As a DR exercise, I am going to try this on TP-Link Archer C7 v2 today, using the existing backup of Linksys E8450 as a reference. I have installed the sysupgrade image without any package customization.
While setting up a temporary wireless upstream, by clicking the scan button on the Wireless page, I found a bug:
- My WPA3 Enterprise network is shown as "WEP Open/Shared". The expectation is "WPA3 Enterprise (not joinable with the current wpad version)".
- When joining a simple WPA2 Personal network on 2.4 GHz, it never connected. The reason is that the management frame protection defaults to Disabled for client connections, while the upstream AP has it required. Please change the default for client connections added via the Join button to Optional.
- The DHCP connection was created, but the aliased DHCPv6 connection wasn't.
After using this for a while and replacing the temporary uplink with a PPPoE connection:
- With software flow offloading enabled, the flowtable lists all physical devices, not just pppoe-wan and br-lan; this is wrong, as it breaks roaming between WiFi and a wired connection leading to another AP (see https://github.com/openwrt/firewall4/commit/e00958884416f59b273595f941d198de63acc1dd which seems to be missing).
- PPPoE is slow (100 Mbps down, 300 Mbps up) even with software flow offload enabled when testing from WiFi (channel 100). The steps from https://github.com/openwrt/openwrt/issues/10224#issuecomment-2244286746 produce a diff in the files (and fix roaming) but do not improve the throughput. EDIT:
iperf3download test (between the router and the laptop) is similarly slow, so this looks like a WiFi issue, not a routing performance issue. EDIT 2: solved by switching to a non-ct ath10k driver, result: 235 Mbps down, 300 Mbps up. - PPPoE easily reaches the ISP speed limit (570 Mbps) when testing through the wired connection.
- PPPoE MTU=1500 works (MTU on both
eth0andpppoe-wanneeds to be configured as 1508).
Then, I tried to set up a WPA3 Enterprise access point (needs wpad-mbedtls, not the basic version):
freeradius3works oncelibopenssl-legacyis installed, but it is a disk space hog. Another bad surprise is that one can't upload the configuration first and install the package second: configuration (including certificates) will be overwritten. I need to learn more about the radius server that comes with wpad
- DAWN seems to work
- The FT roaming bug is still there, so the workaround below, which adds a dummy RSNXE that just needs to be present, is still needed (and works) for enterprise APs with FT.
config wifi-device 'radio0'
...
list hostapd_options 'driver_params="secure_ltf=1"'
Storage:
- An 8 TB SSD formatted with
ext4and connected via USB still works. nfs-kernel-serverandtgtwork as they should.samba4is too fat to test, butluci-app-ksmbdis an alternative that passes simple testing. I still need to test this extensively usingxfstests, as in the past, they were able to crash the kernel.
More routing:
- WireGuard site-to-site VPN works
- LTE NCM connection via the Huawei E3372H (reflashed to the stick firmware) works, including IPv6
- The story about useful IPv6 fail-over is still sad, but I would rather not test mwan3, as it is not really maintained. I will test a hotplug script that switches the prefix announced on the LAN depending on the available connectivity and report in that thread. EDIT: success.
Finally:
- stubby (for DoT) works
- luci-app-attendedsysupgrade can upgrade this release to itself
And that concludes my testing.