high traffic: x86 PC
low traffic: ARM / MIPS with the following:
* uboot bootloader * doesn't require multiple hoops to install (i.e. no 'two different' serial speeds on the same UART. moron ubiquiti...) * promotes FOSS and is ok with LEDE/openwrt
Still evaluating them, but it looks like gl.inet is the way to go.
I used to use these as they are rack mount, but the bootloader is proprietary and i had two of them brick themselves for no reason during the 2nd sysupgrade. Proprietary software. Not Even Once.
High-end companies can look at https://www.opencompute.org/products
Recommended wireless AP
Open mesh in Oregon was good. But they were bought out. They are now doomed. China has gl.inet which is basically the same as open mesh, although they specialize in small travel routers. Only buy wifi APs that support openwrt.
Port forwarding is two steps:
- redirect port from outside to internal (NAT)
- allow access from outside to inside via this port (firewall)
Note: Proto can be 'tcp' OR 'tcpudp' OR 'udp'
reserved ip / static lease
I tried to add this to the wiki, but someone (https://openwrt.org/docs/guide-user/base-system/dhcp_configuration?rev=1596434574) decided to replace my simple solution with an obfuscated one that requires uci commands. So instead, it will remain here. EDIT: I added it back. See how long that lasts...
opkg install openvpn-openssl
And your .ovpn in /etc/openvpn/.
Put in /etc/profile. e.g.
export TERM=xterm alias vpnme= 'openvpn --config /etc/openvpn/myconfigfile.ovpn & ./script.sh &'
Mwan3 can be tricky. The wiki lacks a quick start*. The following files get edited:
/etc/config/network /etc/config/mwan3 /etc/config/firewall
Tips Page: Mwan3_On_Openwrt
If you add a new WAN interface, (e.g. wanb or wan2) you must add wanb to the existing wan firewall zone for outgoing comms. How this is handled differs from 17 to 19.*2
Balanced policies can have issues with connections jumping from one wan to another.
* the current mwan3 page is a lengthy multi-page behemoth (which has grown over time) that expects no less of you than to understand all functional and architectural details of how the failover works. It's a lot for someone that just wants to setup backup internet. But mwan3 can and does work.
- 2 ctrl-f for firewall comes up with half a dozen mentions of firewall masking (something done automatically) and one easily missable note, for GUI setup only, about adding the new wan2 to the firewall zone. An absolutely required step.
iptables vs fw3
In the firewall:
will list current rules, but the iptables rule generator is fw3.
Will display iptables commands that make up the firewall. fw3 script is described in firewall pages on official wiki. Please review that.
less with / search
The stock 'less' command does not include '/' search.
opkg install less
To get forward slash search https://dev.archive.openwrt.org/ticket/7132
remove poweroff command
cd /sbin/ rm ./poweroff
Now to power off, you must type
This will keep you from accidentally shutting down a router.
wifi up wifi status
display (RAM based) logs (note that this is not in /var/log/messages...)
- https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm - speed test, and traffic shaping to speed up a 'slow' network. protip: use x86 instead of arm if openwrt is slow.
- https://openwrt.org/docs/guide-user/services/nas/netatalk_configuration - apple time machine backup server
- https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3 - failover for wan. i have used this before, and it worked well.
- https://openwrt.org/tag/faq - FAQs
- https://openwrt.org/docs/techref/flash.layout - Partitions on
HDDflash. And overlay fs.
- https://openwrt.org/docs/techref/start - Technical Reference. Has some informative dives into various aspects of low power routers. As an example see this link on flash: https://openwrt.org/docs/techref/flash IME, flash is built in obsolescence. usb drives, sd cards, and onboard flash tend to last much less than advertised. not recommended. SD and SSDs are a trap. from this: even 'reading' flash can cause bad blocks. that's right, even reading. therefore flash is guaranteed to fail. tech companies love it.