Wifi Optimization

rlecompte · October 17, 2024, 6:43pm

I know, I know... a topic that is often revisited.

I have an a 1gb connection from xfinity that runs at or near gb speeds while connected via cable or wifi.

I've built my own OpenWrt based home network with the following hardware:
Main Router:
lenovo M920Q w/ OpenWrt running as proxmox vm

Access points:
TP-link EAP225 (ceiling), 2.4 ghz channel 11, 5 ghz channel 44
TP-link EAP225 outdoor, 2.4 ghz channel 6, 5 ghz channel 157
TP-link Archer A7, 2.4 ghz channel 1, 5 ghz channel 36

I have the standard LAN/Guest/IOT vlans setup.

I get gb speeds while hardlined, but ~250 seems to be the best i can get via WIFI.

If that's reasonable for an opensource network I'm fine with that, but I feel like I'm likely missing something in my configuration.

brada4 · October 17, 2024, 7:11pm

Remove the microscopic pictures you posted and learn to copy and paste text.
Wifi link speed maxes at 866 or 433 depending on client, if you get above half of it you are ok.
Also why you intentionally overlap (1) and (2) channel?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

rlecompte · October 17, 2024, 7:33pm

I assume you mean using 5ghz channels 44 and 36? no reason beyond i recently setup the Archer A7 and that was an oversight.

As far as DHCP... I have my ISP Router/Modem plugged into my primary router via the WAN port, so I don't THINK have a double NAT issue as DHCP is ignored on all access points and should only be handled via my primary OpenWrt router.

ubus call system board

	"kernel": "5.15.162",
	"hostname": "Upstairs-AP",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "TP-Link EAP225 v4",
	"board_name": "tplink,eap225-v4",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.4",
		"revision": "r24012-d8dd03c46f",
		"target": "ath79/generic",
		"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fddd:37fc:c23::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan.74'
	option proto 'static'
	option ipaddr '192.168.74.3'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.74.1'
	list dns '75.75.75.75'

config bridge-vlan
	option device 'br-lan'
	option vlan '74'
	list ports 'eth0:t*'

config bridge-vlan
	option device 'br-lan'
	option vlan '76'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '77'
	list ports 'eth0:t'

config interface 'lan_guest'
	option proto 'static'
	option device 'br-lan.76'
	option ipaddr '192.168.76.3'
	option netmask '255.255.255.0'

config interface 'lan_IOT'
	option proto 'static'
	option device 'br-lan.77'
	option ipaddr '192.168.77.3'
	option netmask '255.255.255.0'

cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option band '5g'
	option channel '44'
	option htmode 'VHT80'
	option cell_density '0'
	option country 'US'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'iuselinux'
	option encryption 'psk2'
	option key 

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option band '2g'
	option channel '11'
	option htmode 'HT40'
	option cell_density '0'
	option country 'US'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'iuselinux'
	option encryption 'psk2'
	option key 

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'iuselinux_guest'
	option encryption 'psk2'
	option key 
	option network 'lan_guest'

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option ssid 'iuselinux_guest'
	option encryption 'psk2'
	option key 
	option network 'lan_guest'

config wifi-iface 'wifinet4'
	option device 'radio0'
	option mode 'ap'
	option ssid 'iuselinux_IOT'
	option encryption 'psk2'
	option key 
	option network 'lan_IOT'

config wifi-iface 'wifinet5'
	option device 'radio1'
	option mode 'ap'
	option ssid 'iuselinux_IOT'
	option encryption 'psk2'
	option key 
	option network 'lan_IOT'

cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ignore '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

cat /etc/config/firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option flow_offloading '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

slh · October 17, 2024, 7:38pm

If unavoidable, 'full' overlap is better than partial overlaps (yes, I know, VHT80/ HE80 complicates the situation a bit).

brada4 · October 17, 2024, 7:48pm

Remove all 11R options.
Replace wpad-basic-mbedtls to wpad-mbedtls

Install usteer or dawn if you want to hint roaming

Auto channels?

brada4 · October 17, 2024, 7:52pm

You may need bridger to offload bridge forward, but either router will cap around 300-400mbps with cpu saturated.

Best help to make a map and move aps sligjtly for best coverage.

rlecompte · October 17, 2024, 8:00pm

Not sure if it would be best to put my xfinity box into bridge mode? i tried that, but shouldn't figure out how to establish WAN connection. If it's worth having that device in bridge mode I'll try to figure that out.

evs · October 18, 2024, 12:10am

You're running (or attempting to) do 40MHz channels on 2.4ghz?

But yeah 250Mbps sounds low for 80mhz channel width with wireless AC. Unless single stream client? (i.e. 433/866 as mentioned before) What are the client specs? I get that on 40MHz channels.

rlecompte · October 18, 2024, 12:53am

Most settings are done pretty blind, I'm still learning, so 40 was likely an artifact of me just playing w/ settings. That being said, i'm in a pretty low density area so in general I'm not too worried about AP interference...

One AP is in a metal barn, the other in the house and one outside between the house and barn.

Clients are iphones 11 and 13 I think, macbook pro (2015) and newer dell laptops

evs · October 18, 2024, 12:57am

Pristine RF environment 40mhz channel widths on 2.4ghz are going to be OK enough. But just FYI that channel numbers overlap on 2.4ghz. And 40mhz takes up two of your 1,6,11 channel options.

Cool. I've had my phones go down to 1 spatial stream (i.e. to 433mbps max link rate) in some locations/instances so that could also be why you have low speeds. But they all sound like 2 stream or better devices?

evs · October 18, 2024, 1:01am

If you want to be particular you can look at the surrounding stuff by having a look at your channel survey and channel scan data on the ap's and see whether they're going to be conflicting. The graphs / pictures will show the width and whether you're going to have co channel or adjacent channel interference.

rlecompte · October 18, 2024, 1:01am

Yeah, my macbook which is the oldest of the bunch was getting ~800mbs via the ISP router, so they should all be 2... i have no idea how to verify how many streams they are utilizing though

evs · October 18, 2024, 1:03am

2024-10-18-120229_200x83_scrot
For example on one of my AP's. 'VHT-NSS 2'

rlecompte · October 18, 2024, 1:50am

So I've been ticking away at things with this thread...

Updated APs to the latest stable version
cleaned up 2.4 ghz to 20
changed 5 ghz to auto
disabled fast roaming
installed the recommended WPAD package

I'm getting speeds around 325 which is the fastest i have seen so far, so that's cool!

definitely open to more suggestions though!

evs · October 18, 2024, 1:52am

Mm. Yeah so we just need to make sure we're clear that this is a real world speed test, or your "link rate"? We also have other factors like how far away you are from the different AP's. Can you compare your link rate vs your speed test?

evs · October 18, 2024, 2:17am

'Auto' channel selection is a good start!

IMO check under channel analysis section in LuCi or go command line and get the channel survey dump and other data to make sure automatic channel s election (acs) is actually putting you on the best channel.

rlecompte · October 18, 2024, 2:21am

so my bitrate on LUCI is ~440 on the 5g channel while speedtest.net gets me around 280 right now (all of this sitting right under the AP)

Are there different tools i should be using to check?

evs · October 18, 2024, 2:39am

the ratio of 280/440 sounds about right. i.e. looks like your link rate is limiting your speed, if you claim the AP's can theoretically link at ~866 for example.

Basically if you want more speed you need to also improve your link rate and/or reduce retransmissions and/or other stuff simultaneously transmitting on the same channel.

We'd need to have a look at what your link margin is. (SNR / the power you can see / link quality etc). On macbook hold option when you click wifi button. On the AP it should also be there.

Also would need to check channel utilisation and what's happening over the air. Just in case effective link rate is less because having to back off and share the channel?

IMO i'd declare victory if you get more than 200mbps real rate on 802.11ac AP's =P But if you can get an 80mhz link to actually work should get closer to 400+ when close to the AP.

going to internet isn't as good as going to another wired local network server if you're trying to check local network speed.

iperf3? there's a bunch of local network speed transfer utilities.

rlecompte · October 18, 2024, 4:44am

Yeah, you are definitely talking way over my head w/ some of that stuff as far as link rate but I'm going to do a little bit of research to see I can learn up.

Our house is in the middle of 2.5 acres and we have good distance from the other houses in the area, so when i do a 5g scan very little comes up, and even 2.4g is pretty minimal.

Thank you and thank you to the rest of the folks that chimed in on this thread, I think there is a definite improvement to my wi-fi connection speed and quality already!

evs · October 18, 2024, 4:46am

Yeah my fault there. Let me know what needs clarification, We can go point by point, or other people can chip in.