I bought a Netgear WAC104 to put OpenWRT on so I would have an access point that would run OpenVPN for NordVPN. I did not realize it didn't have a WAN port, or how much trouble it would cause.
I got OpenWrt installed, an alternate static IP address set up, (and reserved that IP address in the main router.) and turned of DHCP. To get the WAC104 to get the software list, I had to make a LAN interface a DHCP client on LAN1 Port and connected to it through the main router. But I got an error, which had a solution of turning off a service, but I was unable to find where to turn that service off. The last think I tried was adding another Interface, using the br-lan so that I could connect using the ethernet and wifi now that I enabled it. But that stopped me getting the package list, and connecting from the main server. (But I can connect using LAN4 and I have internet.)
The software for OpenWrt is:
[Powered by LuCI openwrt-21.02 branch (git-21.231.26241-422c175) / OpenWrt 21.02.0 r16279-5cc0535800
So my question is:
What is the best way to configure the interfaces since I do not have a WAN port, so that the WAC104 gets internet from the main router (both to install OpenVPN, and use it with NordVPN afterwards on all connected ports (LAN2-4 and WLAN's)
Or should I just flash back the original firmware and return it, and get something better to work with. (This was $39.99 at Amazon.
Any help would be appreciated. I have spent 8-10 hours today just getting this far.
So, at the moment, I have 2 network Interfaces, LAN (Which is green) which is LAN1 port and set at as DHCP client, and one I call VPNLan that uses br-lan and has just a static IP with the DHCP server turned off.
So you are suggesting that I put them back to in network interface, and have it set up as DHCP client, (Which I have the MAC address set in the main router to have a reserved IP address so I can always get to the AP.) right?
Thanks for the help.
Well, I was able to get the router set up where it was working, and was following the instructions for the VPN and got this error, "Insufficient permissions to read UCI configuration." The only fix I found was the ssh into the router and follow the manual directions. The problem is when I got the setting up the DNS, where they want you to set up the DNS on the WAN port, which I do not have.
So I tried separating LAN1 to be a WAN port which looked like it worked, but then the firewall kicked in and I couldn't get into the router again. and the br-lan didn't have DHCP setup. So I tried manually configuring my computer with an IP address on the network, and while I could "connect" to the router, it constantly timed out.
I had to FR the AC to get back in, and will go through the setup again. I'll look to see if in the dhcp-client settings if I can put in a different DNS, but does that overwrite any device that connects to the AP? And how do I set up the firewall for the 'tun0'? The expression looks like it only is on when the firewall is on a device. But since I have no WAN port, the firewall never is on, so it will not be on with the VPN.
Thanks again for all the help.
O.K. I was successful in installing OpenWrt on my WAC104 and connected a NordVPN to it. I followed the directions at NordVPN for OpenWrt that required using ssh from a command line line in windows, (or a terminal in Linux or Mac), and Winscp portable (As I was on a windows 10 computer today.). FYI- You must change the "File protocol" from the default SFTP to "SCP". The Winscp program also allows you to edit files by double clicking on the text file, and you can create new files by right clicking and selecting "New" then "File".
The page was named, "OpenWRT CI setup with NordVPN" and a special note was on the page,
"NordVPN would like to thank @ulmwind, an active member of the OpenWRT community, for his continuous assistance in providing us with up-to-date OpenWRT instructions."
And I want to thank @frollic with his help that got me into the WAC104. I was about to give up before frollic's help.
My notes on installation for anyone else:
Downloaded the openwrt-21.02.0***factory.bin from Openwrt and installed using Netgear's firmware update program. Worked like a charm.
Connected computer by Ethernet cable and connected to 192.168.1.1 and went into LuCi. I changed the LAN settings from Network-Interfaces from Static to DHCP Client. IF all you want is for the WAC104 to be an access point you are set. Reboot the access point, and I reserved the IP address in the main router, so the admin page for the access point stayed the same. Don't forget to configure and turn on your WIFI if you want it.
I wanted to use it for a VPN access point. So anyone connecting to it by Ethernet or WIFI would be using a NordVPN VPN using OpenVPN. But to do that, you need a WAN connection. So, I added in Network-Interfaces another interface called "wan" (Yes, lowercase is important.) and connected "LAN1" to it. I also changed the LAN interface from "br-lan" to "LAN4". (Because my computer was connected into LAN4. I also had to change the DHCP settings because my main router also used the 192.168.1.1 network.)
After rebooting the router, I was able to get in again and with WinSCP, I went to /etc/config and opened the file "network". in config device option name 'br-lan' I removed the "list ports 'lan1'" and saved the file. I then went back into LuCi and changed the "lan" interface from "LAN4" back to "br-lan" so it included all of the other LAN ports. After that I configured the WIFI and they were added to the "lan" interface.
From there, I followed the NordVPN directions using the command line. LuCi kept giving an error for editing some files, which is a known bug. I tried in LuCi when I configured the DHCP to put the custom DNS entries in, but it didn't look like it was working, so I added the DNS to the WAN device like the directions said. Also, the command "uci del network.wan.dns" gave an error, but that was because there was no WAN DNS in the network file, so it could not be removed.
If anything else comes up, I will post an update, but I hope this helps anyone else trying to put OpenWrt on an Access Point that doesn't have a WAN port.
It isn't necessary to go to the CLI there, that operation can be done in LuCI on the 'bridge' tab.
Before reconfiguring Ethernet ports, it's a good idea to start up a wifi AP and log into the router via wifi. Then you won't lose access if the Ethernet config is wrong.