State of TP-Link Archer C7v2|v5 in 2021

Hi,

this is a follow up to: https://forum.openwrt.org/t/state-of-archer-c7-v2-in-mid-2020
I'll happily provide my build of the official OpenWrt 21.02.0-rc1 release - created by using ImageBuilder. Unfortunately, I've still had to switch from ath10k ct-drivers to non-ct-drivers as the non-ct drivers offer more mesh features (used by batman-adv, for example) and provide more stability over ct drivers.

Because of being requested, I'll share the work and cook book. I've included batman-adv and bluetooth support as well.

Link 21.02.1-stable (without bluetooth packages):

Link 21.02.0-stable (without bluetooth packages):

This build works very well on my v2 and v5 units. WiFi got blazing fast and bufferbloat defeated a lot.


(measured as a dump-ap with bridged LAN-to-WiFi network interfaces, no NAT, no routing)

Kind regards,
Catfriend1

Useful watchdog scripts for keeping 5 GHz and 2.4 GHz WiFi "stable" across longer uptime of the device:

Cook book to make this image - DYO:

14 Likes

@Router What packages , use case did you have when testing the rc? It works pretty well for me, e.g. I had dns server listening and ipv6 disabled.

That's awesome! tnx for maintaining it :smiley:

I just built a 19.07.7 image yesterday and installed it today on my v5, also using it on bridge.

What's batman-adv used for? How much storage is ur image consuming from /dev/root?

Would u mind sharing ur network config for bridged usage?

To be clear, I do NOT maintain the OpenWrt code/images. I've just used ImageBuilder to "bundle" it from the official image and opkg sources.

df -h shows

Filesystem                Size      Used Available Use% Mounted on
/dev/root                 8.3M      8.3M         0 100% /rom
tmpfs                    60.3M    108.0K     60.2M   0% /tmp
/dev/mtdblock9            4.8M    340.0K      4.4M   7% /overlay
overlayfs:/overlay        4.8M    340.0K      4.4M   7% /
tmpfs                   512.0K         0    512.0K   0% /dev

I use batman-adv to have on mesh SSID (802.11s) running that carries the traffic of multiple VLAN networks through the batman interface. For example, you can build a mesh network with "only driven by wireless uplink" access points. One VLAN is the management VLAN where I can access the AP's web UI LUCI, one VLAN is a corporate network and one VLAN is a guest network. Without batman-adv, you would have needed to configure multiple WDS SSID for every single VLAN to provide it to a non-wired access point "on the outside".

My configs are:
/etc/rc.local - Avoids uncaught crashing of the ath10k wifi driver.

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

/bin/bash /root/wrtwatchdog start

exit 0

/etc/sysctl.conf - Turns off IPv6 (better network performance, proof still under investigation why that is better)

# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

/etc/sysupgrade.conf - Preserve /root on upgrade

## This file contains files and directories that should
## be preserved during an upgrade.

# /etc/example.conf
# /etc/openvpn/

/root

/etc/config/dhcp - turn off DNS server on external interfaces, preserve on lo (for the opkg update) - Note the "list interface 'lo'"

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option domain 'mycorp.local'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	list interface 'lo'

config dhcp 'lan'
	option interface 'lan'
	option ignore '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

/etc/config/network - Provide the BATMAN hardIF - VL10 (management VLAN) - VL50 (client VLAN)

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'TO_FILL'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '10'
	option ports '0t 1t'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option vid '50'
	option ports '0t 1t'

config interface 'VL10'
	option proto 'static'
	option delegate '0'
	option ipaddr 'TO_FILL'
	option netmask 'TO_FILL'
	option gateway 'TO_FILL'
	option broadcast 'TO_FILL'
	option igmp_snooping '1'
	option igmp_v3 '1'
	option multicast_querier '0'
	option ifname 'bat0.10 eth0.10'
	list dns 'TO_FILL'
	list dns 'TO_FILL'
	option type 'bridge'

config interface 'VL50'
	option type 'bridge'
	option proto 'static'
	option delegate '0'
	option igmp_snooping '1'
	option igmp_v3 '1'
	option multicast_querier '0'
	option ifname 'bat0.50 eth0.50'

config interface 'bat0'
	option proto 'batadv'
	option routing_algo 'BATMAN_IV'
	option aggregation '1'
	option ap_isolation '0'
	option bonding '0'
	option fragmentation '1'
	option gw_mode 'off'
	option log_level '0'
	option orig_interval '10000'
	option bridge_loop_avoidance '1'
	option distributed_arp_table '1'
	option multicast_mode '1'
	option network_coding '0'
	option hop_penalty '30'
	option isolation_mark '0x00000000/0x00000000'

config interface 'nwi_mesh0'
	option mtu '1532'
	option proto 'batadv_hardif'
	option master 'bat0'

/etc/config/wireless - Provide the 802.11s mesh interface and attach it to "nwi_mesh0" (batman hardIF) - Provide SSID (VLAN 50) where your client machines connect to. The VLAN 50 is driven through the batman-adv wireless mesh tunnel.


config wifi-device 'radio0'
	option type 'mac80211'
	option beacon_int '100'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0'
	option htmode 'VHT80'
	option txpower '23'
	option country 'DE'
	option legacy_rates '0'
	option noscan '0'
	option disabled '0'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '1'
	option hwmode '11g'
	option path 'platform/ahb/18100000.wmac'
	option htmode 'HT40'
	option txpower '20'
	option country 'DE'
	option legacy_rates '0'
	option noscan '0'
	option disabled '0'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option disabled '0'
	option mode 'mesh'
	option mesh_id 'CORPMESH'
	option encryption 'sae'
	option dtim_period '1'
	option disassoc_low_ack '0'
	option key 'TO_FILL'
	option network 'nwi_mesh0'
	option mesh_fwding '0'
	option mesh_rssi_threshold '0'

config wifi-iface 'wifinet1'
	option device 'radio0'
	option disabled '0'
	option mode 'ap'
	option ssid 'CLIENT_WIFI_TO_FILL'
	option network 'VL50'
	option dtim_period '1'
	option disassoc_low_ack '0'
	option encryption 'wpa2+ccmp'
	option auth_server 'TO_FILL_FOR_EAP'
	option auth_port '1812'
	option acct_server '1TO_FILL_FOR_EAP'
	option acct_port '1813'
	option nasid 'TO_FILL_FOR_EAP'
	option ieee80211w '1'
	option wpa_disable_eapol_key_retries '1'
	option auth_secret 'TO_FILL_FOR_EAP'
	option acct_secret 'TO_FILL_FOR_EAP'

/etc/config/firewall

config defaults
	option syn_flood '1'
	option output 'ACCEPT'
	option forward 'REJECT'
	option input 'REJECT'

config include
	option path '/etc/firewall.user'

config zone
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'VL10'
	option input 'ACCEPT'
	option name 'VL10'

config zone
	option name 'VL50'
	option input 'REJECT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'VL50'
3 Likes

wow I plan in the future to implement some VLANs and have them on different SSIDs, do I need batman-adv for that??

Why do u have firewall if it's bridged?

1 Like

Thanks for confirming that.

1 Like

wow I plan in the future to implement some VLANs and have them on different SSIDs, do I need batman-adv for that??

If you'd like to use one ( ! ) mesh SSID to carry over all VLANs to your non-wired APs, then yes, you'll be best with batman-adv. If it's okay for you to configure multiple WDS-AP-to-AP bridges per VLAN, you can go without it.

My setup is like this:

LOCATION A
(UPLINK: VLAN trunk - VLAN 10 mgmt + VLAN 50 client)
<==(wired)==> Mesh AP 1, radio 0, 802.11s SSID "corpmesh" using batman-adv
<==(wireless BRIDGE)==> Mesh AP 2

  • radio 0, MESH-POINT 802.11s SSID "corpmesh" using batman-adv (VLAN 10 + 50)
  • radio 0, AP WPA2-EAP SSID "clientMachineWifi" (VLAN 50)
    LOCATION B

This allows me to put VLAN 50's services on LOCATION A and let client machines to connect to "clientMachineWifi" at location B to access the services from far away through the "mesh+batman" wireless tunnel.

Why do u have firewall if it's bridged?

It's a "left-over" of the defaults. I wasn't sure if its okay to remove this package if not required as it's part of the default LUCI configuration web UI and seemed to me as a core part of the OpenWrt OS. I thought it wouldn't hurt leaving it in place "as-is" because bridged interfaces don't go through the iptables firewall ("same-subnet rule of thumb").

Hi,

Thank you for having shared the build , I was running same build since more than 1y (I can't even tell what was the version unfortunately) and for various reasons I got the need to start from scratch.

Not easy at all to find a consensus on what is the best firmware etc ... i've decided to try this one and this is my feedback.

Installed 48h ago , got one problem with wifi yesterday afternoon which made me disappointed and force reboot of the router , since all is fine.

Of course 2 days is not enough long to have an idea on the stability but I hope to stay on this one.

My needs are particular , I need the Archer to be an AP but also to be the only DHCP server , also I don't want IPV6.

I've searched for ages but I never find any article which gives recommendations for this kind of scenario.

My connection is 1 GB DL / 700 mbps UL , I get this when wired using this build , on WiFi ac I get 292 mbps DL / 249 mbps UL , I do believe I got 500 mbps DL with stock and possible 400 mbps using old build.

I don't want to complaint , my current speed is more than enough for my needs but I ask the question anyway , are my speed good or shall I expect faster ? I am just curious.

I am more interested on correctly configure the rest rather than the speed , at the moment I did not change anything to the build except my static IP entries on dnsmasq conf.

Else , I keep reading comments about those different drivers , where they come from ?

Keep up the good work ! I think I am going to try to build new release by myself just for fun.

XT

1 Like

Sorry I don't understand what u sad :confused: What's a mesh SSID?

I plan to use the basic triple main + iot + guest VLANs. Maybe use router firewall to block some devices away from Internet and other VLANs.

Got it. I removed it from mine and it's working fine. The AP is on bridge so it doesn't even show up on traceroutes, so I guess we're unable to use firewall on it even if we wanted to. IDK if iptables can be removed too.

Why can't u put DHCP server on ur router?

Anyway, bridge affects only routing, it's still a normal device on the LAN and has its IP addr. If it has enough RAM and storage, u can install any app on it.

When it's not enough, he alternative would be build a proper AMD64 server, or get some Raspberry Pi.

When you use LUCI , go to wireless, add a new network (= wifi ssid to be sent out) you can choose a type: access point, wds, client (sta), ...., and mesh point.

1 Like

Unfortunately, I've still had to switch from ath10k ct-drivers to non-ct-drivers as the non-ct drivers offer more mesh features (used by batman-adv, for example) and provide more stability over ct drivers.

@Catfriend1 , I've had the same experience with more than a dozen different C7s used in various mesh-related projects (mostly v2 and a couple of v4 lately). I pretty much always run

opkg remove ath10k-firmware-qca988x-ct kmod-ath10k-ct

followed by

opkg update && opkg install ath10k-firmware-qca988x kmod-ath10k

and afterwards, it is smooth sailing.

@Hikari , if you're still curious about mesh networking with batman-adv and openwrt, I wrote a detailed guide about it on my blog: https://cgomesu.com/blog/Mesh-networking-openwrt-batman. Feel free to skip the introductory content if you're already familiar with the network concepts and go straight to the implementation section. Also mentioned this and other issues (related to the older ath9k module) and how to solve them.

7 Likes

lol it's been ages I don't change these configs. So, to use WDS, I need to add another SSID? Can't I have both password and WDS on the same SSID?

Anyway, I don't have mesh point listed. What's the different of it to access point? I'm gonna read cgomesu article.

I also don't understand the difference of ath10k and ath10k-ct. I looked here and I'm using ct, I haven't noticed any instability. Should I replace them?

1 Like

So, this mesh network allows any wifi device to route data to other devices, while on a normal wifi all devices communicate only with the AP? And we need to config the SSID AP so mesh can be used?

1 Like

@Hikari WDS is older and cannot do as much as mesh point mode. Typically in bridge-bridge (according to the article) you have one SSID "mesh" as "mesh point" and another SSID "ap" as "access point" where client devices connect to. The mesh points are for your Openwrt device bridge connections.

I would recommend replacing the drivers, non-ct shot up the max performance together with intel sta clients from 10 mbit/sec to 200 mbit/sec and they'll reveal the encrypted mesh support.

1 Like

Can you please share your configuration? I also have gigabit WAN and I got 930dl/800up on stock speedtest.net but after using this build I get 610dl/510up.

I have software and hardware NAT enabled on FW. I connect using PPPoE to my ISP. Is there any other configuration I should do?

@Catfriend1 great work it seems you are doing :slight_smile: very nice to see!
Could you please share you're .config file you are using to build your images?
I would love to build it myself too.

2 Likes

Sure - the batch for using ImageBuilder with the recipe is all in the first post.

@catfriend1, what do you think? do you know anything regarding this topic?

I cannot advise on pppoe usage on the router as I am only using Dumb AP mode without NAT,DHCP,DNS . Got a Sophos UTM here doing the pppoE stuff.

1 Like

Cool thanks!
Really appreciated :slight_smile: