wrt on zyxel nbg6716

Time to revisit the Guest WiFi setup. I'm planning an additional AP for guests and IoT devices. So let's see if we can get VLANs setup... config switch_vlan         option device 'switch0'         option vlan '2'         option ports '5 6' This is confusing: ports 5 and 6 are setup as part of VLAN2 - but aren't used/connected ? (could be an internal connection for the wifi - but let's go boldly etc.) add a VLAN3 under switch config note: I have the CPUport AND port2 tagged. in both VLAN1 and the new VLAN3. I will be connecting my additional AP on port2. (/etc/config/network) config switch_vlan         option device 'switch0'         option vlan '3'         option vid '3'         option ports '0t 2t' then define a new interface 'guest' attach it to eth0.3 with STATIC IP  (/etc/config/network) config interface 'gues...

I'm still experiencing trouble with the 5Ghz, maybe even WRT in general, up to the point I'm considering going back to the original Zyzel AA release. One last effort to see if this helps: I'm currently running an alternative driver firmware for the  QCA988X get it from github i'm running the last of the 4 series 10.2.4.48 (not sure if running the 5 series is possible, something for later) rename the file to firmware-4.bin and replace the one that's already there in /lib/firmware/ath10k/QCA988X/hw2.0 There's probably a way to force WRT to reload the driver, but hey I rebooted. First look seems fine, let's see if it's more stable. -- update -- leaving channel selection on 'auto' didn't work - 5G did not come up. (no mesgs as to why) manually selecting a channel did seem to work, at least when also selecting a 20Mhz bandwidth, 40Mhz seemed to work but I had some devices not connecting properly. -- update2 -- 5G was mostly s...

proxy autoconfig is a combination of DHCP optons, and a bit of JS in a wpad.dat file. under  network>hostnames  add an entry ' wpad ' pointing to your router's lan-ip then create a /www/wpad.dat file (got mine from here ). and changed the default rule to point to polipo - 10.0.0.1:8123 also changed .local into .lan for lan hosts , and commented some stuff out that didn't seem relevant. function FindProxyForURL(url, host) { // If the hostname matches, send direct. //   if (dnsDomainIs(host, "intranet.domain.com") || //        shExpMatch(host, "(*.abcdomain.com|abcdomain.com)")) //        return "DIRECT"; // If the protocol or URL matches, send direct.     if (url.substring(0, 4)=="ftp:" ||         shExpMatch(url, "http://abcdomain.com/folder/*"))         return "DIRECT"; // If the requested website is hosted within the internal network, send direct. ...

Let's see if we can (at least make it seem like) web browsing is faster... (i'm still not sure whether installing SQM was an improvement) I chose polipo as it is geared to home use and is supposedly easier to deal with than squid. And it comes with its own luci app so install is dead easy install luci-app-polipo defaults looked sensible, so I just directed my browser to use router.lan:8123 as proxy, and presto - things indeed 'feel' faster. A check with chrome didn't reveal a significant decrease in load time though - 11.9s vs 11, even on a reload... but in this case the log showed a lot of cache directives not being recognized by polipo. ! there might be an issue with the resolver and local hostnames (openwrt.lan) but not sure yet. Anyhoo, so let's add some storage for polipo to use so everything won't have to go in RAM. Apparently ext4 is the better filesystem for wrt so let's prepare a usb stick for that. (sudo) fdisk -l -> check wher...

just for fun, let's see if we can get an WLAN set up that tunnels through tor. opkg install tor (duh!) first create a new wlan for tor in network>wifi add, and create a new network interface 'tor'. go to network>interfaces and configure our new interface with static ip and and a dhcp. assign a f irewall zone 'tor' . and if you're truly paranoid you can override the mac with  00:88:88:88:00:2A. head over to network>interfaces>firewall> select 'tor' and under advanced  and ensure ' force connection tracking ' is checked  (this connection tracking isn't required, when you don't use the --syn flag or use luci rules, see below) traffic rules  to setup are faily standard accept from wan   tcp   443 (torbridge) acccept from tor upd 67-68 (dhcp) accept from tor tcp 9040 (torproxy,  set port in /etc/tor/torrc) accept from tor udp 9053 (tordns, set port in /etc/tor/torrc) accept from tor tcp 9050 (tor ...

Stock Zyxel firmware has a wake-on-wan feature if I recall correctly. I don't recall how that setup worked but here's how to achieve similar functionality via openwrt. ! It does feel 'hacky' and not super clean either (all udp on port 9 gets mapped to the broadcast) but until i find a better solution this will have to do. under network>firewall>port forwards add a redirect rule upd port 9 form wan to a ' will-never-be-used ' local ip address, e.g. 10.0.0.253 then, from the CLI map this addr to the broadcast mac addr,  ip neigh add 10.0.0.253 lladdr ff:ff:ff:ff:ff:ff nud permanent dev br-lan You're done! ... but not quite. there are some pitfalls. the arp table can get flushed, e.g. interface changes, or reboot. You can add this line to rc.local, or as an init.d script or i supposes a procd script... but no info on what is best, hopefully more soon. the magic incantation above can fail of the ip is already known. I haven't found a...

another feature that came with stock zyxel fw is their 'optimized' (the one with the 400mbps nag) QoS packages. As far as i can tell the standard SQM package should come pretty close. install uci-app-sqm a Network>SQM QoS menu item will appear check enable, double check your interface name is really your wan port(eth1), and set your down/up speeds to what you measured with e.g. dslreports . under linklayer adaptation set to Ethernet (for VDSL) with 8 bytes overhead. i reran the test, and it seems my up/down throughput dropped about 10%,  but my bufferbloat report went from D to B.... whatever that means in reality I'll have to find out :)

Stock zyxel firmware collects some statistics... this is not as fancy but still not too bad install luci-app-statistics since i already have usb stick mounted i move the logs to that one via statistics>setup>Output Plugins>rrdtool and set storage directory to your /mnt/xyz additional loging is available by installing seperate plugins: collectd-mod-* install collectd-mod-disk more fancy real-time and logged traffic related stuff can be had with install luci-app-vnstat (i also tried bandwidthd but never got any life out of it)

another feature of the orginal firmware, so let's see if we can add this ourselves.. first create a new wireless network, Network>Wifi>Add (select the radio you want, I'm going for a 2.4Ghz one) ! leave the wireless radio settings as is, those settings will affect all other networks on the same radio. Attach the new SSID to (a new) network 'guest' set Wireless security as you would normally. Now go to Network>Interfaces>Guest>Edit Change protocol to 'Static Address' and confirm Fill in a static ip addr (on a different subnet from your regular LAN) and netmask (255.255.255.0). On the same page ' Setup DHCP Server ', you can leave the default settings. ! luci might reload the page here, check your IPv4 addr is still set. next: Firewall Settings tab, so your guests can get out on to the internets Create/Assign firewall-zone : Guest Now go to Network>Firwall>Guest>edit   and   set Input to reject . and under In...

NBG6716 comes with 2USB ports and minidlna/samba so here's how to do that with owrt install kmod-usb-core install kmod-usb-ohci install kmod-usb2 install kmod-usb-storage install block-mount then it complains about fstab missing, so create one block detect > /etc/fstab then throw in some filesystemsupport install  kmod-nls-utf8  kmod-fs-vfat kmod-fs-ext4 kmod-nls-cp437 kmod-nls-iso8859-1 then set your mount point via system>mount points. and install minidlna and the luci_app install minidlna (installs way more than needed but we've got plenty of space) install minidlna-luci-app basic config via services>minidlna i like to put the db on my USB device so as not to keep updating that on flash, you can find the location for the database under the advanced tab. and now throw in samba install samba36-server install luci-app-samba under services>network shares set share home directories to '0' (i only want to give access to mounted me...

I chose to go with spdns.de, no particular reason so far, except they're free and have IPv6 (which I'm not using yet) install ddns-scripts install luci-app-ddns install wget (only needed for https) install ca-certificates then (might take a browser refresh) under services>Dynamic DNS>mydns_Ipv4>EDIT essentially input your chosen name, username and passwd, tick the boxes, and you are done. don't forget to start the script though :) now, while we are at it, why not enable https for luci as well, install luci-ssl /etc/init.d/uhttpd restart done: luci over https://

set up the wifi and internet connection after firstboot I'm running the NBG6716 behind my ISPs modem/router but I want owrt to do all the routing stuff so I go with PPPoE (my ISPs box allows PPPpassthrough). under Network>Interfaces>WAN->EDIT change connection type to PPPoE enter PAP/CHAP credentials ... (left all the other stuff as it was)  although I did check the IPv6 negotiation over PPP, just for the heck of it, need to check my ISP for IPv6. Wifi was easy enough, just set security and you should be set. But 5G hickupped with DFS - had to manually set it to the lowest band before it would want to come up. Next I set the LAN interface to 10.0.0.1 (no particular reason, just find it easier to type then 192.169...) under Network>Interfaces>LAN>EDIT change IPv4 address to 10.0.0.1 also set the custom dns servers field to Opendns 208.67.222.222 google 8.8.4.4.

! There seems to be some instability on the 5Ghz with this release. The log started filling up with errors ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon causing dropped connections, and failure to connect. Reboot seems to fix it temporarily. --- NBG6716 not sure which HW version v1.0 or A01 , could not locate version markings on the outside of the casing. Currently running V1.00(AAKG.7)C0. Basically following the openwrt wiki  : ssh into box, wget owrt firmware image 15.05.1 for ar71xx/nand wget http://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/nand/openwrt-15.05.1-ar71xx-nand-nbg6716-squashfs-factory.bin and write to flash mtd -r write <FWfile> /dev/mtd7/ wait for reboot... and that all went flawless as expected, first boot stuff is next telnet to 192.168.1.1, passwd exit since this is a full wrt release we can go straight into luci or SSH if you prefer.