I’m using OpenWRT v23.05.0 on an MR3020 v3 and it’s working surprisingly well for such a limited device.
I’m trying to use it for some network segmentation in my home network. Basically create a secondary isolated LAN (lab/guest) with the OpenWRT device that shares the Internet connection. And man is it kicking my behind.
I’m able to use it as an AP no problem, but I’m not able to set it up as a separate network. Any reason to add it to my DSL router’s DMZ?
The biggest issue I have is that MR3020 has a single ethernet port and I don’t know how I’m supposed to set it up in order to give it access to WAN but still be able to access the management interface.
Is this something that requires me to use VLANs?
I’d be very grateful for any help, guidance or pointing me in the right direction, because I’ve been at it for a week and I’m at the end of my rope with this one.
With one port it doesn't create a wan network by default, so the first thing to do is create a new interface named exactly wan in lower case, as that name already exists in the firewall for standard lan-wan routing. The protocol should be DHCP client. Then attach either a wifi client (for wireless connection to the uplink router and Internet) or the eth port for a wired connection. The lan device would then be either the eth port if using wireless wan, or a wireless AP if using wired wan.
By default you can't log in on the wan side, but in a home setting you could open ports 80, 443, and 22 on the wan to allow logging in from the wan network.
use eth0. But you also have to remove eth0 from the pre-defined br-lan.
Before you do any of that, you must enable wifi and connect using wifi -- once you disconnect the ethernet port from the lan, you'll be unable to reach the device if you haven't setup wifi.
It’s pretty finicky in terms of the order you need to activate the wi-fi, change the devices and IPs and finally apply settings. They need to be done in this order and one at a time otherwise you get locked out of the device and need to do another ‘firstboot’ via ssh.
Followed the advice and these are the results:
It’s progress, but not quite there. For some reason the wireless and eth0 interface share the same MAC. Not sure if that’s the way it should be.
I’m thinking this might be the issue why the WAN interface is not getting an IP from the primary router?
Reused MAC address should not matter since the two networks can't see each other at layer 2. If you look closely the MACs should be different in one bit though.
You probably don't want lan to be /8. That is claiming the entire 10.0.0.0 space.
Make sure eth0 is only attached to wan / wan6 and it is no longer in br-lan or anywhere else.
The phy0-ap0 should not be connected to the lan. Instead, the lan should be connected to the AP.
To clarify the above statement, phy0-ap0 should not appear in /etc/config/network at all. The lan interface definition should either not contain any device declarations, or it should use br-lan where br-lan is explicitly created as an empty bridge (with the bridge-empty statement).
The AP (as defined in /etc/config/wireless) has a field called network -- this will be set to lan.
