TD-W8970 bridged modem 23.05?

i've been using this device for a decade thanks to openwrt, as i understand the next release will not support this device anymore (please correct me if i'm wrong) do to age limits. this is sad because it's one of the few vdsl modems that can run openwrt. i've build an image (imagebuilder 22.03.5) to use this device as a bridged vdsl modem only since routing or wifi is not an option obviously for performance but as a bridged modem it can handle a 100mb fttc line just fine, image is 7mb no wifi, no dnsmasq, etc, yet with luci-ssl included (and a few packages) and still have some free space.

  • is there a chance to save this device just as a bridged modem in 23.05?
  • will it be possible to build a basic image just for bridged modem use in 23.05?
  • how safe is to use this device in future years just as a bridged modem (no internet access to device) if there is no chance of an upgrade? i'm not going to throw away a working device :slight_smile:


just for reference
free space:

installed packages:

ase-files - 1502-r20134-5f15225c1e
br2684ctl - 2.5.2-7
busybox - 1.35.0-5
ca-bundle - 20230311-1
cgi-io - 2022-08-10-901b0f04-21
dropbear - 2022.82-2
dsl-vrx200-firmware-xdsl-b -
firewall4 - 2022-10-18-7ae5e14b-1
fstools - 2022-06-02-93369be0-2
fwtool - 2019-11-12-8f7fe925-1
getrandom - 2021-08-03-205defb5-2
htop - 3.2.2-1
ip-bridge - 5.15.0-4
jansson4 - 2.13.1-2
jshn - 2022-05-15-d2223ef9-1
jsonfilter - 2018-02-04-c7e938d6-1
kernel - 5.10.176-1-b9bebdfbaa90ead22293aa3b3e7fe7a3
kmod-atm - 5.10.176-1
kmod-crypto-aead - 5.10.176-1
kmod-crypto-crc32c - 5.10.176-1
kmod-crypto-des - 5.10.176-1
kmod-crypto-hash - 5.10.176-1
kmod-crypto-manager - 5.10.176-1
kmod-crypto-null - 5.10.176-1
kmod-gpio-button-hotplug - 5.10.176-3
kmod-leds-gpio - 5.10.176-1
kmod-lib-crc-ccitt - 5.10.176-1
kmod-lib-crc32c - 5.10.176-1
kmod-ltq-atm-vr9 - 5.10.176-3
kmod-ltq-deu-vr9 - 5.10.176-43
kmod-ltq-ifxos - 5.10.176+1.7.1-1
kmod-ltq-ptm-vr9 - 5.10.176-3
kmod-ltq-vdsl-vr9 - 5.10.176+
kmod-ltq-vdsl-vr9-mei - 5.10.176+
kmod-ltq-vectoring - 5.10.176+2019-05-20-4fa7ac30-1
kmod-nf-conntrack - 5.10.176-1
kmod-nf-conntrack6 - 5.10.176-1
kmod-nf-flow - 5.10.176-1
kmod-nf-log - 5.10.176-1
kmod-nf-log6 - 5.10.176-1
kmod-nf-nat - 5.10.176-1
kmod-nf-reject - 5.10.176-1
kmod-nf-reject6 - 5.10.176-1
kmod-nfnetlink - 5.10.176-1
kmod-nft-core - 5.10.176-1
kmod-nft-fib - 5.10.176-1
kmod-nft-nat - 5.10.176-1
kmod-nft-offload - 5.10.176-1
kmod-ppp - 5.10.176-1
kmod-pppoa - 5.10.176-1
kmod-pppoe - 5.10.176-1
kmod-pppox - 5.10.176-1
kmod-slhc - 5.10.176-1
libblobmsg-json20220515 - 2022-05-15-d2223ef9-1
libc - 1.2.3-4
libgcc1 - 11.2.0-4
libiwinfo-data - 2022-12-15-8d158096-1
libiwinfo-lua - 2022-12-15-8d158096-1
libiwinfo20210430 - 2022-12-15-8d158096-1
libjson-c5 - 0.15-2
libjson-script20220515 - 2022-05-15-d2223ef9-1
liblua5.1.5 - 5.1.5-10
liblucihttp-lua - 2023-03-15-9b5b683f-1
liblucihttp0 - 2023-03-15-9b5b683f-1
libmnl0 - 1.0.5-1
libncurses6 - 6.3-2
libnftnl11 - 1.2.1-2
libnl-tiny1 - 2021-11-21-8e0555fb-1
libopenssl1.1 - 1.1.1t-3
libpopt0 - 1.16-2
libpthread - 1.2.3-4
librt - 1.2.3-4
libubox20220515 - 2022-05-15-d2223ef9-1
libubus-lua - 2022-06-01-2bebf93c-1
libubus20220601 - 2022-06-01-2bebf93c-1
libuci20130104 - 2021-10-22-f84f49f0-6
libuclient20201210 - 2023-04-13-007d9454-1
libucode20220812 - 2022-12-02-46d93c9c-1
libustream-wolfssl20201210 - 2022-12-08-9217ab46-2
libwolfssl5.5.4.ee39414e - 5.5.4-stable-1
linux-atm - 2.5.2-7
logd - 2021-08-03-205defb5-2
ltq-dsl-base - 3
ltq-vdsl-app -
lua - 5.1.5-10
luci - git-23.093.42303-d58cd69
luci-app-firewall - git-23.093.42704-1c01c64
luci-app-opkg - git-23.093.42303-e16f620
luci-base - git-23.119.80898-65ef406
luci-lib-base - git-20.232.39649-1f6dc29
luci-lib-ip - git-20.250.76529-62505bd
luci-lib-jsonc - git-22.097.61921-7513345
luci-lib-nixio - git-20.234.06894-c4a4e43
luci-mod-admin-full - git-19.253.48496-3f93650
luci-mod-network - git-23.150.26444-c5db28c
luci-mod-status - git-23.158.78816-1c26abc
luci-mod-system - git-23.118.78821-0c02883
luci-proto-ipv6 - git-21.148.48881-79947af
luci-proto-ppp - git-21.158.38888-88b9d84
luci-ssl - git-20.244.36115-e10f954
luci-theme-bootstrap - git-23.093.42704-b47268a
mtd - 26
netifd - 2022-08-25-76d2d41b-1
nftables-json - 1.0.2-2.1
openssh-sftp-server - 8.9p1-1
openwrt-keyring - 2022-03-25-62471e69-3
opkg - 2022-02-24-d038e5b6-1
ppp - 2.4.9.git-2021-01-04-3
ppp-mod-pppoa - 2.4.9.git-2021-01-04-3
ppp-mod-pppoe - 2.4.9.git-2021-01-04-3
procd - 2022-06-01-7a009685-2
procd-seccomp - 2022-06-01-7a009685-2
procd-ujail - 2022-06-01-7a009685-2
px5g-wolfssl - 6.2
rpcd - 2022-12-15-7de4820c-1
rpcd-mod-file - 2022-12-15-7de4820c-1
rpcd-mod-iwinfo - 2022-12-15-7de4820c-1
rpcd-mod-luci - 20210614
rpcd-mod-rrdns - 20170710
rsync - 3.2.7-1
screen - 4.8.0-2
terminfo - 6.3-2
ubi-utils - 2.1.4-1
ubox - 2021-08-03-205defb5-2
ubus - 2022-06-01-2bebf93c-1
ubusd - 2022-06-01-2bebf93c-1
uci - 2021-10-22-f84f49f0-6
uclient-fetch - 2023-04-13-007d9454-1
ucode - 2022-12-02-46d93c9c-1
ucode-mod-fs - 2022-12-02-46d93c9c-1
ucode-mod-ubus - 2022-12-02-46d93c9c-1
ucode-mod-uci - 2022-12-02-46d93c9c-1
uhttpd - 2022-10-31-23977554-1
uhttpd-mod-ubus - 2022-10-31-23977554-1
urandom-seed - 3
urngd - 2020-01-21-c7f7b6b6-1
usign - 2020-05-23-f1f65026-1
zlib - 1.2.11-6

8mb flash devices will be EOLed after 23.05, but if you are capable of stripping it enough, you might be able to use it later as well.

1 Like

The problem with this kind of devices is that the modem (and if present, the analogue phone hardware) needs more support firmware than a simple wireless router (e.g. ath79 or mt7621), reducing the already small flash even further (and in many cases the OEM partitioning makes that often even worse). At the end of the day, you will have to check how much flash is at your disposal - and what you can drop from your customs builds (first imagebuilder should suffice, at a later date custom builds from source might become required to reduce the space usage best) while still remaining viable for your use case (of running a bridged modem).

Other than for 4/32 systems (where the formal decision to drop them came several years late), I don't see a sharp cliff for 8/64 devices (with adapted expectations, but that isn't really news for those devices either) yet, they will likely start to suffer more gradually and gracefully for now.

thank you for clarifications, i might have a few more years of life.. at this point this device is part of the family :slight_smile: jokes aside will look for some raccomandations.

out of curiosity is this a total security no go? (maybe just keeping the vdsl firmware updated)


If it's just operating as a bridged modem between dsl and wan port, along with a bridged lan on lan0 to lan2 ports, and with no services running - then the main security consideration is ensuring no traffic escapes between modem and lan (i.e. no forwarding between wan and lan).

If it wasn't for you using SSL with LUCI I'd have said if it's stable then with no other security considerations in this use case it'd be perfectly fine to stay (forever) with the current build. Should an update to the SSL library be required I believe you should still be able to build yourself a newer release.

Easiest to use a two cable setup allowing the upper router to manage any DSL required VLAN tagging, and assign the modem on the bridged lan for example. Single cable setup can be painful mixing VLAN tagging, firewalling and routing.

From what I read in the -rc1 release notes:

lantiq/xrx200 target is not build because the DSA driver still shows some error messages. Fix is planned before the final OpenWrt 23.05 release.

This device will work with 23.05.x, and possibly with the next release after (but possibly only using imagebuilder or building it yourself)

If you plan on using it just as a bridge, why would you be worried if it is not up-to-date? The attack surface is greatly reduced in that case - it is not zero but it's nowhere near than if used as a router.

1 Like

thank you all for clarification on security concerns :slight_smile:

yes, it is running just as a bridged modem with no services, wifi or routing/forwarding enable, luci-ssl is installed just because "it could fit" and uhttpd is actually disabled.. i could just remove that from build..

let's see for how long this bad-boy will survive :crossed_fingers:



network config just for referece:

config dsl 'dsl'
        option annex 'b'
        option tone 'bv'
        option xfer_mode 'ptm'
        option line_mode 'vdsl'


config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'

config bridge-vlan
        option device 'br-lan'
        option vlan '3'
        list ports 'lan1:t'
        list ports 'lan2:t'

config interface 'lan'
        option proto 'static'
        option netmask ''
        option ip6assign '60'
        option ipaddr ''
        option device 'br-lan.3'


config device
        option type 'bridge'
        list ports 'lan3'
        list ports 'dsl0.100'
        option name 'br-modem'

config bridge-vlan
        option device 'br-modem'
        option vlan '2'
        list ports 'lan3:t'
        list ports 'dsl0.100'

config interface 'modem'
        option proto 'none'
        option device 'br-modem.2'