Looking to implement OpenWrt into my network...need some basic help


#1

So Ive been running into annoyances with comcast and a decently shitty modem/router/ap combo (bought independent from them). The model number for this is TC-W7960. It has the option to act as a bridge device which is my plan. I have a linksys wrt 1900ac running openwrt (recent update). Theres so many options its a little overwhelming even for my technical mind. Is there a guide/checklist? Obviously WAN,Lan,DHCP,DNS and a firewall need to be setup/running. Is it setup sorta out of the box for this (besides user specific variables?) Or if someone has a guide? End goal is to have shitty modem/router/ap combo be a basic device while the wrt1900ac does all the hard work


#2

Your biggest challenge will likely be getting your modem and Comcast to cooperate. As I recall, there was a lot of rebooting, power-cycling the modem, and just waiting things out until my Arris modems would enter "pass-through" or "bridged" or "transparent" mode, whatever your modem night call it.

Past that, yes, OpenWrt should come up nicely and, with a "release" ROM (such as 18.06.1, in contrast to a "snapshot"), your wired connection to the router's LAN ports will let you configure and enable the wireless (wpa2+ccmp very strongly suggested), as well as change your LAN subnet. Past that, there probably isn't much you need to do to get up and running until you figure out just what you want to change.

Here's a link to the top of the documentation https://openwrt.org/docs/start


#3

Il take a look at ccmp never heard of it before but given the recent wifi cracking news I should. Mind providing a example of changing the lan subnet? Do you mean have lan on 192.168.1.1 and wlan on 192.168.2.1 etc (my mind seems to understand things best when provided with examples)?

On a second note, the modem already works find as the default networking device. Not sure about the bridged mode it has though.


#4

Yes, anything less than wpa2+ccmp (also known as wpa2+aes) is not longer considered "best practice" and virtually all of the devices that don't support modern encryption are either long dead, or long overdue for retirement (say 10 years or so).

You should be able to get your public ID and, if Comcast offers it, an IPv6 address and an IPv6 prefix delegation directly on your OpenWrt router. This is overwhelmingly preferred over "double NAT" where the modem is doing NAT as well. That might be something like 203.0.113.176

You have a choice of what to use for your LAN subnet. Some stick with the default 192.168.1.1/24. Others might pick, for various reasons, say 192.168.188.1/24, or something out of the Class A or Class B reserved private address space. Unless you have a reason why you want something different, either "pick a number, N, between 2 and 255 (except 100, based on the manual section below)" and use 192.168.N.1/24, or use the default. I prefer not to use the default so that I can put a different interface on the 192.168.1.1/24 net for working on a router in "failsafe" mode without needing to take my main router off line.

From https://static.tp-link.com/res/down/doc/TC-W7960(EU)_V1_UG.pdf setting bridged mode is done through the UI, at least for that specific version. You'll also want to turn off wireless on the modem and use the OpenWrt wireless.

image


#5

Yeah Im probably going to stick with 192.168.1.1. How would you assign ips for the modem and the router? Make the modem 1 and the router 2? or vice versa? Do I need vlan functionality for what I am doing
(I dont think I do no reason to for our house)? I just want all the ports on the router to allow for my roomates to access the network normally.


#6

You don't need anything fancy as you've got pretty much a "stock" setup after setting your modem into "Bridge Mode".

The modem will have an IP of 192.168.100.1/24, according to the manual. You don't configure that at all. That means two things, if you want to access it directly:

  • Your LAN can't be 192.168.100.1/24
  • You might want to add an interface on your WAN port for, say, 192.168.100.2/24, so that you can access the modem through ssh port forwarding.

If you want to access your modem's config/status GUI from your "desktop", what you'd be able to do if you add that interface is

desktop$ ssh -L8080:192.168.100.1:80 root@<IP of your OpenWrt LAN>

then browse to http://localhost:8080/

Getting that access is not required, but convenient to check on the modem.


#7

hmm no luck with the default settings. I didnot see the wrt pickup any settings from the modem. Setting the modem to bridge was effortless but no luck getting any sort of connection to the outside world. Im wondering what settings I missed. Edit: I might have found it Nope I did not


#8

Could it be that comcast is assigning me a ipv6 address and im inputting ipv4 variables into the lan interface settings (the gateway and subnetmask)?


#9

You might have to call Comcast :scream: to get them to "release" the DHCP-to-MAC association if waiting it out (10 minutes? 30 minutes? an hour?) with the modem off, power removed, and disconnected from the cable doesn't help. Brute force, yes, but grab a drink or some good conversation and come back and see if it helps. Calling Comcast, as you probably already know, is pretty painful and often futile.

Comcast should assign you an IPv4 address with an IPv4 gateway and "suggest" their IPv4 DNS servers, and, depending on where you are, also an IPv6 IA_NA (for your router's "hot" side) and a /60 IA_PD prefix delegation. I'd set it to request a /60 in the IPv6 DHCP settings; you'll get it that way if you can, otherwise you should get a /64. The /60 means you can have 16 of your own IPv6 subnets.

If you're already getting a public IPv6 address, you should see it on the info for WAN6. If it begins with fe80:: then it is a link-local address, not a public address. (You should have at least one link-local address and a public address on your WAN6 for IPv6 to work as expected.)