My OpenWRT router is up and running, and the access point in installed on the ceiling where it is the farthest from the router to be able to be connected in the bedroom and the backyard.
I know, It is double NAT. I didn’t enable wireless and advanced DMZ on Homehub 3000 yet for the sake of troubleshooting and backup for the rest of family members. I can even just leave it since it’s not giving any big troubles.
In this OpenWRT router, there are not much services to reserve resouces but I changed DNS to 1.1.1.3 for malware and adult content filtering, DNS based Adblock is installed and I’m using some small sized blocklist sources. While testing some blocklist sources, I discovered that few “porn” filters blocks youtube. I thought all youtube ads are from google and youtube domains, so I don’t understand why. I didn’t think it’s really worth to troubleshoot and research so I am ok with a few small sized filters and Cloudflare DNS.
It’s not perfect but at least it is nearly done. I’m happy with this OpenWRT router’s performance at this moment and I honestly don’t know what I would change from this network setup.
Once I’m testing this router(GL.iNET GL-B1300) flashed, PPPoE protocol on WAN interface fails to connect to the internet. I had no problem with pfsense for PPPoE. I can’t understand why this OpenWRT router won’t let me. I’ve already “fiddle” with MTU, that didn’t help.
So now I’m stuck in double NAT. Is it a problem? Not really, since I don’t host anything to the public. Even if I do, probably I can use port forwarding configured on Home Hub 3000 to my OpenWRT router. In fact, using HH3000 might be better for the internet speed because of a SFP media converter(TP-LINK MC220L). This one can only convert 1Gbps while Bell’s SFP module is 2.5Gbps, then it will decrease my internet speed as explained in this comment. 2.5Gbps SFP media converters are just way too expensive. Changing WAN configuration from PPPoE to DHCP might be annoying if my family members have to doas well. Not being able to configure WAN PPPoE protocol might be not that bad.
I just don’t want to see HH3000. That’s the problem but I will leave it.
This router is the simplest one I’ve seen. No crazy LED lights, no horrendous antennas, no strange shape. Just white, square box shape, few buttons and LED, only necessary amount of ethernet ports and USB port. The power adapter is also very small. All those items above would probably be smaller than my old pfsense desktop’s power supply. This is exactly what I was looking for.
But I discovered some problems I didn’t expect.
1. The stock firmware is OpenWRT 15.05, released in 2015. Now it’s 2021. 2. Their newest stock firmware was released in 2020 December but it is still based on OpenWRT 15.05 3. I could install the newest OpenWRT release but it changes a lot of things – WAN interface disappears from the switch – Interfaces’ names for WAN and LAN are swapped – All configs by the maker are wiped once you install the newest OpenWRT
Problem 1. The stock firmware is OpenWRT 15.05 This stock firmware is based on OpenWRT 15.05, it’s end of life so there will be no support from OpenWRT. There should be a ton of Common Vulnerabilities and Exposures (CVE) related to this release. Problem 2. Their newest stock firmware is still based on OpenWRT 15.05 I’ve installed their newest firmware released on 2020 December 8th to see if this will help. No, it did not. Problem 3.1. WAN interface disappears from the switch Here are the screenshots of switch configs between stock firmware and OpenWRT 19.07.6. According to this document, port 3 and 4 are LAN, port 5 is the WAN. After flashing, WAN disappeared. I know how to configure things in the config file but this is not only for me. Someone else from my family should be able to follow troubleshooting instructions in case I’m away. Problem 3.2. Interfaces’ names for WAN and LAN are swapped
config interface ‘lan‘ option type ‘bridge’ option ifname ‘eth0‘ option proto ‘static’ option ipaddr ‘192.168.1.1’ option netmask ‘255.255.255.0’ option ip6assign ’60’ config interface ‘wan‘ option ifname ‘eth1‘ option proto ‘dhcp’ config interface ‘wan6‘ option ifname ‘eth1‘ option proto ‘dhcpv6’
I really don’t know why this happens, whether I need to bother to change it from the config. But if I want to stay away from the stock firmware, I may need to keep OpenWRT’s config when it comes to interfaces because firmware upgrade might cause troubles I would want to avoid. Problem 3.3. All configs by the maker are wiped once you install the newest OpenWRT This router with its stock firmware has some nice features for regular users, such as mesh, VPN servers and network file share. All those nice features and configs are wiped as soon as it’s flashed with OpenWRT. If you aren’t familiar with Linux, it might be difficult.
Since I just need it to be a router with 2 VLANs for family and guest and don’t need VPN, file share and mesh, I do not have to worry about flashing it. The main issue here will be how to configure this so that my wife can troubleshoot for me. For instance, she should be able to log in and know how to change WAN interface from VLAN tagged PPPoE protocol to DHCP if we switch to another ISP. I thought of using my ISP’s router as the gateway, turn on the advanced DMZ to let my router take the external IP address as another solution to WAN troubleshooting.
So there are solutions.
1. Flash this router with OpenWRT 19.06.7 for the security and support 2. Create multiple WAN interfaces so that my wife can choose depending on ISPs 3. Have the least features configured in this router so that it doesn’t impact a lot when it fails
I have been using pfsense router at home and it’s wonderful. But there are some problems with it for home users with family members who aren’t technical.
1. It can be bulky and/or messy setup for a family 2. Troubleshooting by other family members via phone or text is nearly impossible 3. There is no pfsense device that can do all, which is firewall, routing, switching and wireless network(It’s possible but not recommended by pfsense anyways) 4. It’s a bit picky about the NIC chipset maker 5. It’s an overkill for a family with less than 15 devices
Although I’m familiar with pfsense(I’m still learning. Don’t get me wrong) but I started looking into OpenWRT router because of the reasons below:
1. It’s possible to have 1 tiny device that does all 2. OpenWRT devices offer many features(of course not what pfsense does) too 3. Lower power consumption than pfsense setup 4. I don’t have any plan to increase clients numbers so OpenWRT is definitely not an overkill 5. Easier troubleshooting, such as rebooting
There are few requirements my OpenWRT router should meet.
1. Everything should be in 1 device 2. Wireless should be dual band 3. There should be separated VLANs for different networks(e.g., guest) 4. PPPoE option should be available for WAN interface 5. WIFE test(can my wife reboot the machine or change WAN from PPPoE to DHCP if we change ISP?) 6. The hardware should be supported by OpenWRT(I have Netgear R7000, but the wireless doesn’t work with it after flashing because Broadcom chipsets aren’t supported) 7. MU-MIMO
After searching my options, GL.iNet B1300 seemed to be ideal. It doesn’t even have those horrendous, tentacle looking antennas. It rather looks cute. Their stock firmware is OpenWRT based. The price recently dropped as of last week, so I purchased it.
pretty random archives 