Skip Navigation
  • Openwrt on Proxmox. Questions I have

    I'm new to Proxmox and have had Openwrt on an AP router for a while, but still am not all that good at it.

    I followed a YouTube video yesterday to set up Openwrt as a Proxmox device. The idea being that I can patch all my containers through it and have a single IP address and many ports associated with it on my home lan.

    But I'm also trying to get Mullvad VPN installed on it. When I've followed the instructions to install Mullvad I can no longer ping the outside world. If there's any pointers to getting that going I'd be grateful. I followed the instructions on their website.

    Questions: if I get Mullvad working is there a way for me to route some containers through that and others through my own IP, or do I need 2 openwrt containers to get this? I noticed that during the setup I removed the WAN from the LAN and just left Mullvad as an exit route, so I assume I would need a second LAN with the WAN for me to be able to route via it. If that is the case, can I route some through one LAN and some through a second?

  • Cable FritzBox with noncable firmware + extension? - Lemmy.World Cable FritzBox with noncable firmware + extension? - Lemmy.World

    Hi, where I live we have cable internet, it seems this is not supported by existing OpenWRT firmware. But as far as I understood, the router is the same and just has a different modem. This could need proprietary firmware, maybe blobs etc. everything not nice, but isnt the router Software kinda inde...

  • Could someone explain these OpenWRT LuCI firewall settings to me? I am having trouble interpereting what they are saying exactly.

    cross-posted to:


    If the rule is about forwarding traffic from the lan interface to the wan interface, then why is there also a forward rule? How would inputs, and outputs make any sense if the rule is talking about forwarding? What does it mean for wan to forward to REJECT? I interperet that as saying that wan doesn't go anywhere, but that wouldn't make sense given that the router can send, and receive over the internet.

    For example I would interperet the first rule as follows:

    • lan => wan: the conditions for which connections from the lan interface are forwarded to to the wan interface.
    • Input: accept: the lan interface accepts all connections originating from the network (I wouldn't understand the point of setting this to be reject).
    • Output: accept: all connections exiting the wan interface are accepted (again, I'm not sure what the point of this would be).
    • Forward: accept: forwarding of packets from lan to wan is allowed.
    • Masquerade: I honestly don't know what the effect of enabling this would be. What would it mean to masquerade the lan interface?

    I tried finding documentation, and I did come across this, and this, but, from what I could understand, they didn't really answer any of my questions.

  • Thoughts on OpenWISP?

    I've been playing around with openwisp and it feels very unpolished. The firmware upgrader only supports a few devices and I half the features are broken.

    What's worse is that the Github is semi abandoned. There are a decent amount of issues and from what I've seen the team is busy with other things. I have full respect for them but it doesn't look promising.

    Have you guys used it?

  • [OpenWrt Wiki] OpenWrt Security Advisories OpenWrt Security Advisories

    OpenWrt Security Advisories * Security Advisory 2022-10-17-1 - Multiple issues in mac80211 and cfg80211 (CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721 and CVE-2022-42722) * Security Advisory 2022-10-04-1 - wolfSSL buffer overflow during a TLS 1.3 handshake (CVE-2022-39173) * Se...

  • Router or combo for WRT

    Hello everyone, I am looking for a good router/modem combo or router that will work with wrt. Looking for something with 2.5gbps ethernet and fast wireless speeds that can be found online at Best Buy or similar stores.

    Any reccomendations are appreciated, thanks!

  • Is it possible to see what WiFi security choice a client is using (ideally from LuCI)?

    cross-posted to:


    I can see all the devices connected over WiFi, but their security choice seems to be unlisted. For example, if the wifi interface has both WPA2, and WPA3 available, I would like to see what devices are using which.

  • Openwisp - A Hackable Network Management System for the 21st Century OpenWISP: Open Source Network Management System

    OpenWISP is an open source network management system aimed at low cost networks: from public wifi, to university wifi, mesh networks and IoT.

  • Anyone have recommendations for simplified interface for a firewall?

    I'm tight on space with 23.05, and trying to get used to the complexity but IP Tables is like handing highschool students an ANSI C book to get started coding. I need the 90% effective implemented features version that covers 99% of users with 1% of the default verbosity.

    The whitelist I have been using in PCWRT has been effective and is simply "IP-Address:port-number". That is all I really need.

  • x86 questions

    I've converted my Asus PN40 mini pc into an openwrt router. Everything seems to be working fine. But since the pc has only one ethernet port I'm using a noname USB to ethernet converter as the second NIC for WAN. Is there a better solution? Are proper USB ethernet adapters a thing? Preferably with Intel chip?

    Also i can't get the PC's intel 9000 series wireless chip to work in AP mode. I have hooked an old edimax repeater to the lan port as wifi AP but it's a wireless N device.

    Should i invest on a better AP? My ISP connection is capped at 300mbs. Can you recommend a cheap wifi 6 AP?

    Also I have 2 internet connections.

    Is it a good idea use the wifi in client mode, connect to the first internet through wifi and bond its internet connection with the wired wan?

    Thanks for you help in advance.

  • United Cloud partnership with Sentinel Holding United Cloud partnership with Sentinel Holding

    United Cloud, the innovation centre of the United Group, which develops products and services for the telecommunications and media sectors, and Sentinel Holding

    The core of the agreement is that United Cloud has engaged Sentinel Holding to jointly develop an OpenWrt-based open-source platform as the technological basis for driving innovation, development, reduction of operational complexities and revenue generation.

  • DAWN - the BSS transition controller - and tips on making it work properly

    (Edit: If you have read this post before, please ignore what I posted before and re-read my updated content below, as there has been a number of drastic changes due to an inaccurate testing methodology in my previous attempt at configuring DAWN !)

    For those who have not heard of DAWN, it allows Openwrt to steer clients to the AP with the strongest signal.

    I spent a week experimenting with it to make it function the way I want it to (with several days' worth of effort wasted due to an app I used call "WiFi Analyzer" for my android phone. This app turns out to have the capability to make my phone make Wifi roaming decisions on its own, when I thought DAWN was the steering source). So these tips are what made it work for my environment. Please be reminded that every network setup is unique, and what works for me may require some additional tweaking for you.

    It is very important to get up to speed with the basics by going through this website first and foremost:

    Use the site to do the initial installation and configuration.

    As for the tips:

    None of the faq's and wikis state this explicitly I believe: DAWN needs to be setup on EACH of your Openwrt bridge / gateway routers that's part of your connected / mesh Wifi. Each DAWN instance fires BSS transition instructions to clients that are currently connected to that particular router. So routers with no DAWN running on it will never be able to tell the clients it is time to move to another AP.

    Also I had problem getting umdns (a DAWN dependency) to start working properly at router startup, so I had to write a startup script to give umdns some encouragement each time the router is powered on. If you run into the same issue, let me know and I can share my script. The symptom of DAWN not working due to this issue is the inability to show neighbor APs in DAWN's "View Network Overview".

    Once you get DAWN up and running, it is all about tweaking the config file (and remember to update the file on each of your Openwrt router with DAWN running) to:

    1. make each wireless client send proper beacon reports to show DAWN the signal strength of each AP that each client sees at any give time, and
    2. make DAWN send out BSS transition requests in a nimble manner (otherwise wifi is disconnected before any roaming can even take place)

    Note that for both points 1 and 2 above, I treated DAWN as a black box and just did a lot of trial and error experiments to make it work eventually. So some of the tweaks may look crazy, but it worked for me after making these changes.

    1 - Making clients send beacon report that covers EVERY single AP they see (probably more power demanding resulting in more battery drain (?), but necessary for DAWN to have the information it needs to send out instructions accurately:

    Under "config metric 'global'", update the values to the following:

    option min_probe_count '0' option bandwidth_threshold '0' option use_station_count '0' option max_station_diff '1' option eval_probe_req '0' option eval_auth_req '0' option eval_assoc_req '0' option kicking '1' option kicking_threshold '40' option deny_auth_reason '1' option deny_assoc_reason '17' option min_number_to_kick '2' option chan_util_avg_period '3' option set_hostapd_nr '1' option duration '200' option rrm_mode 'apt'

    These values have the following effect:

    • DAWN includes a feature to attempt steering "Legacy clients" that don't support 802.11v as documented in its github page. It DOESN'T work well. My testings show it very often severs the wifi connection of these 'legacy clients' before the client can make a new connection. And it also confuses clients that properly support 802.11v. My update disables this feature altogether.
    • DAWN includes a alternative "kicking method" that considers the absolute RSSI (see "Kicking Method 2: Absolute RSSI" in DAWN's github website). It DOESN'T work well and serves to confuse everything. My update disables this feature altogether.
    • DAWN's decision making process is sped up with changes made in min_number_to_kick. I tried decreasing chan_util_avg_period also but the kicking got too jittery.
    • By changing rrm_mode and duration, WiFi clients will now send "active" beacon reports which means they will actively seek out APs they can connect to and gather info on each AP's signal strength to provide to DAWN. The duration parameter gives these clients enough time to gather the info it needs to generate beacon reports.

    2 - Making DAWN work the way you want it to

    This part is more like an art where your 'personal taste' comes into play. Here is my own underlying principle (yours may differ):

    • I have several radios in both 2.4GHz and 5GHz. The stronger the signal, the more a 5GHz AP takes precedence even if there is a neighboring 2.4GHz AP with as strong a (or even stronger) signal.

    • If all of the 5GHz APs are weak (say -70dBm or less), I will then prefer 2.4GHz that are more stable even at the same dBm level.

    With this in mind, I only ended up utilizing the rssi_weight and disabled other calculation methods to determine each AP's final score. Here are the settings:

    config metric '802_11g' option initial_score '200' option ht_support '0' option vht_support '0' option no_ht_support '0' option no_vht_support '0' option rssi '0' option rssi_val '-10' option low_rssi_val '-50' option low_rssi '0' option chan_util '0' option chan_util_val '140' option max_chan_util '0' option max_chan_util_val '170' option rssi_weight '4' option rssi_center '-25'

    config metric '802_11a' option initial_score '80' option ht_support '0' option vht_support '0' option no_ht_support '0' option no_vht_support '0' option rssi '0' option rssi_val '-10' option low_rssi_val '-65' option low_rssi '0' option chan_util '0' option chan_util_val '140' option max_chan_util '0' option max_chan_util_val '170' option rssi_weight '8' option rssi_center '-65'

    One caveat - be very cautious if you decide to use rssi_val or low_rssi_val (my above suggestion disables them). If used, the final scores can become super jerky especially when an APs signal strength borders on the threshold. This can easily cause insane jumping back and forth between different APs, and you end up confusing your network client and DAWN.

    That's pretty much it ! DAWN works beautifully but only when your settings are right.

  • Configuring multiple VLANs on batman mesh on DSA-based (i.e. newer) Openwrt firmware turns out to be trivial

    No docs yet on wiki - - just says 'TO DO'.

    But all you need to do in LuCi is go to Network -> Interfaces -> Devices -> Configure br-lan -> Bridge VLAN filtering -> Enable VLAN filtering -> define your VLANs -> then for 'bat0', tag the VLANs that you want the data of which to flow through your mesh.

    Simple as that. Of course you also need to define your network interfaces (one per VLAN), and remember to attach br-lan.1, br-lan.2, etc (where 1, 2.... are actually your VLAN IDs) to each of your network interfaces.

  • Experts released PoC exploit for Ubiquiti EdgeRouter flaw Experts released PoC exploit for Ubiquiti EdgeRouter flaw

    A Proof-of-Concept (PoC) exploit for the CVE-2023-31998 vulnerability in the Ubiquiti EdgeRouter has been publicly released.

    Experts released PoC exploit for Ubiquiti EdgeRouter flaw

    “It is likely that other products relying either directly on upstream miniupnpd, or on router distribution such as openwrt , vyos or dd-wrt still ship today with vulnerable miniupnpd.”

  • Banana Pi BPI-R3 Mini now orderable as new Wi-Fi 6 router board with 5G connectivity Banana Pi BPI-R3 Mini now orderable as new Wi-Fi 6 router board with 5G connectivity

    The Banana Pi BPI-R3 Mini is a compact router board with 2G and 5G antennas. Compatible with OpenWRT, the BPI-R3 Mini supports Wi-Fi 6 connectivity, has 2 GB of DDR4 RAM, 8 GB of eMMC flash storage and a MediaTek MT7986 chipset.

    Banana Pi BPI-R3 Mini now orderable as new Wi-Fi 6 router board with 5G connectivity

    The Banana Pi BPI-R3 Mini is a compact router board with 2G and 5G antennas. Compatible with OpenWRT, the BPI-R3 Mini supports Wi-Fi 6 connectivity, has 2 GB of DDR4 RAM, 8 GB of eMMC flash storage and a MediaTek MT7986 chipset.

  • Wireless 5GHz Mesh with OpenWRT | Better WiFi and Mobile coverage - ph03n!x https:// /forum/gadgets-computers-software/267712-wireless-5ghz-mesh-openwrt-better-wifi-mobile-coverage.html

    > This post is similar to the brilliant thread Cheap but effective DIY WiFi Mesh Setup for my home by BHPian @NaXal, with an important difference - this how-to is for a purely WiFi mesh (as against wired connection between router and APs like the linked thread).

  • How to debug bad WiFi performance

    I use OpenWrt on x86. I use this build but added a WiFi card and antennas. At first the WiFi performance was very good giving me great speeds and range. Some time ago performance degraded. The signal range is extremely limited giving me disconnects on my phone when I'm 4 meters away.

    How could I debug what the cause might be. Any ideas?

  • What’s the best router brand supported by OpenWRT?

    I’ve been running OpenWRT on my routers for a while now. It started off as just an experiment on my Mi Router 3c, but it now forms a very integral part of my homelab.

    I’ve since helped set up OpenWRT on a lot of different routers for my friends’ home networks, giving old routers a new lease of life and making it more secure.

    Of the different routers I’ve come across that support OpenWRT, Xiaomi ones tend to stand out to me:

    • They’re fairly cheap
    • Easily procurable in most markets
    • Have very very decent specs for the price point, and,
    • Aren’t hard to put OpenWRT on

    I think I’ve only seen routers from TP-Link come close to this level of support for OpenWRT, but their hardware variations often throws an axe when it comes to OpenWRT support.

    What are your thoughts, and what do you run OpenWRT on?

1 Active user