configure a Guest Wi-Fi network?

What other settings could be automatically set in a 'basic secure router' to minimize the expertise required?

(Of course, the additional OpenWrt GUI or settings in /etc/... allow experts to extend the router.)

But if we could design a system where people could get a good-enough secure router running with a minimum of hassles, we would have accomplished something really important.

And to address some of the questions asked in the other topic:

Who decides which packages...? - We can decide and make a recommendation for essential packages for Recommended devices. We act as mentors in the forum every day: we answer people's questions on the forum, we know the essentials that everyone should have.

What's essential? My list includes routing, enabling both radios with sensible SSIDs and credentials, SQM for low latency, tight firewall rules for V4 & V6 (remember these are "Recommended" devices.) It would be "just a router" - but a secure one, that really worked.

What about ...? Adblock, VPN, guest network, printers, external storage, etc. We're not taking anything away from OpenWrt. If someone wants more from their router after it's up and running, they can always add those packages and configure as they do today.

Let's hash out the full list of "essential packages" here on this thread.

Finally, as @dlakelan points out above, most of the essential features are already in place/easily installed, and only require some form of "discovery" to enable/configure them to good settings.

moeller0 · March 7, 2019, 2:30pm

To nobodies surprise, I am all for this, since it is small and potentially useful. I need to point out though, that due to the need to set the shaper rates for ip- and downlink manually, we will not be able to activate sqm by default, but it is debatable whether this policy decision is not better left to the local admin.

drbrains · March 7, 2019, 2:37pm

@moeller0, could the script/package here be used to automatically insert the required numbers (lets say with 80% of the measured speed). It's about easy config, not fine-tuning, which could be done after the initial setup if the user requires.

dlakelan · March 7, 2019, 2:37pm

We can certainly activate fq_codel by default but that may already be the default... Not sure.

I'm working on a little Lua script to do monitoring of connection performance, I can imagine a push button on Luci that runs the monitor continuously for say 10 minutes while the user surfs and runs speed tests etc and then auto configs the SQM. At least here the user wouldn't need much knowledge.

The Luci script could offer a link to dslreports speed test, monitoring that for even a minute would be enough to infer a lot about the connection settings.

drbrains · March 7, 2019, 2:47pm

I'm using some MT7621 targets which have hardware NAT. Unfortunately that still isn't compatible with SQM. I am hoping that we will see hardware NAT soon on some atheros targets as well. This conflicts with SQM (unfortunately). I guess, for the "easy-setup-wizards", priority will (should) be SQM.

anon50098793 · March 7, 2019, 2:59pm

@dlakelan also mentioned swarms... somewhere anyway....

re-iterating....

let's say, a small selection of the community uploaded config backups.....

anonymously..... a spider can go through those...... and determine

-what settings are most commonly set
-what services are most commonly enabled

etc. etc. conversly it can see what is rarely set, so in "basic" UI mode those options aren't even shown to a user......

this then becomes an "xml" template... or whatever.... depending on the level of UI chosen.... ( basic, advanced, expert ), clicking the preset button in basic, just;

-populates the settings and show what is necessary only
-or settings that commonly vary

with that and a few of those deterministic scripts you mention....

the job is almost done....

moeller0 · March 7, 2019, 3:41pm

Hi All,

drbrains Richard
March 7
@moeller0, could the script/package here be used to automatically insert the required numbers (lets say with 80% of the measured speed).

IMHO not robustly, running netperf on an underpowered router will cost noticeable amounts of CPU cycles resulting in a rather noticeable drop in measured bandwidth. Given how sensitive users are to the bandwidth sacrifice required by sqm I would advise against trying to automate this. This is a policy decision a user needs to make consciously IMHO.

It's about easy config, not fine-tuning, which could be done after the initial setup if the user requires.

This is more than just fine-tuning though...

dlakelan · March 7, 2019, 3:56pm

I love your enthusiasm. But yes the idea of allowing people to voluntarily contribute some kind of summary of their configs, like metadata: how many SSIDs are they using, what modes, how many networks, what kind of WAN connection (pppoe, vlan tags, etc), what speeds, SQM, etc would be useful for understanding what people really like to use.