Hello, I am owner of a OpenWrt One, so far I am really happy with it.
But I am wondering what the expected WAN to LAN performance should be?
I have it currently setup with a 10Gbit switch, running to the 2.5Gbit port with vlans.
My lan is a vlan, and so is my ISP router.
I got eth0 and eth1 bridged, even though I am not using eth1 at the moment...
When I do a speedtest, I seem to max out at about 500Mbps.
So I was just curious if this is "normal" or if I should expect higher performance.
I don't know what the actual expected speeds should be since I don't have this device, but a question:
Why do you have the ports bridged? Have you tried unbridging them? Since these are two individually routed ports (i.e. not connected to a hardware switch chip), bridging them will add load to the CPU since this has to be done in software.
Let's also take a look at your config:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
I had them bridged since this was the default config out of the box 
Will try to unbridge them when I get home later today, will then do speedtest again + share configs if needed.
I am confident this is not an OOTB config.
Ok. My assumption may be incorrect.
But let’s review the config.
Here is my config after I undid the br-lan configuration:
root@OpenWrt:~# ubus call system board
{
"kernel": "6.6.119",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 4",
"model": "OpenWrt One",
"board_name": "openwrt,one",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.5",
"revision": "r29087-d9c5716d1d",
"target": "mediatek/filogic",
"description": "OpenWrt 24.10.5 r29087-d9c5716d1d",
"builddate": "1766005702"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd42:751:c35d::/48'
option packet_steering '1'
config interface 'lan'
option device 'eth0.200'
option proto 'static'
option ipaddr '192.168.69.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth0.99'
option proto 'dhcp'
option peerdns '0'
list dns '9.9.9.9'
list dns '149.112.112.112'
config interface 'wan6'
option device 'eth0.99'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '2620:fe::fe'
list dns '2620:fe::9'
option norelease '1'
config device
option type '8021q'
option ifname 'eth0'
option vid '99'
option name 'eth0.99'
config device
option type '8021q'
option ifname 'eth0'
option vid '200'
option name 'eth0.200'
config device
option type '8021q'
option ifname 'eth0'
option vid '201'
option name 'eth0.201'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option band '2g'
option channel '1'
option htmode 'HE20'
option num_global_macaddr '7'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option band '5g'
option channel '36'
option htmode 'HE80'
option num_global_macaddr '7'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
list interface 'lan'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
option piofolder '/tmp/odhcpd-piofolder'
config host
option name 'Tower'
option ip '192.168.69.105'
list mac 'XX:XX:XX:XX:XX:XX'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Emby'
list proto 'tcp'
option src 'wan'
option src_dport '8096'
option dest_port '8096'
option dest_ip '192.168.69.105'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Emby'
list proto 'tcp'
option src 'wan'
option src_dport '8920'
option dest_ip '192.168.69.105'
option dest_port '8920'
The config looks reasonable -- nothing that screams problems.
Can you run a test with the lan on eth1 (and wan still on eth0) instead of using eth0 for both networks. You can use eth1.100 if you want to maintain the VLAN ID that is being used, or just eth1 (base device) if you are connecting a computer directly.
Also, what is the speed test method? Are you using a service on the internet? or do you have an upstream local network (to which the wan of the OpenWrt box is connected) with a speedtest server?
I was thinking of doing opposite of this test before, connecting WAN to eth1 instead.
Would that also be valid?
I have tried downloading games on Steam, speedtest-cli, wget'ing https://fsn1-speed.hetzner.com/10GB.bin to give some examples.
Yes. Either way is fine.
What is your isp speed? Have you verified that these methods can achieve your expected isp speeds? And are you downloading to a computer directly or onto the router?
With Steam down at the moment, and the limited amount of speedtesting with the new tool might not be enough sample points. Will get back to it later, but maybe it does seem faster now?
As for the speeds, yeah before I was directly connected to my ISP router, and I could notice a difference with Steam downloads, it's why I started the investigation.
And previously I only did tests on my PC
This is generally expected. Most routers have comparatively weak (general purpose) CPUs. They are designed to route very efficiently, but the routing hardware is optimized for moving packets through the chip, not generating/sinking packets.
Use your computer to test the bandwidth, and keep in mind that different speed test methods may produce different results depending on many factors.
