Shoot me some ratings and critiques on my config

trevormcooper · March 29, 2025, 7:13pm

this is my start to finish on my home wifi replacement, no major frills, just basic home setup with a guest wifi for devices i dont want seeing my lan, any advice or critiques are greatly appreciated, this is going live tomorrow so still time for tweaks!

tried to take all of my overthinking out and just follow the Keep it simple stupid method.

install latest 24.10.0
set password
set ssh to lan only
set hostname to Waypoint
set time zone to us chicago
set lan ipv4 to 192.168.10.1
enable packet steering - all cpu - 128
enable hardware flow offloading
enable wifi - United States
Waypoint wpa2 - 2.4 ax auto/5 ax auto - trusted devices / phones / rokus

adjusted aql tweak set in /etc/rc.local per wiki

# AQL Tweaks
aql_txq_limit_l=2500
aql_txq_limit_h=8500
for ac in 0 1 2 3; do echo $ac $aql_txq_limit_l $aql_txq_limit_h > /sys/kernel/debug/ieee80211/phy0/aql_txq_limit; done
for ac in 0 1 2 3; do echo $ac $aql_txq_limit_l $aql_txq_limit_h > /sys/kernel/debug/ieee80211/phy1/aql_txq_limit; done
~~

add guest network
192.168.100.1
Portal wpa2 - 2.4 ax auto - untrusted devices / guests

added https dns proxy and luci kttps dns proxy
allow icloud and mozilla canary domains

brada4 · March 29, 2025, 9:02pm

show

ubus call system board

trevormcooper · March 29, 2025, 10:27pm

root@Waypoint:~# ubus call system board
{
        "kernel": "6.6.73",
        "hostname": "Waypoint",
        "system": "ARMv8 Processor rev 4",
        "model": "GL.iNet GL-MT6000",
        "board_name": "glinet,gl-mt6000",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.0",
                "revision": "r28427-6df0e3d02a",
                "target": "mediatek/filogic",
                "description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
                "builddate": "1738624177"
        }
}

lleachii · March 30, 2025, 3:56am

The firewall did this by default.

That's for traffic originating from the router itself- just FYI.

I assume this means you enabled the MAC filter?

trevormcooper · March 30, 2025, 4:18am

I didn’t know the firewall did it, I thought it was supposed to be defined

So I don’t need to modify the flows?

No special selections just the decision making process when connecting Devices, if I trust the device it will go on the main WiFi, if I don’t or it’s a guest it will go on the guest wifi