OpenWRT Firmware

Hey everyone!

I just ordered a Flint 2 to replace a TP-Link AX3000 (keeping as a backup) primarily for the faster WG VPN, to try an open source OS and try to segment my network for security and to manage devices easier. But I’m feeling a tad overwhelmed trying to do research. I’ve got a background in IT, so I’m not concerned with flashing firmware or SSH. But networking concepts always take a minute to sink in.

Current situation

• AX3000 is connected to 1G Fios
• Unmanaged 1G Netgear switch at entertainment center (TV, PS5, Apple TV, Hue Hub)
• Poorly daisy chained unmanaged Cisco 1G switch at my desk with my server (Proxmox on old Mac Mini), PiHole Pi and Mac Studio
• 5Ghz and 2.4Ghz with Hue bulbs, iPhones, Steam Deck etc
• Slow WG VPN on AX3000

The dream

• OpenWRT (open source OS router) which hopefully the Flint 2 works out
• 1G managed switch at entertainment center
• 2.5G (or 10G supposedly because I can’t find prosumer 2.5G options) managed switch at my desk
• Build a NAS (Node 304) to replace the Mac Mini hardware, make sure it has a 2.5G/10G NIC so my Studio to NAS connection is fast
• VLAN and Firewall rules to separate IoT, servers, personal devices and ensure everything is secure but also ensure the correct devices can talk to each other (phone turn on lights, HomePod accessible from iPad)
• WG VPN where I can access all of these VLANs and manage my services (something I can’t seem to figure out on the AX3000)
• Also fix my wiring to my bedroom so the switches aren’t daisy chained, it’s a tiny rented NYC apartment

Questions

• Any recommendations for articles, videos or forums/communities with tutorials for OpenWRT VLAN/Firewall setup similar to my goals? Anything specific to the Flint 2?
• Tips or guidance on how to divide my network appropriately and still allow communication between devices?
• Switch suggestions that you know will work well with the Flint 2? Also thoughts on the 2.5G vs 10G situation, spent ages looking at expensive switches and got window shopping fatigue
• What am I missing or forgetting about?

Finally, if this is not the appropriate place to post this, please provide suggested communities. I went back to the community that shall not be named because I was struggling to find comparable Lemmy communities. Oh boy was that a depressing experience and I really want to build out what I used to have on Reddit in Lemmy, but I can’t find active alternatives.

Thank you in advance to anyone that read this far 😊

I have read the documentation and googled extensively but, when I try to initiate WPS, I always receive a response of "FAIL". Nobody else seems to have this issue, so what am I doing wrong?

I only want to enable this temporarily as it is the only way I know to connect a doorbell camera that I obtained for free and need to "hack".

> uci show wireless | grep wps
wireless.wifinet6.wps_pushbutton='1'

> hostapd_cli wps_pbc
Selected interface 'phy1-ap3'
FAIL

I have tried on both a Turris Omnia (OpenWRT 23.05.3) and TP-Link Archer C7 (OpenWRT 23.05.2). On each, and per the instructions, I installed hostapd-utils and replaced the stock wpad-basic-mbedtls with the full-featured version (I tried both wpad and wpad-mbedtls).

I have 4 WLANs on each radio. I tried configuring the single WLAN of interest with the option wps_pushbutton '1' as well as setting it on all WLANs on that radio (per a suggestion I found), but same result.

I've tried adding other wps_… options, rebooting, and everything in between, but same result. I don't see anything relevant in the syslog, and can't find a way to increase verbosity for hostapd. I've even looked at the source code for hostapd_cli which didn't really help.

Any thoughts?

For example, privacy violating linksys or netgear, or devices with components running improper firmware with a 14 year old vulnerability?

The reason that I ask, although I don't want this to impact the quality of answers, is that I'm shopping for a new router that is secure and private but rather than paying commercial and industrial prices I would rather get a consumer router and overwrite it's software.

How many times I can change IMEI without harm to device via AT command? For example if I will change IMEI 3 times a day (sometimes) and 7 times (most commonly) a week (1 per day) via AT command won’t it harm device?

I need extra lawyer of security as I will go to dictatorship country for 1 week as reporter n. This is extremely critical.

Please ask the highest level of your engineer team.

P.S: I am using Mudi v2 with blue-merle

Hi, where I live we have cable internet, it seems this is not supported by existing OpenWRT firmware.

But as far as I understood, the router is the same and just has a different modem.

This could need proprietary firmware, maybe blobs etc. everything not nice, but isnt the router Software kinda independend of the modem?

I dont have experience with this, but would like to try to make a model with cable work with a DSL / fiber OpenWRT software by adding the missing modem firmware.

Is there something I missed, is this in general how OpenWRT is made to work with different modems?

Also: can I have 2 routers on the same cable, to try it before switching to it permanently, if I have a cable box with 3 ports and one free? I dont know much about this, as the payment plan seems to be for the whole house connection no matter how many routers inside.

Just an appreciation post for the OpenWrt project.

I recently bought an ASUS router. It was good for it's price. However when I enabled IPv6 on the router, it could not handle it. It made my networking terribly slow. It could be a bug in the firmware or missing IPv6 specification or incompatibility with my ISP. Anyway I debugged for a week and eventually gave up.

I asked ASUS support for a solution. However they asked me to take it to a service center. The service center guys had no clue about IPv6.

Finally I tried to purchase an expensive Netgear router. Then at last minute I recalled about OpenWrt read in newsletters or heard somewhere in Linux Podcasts.

I went through the documentation and flashed it (It was super simple). It's fantastic. All my problems went away. IPv6 works like charm. It can handle SLAAC, DHCPv6 and all IPv6 specifications correctly and by default. I could also enable DoH, adblocking etc.

Learning curve is little higher with it's LuCI UI, but it was worth it. Not only did I save my money, but my router is also more secure now.

Thanks to all the developers who put their hard labour with no expectation in return.

cross-posted to: https://sh.itjust.works/post/13445728

I can see all the devices connected over WiFi, but their security choice seems to be unlisted. For example, if the WiFi interface has both WPA2, and WPA3 available, I would like to see what devices are using which.

Backup binaries:

cp /usr/sbin/tailscale backup_tailscale
cp /usr/sbin/tailscaled backup_tailscaled

Update (https://pkgs.tailscale.com/stable/#static):

service tailscale stop

wget https://pkgs.tailscale.com/stable/tailscale_1.50.1_mips.tgz

service tailscale stop
tar zxvf tailscale_1.50.1_mips.tgz

cp /root/tailscale_1.50.1_mips/tailscale* /usr/sbin/
service tailscale start
tailscale version

What access point can you recommend for use with OpenWrt?

I use OpenWrt on x86. I use this build but added a WiFi card and antennas. At first the WiFi performance was very good giving me great speeds and range. Some time ago performance degraded. The signal range is extremely limited giving me disconnects on my phone when I'm 4 meters away.

How could I debug what the cause might be. Any ideas?