You have to also assign a firewall zone when creating. In this case select the WAN zone.
1 Like
Hello, everyone! First of all, I want to thank you for your work.
I have a problem with my Mi router and OpenWRT latest snapshot (29 april, haven't yet tried ss from 30 april). My provider provides Internet access via l2tp protocol. I've successfully installed necessary packages (xl2tp, kmods, pppol2tp, etc.) and managed to configure connection using luci (just created new interface with settings recommended by my provider and added it to WAN firewall group). Everything seems to work, but very very slowly. My old ASUS wl-520gc shows 20/20 Mbps on both speedtest.net and fast.com services, but Mi router shows only 2Mbps for download and 0.03-0.05 for upload. Honestly, I am very surprised (in a bad way). There seems to be something wrong with my settings. Maybe I'm doing something completely wrong? I have noticed, that OpenWRT l2tp configuration (/etc/config/network) does not have some ppp options, which are recommended by my provider. So, I hacked init script at /lib/netifd/proto/l2tp.sh and added missing options manually (re-checked /tmp/l2tp/options.my_conn_name, these settings were present). Unfortunately, these actions did not affect the speed in any way. The same with rx bps and tx bps options.
p.s. At the moment, I turned the router into a brick when I tried to restore the stock firmware (downloaded from OpenWRTInvasion repo w/o checksum validation) using the command:
sysupgrade -F -n -v /tmp/miwifi_r4a_firmware_72d65_2.28.62.bin
How should I switch back to stock firmware from OpenWRT without dancing with a tambourine 
next time?
If I will be able to restore using bootp and tftp, then maybe I will write instructions for Linux.
UPD. After restoring stock firmware, I've (learned Chinese 
) measured speed, both tests show 25/25 Mbps (actually it is the limit of my tariff plan for now). If anyone faces the same horrible drop in speed on OpenWRT, please let me know. Perhaps together we can deal with the problem. I suppose that this may be somehow related to the firewall settings, but it’s hard for me to figure it out, because I am very new to OpenWRT and in general with the configuration of networks without gui.
Regards.
1 Like
The bootptab config really helped, thanks. 
I was using something more complex from official debian man pages, but it did not work.
Finally, I have unbricked my device, here are short instructions for Debian / Ubuntu Linux:
- configure Ethernet to use static address (I used 192.168.2.1 with netmask 255.255.255.0 in this example):
- run following commands:
sudo apt install tftpd-hpa bootp tcpdump
echo "client:bf=xiaomi_stock.bin:ip=192.168.2.50:ha=0000aabbccdd:" | sudo tee -a /etc/bootptab
curl http://replace-with.actual.url --output /srv/tftp/xiaomi_stock.bin
sudo bootp -s -d 5
- connect lan port to your computer and put your router into bootp-mode (hold reset for 5 secs on powerup until orange LED will blink frequently), then wait until blue LED will blink
- (optinal) run
sudo tcpdump -i configured_ethif nothing happens (for example if you have different Mi router MAC addr)
5 Likes
Exploit executed on 2.28.38 on 4A Gigabit Edition. Had to reboot after I set the password before the exploit works.
1 Like
Successfully installed safe OpenWRT image according to
HowTo from @acecilia on
Xiaomi Mi Router 4Giga Version 2.28.132
PCB:R0101 from an UBUNTU 20.4 .
Install worked like a charm! Thanks again.
I am writing these lines through the new router connection 
2 Likes
Regarding the exploit (4A Gigabit Global Edition), I also had the same behavior of needing a reboot after setting the password, for it to work.
Another thing.
I know that weaker wifi on this unit on openwrt in terms of range is probably caused by the change from proprietary drivers to the opensource ones.
Searching a bit I found an interesting thread regarding a newifi3 d2 and signal range
...an excerpt
The problem with Ralink/Mediatek devices is the poorly calibrated EEPROM on many devices.
On my Newifi D2 I tried changing the factory partition which contains the EEPROM, wireless performance immediately went up without even needing to change the wireless signal strength.
https://github.com/gwlim/art-radio/tree/master/RAMIPS-Newifi-D3-Factory (same chipset and radios as 4a gigabit)
I wonder if we used calibration data from a different mt7621a device that has the same radios, maybe something could be optimized ? (under the assumption that we also have suboptimal calibration data from the beginning)
Does anyone have some research on this topic ?
4 Likes
as a lot from reading. it seem like low performance come from mt76xx driver. it have speed problem same as other model use mt7621.
1 Like
Had a fun day and did some performance testing with iperf3 on the Router.
Only have a Windows LapTop capable of 5GHz Wifi.
- ~900 MBit/s with LAN-Port with a USB3toEthernet (Realtek USB GbE)
- ~300 MBit/s with Wifi on 5GHz with Intel Wi-Fi 6 AX201 160MHz.
Snapshot running: r12985-508462a399 from OpenWRTInvasion GIT-Site.
Found some repeatable but maybe already solved behaviour:
-
When connected 5GHz Wifi without transferring something,
Win10 shows a link rate of 866,7 MBit/s.
When IPerf-ing connection speed drops down to 526MBit/s but 'recovers' after transfer.
Is there a way to read out current drain / power consumption of the Router from Chipset?
It may operate at upper limit (or it is simply the Intel Wifi on Laptop).
-
For the 5GHz Wifi I've set the option 'htmode' to 'VHT80' in /etc/config/wireless to achieve ~300MBit/s. With 'VHT40' it is ~210MBit/s. 'VHT160' not supported.
-
'opkg install luci' gives kernel dependency error as there are newer snapshots on the server
with higher kernel numbers. As people seem to have problems with LAN/WAN-connection in newer snapshot releases I will not update. But this is a warning to those who would like to use this snapshot and do need luci.
2 Likes
Hello everyone,
When i do sysupgrade somthing was wrong and it bricked. After that i decide back to stock firware, download it (miwifi_r4a_firmware_72d65_2.28.62.bin file name and i have 3gv2 router), then i did it with local tftp/dhcp method and its worked. But when i restart my router it show me OpenWRT luci which version i want sysupgrade to (lol).
So, my question is how to install/flash stock firmware? Debricking method give me openwrt one! Maybe i do something wrong when debricking router, but i dont understand where.
You're probably just seeing the browser cached page from the old firmware. Clear the browser cache.
I'd also suggest flashing stock firmware again from stock firmware to be sure it is fully installed.
no no no, i already connect pc and laptop to router and all works fine, i just want stock firmware but debrick give me openwrt again 
I did some iperf3 tests the other day connected to the 5GHz radio @ 80MHz of my TP-Link Archer D7v1 ( ath10k-ct wireless drivers), laptop wireless about 2m from AP to PC connected over ethernet.
The link rate according to Windows was 866MBits, I don't remember if it dipped or not when starting the transfer.
I read to use the bidir (tx/rx traffic at the same time) command for it to be a more real life test scenario.
iperf3 -c 192.168.1.124 -t 30 bidir
This is the best result I got.
[ ID] Interval Transfer Bitrate
[ 5] 0.00-30.00 sec 988 MBytes 276 Mbits/sec sender
[ 5] 0.00-30.05 sec 985 MBytes 275 Mbits/sec receiver
4 Likes
That firmware is for mi4a gigabit not for 3gv2, how did you debrick it ?
1 Like
Hi @Gingernut,
thanks for posting this. So do I get you right, you think it is the driver quality and not
a power source problem ? Power supply just delivers 1Amp at 12V. May be I'll try
another power supply and test again tonight just to be sure.
In case it was the software, may be the drivers included in the orginal firmware (which is an OpenWRT based thing) could be taken into an OpenWRT built, just to check if they run better.
3 Likes
There are posts that show how to include the OEM closed source wireless drivers but it's not a straight forward process.
I would suggest to repeat the iperf3 tests using the bidir command.
edit: You could also try playing around with interrupts as suggested here: https://github.com/openwrt/mt76/issues/391#issuecomment-615452348
# Set ethernet on CPU 2 (live core)
echo 4 >/proc/irq/22/smp_affinity
# Move mt76x2e 5GHz radio to CPU 1
echo 2 >/proc/irq/25/smp_affinity
6 Likes
Hi @Gingernut,
did not find the time yesterday. Going into iPerf3 it seems there are some specialities between Win- and Linux-Versions.
Windows Version does not seem to have '--bidir' option. I can just use '-R' = reverse.
Letting an iPerf Server run on the Router and let it send to the Client via Ethernet I get
[ 5] 0.00-10.04 sec 933 MBytes 779 Mbits/sec 0 sender
In non Reverse Mode over Ethernet (Laptop as Client and Router as Server)
[ 5] 0.00-10.05 sec 246 MBytes 205 Mbits/sec
Doing it the other way ... (Router is client and Laptop is Server)
[ 5] 0.00-10.01 sec 1.06 GBytes 911 Mbits/sec 62 sender
[ 5] 0.00-10.01 sec 1.06 GBytes 911 Mbits/sec receiver
In reverse mode
[ 5] 0.00-10.00 sec 251 MBytes 211 Mbits/sec sender
[ 5] 0.00-10.00 sec 251 MBytes 210 Mbits/sec receiver
Could be some funny wrong Windows Firewall Setting or the Router as 'Server' is slow.
With Wifi I just get a bad link channel today with 400MBit/s. It still shows the drop in link-speed down to 270MBit/s. In Reverse or normal client Mode and the Laptop being the server I get
[ 5] 0.00-10.00 sec 247 MBytes 207 Mbits/sec sender
[ 5] 0.00-10.00 sec 247 MBytes 207 Mbits/sec receiver
In the opposite setup
[ 4] 0.00-10.00 sec 270 MBytes 227 Mbits/sec sender
[ 4] 0.00-10.00 sec 270 MBytes 227 Mbits/sec receiver
1 Like
Thx for testing.
You should run iperf3 on the end systems and not on the router it self.
iperf 3.7 should have the -bidir function both on Windows and Linux builds afaik.
Pre-compiled iperf 3.7 for Windows:
1 Like
root@OpenWrt:~# iperf3 -c 172.28.10.203 -t 30 bidir
Connecting to host 172.28.10.203, port 5201
[ 5] local 172.28.10.76 port 42592 connected to 172.28.10.203 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 79.4 MBytes 663 Mbits/sec 0 215 KBytes
[ 5] 1.00-2.00 sec 73.8 MBytes 620 Mbits/sec 0 277 KBytes
[ 5] 2.00-3.01 sec 112 MBytes 939 Mbits/sec 0 475 KBytes
[ 5] 3.01-4.00 sec 111 MBytes 937 Mbits/sec 0 551 KBytes
[ 5] 4.00-5.01 sec 110 MBytes 918 Mbits/sec 0 642 KBytes
[ 5] 5.01-6.00 sec 111 MBytes 939 Mbits/sec 0 680 KBytes
[ 5] 6.00-7.01 sec 112 MBytes 938 Mbits/sec 0 714 KBytes
[ 5] 7.01-8.00 sec 111 MBytes 940 Mbits/sec 0 714 KBytes
[ 5] 8.00-9.01 sec 112 MBytes 938 Mbits/sec 0 714 KBytes
root@OpenWrt:~# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 172.28.10.203, port 56652
[ 5] local 172.28.10.76 port 5201 connected to 172.28.10.203 port 56654
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 27.3 MBytes 229 Mbits/sec
[ 5] 1.00-2.00 sec 24.8 MBytes 208 Mbits/sec
[ 5] 2.00-3.00 sec 23.6 MBytes 198 Mbits/sec
[ 5] 3.00-4.00 sec 31.8 MBytes 266 Mbits/sec
[ 5] 4.00-5.00 sec 23.2 MBytes 195 Mbits/sec
[ 5] 5.00-6.00 sec 32.3 MBytes 271 Mbits/sec
[ 5] 6.00-7.00 sec 32.4 MBytes 272 Mbits/sec
[ 5] 7.00-8.00 sec 23.3 MBytes 195 Mbits/sec
[ 5] 8.00-9.00 sec 25.6 MBytes 215 Mbits/sec
[ 5] 9.00-10.00 sec 24.4 MBytes 205 Mbits/sec
[ 5] 10.00-11.00 sec 25.1 MBytes 211 Mbits/sec
[ 5] 10.00-11.00 sec 25.1 MBytes 211 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-11.00 sec 298 MBytes 227 Mbits/sec
iperf3: the client has terminated
These are my results from router (172.28.10.76) and to router with the previous snapshot. I will now upgrade to the latest version from yesterday
2 Likes
Okay... doing an 'iperf3 -c 192.168.1.1 -t 30 --bidir' from End System to Router I get
[ 5][TX-C] 0.00-30.00 sec 374 MBytes 105 Mbits/sec sender
[ 5][TX-C] 0.00-30.07 sec 374 MBytes 104 Mbits/sec receiver
[ 7][RX-C] 0.00-30.00 sec 598 MBytes 167 Mbits/sec 0 sender
[ 7][RX-C] 0.00-30.07 sec 597 MBytes 167 Mbits/sec receiver
including the drop from 400MBit/s link rate down to 300MBit/s when transferring something.
[I am afk now]
2 Likes