Newbie help config AX3600

just · May 7, 2023, 7:27pm

Hi there,
I have very basic understanding of networking and I successfully installed the latest snapshot (of today) to Xiaomi AX3600. I was having trouble updating and installing luci (DNS were failing) but then I used SSH and configured it with:

uci set network.lan.ipaddr="192.168.200.1"
uci set network.lan.gateway="192.168.200.1"
uci set network.lan.dns="1.1.1.1"
uci commit
/etc/init.d/network restart

and it worked. I managed to install luci.

I am reading the quick start guide and I found out that, for instance here: https://openwrt.org/docs/guide-quick-start/developmentinstallation#optional_next_steps it suggests to install some packages, but I am completely unaware of what do they do.

So my question is: can someone guide of which settings do I need to change, which packages are really useful to install? How to optimize the AX3600 performance in particular?

I have always used NextDNS to block ads and malware, I am wondering if I can set up something similar in OpenWRT. Also having a firewall up and running could be nice. I do NOT have any IoT devices, I am just seeking:

security
adblocking
performance using WiFi6 if possible
stability (I hope these snapshots are stable enough, will see).

why 192.168.200.1

I changed the IP from 192.168.1.1 to 192.168.200.1 because the network where I live is set up in a certain way that one ISP provider gives access using one switch to many routers, It's a single contract with ISP to give internet access to many, instead that each and everyone of us have to sign a contract with a ISP and have it's own network. Anyway this is just to clarify, it's because of my unusual network here in my neighborhood, doesn't matter.

just · May 7, 2023, 8:17pm

well, first of all, I have read the quick setup guide but I haven´t managed to use the WiFi. It seems like my devices can't obtain an IP address (SSID and password are correct) but DHCP is turned on in LAN interface. Shall I copy the same settings about DHCP to wan interface as well?

rossini · May 7, 2023, 8:57pm

I find it somehow strange that you lan ip is set to 192.168.200.1 and also you gateway.

To get help please post /etc/config/network

and /etc/config/wireless.

And please describe whats your isp connection is like.

just · May 8, 2023, 10:23am

/etc/config/network

config interface 'loopback'                                                     
        option device 'lo'                                                      
        option proto 'static'                                                   
        option ipaddr '127.0.0.1'                                               
        option netmask '255.0.0.0'                                              
                                                                                
config globals 'globals'                                                        
        option ula_prefix 'fd8e:9258:e516::/48'                                 
                                                                                
config device                                                                   
        option name 'br-lan'                                                    
        option type 'bridge'                                                    
        list ports 'lan1'                                                       
        list ports 'lan2'                                                       
        list ports 'lan3'                                                       
                                                                                
config interface 'lan'                                                          
        option device 'br-lan'                                                  
        option proto 'static'                                                   
        option ipaddr '192.168.93.1'                                            
        option netmask '255.255.255.0'                                          
        option ip6assign '60'                                                   
        list dns '1.1.1.1'                                                      
        option gateway '192.168.93.1'                                           
                                                                                
config interface 'wan'                                                          
        option device 'wan'                                                     
        option proto 'dhcp'                                                     
        option type 'bridge'                                                    
                                                                                
config interface 'wan6'                                                         
        option device 'wan'                                                     
        option proto 'dhcpv6'                                                   
        option type 'bridge'                                                    
                                                                                
~

/etc/config/wireless

                                                                         
config wifi-device 'radio0'                                                
        option type 'mac80211'                                             
        option path 'soc/20000000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '36'                    
        option band '5g'                       
        option htmode 'VHT80'                  
        option disabled '1'                    
                                               
config wifi-iface 'default_radio0'             
        option device 'radio0'                 
        option network 'lan'                   
        option mode 'ap'                         
        option ssid 'OpenWrt'                    
        option encryption 'none'                 
        option disabled '1'                      
                                                 
config wifi-device 'radio1'                      
        option type 'mac80211'                   
        option path 'platform/soc/c000000.wifi'  
        option channel 'auto'                    
        option band '5g'                         
        option htmode 'HE160'                    
        option cell_density '0'                  
        option country 'IT'                      
        option disabled '1'                      
                                                 
config wifi-device 'radio2'                      
        option type 'mac80211'                   
        option path 'platform/soc/c000000.wifi+1'
        option channel 'auto'               
        option band '2g'                    
        option htmode 'HE20'                
        option cell_density '0'             
        option disabled '1'                 
                                            
config wifi-iface 'wifinet3'
                    
        option device 'radio1'                   
        option mode 'ap'                         
        option ssid 'MyWiFi'               
        option encryption 'sae-mixed'            
        option network 'lan'                     
        option key 'dumbpassword'     
        option disabled '1'                      
                                                 
config wifi-iface 'wifinet4'                     
        option device 'radio2'                   
        option mode 'ap'                    
        option ssid 'MyWiFi'          
        option encryption 'sae-mixed'       
        option key 'dumbpassword'
        option network 'wan wan6'           
        option disabled '1'

I am having issues using the wan interface, I noticed in the overview that the wan does not use the same parameters (IP, gateway, dns) as the lan.

The reason behind that 192.168.200.1 is because internet at my apartment arrives from a switch. There is the main ISP Vodafone router which has been installed by ISP and it is located in a separate building. Then from that router there is a switch which redistributes internet to a few apartments like me with a Rj-45 cable. I just need to connect my router to that cable and set an IP. In fact in each apartment there is a router with a sub-net. So as the main Vodafone router has the 192.168.1.1, the other sub-nets have 192.168.100.1, then 192.168.200.1 and so on. I just changed mine to 192.168.93.1 (because I found out 200 was already in use in another apartment).

I was successfully using internet in my aparment with a previous basic router (no openwrt). All I needed to do was to set this IP address to create a sub-net and everything was working.

frollic · May 8, 2023, 10:24am

that's expected, of you simply need a dumb ap.

just · May 8, 2023, 10:27am

I would like to set up a "not so dumb" AP as I would like to use my DNS, encrypt DNS requests if possibile (and maybe VPN? Is it possible in my case?)

Basically I would like that the main router manages the least things possible.

frollic · May 8, 2023, 10:31am

without running it as a router, no.

and for that to work, the LAN subnet have to be different than the WAN subnet.

just · May 8, 2023, 10:49am

Sure, I would like to run my device as a router. I am asking help of how to

frollic · May 8, 2023, 10:50am

that's the default state, it should work out of the box, unless the wan side require some quirks.

if you're having issues, you need to be more specific.

lleachii · May 8, 2023, 12:22pm

Having read this and your configs, you should be able to do the following:

Remove the LAN Gateway IP 192.168.93.1 - it incorrectly self-references the router, which is either invalid or would create some loop (never tested such a thing)
Remove DNS entry of 1.1.1.1 from LAN

It seems you successfully obtain an IP via DHCP of 192.168.1.50/24 and a gateway/DNS setting of 192.168.1.1 from your RJ-45 cable plugged in WAN. Feel free to use 1.1.1.1 on your WAN for DNS config if you desire.

As @frollic noted, the reason you had to change the 3rd octet in the LAN IP to 93 was because if they are both numbered the OpenWrt-default of 192.168.1.x/24 - the router thinks they're the same network, and therefore won't "need to" route.

Hope this helps.

just · May 8, 2023, 1:49pm

Ok as @frollic stated it should work out of the box, so I flashed the latest snapshot on top of already installed and reset the settings.

Indeed the OpenWRT default WiFi was working, and I now understand a bit more the difference between lan and wan in these settings.

I did as you suggested removing that gateway and the custom dns there, and now in the overview I only get wan info:

The other one disappeared.

Right now I am able to surf the web both via cable and via WiFi. However the custom DNS I wrote down does not seem to apply, I still get the DNS advertised by the main router 192.168.1.1. How to force that?

frollic · May 8, 2023, 1:53pm

network -> interfaces -> lan (edit) -> DHCP server -> advanced settings

viniribeirossa · May 8, 2023, 1:55pm

About NextDNS there is their official CLI in the repositories, I also use it. Download and try to use

just · May 8, 2023, 1:57pm

Thanks frollic, with the Force checkbox you indicated I should not obtain DNS from the main Vodafone router (192.168.1.1) correct?

And what about this setting here, is it normal that the default is like this?
Screenshot from 2023-05-08 15-56-14

frollic · May 8, 2023, 1:58pm

yes, it is.

just · May 8, 2023, 1:58pm

As soon as I get familiar with OpenWRT and the configuration of interfaces (lan, wan are still a bit confusing to me) I will try that.

just · May 8, 2023, 3:44pm

Unfortunately that main router still forces on me its Vodafone DNS. Moreover with the setting you said my andoid phone can no longer use its custom DNS because trying to connect to AX3600 WiFi it says: Private DNS not available, thus it does not connect. As soon as I disable private DNS on my Android, it connects to WiFi.

I need to keep custom DNS in Android settings for scenarios when I am away from home.

frollic · May 8, 2023, 4:01pm

Then you need to switch to https-dns-proxy.

The router doesn't enforce the setting in any way, and Android uses DoT by default, on OS level.
Pretty sure you can force Android to connect to the wifi, no matter what.

DoT is very easy to block, for you, or the ISP.
Openwrt doesn't however do this, by default.

lleachii · May 8, 2023, 4:32pm

To be clear, I wanted to make sure the DNS setting was shown in a screenshot. Your comments about the Android setting and the instructions given for another inquiry confused me. I used 1.1.1.1 in my example so you can follow it exactly.

By browsing to Network > Interfaces > WAN > Advanced Settings:

Hope this helps

just · May 9, 2023, 7:40pm

You are correct @frollic I do not know why but the first time I edited DNS, my Android phone could not use its DNS settings. After putting again to default and trying one more time, now my Andoid can still use its custom DNS server.

Can you elaborate regarding that DoT is very easy to block for me or and ISP?

@lleachii I changed the DNS where you showed, yes:

But still I see that the main router forces me its own Vodafone DNS.

For context: I was already aware that that particular model of Vodafone router given by ISP has a setting to force users to use its own DNS. I can tell you that before using this AX3600 I was using another of these Vodafore router as generic router in my apartment and I set up there custom DNS adress. Guess what, there were totally ignored. The only way I can use my custom DNS is to set them per each device (on Fedora, on Android, on Windows, etc.) because I was not able to use my DNS set up in my router. Now I have a OpenWRT router, and even if I am behind a switch and the main router I am still wondering if I can avoid setting up custom DNS on each device. Better, yet, if I can use DoT or DoH protocols and not plain IPv4 like in the screenshot above.

Remember that the topology of my whole network is: Vodafone ISP fiber cable -> Vodafone router (that nasty one that forces its own DNS) -> switch -> other 3 routers of each apartment, one of those is mine.