what version
ATM, 22.03.2. I have noticed that 03.3 is in the works. Gonna try that too.
maybe try building an image in the firmware selector with all requisite bits from the get-go.
I did. But either I also need to add dependencies, or something else is missing. Because the flashed custom image does not run propperly. On one try it crashed my router so bad, I had to get into recovery mode to flash back an original. Not sure what was wrong though. i.e on the pre-set list of packages for custom builds, if I add the packages I mentioned earlier, it won't even give me a web interface. So I settled with original firmware only for now, as it's easy enough to install the few things post flash.
try nginx instead.
Not sure how to switch that. There are a lot of nginx packages to install. Any recommendations on which to get and/or in which order?
try openssl instead, will probably be more performant on that device anyways.
I switched to wolfssl because it claims to be more performant and up-to-date, as it was designed some time after openssl. Also, the firmware comes with wolfssl-base by default.
I can try it though.
Post your configs and we can review that first.
Alright. Just so you know, I learned most of the setup I use from a Youtube Channel, OneMarcFifty, plus some alternations to fit i.e device names or Vlan IDs to my liking. So some things may seem out-of-place or excessive, but I keep them mostly as testing platforms so they won't be affecting my actual lan too much, or even simply out of not-knowing-better.
As far as I can tell, everything is doing what it is supposed to though.
root@OpenWrt-Linksys:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'br-vlan.1'
option bridge_empty '1'
option stp '1'
option igmp_snooping '1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.250'
list dns '192.168.1.32' (= pi-hole)
option ip6hint '1'
option ip6ifaceid '::250'
option ip6assign '64'
config device
option name 'wan'
option macaddr
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config device
option type 'bridge'
option name 'br-guest'
option bridge_empty '1'
option stp '1'
option igmp_snooping '1'
list ports 'bat0.30'
list ports 'br-vlan.30'
config device
option type 'bridge'
option name 'br-iot'
option bridge_empty '1'
option stp '1'
option igmp_snooping '1'
list ports 'bat0.20'
list ports 'br-vlan.20'
config device
option type 'bridge'
option name 'br-bat'
option bridge_empty '1'
option stp '1'
option igmp_snooping '1'
list ports 'br-vlan.10'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.30.250'
option netmask '255.255.255.0'
option ip6assign '64'
option ip6hint '30'
list dns '192.168.1.250'
option ip6ifaceid '::250'
config interface 'iot'
option proto 'static'
option device 'br-iot'
option ipaddr '192.168.20.250'
option netmask '255.255.255.0'
option ip6assign '64'
option ip6hint '20'
option ip6ifaceid '::250'
config device
option type 'bridge'
option name 'br-vlan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option bridge_empty '1'
option stp '1'
option igmp_snooping '1'
config bridge-vlan
option device 'br-vlan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'br-vlan'
option vlan '2'
option local '0'
list ports 'lan1:t'
config bridge-vlan
option device 'br-vlan'
option vlan '3'
option local '0'
list ports 'lan1:t'
config bridge-vlan
option device 'br-vlan'
option vlan '10'
list ports 'lan1:t'
config bridge-vlan
option device 'br-vlan'
option vlan '20'
config bridge-vlan
option device 'br-vlan'
option vlan '30'
config interface 'bat0'
option proto 'batadv'
option bridge_loop_avoidance '1'
option gw_mode 'server'
option hop_penalty '30'
option ip6assign '64'
option ip6hint '10'
option ip6ifaceid '::250'
option routing_algo 'BATMAN_IV'
config interface 'batwire'
option proto 'batadv_hardif'
option device 'br-bat'
option master 'bat0'
option ip6assign '64'
option ip6hint '10'
option ip6ifaceid '::250'
config interface 'batmesh'
option proto 'batadv_hardif'
option master 'bat0'
option ip6assign '64'
option ip6hint '10'
option ip6ifaceid '::250'
root@OpenWrt-Linksys:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option band '5g'
option txpower '15'
option country
option cell_density '1'
option htmode 'VHT80'
option channel '48'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option macaddr
option ssid
option dtim_period '3'
option key
option ieee80211r '1'
option mobility_domain '123F'
option ft_over_ds '0'
option ft_psk_generate_local '1'
list maclist
option macfilter 'allow'
option encryption 'psk2+ccmp'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option band '2g'
option htmode 'HT20'
option channel '4'
option txpower '13'
option country
option cell_density '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option macaddr
option ssid
option dtim_period '3'
option encryption 'sae-mixed'
option key
option ieee80211r '1'
option mobility_domain '20FF'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option disabled '1'
option macfilter 'allow'
list maclist
option network 'IoT iot'
config wifi-device 'radio2'
option type 'mac80211'
option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0 /mmc0:0001/mmc0:0001:1'
option channel '34'
option band '5g'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid
option encryption 'sae-mixed'
option dtim_period '3'
option key
option ieee80211r '1'
option mobility_domain '12FF'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'lan'
list maclist
option macfilter 'allow'
config wifi-iface 'wifinet4'
option device 'radio0'
option mode 'ap'
option ssid
option encryption 'sae-mixed'
option isolate '1'
option dtim_period '3'
option key
option ieee80211r '1'
option mobility_domain '30FF'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option disabled '1'
option network 'Guest guest'
config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'mesh'
option encryption 'sae'
option mesh_id
option mesh_fwding '0'
option mesh_rssi_threshold '0'
option key
option disabled '1'
option dtim_period '3'
option network 'batmesh'
root@OpenWrt-Linksys:~# cat /etc/config/dhcp
config host
option name 'OpenWRT-Linksys'
option dns '1'
option mac
option ip '192.168.1.250'
option leasetime '1440'
config domain
option name 'OpenWRT-Linksys'
option ip '192.168.1.250'
...
...
...
config dhcp 'IoT'
option interface 'IoT'
option start '100'
option leasetime '12h'
option limit '50'
config dhcp 'Guest'
option interface 'Guest'
option start '100'
option leasetime '12h'
option limit '50'
list dhcp_option '6,192.168.1.32,1.1.1.1'
config dhcp 'guest'
option interface 'guest'
option start '100'
option leasetime '12h'
option limit '50'
list dhcp_option '6,192.168.1.250,1.1.1.1'
config dhcp 'iot'
option interface 'iot'
option start '100'
option leasetime '12h'
option limit '50'
root@OpenWrt-Linksys:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option family 'ipv4'
list icmp_type 'echo-request'
option target 'DROP'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name
option src 'wan'
option src_dport
option dest_ip
option dest_port
config redirect
option dest 'lan'
option target 'DNAT'
option name
option src 'wan'
option src_dport
option dest_ip
option dest_port
config redirect
option dest 'lan'
option target 'DNAT'
option name
option src 'wan'
option src_dport
option dest_ip
option dest_port
config redirect
option dest 'lan'
option target 'DNAT'
option name
option src 'wan'
option src_dport
option dest_ip
option dest_port
config redirect
option dest 'lan'
option target 'DNAT'
option name
option src 'wan'
option src_dport
option dest_port
option dest_ip
config zone
option name 'IoT'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'IoT'
list network 'iot'
config forwarding
option src 'lan'
option dest 'IoT'
config zone
option name 'Guest'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
list network 'Guest'
list network 'guest'
config forwarding
option src 'Guest'
option dest 'wan'
config redirect
option dest 'lan'
option target 'DNAT'
option name
option src 'wan'
option src_dport
option dest_ip
option dest_port
config rule
option name 'Guest DNS DHCP'
option src 'Guest'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'IoT DNS DHCP'
option src 'IoT'
option dest_port '53 67 68'
option target 'ACCEPT'