HOWTO: OpenWrt on the Raspberry Pi 4

Installing and Using OpenWrt
65

LilRedDog,

Thanks for your encouragement and the comments from others.

Some progress since Friday: I have AC mode working on the Pi-3B+; to speedtest.net my Mac laptop now gets download speeds or ~112Mb/sec and uploads of ~12Mb/sec over the OpenWRT/Pi-3B+ router. That's more than satisfactory for my use.

In the native install, AC mode would not activate the WiFi LAN without an
ifup lan typed in via the CLI (SSH from my Mac). I added that line to /etc/rc.local as sleep 20; ifup lan (before the "exit 0"), and now, after a delay, an OpenWRT reboot starts WiFi service reliably on the 5GHz band.

I've got the firewall set to allow connections in from my ASUS router, so I can get in from my Mac during this development phase. I'll restrict that when I connect the OpenWRT/Pi-3B+ directly to the cable modem.

I'm still finding that switching AC Mode <--> N Mode <--> Legacy Mode via LuCI isn't reliable. I have stable /etc/config files that work for each of those modes (saved the config files once I finagled them into working via CLI), but switching among them via the GUI interface results in variety of errors (generally something like "device not found", with no phy0-ap0 device listed). That's not critical for me, but I'll explore a bit more to see if I can resolve those. It appears that the GUI switching of WiFi modes carries over some parameters in the /etc/config files that that worked in one mode but not the other.

Here are the results of the commands you suggested.

Again, if anyone wants to just copy and use these /etc/config files, be sure to change the firewall settings to reflect your security situation (e.g., REJECT input from the WAN side).

% ubus call system board
{
	"kernel": "5.15.137",
	"hostname": "OpenWrt",
	"system": "ARMv8 Processor rev 4",
	"model": "Raspberry Pi 3 Model B Plus Rev 1.3",
	"board_name": "raspberrypi,3-model-b-plus",
	"rootfs_type": "ext4",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.2",
		"revision": "r23630-842932a63d",
		"target": "bcm27xx/bcm2710",
		"description": "OpenWrt 23.05.2 r23630-842932a63d"
	}
}

% cat network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'xxxx:yyyy:zzzz::/48'
	option packet_steering '1'

config device
	option name 'br-wan'
	option type 'bridge'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'
	option netmask '255.255.255.0'

config interface 'lan'
	option device 'phy0-ap0'
	option proto 'static'
	option ipaddr '10.9.8.1'
	option netmask '255.255.255.0'
	option force_link '0'

% cat wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/3f300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWRT'
	option encryption 'psk2'
	option key 'xyzzy'

% cat dhcp

config dnsmasq
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	list server '8.8.8.8'
	option sequential_ip '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'hybrid'
	option ra 'hybrid'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option force '1'

config dhcp 'wan'
	option interface 'wan'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

% cat firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option flow_offloading '1'
	option flow_offloading_hw '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'
1 Like
66

I couldn't get AC mode to start up correctly -- the device appeared to be there and active, but the "lan" interface wasn't being brought up so nothing could connect.

I fixed that by adding sleep 20; ifup lan to /etc/rc.local, and the 5GHz AC mode now starts up successfully on my Pi-3B+.

67

Prima facia: it looks like you did some wireless work and did not set the country?

68

I checked: yes, you're right. I had set it in the other two modes but missed setting it in the AC mode.

So I went back and set it, then rebooted. After the delay, WiFi came up.

So I removed the sleep 20; ifup lan from /etc/rc.local and rebooted: WiFi did not come up.

I reinstalled sleep 20; ifup lan in /etc/rc.local and rebooted; WiFi did come up.

I left the country option in /etc/config/wireless as it did no harm and should have been there, but that in itself did not fix the issue of lan not coming up on reboot. I still needed the ifup lan to get it going.

1 Like
69

It can only help and I cannot imagine a case when it does harm.

I got distracted but I need to see cat /etc/config/wireless with new setup.

70

Note that setting the country code in LuCI also sets cell_density.

# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/3f300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option country 'US'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWRT'
	option encryption 'psk2'
	option key 'xyzzy'
71

Cell density.

Just leave it alone; we all know the Pi is not going very far. :rofl:

Okay, your CLI is better than mine. I can read errors but I cannot fix or resolve them.
Hopefully someone else will look.

72

Like I see that is not quite correct but not confident to edit it.

73

Cell density.

Just leave it alone; we all know the Pi is not going very far. :rofl:

Yeah, fortunately this is just a temporary router 'til we move and it doesn't need much range.

Thanks for checking. I'm satisfied with the current AC-mode setup. Performance is more than acceptable for my purposes, and range will be fine 'til we've moved permanently.

I just found it frustrating that I couldn't get everything set up and working automatically from just the LuCI interface. I kept thinking it was something I was doing wrong, or not doing at all. But it appears that, at least on the Pi, that last little step of ifup lan is needed to really get it going automagically upon reboot, and that requires some CLI work in /etc/rc.local. Even odder that it didn't seem to be needed in N or Legacy modes, just in AC.

1 Like
74 
root@OpenWrt:~# cat /etc/rc.local
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

exit 0
root@OpenWrt:~#

My /etc/rc.local :confused:

75

Yeah, that's why my situation doesn't make sense. I found that ifup lan solution only by accident. I noticed that ifconfig showed phy0-ap0 available, but only with an IPv6 address; when I did an ifup lan, it took on the IPv4 address I had assigned to it, became "connectable" from my Mac, and assigned an IPv4 address to my Mac.

I'm pretty sure there's something in the LuCI settings that isn't right and would eliminate the need for ifup lan, but minor tweakings have only caused more trouble (various failures of the service to come up).

76

A nd that, my son, is why I do not even try IPV6... :open_hands: :wink:

77

:+1:

Do you actually disable IPv6? I haven't tried that, because I don't know what might be using it underneath it all, but I'd rather not have it running in my environment.

78

It is dead as a door nail.

You keep it running and continue to learn.

I'm recovering from a concussion and other issues from a wreck and my short term memory is not quite up to learning more programming language.
But I lurk here and learn.

79

On my testing Pi with USB WiFi as AP I just keep it as is, my home network has IPv6 because ISP is forcing me to use it, but in general since it's AP mode so WiFi bridging to ethernet and there would be no effect for IPv4 only or dual stack.

80

When you do set the country it throws an error to the log. Better to leave that at device default.

81

I have yet to be successful getting the Rp4 to work as an access point on the 2.4 Ghz band unless it's in legacy mode. If you select N and 2.4Gz it switches into 5Ghz anyway.

82

Add another instance to the Cypress radio for 2.4.
Name it something else to keep track of the two.
Then disable the 5Ghz instance and enable the 2.4 but yeah, only seems to work in legacy mode on the Cypress radio but at least it does not hop back to 5Ghz.

83

I've never seen that.
What does it look like?

84

Look carefully in the log. When it actually tries to set the country, it fails with an error.

1 Like