Wi-Fi Mesh and Banking App - 24.10.4

I recently upgraded from 23.05 to 24.10.4 and I’ve noticed one of my banking apps just hags on the login page when using the Wi-Fi.

The set up I have is my ISP router my main OpenWrt router sits behind this and then I also have another router flashed with OpenWrt that is a AP that talks wirelessly to the main OpenWrt.

Everything was working fine on 23.05 but once I noticed this issue. The only thing of note I did differently was using wpad-mesh-wolfssl instead of openssl like I had on 25.05. The reason I did this was because my AP didn’t have enough flash and I read wolfssl took up a lot less memory.

Anyway I wasn’t sure how to debug it so I put the logs into ChatGPT and it focused in on

Logs show repeated br-lan: received packet on wlX-meshX with own address as source messages — indicating a bridging loop.

It suggested creating another interface called mesh and assigning IPs with the AP taking the IP of the main OpenWrt router as it’s gateway IP. I did try this but I was doing it wirelessly on the AP router so it never worked.

I was going to do a fresh install on both with 24.10.5 but I’m not sure that will fix it or not.

How should I go about debugging this?
When I connect to the main router via WireGuard on my phone (and on data) or on the ISP WiFi the banking app works fine it’s only on the WiFi from the OpenWrt routers.

You've not given any crucial information.
Can you confirm the router model, why you've updated to 24.10.4 instead of 24.10.5 and confirm your network configuration?

Just ensure you have a dedicated Mac address on each and every device when you are using batman...

Hi i has a same problem and 25.10 rc1 has a same problèm

23.05 is good

So far so good.
But as @hecatae says, you now need to give us some information about your configs.

Everything else you have said indicates you don't really understand the config you have.

For example:

So this implies you did not have a mesh interface before.....

Also:

You do indeed have a bridging loop.

Just to be clear, why do you think you need a mesh?

1. To provide an 802.11s backhaul the mesh nodes can connect to
   or
2. To allow your user devices to seamlessly roam between your access points?

The circumstantial evidence of your comments makes me think you are after number 2 above.

Show us your config details so we can help you.....

I would say could. Because every time yet it was just non individual Mac addresses and no actual bridge loop. But we will know more if OP has ensured it.

Well yes, duplicate mac addresses could cause the problem, that's true.
But the snippets of information he has given us sound so familiar ie the many instances on this forum where someone assumes "mesh" means roaming. Maybe not in this case but unless we get some config info we may never know.

He does say:

But that is a strange way of describing a mesh connection if you are aware of what mesh actually is.

Then we have the "Banking Ap" - does he have Internet access other than to his bank? All very suspicious.

A very garbled story.

I am making a guess here, based on what we know and what has happened in other threads.

Time will tell - or not.

Recommending an end of life release, instead of helping to resolve the issue with the current version, is not helpful.

I’ll be the first to admit that my knowledge is limited when it comes to this. I wanted a mesh as the signal in one part of the house is quite poor and there is a desktop computer and printer both connected to the AP router. Prior to setting up the mesh I had used a repeater using DD-WRT on a very old Linksys router. The reason I wanted mesh was for faster speed and I liked the way it did the handover to the closest WiFi as the old set up would hang on the WiFi network that was first connected to and not swap to the closer one.

What would be the best config to share? the wireless config?

Hostname OpenWrt-b (Main OpenWrt router)
Model Linksys E8450 (UBI)

root@OpenWrt-b:~# cat /etc/config/wireless

config wifi-device 'radio0'
option type 'mac80211'
option phy 'wl0'
option cell_density '0'
option htmode 'HT20'
option band '2g'
option channel '1'
option country 'IE'

config wifi-device 'radio1'
option type 'mac80211'
option phy 'wl1'
option band '5g'
option channel '36'
option htmode 'VHT80'
option cell_density '0'
option country 'IE'

config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'mesh'
option encryption 'none'
option mesh_id 'my-mesh'
option mesh_fwding '1'
option mesh_rssi_threshold '0'
option network 'lan'
option disabled '1'

config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option ssid 'my-ssid'
option encryption 'psk-mixed'
option key 'password'
option network 'lan'

config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'mesh'
option encryption 'none'
option mesh_id 'my-mesh'
option mesh_fwding '1'
option mesh_rssi_threshold '0'
option network 'lan'

root@OpenWrt-b:~#

root@OpenWrt-b:~# cat /etc/config/network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd67:cc88:****::/48'
option packet_steering '1'

config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.11.1'
option netmask '255.255.255.0'
option ip6assign '60'

config interface 'wan'
option device 'wan'
option proto 'dhcp'

config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'

config interface 'vpn'
option proto 'wireguard'

Hostname OpenWrt-tp (AP)
Model TP-Link Archer C6 v2 (EU/RU/JP)

root@OpenWrt-tp:~# cat /etc/config/wireless

config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option band '5g'
option channel '36'
option htmode 'VHT80'
option cell_density '0'
option country 'IE'

config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option band '2g'
option channel '1'
option htmode 'HT20'
option cell_density '0'

config wifi-iface 'wifinet0'
option device 'radio1'
option mode 'mesh'
option encryption 'none'
option mesh_id 'my-mesh'
option mesh_fwding '1'
option mesh_rssi_threshold '0'
option network 'lan'

config wifi-iface 'wifinet1'
option device 'radio1'
option mode 'ap'
option ssid 'my-ssid'
option encryption 'psk-mixed'
option key 'password'
option network 'lan'

config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'my-ssid'
option encryption 'psk-mixed'
option key 'password'
option network 'lan'

config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'mesh'
option encryption 'none'
option mesh_id 'my-mesh'
option mesh_fwding '1'
option mesh_rssi_threshold '0'
option network 'lan'

root@OpenWrt-tp:~#

root@OpenWrt-tp:~# cat /etc/config/network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd13:dff7:****::/48'
option packet_steering '1'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'

config interface 'lan'
option device 'br-lan'
option proto 'dhcp'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'

root@OpenWrt-tp:~#

That is NOT a mesh, that is ROAMING.

Also you have two mesh interfaces defined in your wireless config, this of course will create a mesh-bridge-loop - to the network this is just like putting a PA system microphone next to the speakers - It will howl and scream until it's dead... "Dead" being saturated with packets whizzing round and round.

I had it in my mind WiFi roaming the client device does the switching while with WiFi mesh its the routers that decide which network the client device should be connected to?

The mesh config is there for both 2.4GHz and 5GHz but on the main router I’ve disabled the 2.4GHz mesh however both are enabled the AP mesh. If this is the cause then why am I only seeing an issue on a Banking App and nothing else?

A mesh is a wireless backhaul consisting of mesh nodes. Normal user/client devices cannot connect directly to a mesh backhaul because they are not mesh nodes. Instead they must connect to an access point that is either connected to a mesh node or, more usually, built in to a mesh node.

The mesh backhaul will be saturated by the mesh-bridge-loop so everything will be super slow and erratic.
Banking apps tend to be very sensitive and do all sorts of security cross checking, so perhaps that is the reason... Who knows...

can you give an opkg list-installed for both devices?

Cool. I’ll will disable on the AP router, test it out and report back.

Sure. However to save space and install wpad-mesh-wolfssl on the AP router I removed opkg package but I can give you the output of /usr/lib/opkg/status.

Main router:

OpenWrt 24.10.4, r28959-29397011cc

root@OpenWrt-b:~# opkg list-installed
base-files - 1665~29397011cc
busybox - 1.36.1-r2
ca-bundle - 20250419-r1
cgi-io - 2022.08.10~901b0f04-r21
curl - 8.12.1-r1
ddns-scripts - 2.8.2-r64
ddns-scripts-services - 2.8.2-r64
dnsmasq - 2.90-r4
dropbear - 2024.86-r1
etherwake - 1.09-r5
firewall4 - 2024.12.18~18fc0ead-r1
fitblk - 2
fstools - 2024.07.14~408c2cc4-r1
fwtool - 2019.11.12~8f7fe925-r1
getrandom - 2024.04.26~85f10530-r1
hostapd-common - 2024.09.15~5ace39b0-r2
ip-tiny - 6.11.0-r1
iw - 6.9-r1
iwinfo - 2024.10.20~b94f066e-r1
jansson4 - 2.14-r3
jshn - 2025.07.23~49056d17-r1
jsonfilter - 2025.04.18~8a86fb78-r1
kernel - 6.6.110~afd40c8eeeeb9c2687b86b1756cbcd8d-r1
kmod-cfg80211 - 6.6.110.6.12.52-r1
kmod-crypto-acompress - 6.6.110-r1
kmod-crypto-aead - 6.6.110-r1
kmod-crypto-ccm - 6.6.110-r1
kmod-crypto-cmac - 6.6.110-r1
kmod-crypto-crc32c - 6.6.110-r1
kmod-crypto-ctr - 6.6.110-r1
kmod-crypto-gcm - 6.6.110-r1
kmod-crypto-geniv - 6.6.110-r1
kmod-crypto-gf128 - 6.6.110-r1
kmod-crypto-ghash - 6.6.110-r1
kmod-crypto-hash - 6.6.110-r1
kmod-crypto-hmac - 6.6.110-r1
kmod-crypto-kpp - 6.6.110-r1
kmod-crypto-lib-chacha20 - 6.6.110-r1
kmod-crypto-lib-chacha20poly1305 - 6.6.110-r1
kmod-crypto-lib-curve25519 - 6.6.110-r1
kmod-crypto-lib-poly1305 - 6.6.110-r1
kmod-crypto-manager - 6.6.110-r1
kmod-crypto-null - 6.6.110-r1
kmod-crypto-rng - 6.6.110-r1
kmod-crypto-seqiv - 6.6.110-r1
kmod-crypto-sha3 - 6.6.110-r1
kmod-crypto-sha512 - 6.6.110-r1
kmod-gpio-button-hotplug - 6.6.110-r5
kmod-hwmon-core - 6.6.110-r1
kmod-leds-gpio - 6.6.110-r1
kmod-lib-crc-ccitt - 6.6.110-r1
kmod-lib-crc32c - 6.6.110-r1
kmod-lib-lzo - 6.6.110-r1
kmod-mac80211 - 6.6.110.6.12.52-r1
kmod-mt76-connac - 6.6.110.2025.09.15~6467af3b-r1
kmod-mt76-core - 6.6.110.2025.09.15~6467af3b-r1
kmod-mt7615-common - 6.6.110.2025.09.15~6467af3b-r1
kmod-mt7615e - 6.6.110.2025.09.15~6467af3b-r1
kmod-mt7622-firmware - 6.6.110.2025.09.15~6467af3b-r1
kmod-mt7915-firmware - 6.6.110.2025.09.15~6467af3b-r1
kmod-mt7915e - 6.6.110.2025.09.15~6467af3b-r1
kmod-nf-conntrack - 6.6.110-r1
kmod-nf-conntrack6 - 6.6.110-r1
kmod-nf-flow - 6.6.110-r1
kmod-nf-log - 6.6.110-r1
kmod-nf-log6 - 6.6.110-r1
kmod-nf-nat - 6.6.110-r1
kmod-nf-reject - 6.6.110-r1
kmod-nf-reject6 - 6.6.110-r1
kmod-nfnetlink - 6.6.110-r1
kmod-nft-core - 6.6.110-r1
kmod-nft-fib - 6.6.110-r1
kmod-nft-nat - 6.6.110-r1
kmod-nft-offload - 6.6.110-r1
kmod-nls-base - 6.6.110-r1
kmod-ppp - 6.6.110-r1
kmod-pppoe - 6.6.110-r1
kmod-pppox - 6.6.110-r1
kmod-slhc - 6.6.110-r1
kmod-thermal - 6.6.110-r1
kmod-udptunnel4 - 6.6.110-r1
kmod-udptunnel6 - 6.6.110-r1
kmod-usb-core - 6.6.110-r1
kmod-usb-xhci-hcd - 6.6.110-r1
kmod-usb-xhci-mtk - 6.6.110-r1
kmod-usb3 - 6.6.110-r1
kmod-wireguard - 6.6.110-r1
libblobmsg-json20240329 - 2025.07.23~49056d17-r1
libc - 1.2.5-r4
libcurl4 - 8.12.1-r1
libgcc1 - 13.3.0-r4
libiwinfo-data - 2024.10.20~b94f066e-r1
libiwinfo20230701 - 2024.10.20~b94f066e-r1
libjson-c5 - 0.18-r1
libjson-script20240329 - 2025.07.23~49056d17-r1
liblucihttp-ucode - 2023.03.15~9b5b683f-r1
liblucihttp0 - 2023.03.15~9b5b683f-r1
libmbedtls21 - 3.6.5-r1
libmnl0 - 1.0.5-r1
libnftnl11 - 1.2.8-r1
libnghttp2-14 - 1.63.0-r1
libnl-tiny1 - 2025.03.19~c0df580a-r1
libpthread - 1.2.5-r4
libubox20240329 - 2025.07.23~49056d17-r1
libubus20250102 - 2025.10.17~60e04048-r1
libuci20250120 - 2025.01.20~16ff0bad-r1
libuclient20201210 - 2024.10.22~88ae8f20-r1
libucode20230711 - 2025.07.18~3f64c808-r1
libudebug - 2025.08.24~edeb4d6d
libustream-mbedtls20201210 - 2024.07.28~99bd3d2b-r1
libwolfssl5.7.6.e624513f - 5.7.6-r1
logd - 2024.04.26~85f10530-r1
luci - 25.292.66247~75e41cb
luci-app-ddns - 25.306.63282~f9ca0a5
luci-app-firewall - 25.292.66247~75e41cb
luci-app-package-manager - 25.292.66247~75e41cb
luci-app-wol - 25.313.53093~ae2aec8
luci-base - 25.292.66247~75e41cb
luci-lib-uqr - 25.306.63282~f9ca0a5
luci-light - 25.292.66247~75e41cb
luci-mod-admin-full - 25.292.66247~75e41cb
luci-mod-network - 25.292.66247~75e41cb
luci-mod-status - 25.292.66247~75e41cb
luci-mod-system - 25.292.66247~75e41cb
luci-proto-ipv6 - 25.292.66247~75e41cb
luci-proto-ppp - 25.292.66247~75e41cb
luci-proto-wireguard - 25.306.63282~f9ca0a5
luci-ssl - 25.292.66247~75e41cb
luci-theme-bootstrap - 25.292.66247~75e41cb
mtd - 26
netifd - 2025.05.23~7901e66c-r1
nftables-json - 1.1.1-r1
odhcp6c - 2024.09.25~b6ae9ffa-r1
odhcpd-ipv6only - 2025.10.02~b14cf98c-r1
openwrt-keyring - 2024.11.01~fbae29d7-r2
opkg - 2024.10.16~38eccbb1-r1
ppp - 2.5.1-r1
ppp-mod-pppoe - 2.5.1-r1
procd - 2024.12.22~42d39376-r1
procd-seccomp - 2024.12.22~42d39376-r1
procd-ujail - 2024.12.22~42d39376-r1
px5g-mbedtls - 11
resolveip - 2
rpcd - 2025.09.01~bba95191-r1
rpcd-mod-file - 2025.09.01~bba95191-r1
rpcd-mod-iwinfo - 2025.09.01~bba95191-r1
rpcd-mod-luci - 20240305-r1
rpcd-mod-rrdns - 20170710
rpcd-mod-ucode - 2025.09.01~bba95191-r1
ubi-utils - 2.2.1-r1
uboot-envtools - 2024.07-r1
ubox - 2024.04.26~85f10530-r1
ubus - 2025.10.17~60e04048-r1
ubusd - 2025.10.17~60e04048-r1
uci - 2025.01.20~16ff0bad-r1
uclient-fetch - 2024.10.22~88ae8f20-r1
ucode - 2025.07.18~3f64c808-r1
ucode-mod-fs - 2025.07.18~3f64c808-r1
ucode-mod-html - 1
ucode-mod-math - 2025.07.18~3f64c808-r1
ucode-mod-nl80211 - 2025.07.18~3f64c808-r1
ucode-mod-rtnl - 2025.07.18~3f64c808-r1
ucode-mod-ubus - 2025.07.18~3f64c808-r1
ucode-mod-uci - 2025.07.18~3f64c808-r1
ucode-mod-uloop - 2025.07.18~3f64c808-r1
uhttpd - 2025.07.06~7e64e8ba-r4
uhttpd-mod-ubus - 2025.07.06~7e64e8ba-r4
urandom-seed - 3
urngd - 2023.11.01~44365eb1-r1
usign - 2020.05.23~f1f65026-r1
wifi-scripts - 1.0-r1
wireguard-tools - 1.0.20210914-r4
wireless-regdb - 2025.07.10-r1
wpad-mesh-wolfssl - 2024.09.15~5ace39b0-r2
root@OpenWrt-b:~#

AP router:

OpenWrt 24.10.4, r28959-29397011cc

root@OpenWrt-tp:~# sed -n 's/^Package: //p; s/^Version: / - /p' /usr/lib/opkg/status | sed 'N;s/\n//'
iwinfo - 2024.10.20~b94f066e-r1
liblucihttp0 - 2023.03.15~9b5b683f-r1
cgi-io - 2022.08.10~901b0f04-r21
libc - 1.2.5-r4
kmod-crypto-gf128 - 6.6.110-r1
ubus - 2025.10.17~60e04048-r1
iw - 6.9-r1
kmod-crypto-manager - 6.6.110-r1
rpcd - 2025.09.01~bba95191-r1
busybox - 1.36.1-r2
kmod-crypto-ctr - 6.6.110-r1
libiwinfo20230701 - 2024.10.20~b94f066e-r1
kmod-nft-fib - 6.6.110-r1
kmod-nfnetlink - 6.6.110-r1
kmod-crypto-hash - 6.6.110-r1
kmod-nf-reject6 - 6.6.110-r1
kmod-crypto-aead - 6.6.110-r1
swconfig - 12
luci-mod-system - 25.320.79529~76ce5ef
kmod-nf-flow - 6.6.110-r1
libnl-tiny1 - 2025.03.19~c0df580a-r1
ucode-mod-uloop - 2025.07.18~3f64c808-r1
getrandom - 2024.04.26~85f10530-r1
ucode-mod-ubus - 2025.07.18~3f64c808-r1
luci-theme-bootstrap - 25.320.79529~76ce5ef
kmod-nf-reject - 6.6.110-r1
procd-ujail - 2024.12.22~42d39376-r1
base-files - 1665~29397011cc
kmod-nf-nat - 6.6.110-r1
kmod-crypto-crc32c - 6.6.110-r1
ucode-mod-uci - 2025.07.18~3f64c808-r1
libustream-mbedtls20201210 - 2024.07.28~99bd3d2b-r1
netifd - 2025.05.23~7901e66c-r1
wpad-mesh-wolfssl - 2024.09.15~5ace39b0-r2
firewall4 - 2024.12.18~18fc0ead-r1
uboot-envtools - 2024.07-r1
ipq-wifi-tplink_archer-c6-v2 - 2025.10.17~a1529e18-r1
dnsmasq - 2.90-r4
procd - 2024.12.22~42d39376-r1
kmod-crypto-hmac - 6.6.110-r1
ubusd - 2025.10.17~60e04048-r1
rpcd-mod-ucode - 2025.09.01~bba95191-r1
ucode-mod-math - 2025.07.18~3f64c808-r1
kmod-lib-crc32c - 6.6.110-r1
libubus20250102 - 2025.10.17~60e04048-r1
luci-mod-status - 25.320.79529~76ce5ef
kmod-crypto-sha512 - 6.6.110-r1
kmod-crypto-seqiv - 6.6.110-r1
kmod-nft-nat - 6.6.110-r1
luci-app-firewall - 25.320.79529~76ce5ef
libmbedtls21 - 3.6.5-r1
libmnl0 - 1.0.5-r1
jansson4 - 2.14-r3
odhcp6c - 2024.09.25~b6ae9ffa-r1
fstools - 2024.07.14~408c2cc4-r1
uclient-fetch - 2024.10.22~88ae8f20-r1
kmod-crypto-ghash - 6.6.110-r1
kmod-ath9k - 6.6.110.6.12.52-r1
ath10k-firmware-qca9888-ct - 2020.11.08-r1
uci - 2025.01.20~16ff0bad-r1
ucode-mod-fs - 2025.07.18~3f64c808-r1
dropbear - 2024.86-r1
kmod-hwmon-core - 6.6.110-r1
libnftnl11 - 1.2.8-r1
rpcd-mod-file - 2025.09.01~bba95191-r1
mtd - 26
odhcpd-ipv6only - 2025.10.02~b14cf98c-r2
procd-seccomp - 2024.12.22~42d39376-r1
ucode-mod-nl80211 - 2025.07.18~3f64c808-r1
libjson-script20240329 - 2025.07.23~49056d17-r1
libiwinfo-data - 2024.10.20~b94f066e-r1
ucode - 2025.07.18~3f64c808-r1
rpcd-mod-luci - 20240305-r1
kmod-crypto-ccm - 6.6.110-r1
kmod-nf-log - 6.6.110-r1
luci-app-package-manager - 25.320.79529~76ce5ef
urandom-seed - 3
libuci20250120 - 2025.01.20~16ff0bad-r1
luci-proto-ppp - 25.320.79529~76ce5ef
luci-mod-admin-full - 25.320.79529~76ce5ef
luci-base - 25.320.79529~76ce5ef
kmod-gpio-button-hotplug - 6.6.110-r5
logd - 2024.04.26~85f10530-r1
kmod-nf-log6 - 6.6.110-r1
wifi-scripts - 1.0-r1
kmod-mac80211 - 6.6.110.6.12.52-r1
luci-proto-ipv6 - 25.320.79529~76ce5ef
openwrt-keyring - 2024.11.01~fbae29d7-r2
kmod-crypto-geniv - 6.6.110-r1
jshn - 2025.07.23~49056d17-r1
nftables-json - 1.1.1-r1
ath10k-board-qca9888 - 20241110-r2
kmod-nft-offload - 6.6.110-r1
kmod-crypto-null - 6.6.110-r1
kmod-random-core - 6.6.110-r1
libjson-c5 - 0.18-r1
uhttpd - 2025.07.06~7e64e8ba-r4
kmod-nf-conntrack - 6.6.110-r1
usign - 2020.05.23~f1f65026-r1
libwolfssl5.7.6.e624513f - 5.7.6-r1
libblobmsg-json20240329 - 2025.07.23~49056d17-r1
kmod-crypto-gcm - 6.6.110-r1
kmod-ath10k-ct - 6.6.110.2024.07.30~ac71b14d-r2
ucode-mod-rtnl - 2025.07.18~3f64c808-r1
ca-bundle - 20250419-r1
libuclient20201210 - 2024.10.22~88ae8f20-r1
kmod-crypto-cmac - 6.6.110-r1
ucode-mod-html - 1
luci - 25.320.79529~76ce5ef
kmod-crypto-rng - 6.6.110-r1
kmod-nf-conntrack6 - 6.6.110-r1
luci-light - 25.320.79529~76ce5ef
libgcc1 - 13.3.0-r4
kmod-ath - 6.6.110.6.12.52-r1
ubox - 2024.04.26~85f10530-r1
kernel - 6.6.110~35ef4dd36891d37023436baa842fa311-r1
rpcd-mod-iwinfo - 2025.09.01~bba95191-r1
luci-mod-network - 25.320.79529~76ce5ef
kmod-nft-core - 6.6.110-r1
libucode20230711 - 2025.07.18~3f64c808-r1
uhttpd-mod-ubus - 2025.07.06~7e64e8ba-r4
fwtool - 2019.11.12~8f7fe925-r1
jsonfilter - 2025.04.18~8a86fb78-r1
liblucihttp-ucode - 2023.03.15~9b5b683f-r1
hostapd-common - 2024.09.15~5ace39b0-r2
libubox20240329 - 2025.07.23~49056d17-r1
kmod-ath9k-common - 6.6.110.6.12.52-r1
libudebug - 2025.08.24~edeb4d6d
kmod-crypto-sha3 - 6.6.110-r1
wireless-regdb - 2025.07.10-r1
urngd - 2023.11.01~44365eb1-r1
kmod-cfg80211 - 6.6.110.6.12.52-r1
rpcd-mod-rrdns - 20170710
root@OpenWrt-tp:~#

Removing standard packages does not save any space as the files are just marked as deleted, not actually deleted. Also manually installing uses more pace than you might expect.

This is what the Firmware Selector is for, you build a compressed flash image containing only what you need.

if you are struggling for space, you probably don't need ip-tiny as Busybox has a built in ip applet, you don't need curl, you can use the default wget functionality and more. I addition, as far as I know wpad-mesh-mbedtls is smaller than the pretty much obsolete wpad-mesh-wolfssl.

You should step back and review what you are trying to achieve with all your addon packages.

Which is exactly what I did. I built a custom image via https://firmware-selector.openwrt.org/?version=24.10.4&target=ath79%2Fgeneric&id=tplink_archer-c6-v2 by removing “opkg ppp ppp-mod-pppoe” and adding wpad-mesh-wolfssl to the package list which gave me an image I could then flash on to the router.

I followed this page on what packages I could remove https://openwrt.org/faq/which_packages_can_i_safely_remove_to_save_space

I did the same when installing 23.05 the only difference is that I didn’t remove opkg and installed wpad-mesh-openssl instead of wolfssl. The only reason I did anything different for 24.10 was because it was a larger image and I had to find make more room so I could at least build an image.

May I ask what you would recommend? What I’m trying to achieve is 1. boot the WiFi in another part of the house 2. do this wirelessly 3. everyone connected to the WiFi network can print on a printer connected to the AP router.

There was a reason I did go for wolfssl over mbedtls but I cannot remember now but it could as been as simple as a tutorial I saw online recommend wolfssl or openssl. However I do plan to do a fresh install of both routers to 24.10.5 so I can use mbedtls there to see if that makes a difference.

See if wpad-mbedtls fits for both devices.
I've got it installed on a 8/64 mediatek tplink re205 v3.

Where does wireguard come into this?
Why do you need curl, etherwake, ip-tiny, ddns-scripts, ddns-scripts-services?

There are a lot of things you are not telling us.
You say your "main" router is a Linksys E8450 and you are struggling for space....
This has 512MB ram and 128MB flash so would cover your declared use case without even breaking a sweat.....

Without giving us proper information about what you are trying to do, any recommendation would be a waste of time.

However, if you have been led astray by outdated online tutorials and/or ChatGPT and actually only want your 3 requirements above, then we can help.

I am struggling for space on the router that is acting as an AP (which also has a desktop and printer connected to it via Ethernet) which is a TP-Link Archer C6 v2 (EU/RU/JP). Most recently I had a lot of issues even installing the custom image as while I was able to create an image the overlays folder got mounted to overlayfs:/tmp/root and it took a while to realise this was happening. The main router that is in another part of the house is the E8450 router, as you have correctly identified I do not have any limitation of space on this router (it’s why I bought it due to my struggles with the TP router). I have also set up this with WireGuard so that when I am outside the country I can access websites that would be otherwise geoblocked. As this set up is actually in my parents house I’ve used WireGuard so that I can login to the router, do a WoL so that I can remote into the desktop computer.

I could be a fault as I’m not aware what information could be considered relevant.

Exactly my motivation for posting here.

Hopefully I’ve given more colour to what I want from OpenWrt. The next action point for me is to do a clean install on both routers with 24.10.5 and use wpad-mesh-mbedtls instead of wolfssl.

I’ll report back once I’ve done that.

A reminder of my set up. I’ve got an ISP router and directly connected to that I have my main OpenWrt router (I’ve called it OpenWrt-b) and then connected wirelessly to this is my dump AP router (a TP-Link router which I’ve called OpenWrt-tp).

Tonight I upgraded the main router to 24.10.5 by doing a fresh install. To remove all the noise I only set up the WiFi so no wpad-mesh packages, no mesh config, no WireGuard, no custom images. Just a clean image from https://firmware-selector.openwrt.org/ and the only config I changed was the routers IP, name and the below wireless config. Unfortunately I ended up with the same result that on an Android phone I couldn’t use a banking app. However if I use a browser I am able to get to the login page (something I cannot do on the app).

root@OpenWrt-b:~# cat /etc/config/wireless

config wifi-device 'radio0'
option type 'mac80211'
option phy 'wl0'
option band '2g'
option channel '1'
option htmode 'HT20'
option country 'IE'
option cell_density '0'
option txpower '20'

config wifi-device 'radio1'
option type 'mac80211'
option phy 'wl1'
option band '5g'
option channel '36'
option htmode 'HE80'
option disabled '1'

config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'my-ssid'
option encryption 'psk-mixed'
option key 'my-pass'
option network 'lan'

root@OpenWrt-b:~#

Anyway to see what URLs the app was requesting I downloaded https://play.google.com/store/apps/details?id=com.celzero.bravedns&hl=en_IE on my phone and something stage happened. I was able to get to the login page and login too while connected to OpenWrt Wifi. Once I stopped the Rethink DNS & Firewall the banking app (aib) went back to timing out.

image440×850 59.4 KB

image432×853 57.6 KB