State of TP-Link Archer C7v2|v5 in 2021

Hi,

this is a follow up to: https://forum.openwrt.org/t/state-of-archer-c7-v2-in-mid-2020
I'll happily provide my build of the official OpenWrt 21.02.0-rc1 release - created by using ImageBuilder. Unfortunately, I've still had to switch from ath10k ct-drivers to non-ct-drivers as the non-ct drivers offer more mesh features (used by batman-adv, for example) and provide more stability over ct drivers.

Because of being requested, I'll share the work and cook book. I've included batman-adv and bluetooth support as well.

Link: https://drive.google.com/file/d/1OZsBQSbbnUsrvlpkd1ZwJzWX7ipvW-j8/view?usp=sharing

This build works very well on my v2 and v5 units. WiFi got blazing fast and bufferbloat defeated a lot.


(measured as a dump-ap with bridged LAN-to-WiFi network interfaces, no NAT, no routing)

Kind regards,
Catfriend1

Cook book to make this image - DYO:

#!/bin/sh
#
#####################
# FUNCTIONS START	#
#####################
installPrequisites () {
	apt-get update
	apt-get install -y build-essential libncurses5-dev libncursesw5-dev zlib1g-dev gawk git gettext libssl-dev xsltproc rsync wget unzip python
	#
	# Download Imagebuilder.
	cd /root
	# wget https://downloads.openwrt.org/snapshots/targets/ath79/generic/openwrt-imagebuilder-ath79-generic.Linux-x86_64.tar.xz
	wget https://downloads.openwrt.org/releases/21.02.0-rc1/targets/ath79/generic/openwrt-imagebuilder-21.02.0-rc1-ath79-generic.Linux-x86_64.tar.xz
	tar xJf /root/openwrt*.tar.xz -C /root/
	return 0
}


generatePackageList () {
	# Syntax:
	#	generatePackageList
	#
	# Consts
	INSTALL_BATMANADV="1"
	INSTALL_BT="1"
	INSTALL_OPENVPN="0"
	INSTALL_RELAYD="0"
	INSTALL_WIFI_NON_CT_DRIVERS="1"
	REPLACE_LOGD_BY_SYSLOG_NG="0"
	#
	# Variables
	PKG_TO_INSTALL=""
	PKG_TO_REMOVE=""
	#
	# Add packages to the install and remove queue.
	PKG_TO_REMOVE="${PKG_TO_REMOVE} -wpad-basic-wolfssl"
	PKG_TO_INSTALL="${PKG_TO_INSTALL} wpad-mesh-wolfssl"
	#
	# Replace ct with non-ct drivers
	if [ "${INSTALL_WIFI_NON_CT_DRIVERS}" = "1" ]; then
		# Remove order is important
		PKG_TO_REMOVE="${PKG_TO_REMOVE} -kmod-ath10k-ct -ath10k-firmware-qca988x-ct"
		PKG_TO_INSTALL="${PKG_TO_INSTALL} ath10k-firmware-qca988x kmod-ath10k"
	fi
	#
	# batman-adv
	if [ "${INSTALL_BATMANADV}" = "1" ]; then
		PKG_TO_INSTALL="${PKG_TO_INSTALL} batctl-full kmod-batman-adv"
	fi
	#
	# Base system
	PKG_TO_INSTALL="${PKG_TO_INSTALL} bash curl htop logrotate lua luafilesystem luci mailsend terminfo tcpdump"
	#
	# FTP service
	PKG_TO_INSTALL="${PKG_TO_INSTALL} vsftpd"
	#
	# BT
	if [ "${INSTALL_BT}" = "1" ]; then
		PKG_TO_INSTALL="${PKG_TO_INSTALL} bluez-daemon bluez-libs bluez-utils dbus kmod-bluetooth"
	fi
	#
	# Relayd
	if [ "${INSTALL_RELAYD}" = "1" ]; then
		PKG_TO_INSTALL="${PKG_TO_INSTALL} luci-proto-relay relayd"
	fi
	#
	# OpenVPN
	if [ "${INSTALL_OPENVPN}" = "1" ]; then
		PKG_TO_INSTALL="${PKG_TO_INSTALL} luci-app-openvpn openvpn-easy-rsa openvpn-openssl"
	fi
	#
	# Syslog-ng, logd, logrotate
	if [ "${REPLACE_LOGD_BY_SYSLOG_NG}" = "1" ]; then
		PKG_TO_REMOVE="${PKG_TO_REMOVE} -logd"
		PKG_TO_INSTALL="${PKG_TO_INSTALL} syslog-ng"
	else
		PKG_TO_REMOVE="${PKG_TO_REMOVE} -syslog-ng"
		PKG_TO_INSTALL="${PKG_TO_INSTALL} logd"
	fi
	#
	# USB storage drivers
	PKG_TO_INSTALL="${PKG_TO_INSTALL} block-mount e2fsprogs kmod-fs-ext4 kmod-fs-msdos kmod-scsi-core kmod-usb-storage"
	#
	echo "${PKG_TO_REMOVE} ${PKG_TO_INSTALL}"
	return 0
}
#####################
# FUNCTIONS END		#
#####################
#
# installPrequisites
#
# Generate package list.
PACKAGE_LIST="$(generatePackageList)"
echo "[INFO] PACKAGE_LIST=[${PACKAGE_LIST}]"
#
# Build image.
cd "$(find /root/ -type d -name "openwrt-imagebuilder*" | head -1)"
# make info | grep tplink
# make clean
#
make image PROFILE="tplink_archer-c7-v2" PACKAGES="${PACKAGE_LIST}"
make image PROFILE="tplink_archer-c7-v5" PACKAGES="${PACKAGE_LIST}"
#
ls -al /root/openwrt-imagebuilder*/bin/targets/ath79/generic/*.bin
#
exit 0
5 Likes

@Router What packages , use case did you have when testing the rc? It works pretty well for me, e.g. I had dns server listening and ipv6 disabled.

That's awesome! tnx for maintaining it :smiley:

I just built a 19.07.7 image yesterday and installed it today on my v5, also using it on bridge.

What's batman-adv used for? How much storage is ur image consuming from /dev/root?

Would u mind sharing ur network config for bridged usage?

To be clear, I do NOT maintain the OpenWrt code/images. I've just used ImageBuilder to "bundle" it from the official image and opkg sources.

df -h shows

Filesystem                Size      Used Available Use% Mounted on
/dev/root                 8.3M      8.3M         0 100% /rom
tmpfs                    60.3M    108.0K     60.2M   0% /tmp
/dev/mtdblock9            4.8M    340.0K      4.4M   7% /overlay
overlayfs:/overlay        4.8M    340.0K      4.4M   7% /
tmpfs                   512.0K         0    512.0K   0% /dev

I use batman-adv to have on mesh SSID (802.11s) running that carries the traffic of multiple VLAN networks through the batman interface. For example, you can build a mesh network with "only driven by wireless uplink" access points. One VLAN is the management VLAN where I can access the AP's web UI LUCI, one VLAN is a corporate network and one VLAN is a guest network. Without batman-adv, you would have needed to configure multiple WDS SSID for every single VLAN to provide it to a non-wired access point "on the outside".

My configs are:
/etc/rc.local - Avoids uncaught crashing of the ath10k wifi driver.

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

/bin/bash /root/wrtwatchdog start

exit 0

/etc/sysctl.conf - Turns off IPv6 (better network performance, proof still under investigation why that is better)

# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

/etc/sysupgrade.conf - Preserve /root on upgrade

## This file contains files and directories that should
## be preserved during an upgrade.

# /etc/example.conf
# /etc/openvpn/

/root

/etc/config/dhcp - turn off DNS server on external interfaces, preserve on lo (for the opkg update) - Note the "list interface 'lo'"

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option domain 'mycorp.local'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	list interface 'lo'

config dhcp 'lan'
	option interface 'lan'
	option ignore '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

/etc/config/network - Provide the BATMAN hardIF - VL10 (management VLAN) - VL50 (client VLAN)

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'TO_FILL'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '10'
	option ports '0t 1t'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option vid '50'
	option ports '0t 1t'

config interface 'VL10'
	option proto 'static'
	option delegate '0'
	option ipaddr 'TO_FILL'
	option netmask 'TO_FILL'
	option gateway 'TO_FILL'
	option broadcast 'TO_FILL'
	option igmp_snooping '1'
	option igmp_v3 '1'
	option multicast_querier '0'
	option ifname 'bat0.10 eth0.10'
	list dns 'TO_FILL'
	list dns 'TO_FILL'
	option type 'bridge'

config interface 'VL50'
	option type 'bridge'
	option proto 'static'
	option delegate '0'
	option igmp_snooping '1'
	option igmp_v3 '1'
	option multicast_querier '0'
	option ifname 'bat0.50 eth0.50'

config interface 'bat0'
	option proto 'batadv'
	option routing_algo 'BATMAN_IV'
	option aggregation '1'
	option ap_isolation '0'
	option bonding '0'
	option fragmentation '1'
	option gw_mode 'off'
	option log_level '0'
	option orig_interval '10000'
	option bridge_loop_avoidance '1'
	option distributed_arp_table '1'
	option multicast_mode '1'
	option network_coding '0'
	option hop_penalty '30'
	option isolation_mark '0x00000000/0x00000000'

config interface 'nwi_mesh0'
	option mtu '1532'
	option proto 'batadv_hardif'
	option master 'bat0'

/etc/config/wireless - Provide the 802.11s mesh interface and attach it to "nwi_mesh0" (batman hardIF) - Provide SSID (VLAN 50) where your client machines connect to. The VLAN 50 is driven through the batman-adv wireless mesh tunnel.


config wifi-device 'radio0'
	option type 'mac80211'
	option beacon_int '100'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0'
	option htmode 'VHT80'
	option txpower '23'
	option country 'DE'
	option legacy_rates '0'
	option noscan '0'
	option disabled '0'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '1'
	option hwmode '11g'
	option path 'platform/ahb/18100000.wmac'
	option htmode 'HT40'
	option txpower '20'
	option country 'DE'
	option legacy_rates '0'
	option noscan '0'
	option disabled '0'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option disabled '0'
	option mode 'mesh'
	option mesh_id 'CORPMESH'
	option encryption 'sae'
	option dtim_period '1'
	option disassoc_low_ack '0'
	option key 'TO_FILL'
	option network 'nwi_mesh0'
	option mesh_fwding '0'
	option mesh_rssi_threshold '0'

config wifi-iface 'wifinet1'
	option device 'radio0'
	option disabled '0'
	option mode 'ap'
	option ssid 'CLIENT_WIFI_TO_FILL'
	option network 'VL50'
	option dtim_period '1'
	option disassoc_low_ack '0'
	option encryption 'wpa2+ccmp'
	option auth_server 'TO_FILL_FOR_EAP'
	option auth_port '1812'
	option acct_server '1TO_FILL_FOR_EAP'
	option acct_port '1813'
	option nasid 'TO_FILL_FOR_EAP'
	option ieee80211w '1'
	option wpa_disable_eapol_key_retries '1'
	option auth_secret 'TO_FILL_FOR_EAP'
	option acct_secret 'TO_FILL_FOR_EAP'

/etc/config/firewall

config defaults
	option syn_flood '1'
	option output 'ACCEPT'
	option forward 'REJECT'
	option input 'REJECT'

config include
	option path '/etc/firewall.user'

config zone
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'VL10'
	option input 'ACCEPT'
	option name 'VL10'

config zone
	option name 'VL50'
	option input 'REJECT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'VL50'
1 Like

wow I plan in the future to implement some VLANs and have them on different SSIDs, do I need batman-adv for that??

Why do u have firewall if it's bridged?

1 Like

Thanks for confirming that.

1 Like

wow I plan in the future to implement some VLANs and have them on different SSIDs, do I need batman-adv for that??

If you'd like to use one ( ! ) mesh SSID to carry over all VLANs to your non-wired APs, then yes, you'll be best with batman-adv. If it's okay for you to configure multiple WDS-AP-to-AP bridges per VLAN, you can go without it.

My setup is like this:

LOCATION A
(UPLINK: VLAN trunk - VLAN 10 mgmt + VLAN 50 client)
<==(wired)==> Mesh AP 1, radio 0, 802.11s SSID "corpmesh" using batman-adv
<==(wireless BRIDGE)==> Mesh AP 2

  • radio 0, MESH-POINT 802.11s SSID "corpmesh" using batman-adv (VLAN 10 + 50)
  • radio 0, AP WPA2-EAP SSID "clientMachineWifi" (VLAN 50)
    LOCATION B

This allows me to put VLAN 50's services on LOCATION A and let client machines to connect to "clientMachineWifi" at location B to access the services from far away through the "mesh+batman" wireless tunnel.

Why do u have firewall if it's bridged?

It's a "left-over" of the defaults. I wasn't sure if its okay to remove this package if not required as it's part of the default LUCI configuration web UI and seemed to me as a core part of the OpenWrt OS. I thought it wouldn't hurt leaving it in place "as-is" because bridged interfaces don't go through the iptables firewall ("same-subnet rule of thumb").