OpenWrt Forum Archive

Topic: SOLVED: Anyone know when Nexx WT3020H will be added into main?

The content of this topic has been archived between 26 Mar 2018 and 5 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Not sure if it's called main but I always use Image Builder and this device is not yet supported.
Wondering when it will be if someone might know.

Thanks.

(Last edited by projects on 17 Apr 2016, 00:02)

Thank you sir!

>Should be included in image builder already

Is there a way I can find out for sure?

I've lost two of these so far and have one left but I only use IM (or what ever it's called now) so need to make sure it'll work this time.

If you use imagebuilder without specifying a target device it should build an image for it.  I haven't been able to work out how to build an image just for the WT3020 (could just be me and not having enough time to figure it out properly).

This will mean that building an image takes longer as it has to build about 20 of them (that you won't use) but at least you get one out of it.

projects wrote:

I've lost two of these so far and have one left but I only use IM (or what ever it's called now) so need to make sure it'll work this time.

Invest in a USB-TTL adapter and bring them back to life wink

npkamen wrote:
projects wrote:

I've lost two of these so far and have one left but I only use IM (or what ever it's called now) so need to make sure it'll work this time.

Invest in a USB-TTL adapter and bring them back to life wink


I have one and wasn't able to get anything from either device but garbage. I don't have the time to spend on the devices which is why I wondered if they are now supported directly in the latest IM.

That would depend on how much flash memory your version of the WT3020 has and whether you are upgrading or converting from stock firmware.

For 4MB Flash convert from stock use:  https://downloads.openwrt.org/chaos_cal … actory.bin

For 4MB Flash upgrade from previous OpenWrt:  https://downloads.openwrt.org/chaos_cal … pgrade.bin

For 8MB Flash convert from stock use:  https://downloads.openwrt.org/chaos_cal … actory.bin

For 8MB Flash upgrade from previous OpenWrt:  https://downloads.openwrt.org/chaos_cal … pgrade.bin

As mentioned, it's the WT3020H which is the 8MB version.

And yes, they would all be from factory but what I am asking for is which version of Image Builder supports this device now. When I tried originally, I lost two of them to upgrading. I have one left smile

@rayknight

Sorry, what I meant is that I need to use Image Builder, then add my own files/ stuff so am trying to figure out which Image Builder supports this particular device. The binaries are handy but I need to add my own changes.

Thanks.

The ImageBuilder file you want is https://downloads.openwrt.org/chaos_cal … 4.tar.bz2.  After un-tarring this file change to the directory created and run 'make info'.  This will tell you what profiles are available, what the default packages are and what packages are included by alternate profiles.

Image Builder 15.05 is what I used with the two I've lost so far.

So, I decided to get back to this and tried running a build using the latest version.
However, I see an error that the profile mt7620n no longer exists and looking at 'make info', the only one available is MT7620a.

As a non programmer, it certainly is difficult to keep track of the changes smile.

So, am I now supposed to use MT7620a as the profile name?

Darn, I lost the third one now.
I guess for this build, the default must be to disable ssh services because it's able to pick up an IP and I *could* get to it IF it had any services running. Nmap shows nothing what so ever running on it.

I keep wanting to give up on these but figure if I can get a good build, it should be a good device.
I've tried using failsafe but that still doesn't seem to work.

I've had to order two more. I sure could use some help from the community here. I'm not a programmer and trying my best to get these things to run but have lost three of them now.

(Last edited by projects on 31 Mar 2016, 17:14)

Have you tried the pre-built images? Do you know for sure that it's an H-model or if you have a 4Mb version or the 8Mb version?

From wiki:
1. Download https://downloads.openwrt.org/chaos_cal … actory.bin
2. Connect to the WLAN "NEXX_…", no password is needed or connect via LAN cable (preferred)
3. Go to http://192.168.8.1 → Username: admin, Password: admin, System Setting → Upgrade Firmware
4. Select the openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-factory.bin image and press "Upgrade"
5. After a while, you will get "Rebooting… System reboot takes a few moment, you might need to reconnect to the Router after rebooting."
6. After the system comes up, you should be able to log-in via LuCI at http://192.168.1.1/.

AFAIK by default the WiFi is disabled in OpenWrt so you'd have to connect to your router over ethernet for initial config and to bring wifi up.

Yes, they are all 8MB models.
Yes, I first tried a factory image and they worked fine.

These are the files I used when adding my own files into /etc/config and locked myself out.
However, the device is booting and picking up a dhcp IP on the LAN port and does connect to my server and can see the script it is supposed to download. However, it doesn't seem to actually download it. I can see the connect 200 in the apache logs but nothing happens from the router.


# cat files/etc/config/system

config system
        option hostname 'WT3020H'
        option timezone 'UTC'

config timeserver 'ntp'
        list server '0.pool.ntp.org'
        list server '1.pool.ntp.org'
        list server '2.pool.ntp.org'
        list server '3.pool.ntp.org'
        option enabled '1'
        option enable_server '0'

config led 'led_power'
        option name 'power'
        option sysfs 'nexx:blue:power'
        option default '0'
# cat files/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd3f:0c92:79ed::/48'

config interface 'lan'
        option ifname 'eth0.1'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.55'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth0.2'
        option force_link '1'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'

# cat files/etc/config/firewall
config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option src_ip           fe80::/10
        option src_port         547
        option dest_ip          fe80::/10
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# include a file with users custom iptables rules
config include
        option path /etc/firewall.user


### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
#       option src              lan
#       option src_ip   192.168.45.2
#       option dest             wan
#       option proto    tcp
#       option target   REJECT

# block a specific mac on wan
#config rule
#       option dest             wan
#       option src_mac  00:11:22:33:44:66
#       option target   REJECT

# block incoming ICMP traffic on a zone
#config rule
#       option src              lan
#       option proto    ICMP
#       option target   DROP

# port redirect port coming in on wan to lan
#config redirect
#       option src                      wan
#       option src_dport        80
#       option dest                     lan
#       option dest_ip          192.168.16.235
#       option dest_port        80
#       option proto            tcp

# port redirect of remapped ssh port (22001) on wan
config redirect
       option src              wan
       option src_dport        22001
       option dest             lan
       option dest_port        22
       option proto            tcp

# allow IPsec/ESP and ISAKMP passthrough
config rule
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT

### FULL CONFIG SECTIONS
#config rule
#       option src              lan
#       option src_ip   192.168.45.2
#       option src_mac  00:11:22:33:44:55
#       option src_port 80
#       option dest             wan
#       option dest_ip  194.25.2.129
#       option dest_port        120
#       option proto    tcp
#       option target   REJECT

#config redirect
#       option src              lan
#       option src_ip   192.168.45.2
#       option src_mac  00:11:22:33:44:55
#       option src_port         1024
#       option src_dport        80
#       option dest_ip  194.25.2.129
#       option dest_port        120
#       option proto    tcp

I can't fix the problem but I have a suggestion for an alternative approach.

I'd start by building an image *without* any of your own changes/additions to make sure you're building the correct images.

Then, instead of bundling the actual config files in your image you can try creating a uci-defaults script.

First flash the router with the original openwrt image and start working on a script (of uci set/uci commit commands) to achieve your desired configuration. Once you confirm the script works on the original openwrt image you can then make it a uci-defaults script.

Better yet (well, might be safer if you don't know how to recover your routers) instead of making the script a uci-defaults, invoke the call of the script from /etc/rc.local (before the exit 0 line) and in your script make sure it sleeps for a minute to let the router fully start up and deletes itself after first run. That way even if you mess things up in the script you won't be stuck in the boot loop afaik.

Good luck!

(Last edited by stangri on 7 Apr 2016, 03:20)

That's how I usually do it but I've not played much with dual port devices.
I trusted configs I was given and lost three devices. I'm sure they are recoverable so I'll keep them and maybe do it some day but for now, I've got two more on order.

All I want is a simple bridge - pass-through config, all data from WAN comes in and right back out via LAN port. The device should pick up a DHCP IP on the LAN side.

Simple, so it seemed smile

Odd. I was able to build a 2 port gl.inet without any problems what so ever.
The difference being that I add a dropbear file in the /etc/config dir.

config dropbear
        option PasswordAuth 'on'
        option RootPasswordAuth 'on'
        option Port         '22'
#       option BannerFile   '/etc/banner'

Now, if I could find a way of sending the dead nexx devices these commands, I would be able to recover.


The only thing I am uncertain of is why there are two dropbear processes running.

1452 root      1152 S    /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300
2076 root      1220 R    /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300

I am loged int via ssh. Each time I log in a new process shows so one must be always listening for ssh connections while the others are the ssh connections.

(Last edited by projects on 7 Apr 2016, 17:48)

projects wrote:

Now, if I could find a way of sending the dead nexx devices these commands, I would be able to recover.

Time to invest in a USB-TTL adapter and get serial going.  You'll get them all going no dramas (either by fixing the configs or invoking a TFTP transfer).

(Last edited by npkamen on 11 Apr 2016, 01:00)

I have one already but cannot afford to spend that amount of time on each unit I need to get set up. Instead, it's quicker to order more and move on to another task while asking questions here and hoping someone in the forums can help me. Once I have a config, I never mess with it, I keep that one.
I could post the files I have in /etc/config if that would help.

In this case, it seems I needed to know something which I don't such as needing to add the dropbear file into /etc/config/ to allow for ssh. I don't understand why my gl.inet biulds work but so far I've lost three of these 3020 devices. I have two more on the way and sure would love to get it right this time then keep that working config for good.

I think you're going about it the wrong way if you've "bricked" that many devices.

If it were me I'd start with a blank OpenWRT, get the config right completely, then add those config files to the new custom build.  If anything stuffs up you can just reset the device and start again (hopefully learning from what stuffed it up).

If your custom config requires extra packages and they don't fit without using imagebuilder or building from scratch then do that but leave the configs default so you always have something to fall back upon.

Ok, I have two new ones on my desk now.
Very very nervous about what to try next smile

npkamen wrote:

I think you're going about it the wrong way if you've "bricked" that many devices.

If it were me I'd start with a blank OpenWRT, get the config right completely, then add those config files to the new custom build.  If anything stuffs up you can just reset the device and start again (hopefully learning from what stuffed it up).

If your custom config requires extra packages and they don't fit without using imagebuilder or building from scratch then do that but leave the configs default so you always have something to fall back upon.

As I said, that is exactly what I've done but obviously, messed something up.
I have two more sitting on my desk now.

The builds didn't seem to be the problem, in terms of packages I mean because I use just a few so know I'm never filling up the space. Also, I can see the devices running once they are built but am locked out of them. That is mainly what's been happening to me the last few times, I locked myself out of all of these devices. Maybe something's changed in some settings and I'm not aware, such as dropbear.

I can follow/post my progress and get this right once and for all. I think my problem is that I didn't include the dropbear file which allowed ssh access back into the devices.

I typically only had this problem with dual port units but also killed a single one device yesterday. Same thing with the other unit, I locked myself out somehow.

(Last edited by projects on 12 Apr 2016, 02:29)

You aren't including any custom files via the /files directory, are you?