How completely disable 5Ghz on this router?
Just don't define any 5Ghz wifi networks and it won't be enabled 
If you want to let several 5 Ghz networks in place in the config file but just want to disable them you can do that via LUCI or in the config file by adding option disabled '1' in each wifi network definition block in /etc/config/wireless.
But why don't you want to use it? You can reach much faster speeds with 5Ghz than with 2.4 Ghz. For normal scenarios it is pretty stable so the workaround I mentioned in my post above is just meant for stress tests and shouldn't be necessary for normal users.
My devices not support 5 GHz frequency (just one computer). It would be great if redmi WPA2 cryptography can be replaced with WPA3 wifi software, but unfortunately not now.
In the 19.07.3 images you can choose from these algorithms:
That should be sufficient for all normal users
Hi scp07,
Not sure if this post also applies to AC2100 but the white model with 6 antennas.
I have OpenWRT installed but I cannot see the Switch option in the Network LuCI menus.
The only interfaces I see are:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd3b:34a9:0c4c::/48'
config interface 'lan'
option type 'bridge'
option ifname 'lan1 lan2 lan3'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'wan'
option proto 'dhcp'
config interface 'wan6'
option ifname 'wan'
option proto 'dhcpv6'
Could you please help me if I miss some parameter in the openWRT compilation for my model?
Or any recommended way to have on the WAN ports the usage of VLAN10?
Thank you for your explanation and work! I see that the 19.07.3 image is ambitious software for WiFi encryption.
I'd probably note that there's probably no hardware offload for WPA3 on these chips, but since you're limiting yourself to 2.4ghz anyway you'll never notice. (Since you'd never push enough traffic throughput to come close to maxing out the cpu)
That and I'm a little sceptical as to a 2.4ghz only card having WPA3 anyway. (I'm talking about the client)
1 Like
- WPA3 is supported by Openwrt software for 2.4ghz and 5Ghz on MT7621A Redmi (MIPS), isn't it?
- Can WPA3 on 2.4ghz and 5Ghz overload MT7621A processor?
Yes, this thread is for the black cylinder model and also for the white 6-antenna model.
Which OpenWRT version do you use? I would recommend 19.07.3 for productive usage - not the current development branch (master). You can find precompiled images here and if you want to compile it yourself you can find a github repo of our backport for 19.07.3 here
If you are on the master branch you will not see any kind of switch menu as the master branch is using dsa which is currently not supported for configuration in LUCI. LUCI currently only supports swconfig (which is used in 19.07.x).
Yes, WPA3 should be working on both bands - but I didn't test it yet. I also think that hardware offload is not supported so you could get a limitation in terms of speed especially on the 5Ghz band due to high CPU usage.
I didn't test it myself but if you test it we would appreciate if you could share your results.
Unfortunately my Redmi still in transit and in a few weeks I will test it!
@scp07 can you please remove VNstats on your images. It's using %20 of cpu0 this is to hard for that device. And I just tested your advanced images and this device is cannot handle it. It is too over bloated. It cannot even route wireless interface to wan. I think this openssl setup is too bloated if someone need special algorithims he should get it your self. And your image doesn't contain DoH I think it should, or DnscryptV2.
Dnscrypt is a protocol to improve DNS security. DNSCrypt offers a way to protect clients against attacks related to the modification and manipulation of DNS traffic. Maybe would be better recompile the image?
I get here and then it doesn't appear to me.
it goes blank netcat
hen the packet has been sent successfully, you should be able to see a connection from 192.168.31.1:63627 in your netcat session."
Did you setup your computer's IP to 192.168.31.177? The exploit scripts are set to use this IP for the connection initialization...
Thanks for your suggestions.
I think there's something wrong with your configuration or you should install the image again with a clean mtd write. I double checked it:
- vnstat is not included in the standard image (as intended)
- vnstat is included in the advanced image and it consumes 0% of CPU on my device
My advanced image includes stubby so you can use DNS-over-TLS
Why do you see a necessarity to include another encrypted DNS method like DoH or dnscryptv2? And why don't you just install it on top of the image if you need it?
Regarding the performance on the advanced image: Just disable the startup of services you don't need (like mentioned in the readme file). I just tried it with all services enabled and I have no performance issues while doing full firewalling (0.8 load while testing my maximum WAN bandwidth with 200 Mbit/s via 5Ghz wifi, 1.1 load while testing internally with iperf3 and maximum wifi throughput, same load while testing with 1Gbit/s via LAN). If you want to start with a smaller basis, just take the standard image which should be appropriate for the most users. However I don't see any performance issues even on the advanced image.
Regarding OpenSSL: I'm running wpa-supplicant and LUCI with openSSL since years (e.g. on a TP-Link Archer C7) and I'm also running it on Redmi AC2100 since I've got the device and I never had any issues with it. I don't think that it's too bloated and I don't think you will have a real performance gain if you switch to mbed tls. It would save some storage but it won't perform much better. But to be honest I don't see a problem. Maybe we should check via pm what is wrong on your device because it's running pretty fine on mine. Same goes for vnstat.
I just noticed that there could be some issues caused by SoftetherVPN... Could you please try to disable the startup of SoftetherVPN and test again if the speed issues disappeared? Maybe I should delete it from the advanced images.
Edit: Tested on several devices and confirmed that the reason for the performance issues is SoftetherVPN. I'm working on new images without Softether and I will share them within the next days with a new and performance optimized feature set (including DoH).
scp07, thanks for your work! I'm using latest build, and seems everything fine.
Will your changes be used in the official openwrt repo? Snapshot version in official repo is also working, but it has no Network -> Switch tab at least, so there is no way to define vlans.
Thanks for your feedback. I will try to get it merged later but at first we have to wait for the merge of the R2100 support into master.
The reason why you don't see a VLAN menu in master is not that it is not working. The reason is that the master branch is using DSA for switchting instead of swconfig. LUCI is currently not supporting DSA so there is no menu at the moment. It will take some time until there is a switch menu for DSA in LUCI. In the meantime you have to configure these things via CLI. This is the case for all router models so it's not a problem of the Xiaomi AC2100 series. It was just an architectural decision.
However, master is a development branch. This is why I recommended to use 19.07 branch for production usage instead of master.