How to simply use OpenWRT as a normal Home Router

I have a Linksys router with 4 LAN interface and 1 WAN interface.
I just want to configure it to behave like a normal home router where

  1. WAN interface connects to Telcom Modem using PPPoE
  2. all 4 LAN interfaces would be issuing IP address via DHCP serer. Those LAN interfaces could be connecting to Endpoints or another access switch to extend network.

In past few weeks, I have spent a lot of time and reviewed Openwrt.org official documents (including DSA as I am using version 22) for at least 5 times, and tons of tutorials and videos on YouTube about how to configure it. I am still very confused despite I was a CCNP certified engineer though not familiar with Linux.

Can anyone share a comprehensive and insightful enough book or tutorial which could clear all confusions in a single place?

I have bridged LAN1~4 into lan-br device, bind "interface" WAN to "device" WAN with PPPoE configured, Configured static IP and Enabled DHCP on "interface" LAN. I enabled and created Wireless SSID, though not bridged to lan-br device.
When I connect my cellphone to this wireless SSID, it can surf internet. but I am confused, how could the wireless know that the traffic needs to be routed to WAN interface ???

The default configuration should do exactly that. What were the issues with the defaults that you needed to change?

3 Likes

lan->wan forwarding (with NAT for IPv4) is built into the default firewall configuration.

WiFi APs are attached to a network in the wireless config. Specifying 'lan' as the network will find the lan network is a bridge and add the AP to that bridge. WiFi interfaces should never be referenced directly in the network section.

What you describe is the default configuration, except for enabling an AP and changing the wan protocol from static to pppoe. Everything else can be left at defaults.

1 Like

The default is a good starting point. But from the Luci interface, all you'd have to do is go to Network, Wireless and change the radio(s) to use the SSID and password you want for wifi. It's as simple as that. You plug in your cable modem to the wan port and your lan ports to connect wired devices. Don't over complicate it right away. As you learn more you can tweak things to optimize things and speed it up a little.

2 Likes

The firewall tells it.

Green is behind the firewall, Red beyond the firewall; regardless the name.

firewall

1 Like

Honestly, I was not even know what are the default configuration.. let me go to /etc/config/network, and find out what exactly are the default configuration..
However, my current config comes from my manual config, hence it was not default config anymore. is that a way to restore default config ?

firstboot -y && reboot

2 Likes

you are right that I was over complicating it.. I was trying to do manual config to align with below table from OpenWRT official document

So, above table is actually the default config which was already configured without any end user intervention ?

1 Like

Yes, although the specifics of the interface names and switch configs are examples, as OpenWrt covers a broad variety of devices.

Yes, the default configuration is setup for the typical case of a home router. It requires no changes except for:

  • wireless (if applicable and desired):
    • set the SSID, encryption type, passphrase, and then enable the radio
  • wan connection method (if not DHCP)
    • by default it is DHCP, but some users may need to change it to PPPoE and add the credentials, or use static IP (rare) with information provided by the ISP.

In general, the rest is optional and/or advanced.

4 Likes
  • the correct country code (on both radios).
7 Likes

@slh - Yes.... I'm surprised I forgot to mention that. Thanks for adding it.

1 Like

I executed the command firstboot -y&&restart to rollback to default configuration, However, when I check the default network configuration file (/etc/config/network), I did not see any config that bridges the br-lan with wireless network as per we expected and below architecture topology.

Please see below for the default network config:

root@OpenWrt:/# cd etc/config/
root@OpenWrt:/etc/config# ls
dhcp      dropbear  firewall  luci      network   rpcd      system    ubootenv  ucitrack  uhttpd    wireless
root@OpenWrt:/etc/config# vi network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fddc:2c7a:dbc8::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'wan'
        option macaddr 'c2:56:27:7b:fe:b7'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

You need to check /etc/config/wireless

2 Likes

I executed the command firstboot -y&&restart to rollback to default configuration, However, when I check the default firewall configuration file (/etc/config/firewall), I did not see any config that setting up the default route from LAN to WAN for internet surfing. Plus I am confused why default config already has http 80 / ssh 22 remapped, and why those specific IPs are pre-configured (192.168.45.2, 194.25.2.129).

Please see below for the default firewall config;

root@OpenWrt:/# cd etc/config/
root@OpenWrt:/etc/config# ls
dhcp      dropbear  firewall  luci      network   rpcd      system    ubootenv  ucitrack  uhttpd    wireless
root@OpenWrt:/etc/config# vi firewall
#config rule
#       option src              lan
#       option proto    ICMP
#       option target   DROP

# port redirect port coming in on wan to lan
#config redirect
#       option src                      wan
#       option src_dport        80
#       option dest                     lan
#       option dest_ip          192.168.16.235
#       option dest_port        80
#       option proto            tcp

# port redirect of remapped ssh port (22001) on wan
#config redirect
#       option src              wan
#       option src_dport        22001
#       option dest             lan
#       option dest_port        22
#       option proto            tcp

### FULL CONFIG SECTIONS
#config rule
#       option src              lan
#       option src_ip   192.168.45.2
#       option src_mac  00:11:22:33:44:55
#       option src_port 80
#       option dest             wan
#       option dest_ip  194.25.2.129
#       option dest_port        120
#       option proto    tcp
#       option target   REJECT

#config redirect
#       option src              lan
#       option src_ip   192.168.45.2
#       option src_mac  00:11:22:33:44:55
#       option src_port         1024
#       option src_dport        80
#       option dest_ip  194.25.2.129
#       option dest_port        120
#       option proto    tcp
- firewall 189/189 100%

That's missing a substantial amount of the file. Please use the cat command rather than vi. Then copy and paste the full output.

2 Likes

thanks for pointing out, wireless config is as below, I am confused about option network lan. I understand that we have lan configured as interface in etc/config/network, I did not see anywhere lan was defined as a Network ?

root@OpenWrt:~# cd /etc/config/
root@OpenWrt:/etc/config# ls
dhcp      dropbear  firewall  luci      network   rpcd      system    ubootenv  ucitrack  uhttpd    wireless
root@OpenWrt:/etc/config# vi wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option disabled '1'
        option country 'CN'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'
        option macaddr 'c0:56:27:7b:fe:b9'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'
        option country 'CN'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'
        option macaddr 'c0:56:27:7b:fe:b8'

~

Interface and network mean pretty much the same thing for most OpenWRT-related situations. Having a config interface 'lan' section in the network config file means you have a lan network on the router.

1 Like

The section of the firewall config that you quoted are examples of what can be done. Those configs are not active as they are commented out by hash signs at the beginning of the line.

If you run brctl show you will see that the wireless AP is indeed in the bridge with the LAN ports. The way it got there is convoluted especially since DSA is involved, meaning that the LAN bridge is a combination of hardware and software L2 switching. But to the user, the single option network lan in the AP's section of the wifi config is all that is needed to connect it to the lan network.

And interface sort of means a network, most of the time. This syntax could be clearer.

1 Like

Hmmm,
It is here:

config forwarding
option src 'lan'
option dest 'wan'

In the firewall config.

1 Like

Ok, then it seems that, in OpenWRT, interface name and network name is interchangable. This is surprising me as it is clear, from basic network knowledge perspective, that interface & network are completely different things.

If this is something unique in OpenWRT (though a bit wired, and not that easy to understand), I will simply just keep it in mind despite it makes me feel that OpenWRT terminologies are not prudently defined.