How Well Does the Linksys EA6350v3 Work With OpenWrt?

NoTengoBattery · November 7, 2019, 2:25pm

Yes.
Beware that the configuration needs to be done manually (LuCI does not work) and that a mistake will render the device unusable till it's restored to factory.

jeff · November 7, 2019, 4:39pm

Not quite as scary as having to re-flash, as failsafe and restoring network defaults will get you back. However, your config should not touch VLANs 1 or 2 and, at least with the similar IPQ4019 in the EA8300, bridging the same VLAN across the “Internet” port and one or more of the “LAN” ports has “challenges”.

I trunk multiple VLANs on my EA8300s in my configurations.

willowen100 · November 7, 2019, 5:23pm

What physical port can be used as the trunk?

willowen100 · November 7, 2019, 5:30pm

Would you mind sharing your VLAN config (etc/config/network) please so I can see how you've setup the four LAN segments? If you don't mind sharing it don't forget to scrub any personal information.

Many thanks in advance

jeff · November 7, 2019, 6:00pm

Both/any can be used.

The problem seems to be that a bridge over the two sets, "Internet" port and the "LAN" ports, doesn't ARP properly. While I haven't dug into it yet, I believe it is due to there being two MACs involved, one for the "Internet" port and one for the "LAN" ports. My guess is that the bridge master responds to the ARP, which ends up being "wrong" for the other set.

willowen100 · November 7, 2019, 6:18pm

I noticed you used the WAN (internet port) as the trunk.

Essentially if I left the WAN port as tagged across two VLANs such as 5 and 10 tagged to the CPU (eth0) and then bridged the interfaces to these VLANs e.g. eth0.5 and eth0.10 that should work right?

NoTengoBattery · November 7, 2019, 7:35pm

No, because eth0 is LAN.

eginnc · November 8, 2019, 2:33am

My network configs follow. Nothing too fancy. I've not sorted out the VPN VLAN yet on the main router-the network file includes a work in progress Wireguard setup for now. MAC addresses and public keys have been replaced with blah.blah.blah.blah - probably unnecessary, and the exercise reminded me I should change the static IP's of my network to less uncommon, but still uncommon, addresses to thwart fingerprinting. So thanks for that.

My home set-up consists of a bridged modem feeding a main Edgerouter X that runs DNS and DHCP for all the VLANs. The Edgerouter ports have the home security system and two wired lines carrying the VLANs to AP's on the first and second floors of our house plugged into them. The Edgerouter X network file follows first for context, followed by the EA6350v3 network file:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix '2606:ed00:2:5910::/64'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '10.10.10.1'
	option ip6hint '0'

config device 'lan_dev'
	option name 'eth0.1'
	option macaddr 'blah.blah.blah.blah'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'
	option peerdns '0'
	option dns '1.1.1.1 9.9.9.9'

config device 'wan_dev'
	option name 'eth0.2'
	option macaddr 'blah.blah.blah.blah'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	option dns '2606:4700:4700::1111 2620:fe::fe'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '1 2 3 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0 6t'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '1t 2t 6t'
	option vid '10'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option ports '1t 2t 6t'
	option vid '20'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option ports '1t 2t 6t'
	option vid '30'

config switch_vlan
	option device 'switch0'
	option vlan '6'
	option vid '40'
	option ports '1t 2t 4 6t'

config interface 'GST'
	option proto 'static'
	option ifname 'eth0.20'
	option ipaddr '10.10.12.1'
	option netmask '255.255.255.0'

config interface 'IOT'
	option proto 'static'
	option ifname 'eth0.30'
	option ipaddr '10.10.13.1'
	option netmask '255.255.255.0'

config interface 'SEC'
	option proto 'static'
	option ifname 'eth0.40'
	option ipaddr '10.10.14.1'
	option netmask '255.255.255.0'

config wireguard_WRG
	option public_key 'blah.blah.blah.blah='
	list allowed_ips '0.0.0.0/0'
	list allowed_ips '::/0'
	option route_allowed_ips '1'
	option endpoint_host 'us1.wg.azirevpn.net'
	option endpoint_port '51820'

config interface 'VPN'
	option ifname 'eth0.10'
	option proto 'static'
	option ipaddr '10.10.11.1'
	option netmask '255.255.255.0'

and the EA6350v3 network file:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd4:d633:48ed::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '10.10.10.1'
	option ipaddr '10.10.10.2'
	option ip6hint '0'

config device 'lan_dev'
	option name 'eth0'
	option macaddr 'blah.blah.blah.blah'

config interface 'wan'
	option ifname 'eth1'
	option proto 'dhcp'
	option auto '0'

config device 'wan_dev'
	option name 'eth1'
	option macaddr 'blah.blah.blah.blah'

config interface 'wan6'
	option ifname 'eth1'
	option proto 'dhcpv6'
	option auto '0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 0'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t 1t'
	option vid '10'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option ports '0t 1t'
	option vid '20'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option ports '0t 1t 4'
	option vid '30'

config switch_vlan
	option device 'switch0'
	option vlan '6'
	option ports '0t 1t'
	option vid '40'

config interface 'GST'
	option proto 'dhcp'
	option ifname 'eth0.20'
	option type 'bridge'

config interface 'IOT'
	option proto 'dhcp'
	option ifname 'eth0.30'

willowen100 · November 9, 2019, 8:54pm

Thanks for that. I will have a look over so that I can digest it and work it out in my head; I usually work with LuCI so looking at the VLAN section straight from a config file won't click straight away.

willowen100 · November 9, 2019, 8:56pm

Does anyone know if I can compile my own firmware for this router or is it a case of using the snapshot or 19.07.0-rc1 builds at the moment?

jeff · November 9, 2019, 9:12pm

It's been on master for a long time, so if you want to build from source, take your pick of openwrt-19.07 or master. You might want to look at

$ git log --pretty=oneline --grep ipq40xx master ^openwrt-19.07

to help you decide.

Borromini · November 9, 2019, 9:17pm

Of course you can; you always can. If you're just after including extra packages though, you might want to take a look at the image builder instead of the buildroot.

NoTengoBattery · November 9, 2019, 9:27pm

Since looking for building a firmware yourself and because you're planning to use vlan... You might want to check this.

Borromini · November 9, 2019, 9:32pm

Is there a chance of getting this upstreamed? I think you were instrumental in adding device support into OpenWrt?

NoTengoBattery · November 9, 2019, 9:38pm

Well, Christian Lampeter, the guy who made the commit (I did the patch and fixed the detection script which he forgot to do) indeed had authority to upstream the patch by himself. However, he didn't do.
Mostly because it fixes most of the ipq4018 devices but breaks most of the ipq4019.
In such a case, we have to wait not for OpenWrt but for the Linux kernel. Thy must have to find a way to fix it in a future kernel.

Or, as I did, apply an ad-hoc patch for your particular target.

willowen100 · November 9, 2019, 11:14pm

Is there a way I can execute this script on a pre-built image?

P.S. Is there a switch layout for this router so I know what each internal port corresponds to the physical port? If so would it be worth adding to the device Table of Hardware page found here?

Borromini · November 9, 2019, 11:32pm

No, you need to patch driver code (which you then compile) and the DTS.

willowen100 · November 9, 2019, 11:39pm

I've only ever used the image builder several times often placing pre-configured files in the files directory so that they get baked into the firmware. Is what you're mentioning easy to do? I have modified the MWLWIFI code to use the latest commit before. Is it similar?

NoTengoBattery · November 9, 2019, 11:43pm

It would be easier to just use the prebuilt with the patch... Or if you want, to configure the switch from the command line.
Anyway, patching and building a kernel it's not the same as using the image builder. Why? Because the patched is applied to the kernel source code, not to the kernel executable. You'll need to build a custom image from source.

willowen100 · November 9, 2019, 11:47pm

I'm willing to try both. Does the patch fix LuCI? Failing that with some guidance on the VLAN setup I'm happy to configure it through the backend.

I'm just trying to reverse engineer eginnc's /etc/config/network file to see what port they used for the trunk line.

UPDATE
From looking over the config port 1 is tagged option ports '1t' across all of the VLANs. Port 0 I assume is the CPU for the software VLANs and if WAN port was listed we would have 6 options rather 5?