wrt on zyxel nbg6716

just for fun, let's see if we can get an WLAN set up that tunnels through tor. opkg install tor (duh!) first create a new wlan for tor in network>wifi add, and create a new network interface 'tor'. go to network>interfaces and configure our new interface with static ip and and a dhcp. assign a f irewall zone 'tor' . and if you're truly paranoid you can override the mac with  00:88:88:88:00:2A. head over to network>interfaces>firewall> select 'tor' and under advanced  and ensure ' force connection tracking ' is checked  (this connection tracking isn't required, when you don't use the --syn flag or use luci rules, see below) traffic rules  to setup are faily standard accept from wan   tcp   443 (torbridge) acccept from tor upd 67-68 (dhcp) accept from tor tcp 9040 (torproxy,  set port in /etc/tor/torrc) accept from tor udp 9053 (tordns, set port in /etc/tor/torrc) accept from tor tcp 9050 (tor ...

Stock Zyxel firmware has a wake-on-wan feature if I recall correctly. I don't recall how that setup worked but here's how to achieve similar functionality via openwrt. ! It does feel 'hacky' and not super clean either (all udp on port 9 gets mapped to the broadcast) but until i find a better solution this will have to do. under network>firewall>port forwards add a redirect rule upd port 9 form wan to a ' will-never-be-used ' local ip address, e.g. 10.0.0.253 then, from the CLI map this addr to the broadcast mac addr,  ip neigh add 10.0.0.253 lladdr ff:ff:ff:ff:ff:ff nud permanent dev br-lan You're done! ... but not quite. there are some pitfalls. the arp table can get flushed, e.g. interface changes, or reboot. You can add this line to rc.local, or as an init.d script or i supposes a procd script... but no info on what is best, hopefully more soon. the magic incantation above can fail of the ip is already known. I haven't found a...

another feature that came with stock zyxel fw is their 'optimized' (the one with the 400mbps nag) QoS packages. As far as i can tell the standard SQM package should come pretty close. install uci-app-sqm a Network>SQM QoS menu item will appear check enable, double check your interface name is really your wan port(eth1), and set your down/up speeds to what you measured with e.g. dslreports . under linklayer adaptation set to Ethernet (for VDSL) with 8 bytes overhead. i reran the test, and it seems my up/down throughput dropped about 10%,  but my bufferbloat report went from D to B.... whatever that means in reality I'll have to find out :)

Stock zyxel firmware collects some statistics... this is not as fancy but still not too bad install luci-app-statistics since i already have usb stick mounted i move the logs to that one via statistics>setup>Output Plugins>rrdtool and set storage directory to your /mnt/xyz additional loging is available by installing seperate plugins: collectd-mod-* install collectd-mod-disk more fancy real-time and logged traffic related stuff can be had with install luci-app-vnstat (i also tried bandwidthd but never got any life out of it)

another feature of the orginal firmware, so let's see if we can add this ourselves.. first create a new wireless network, Network>Wifi>Add (select the radio you want, I'm going for a 2.4Ghz one) ! leave the wireless radio settings as is, those settings will affect all other networks on the same radio. Attach the new SSID to (a new) network 'guest' set Wireless security as you would normally. Now go to Network>Interfaces>Guest>Edit Change protocol to 'Static Address' and confirm Fill in a static ip addr (on a different subnet from your regular LAN) and netmask (255.255.255.0). On the same page ' Setup DHCP Server ', you can leave the default settings. ! luci might reload the page here, check your IPv4 addr is still set. next: Firewall Settings tab, so your guests can get out on to the internets Create/Assign firewall-zone : Guest Now go to Network>Firwall>Guest>edit   and   set Input to reject . and under In...

NBG6716 comes with 2USB ports and minidlna/samba so here's how to do that with owrt install kmod-usb-core install kmod-usb-ohci install kmod-usb2 install kmod-usb-storage install block-mount then it complains about fstab missing, so create one block detect > /etc/fstab then throw in some filesystemsupport install  kmod-nls-utf8  kmod-fs-vfat kmod-fs-ext4 kmod-nls-cp437 kmod-nls-iso8859-1 then set your mount point via system>mount points. and install minidlna and the luci_app install minidlna (installs way more than needed but we've got plenty of space) install minidlna-luci-app basic config via services>minidlna i like to put the db on my USB device so as not to keep updating that on flash, you can find the location for the database under the advanced tab. and now throw in samba install samba36-server install luci-app-samba under services>network shares set share home directories to '0' (i only want to give access to mounted me...

I chose to go with spdns.de, no particular reason so far, except they're free and have IPv6 (which I'm not using yet) install ddns-scripts install luci-app-ddns install wget (only needed for https) install ca-certificates then (might take a browser refresh) under services>Dynamic DNS>mydns_Ipv4>EDIT essentially input your chosen name, username and passwd, tick the boxes, and you are done. don't forget to start the script though :) now, while we are at it, why not enable https for luci as well, install luci-ssl /etc/init.d/uhttpd restart done: luci over https://

set up the wifi and internet connection after firstboot I'm running the NBG6716 behind my ISPs modem/router but I want owrt to do all the routing stuff so I go with PPPoE (my ISPs box allows PPPpassthrough). under Network>Interfaces>WAN->EDIT change connection type to PPPoE enter PAP/CHAP credentials ... (left all the other stuff as it was)  although I did check the IPv6 negotiation over PPP, just for the heck of it, need to check my ISP for IPv6. Wifi was easy enough, just set security and you should be set. But 5G hickupped with DFS - had to manually set it to the lowest band before it would want to come up. Next I set the LAN interface to 10.0.0.1 (no particular reason, just find it easier to type then 192.169...) under Network>Interfaces>LAN>EDIT change IPv4 address to 10.0.0.1 also set the custom dns servers field to Opendns 208.67.222.222 google 8.8.4.4.

! There seems to be some instability on the 5Ghz with this release. The log started filling up with errors ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon causing dropped connections, and failure to connect. Reboot seems to fix it temporarily. --- NBG6716 not sure which HW version v1.0 or A01 , could not locate version markings on the outside of the casing. Currently running V1.00(AAKG.7)C0. Basically following the openwrt wiki  : ssh into box, wget owrt firmware image 15.05.1 for ar71xx/nand wget http://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/nand/openwrt-15.05.1-ar71xx-nand-nbg6716-squashfs-factory.bin and write to flash mtd -r write <FWfile> /dev/mtd7/ wait for reboot... and that all went flawless as expected, first boot stuff is next telnet to 192.168.1.1, passwd exit since this is a full wrt release we can go straight into luci or SSH if you prefer.