RPi4 installation

The RPi 4B have already arrived today. However, I am having trouble making the usb 2 ethernet dongle working, while I'm still waiting for the USB to TTL Serial Cable Debug Console Cable.

Problem is, when I use the only ethernet for ssh, there's no proper way to get to the internet.

Any suggestions?

Show us your config.

First, never use 32-bit raspbian on Pi4 (https://medium.com/@matteocroce/why-you-should-run-a-64-bit-os-on-your-raspberry-pi4-bd5290d48947)

Second, I use a rooted Homeware (proprietary fork of Openwrt) router for gigabit WAN, it does its job for 20€ in total. Most drivers are proprietary and closed. You cannot rebuild or replace the kernel, nor the main squashfs. It's still some of Openwrt in the end, so everything you compile for userspace works. I run both Transmission (an USB3 SSD is attached for that) and strongswan roadwarrior server on top of it and it just works. Every proprietary driver is integrated into UCI so you always do things the openwrt way, including VLAN and multiple SSID setup. LuCI is working also, but wireless management is not compatible with running wireless drivers. and interface management is not completely compatible because of running vlan drivers, and I think switch vlan management is broken too because of DSA (not sure if latest snapshots could handle this).There exist multiple models with different specs: mine (20€) can do SQM (at ~180Mbps) and has STA capable driver for the 11ac radio; others (20-30€ too) have newer firmwares, quantenna wireless, and hw crypto; I won0t recommend the older ones with older SoC and wireless chipsets, but they may have matched your requirements as well. Depending on what you want from an Openwrt router, this could be a damn cheap solution.

If you want a real Openwrt experience then x86-64 is the way, as someone told here. Leave Rpi4 to makers, it is not meant for networking and it is very expensive for what you get.

1 Like

do you have a second router that you were using before? hook the pi up to it using the solo onboard device as LAN, then opkg update and install all the needed modules etc.

if not, then it's trickier. you can set up the switch you got to use two VLANs to provide tagged packets for LAN and WAN on say port 1. then config the pi to have LAN on eth0.1 and WAN on eth0.2, put a port untagged in VLAN 2, and hook the WAN cable to that... reboot and plug the pi into port 1, it can talk to LAN and WAN on one port.

OK, since the TP-Link USB2Ethernet dongle driver is working, next step/challenge for me is to configure a router from scratch. I intend to use command line to achieve it, and hope to get some desperately needed help from you guys.

Now I have configured eth0 as br_lan, and eth1 (TP-Link usb dongle) as wan, as following:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config globals 'globals'
        option ula_prefix 'fdbb:54ac:343f::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr ''
        option netmask ''
        option ip6assign '60'

config device 'lan_eth0_dev'
        option name 'eth0'
        option macaddr 'xx:xx:xx:xx:xx:x0'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config device 'wan_eth1_dev'
        option name 'eth1'
        option macaddr 'xx:xx:xx:xx:xx:xx'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'

in which the mac address is exactly the one showed with 'ip address show'.

Didn't changed much of the /etc/config/dhcp file, after '/etc/init.d/network restart' it turned into this:

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

Anything wrong with these settings, before the next firewall settings step?

if you aren't planning to have downstream routers, do ip6assign 64 for your lan.

I also usually change from to something else... I like 10.x.y.0/24 for x randomly chosen and y = 1..2..3 etc

I'd like to set eth1 as a trunk port, when the managed switch ordered from eBay arrived. That's the way for VLAN feature of switch, and probably use an old Archer C7 v2 as an AP.

I'm not quite sure what you mean with eth1, isn't it plugged into your ISP device (modem/ONT/DSL modem etc?) Does your ISP use multiple VLAN tags to provide multiple services (some tag their IPTV service and internet service separately etc)

Or do you mean you want to make eth0 (LAN side) into a tagged interface, and use other tags for guest/IoT/other networks?

The C7 should work fine as an AP.

My mistake. It should be eth0. Actually I have think about the other way around, but decided eth0 be kept as br_lan, for not wanting to loose control of it.

If I were you and I wanted to switch from eth0 to several tagged VLANs, I'd set up something like a lan2 as eth0.2, and change the port to be tagged for vlan 2... then I'd make a second port untagged for 2... connect my laptop to that port, log in from there... and change lan to eth0.1... then change the port to be tagged for both VLAN2 and VLAN1... this way you'll never be locked out... Worst case though you yank the SD card and edit the files manually.