Not sure if it's called main but I always use Image Builder and this device is not yet supported.
Wondering when it will be if someone might know.
Thanks.
(Last edited by projects on 17 Apr 2016, 00:02)
The content of this topic has been archived between 26 Mar 2018 and 5 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Not sure if it's called main but I always use Image Builder and this device is not yet supported.
Wondering when it will be if someone might know.
Thanks.
(Last edited by projects on 17 Apr 2016, 00:02)
Support added with https://dev.openwrt.org/changeset/42983
Images available at https://downloads.openwrt.org/chaos_cal … ps/mt7620/
-> Should be included in image builder already.
Otherweise: Next release perhaps (whenever that may be
Thank you sir!
>Should be included in image builder already
Is there a way I can find out for sure?
I've lost two of these so far and have one left but I only use IM (or what ever it's called now) so need to make sure it'll work this time.
If you use imagebuilder without specifying a target device it should build an image for it. I haven't been able to work out how to build an image just for the WT3020 (could just be me and not having enough time to figure it out properly).
This will mean that building an image takes longer as it has to build about 20 of them (that you won't use) but at least you get one out of it.
I've lost two of these so far and have one left but I only use IM (or what ever it's called now) so need to make sure it'll work this time.
Invest in a USB-TTL adapter and bring them back to life
projects wrote:I've lost two of these so far and have one left but I only use IM (or what ever it's called now) so need to make sure it'll work this time.
Invest in a USB-TTL adapter and bring them back to life
I have one and wasn't able to get anything from either device but garbage. I don't have the time to spend on the devices which is why I wondered if they are now supported directly in the latest IM.
Can someone please confirm which Image Builder I should grab which for sure supports this device?
Images available at https://downloads.openwrt.org/chaos_cal … ps/mt7620/
That would depend on how much flash memory your version of the WT3020 has and whether you are upgrading or converting from stock firmware.
For 4MB Flash convert from stock use: https://downloads.openwrt.org/chaos_cal … actory.bin
For 4MB Flash upgrade from previous OpenWrt: https://downloads.openwrt.org/chaos_cal … pgrade.bin
For 8MB Flash convert from stock use: https://downloads.openwrt.org/chaos_cal … actory.bin
For 8MB Flash upgrade from previous OpenWrt: https://downloads.openwrt.org/chaos_cal … pgrade.bin
As mentioned, it's the WT3020H which is the 8MB version.
And yes, they would all be from factory but what I am asking for is which version of Image Builder supports this device now. When I tried originally, I lost two of them to upgrading. I have one left
@rayknight
Sorry, what I meant is that I need to use Image Builder, then add my own files/ stuff so am trying to figure out which Image Builder supports this particular device. The binaries are handy but I need to add my own changes.
Thanks.
The ImageBuilder file you want is https://downloads.openwrt.org/chaos_cal … 4.tar.bz2. After un-tarring this file change to the directory created and run 'make info'. This will tell you what profiles are available, what the default packages are and what packages are included by alternate profiles.
Image Builder 15.05 is what I used with the two I've lost so far.
So, I decided to get back to this and tried running a build using the latest version.
However, I see an error that the profile mt7620n no longer exists and looking at 'make info', the only one available is MT7620a.
As a non programmer, it certainly is difficult to keep track of the changes .
So, am I now supposed to use MT7620a as the profile name?
Darn, I lost the third one now.
I guess for this build, the default must be to disable ssh services because it's able to pick up an IP and I *could* get to it IF it had any services running. Nmap shows nothing what so ever running on it.
I keep wanting to give up on these but figure if I can get a good build, it should be a good device.
I've tried using failsafe but that still doesn't seem to work.
I've had to order two more. I sure could use some help from the community here. I'm not a programmer and trying my best to get these things to run but have lost three of them now.
(Last edited by projects on 31 Mar 2016, 17:14)
Have you tried the pre-built images? Do you know for sure that it's an H-model or if you have a 4Mb version or the 8Mb version?
From wiki:
1. Download https://downloads.openwrt.org/chaos_cal … actory.bin
2. Connect to the WLAN "NEXX_…", no password is needed or connect via LAN cable (preferred)
3. Go to http://192.168.8.1 → Username: admin, Password: admin, System Setting → Upgrade Firmware
4. Select the openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-factory.bin image and press "Upgrade"
5. After a while, you will get "Rebooting… System reboot takes a few moment, you might need to reconnect to the Router after rebooting."
6. After the system comes up, you should be able to log-in via LuCI at http://192.168.1.1/.
AFAIK by default the WiFi is disabled in OpenWrt so you'd have to connect to your router over ethernet for initial config and to bring wifi up.
Yes, they are all 8MB models.
Yes, I first tried a factory image and they worked fine.
These are the files I used when adding my own files into /etc/config and locked myself out.
However, the device is booting and picking up a dhcp IP on the LAN port and does connect to my server and can see the script it is supposed to download. However, it doesn't seem to actually download it. I can see the connect 200 in the apache logs but nothing happens from the router.
# cat files/etc/config/system
config system
option hostname 'WT3020H'
option timezone 'UTC'
config timeserver 'ntp'
list server '0.pool.ntp.org'
list server '1.pool.ntp.org'
list server '2.pool.ntp.org'
list server '3.pool.ntp.org'
option enabled '1'
option enable_server '0'
config led 'led_power'
option name 'power'
option sysfs 'nexx:blue:power'
option default '0'
# cat files/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd3f:0c92:79ed::/48'
config interface 'lan'
option ifname 'eth0.1'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.55'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option force_link '1'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 6t'
# cat files/etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option src_port 547
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
# port redirect of remapped ssh port (22001) on wan
config redirect
option src wan
option src_dport 22001
option dest lan
option dest_port 22
option proto tcp
# allow IPsec/ESP and ISAKMP passthrough
config rule
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
I can't fix the problem but I have a suggestion for an alternative approach.
I'd start by building an image *without* any of your own changes/additions to make sure you're building the correct images.
Then, instead of bundling the actual config files in your image you can try creating a uci-defaults script.
First flash the router with the original openwrt image and start working on a script (of uci set/uci commit commands) to achieve your desired configuration. Once you confirm the script works on the original openwrt image you can then make it a uci-defaults script.
Better yet (well, might be safer if you don't know how to recover your routers) instead of making the script a uci-defaults, invoke the call of the script from /etc/rc.local (before the exit 0 line) and in your script make sure it sleeps for a minute to let the router fully start up and deletes itself after first run. That way even if you mess things up in the script you won't be stuck in the boot loop afaik.
Good luck!
(Last edited by stangri on 7 Apr 2016, 03:20)
That's how I usually do it but I've not played much with dual port devices.
I trusted configs I was given and lost three devices. I'm sure they are recoverable so I'll keep them and maybe do it some day but for now, I've got two more on order.
All I want is a simple bridge - pass-through config, all data from WAN comes in and right back out via LAN port. The device should pick up a DHCP IP on the LAN side.
Simple, so it seemed
Odd. I was able to build a 2 port gl.inet without any problems what so ever.
The difference being that I add a dropbear file in the /etc/config dir.
config dropbear
option PasswordAuth 'on'
option RootPasswordAuth 'on'
option Port '22'
# option BannerFile '/etc/banner'
Now, if I could find a way of sending the dead nexx devices these commands, I would be able to recover.
The only thing I am uncertain of is why there are two dropbear processes running.
1452 root 1152 S /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300
2076 root 1220 R /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300
I am loged int via ssh. Each time I log in a new process shows so one must be always listening for ssh connections while the others are the ssh connections.
(Last edited by projects on 7 Apr 2016, 17:48)
Now, if I could find a way of sending the dead nexx devices these commands, I would be able to recover.
Time to invest in a USB-TTL adapter and get serial going. You'll get them all going no dramas (either by fixing the configs or invoking a TFTP transfer).
(Last edited by npkamen on 11 Apr 2016, 01:00)
I have one already but cannot afford to spend that amount of time on each unit I need to get set up. Instead, it's quicker to order more and move on to another task while asking questions here and hoping someone in the forums can help me. Once I have a config, I never mess with it, I keep that one.
I could post the files I have in /etc/config if that would help.
In this case, it seems I needed to know something which I don't such as needing to add the dropbear file into /etc/config/ to allow for ssh. I don't understand why my gl.inet biulds work but so far I've lost three of these 3020 devices. I have two more on the way and sure would love to get it right this time then keep that working config for good.
I think you're going about it the wrong way if you've "bricked" that many devices.
If it were me I'd start with a blank OpenWRT, get the config right completely, then add those config files to the new custom build. If anything stuffs up you can just reset the device and start again (hopefully learning from what stuffed it up).
If your custom config requires extra packages and they don't fit without using imagebuilder or building from scratch then do that but leave the configs default so you always have something to fall back upon.
Ok, I have two new ones on my desk now.
Very very nervous about what to try next
I think you're going about it the wrong way if you've "bricked" that many devices.
If it were me I'd start with a blank OpenWRT, get the config right completely, then add those config files to the new custom build. If anything stuffs up you can just reset the device and start again (hopefully learning from what stuffed it up).
If your custom config requires extra packages and they don't fit without using imagebuilder or building from scratch then do that but leave the configs default so you always have something to fall back upon.
As I said, that is exactly what I've done but obviously, messed something up.
I have two more sitting on my desk now.
The builds didn't seem to be the problem, in terms of packages I mean because I use just a few so know I'm never filling up the space. Also, I can see the devices running once they are built but am locked out of them. That is mainly what's been happening to me the last few times, I locked myself out of all of these devices. Maybe something's changed in some settings and I'm not aware, such as dropbear.
I can follow/post my progress and get this right once and for all. I think my problem is that I didn't include the dropbear file which allowed ssh access back into the devices.
I typically only had this problem with dual port units but also killed a single one device yesterday. Same thing with the other unit, I locked myself out somehow.
(Last edited by projects on 12 Apr 2016, 02:29)
You aren't including any custom files via the /files directory, are you?