Skip to content

Instantly share code, notes, and snippets.

@braian87b
Last active October 23, 2024 23:13
Show Gist options
  • Save braian87b/bba9da3a7ac23c35b7f1eecafecdd47d to your computer and use it in GitHub Desktop.
Save braian87b/bba9da3a7ac23c35b7f1eecafecdd47d to your computer and use it in GitHub Desktop.
How to setup a Dumb AP, Wired backbone for OpenWRT / LEDE
@braian87b
Copy link
Author

if you gonna use is as dumbAP then you have to:
disable dhcp (dnsmasq), connect a LAN port to a LAN port of your main Router or Lan port or your lan Network.
to prevent conflct disable ipv6 also (odhcpd, you can leave if6assign if you need to access to your dumbap config using ipv6 but should not lease ipv6 addresses to the network since probably your main router is already doing that)
you may also clean firewall configuration and disable the firewall too (to save a little bit of cpu/ram).

finally, you can convert you physical wan port into a Lan port (that process varies from hw/device, but is easy, lmk)

@braian87b
Copy link
Author

everything else that you did is fine. so the only main missing fix is : "Connect dumb AP uplink to Lan port."

@tlaurion
Copy link

# ========================================================
# Setup a Dumb AP, Wired backbone for OpenWRT / LEDE
# ========================================================
# Set lan logical interface as bridge (to allow bridge multiple physical interfaces)
#uci set network.lan.type='bridge'
# assign WAN physical interface to LAN (will be available as an additional LAN port now)
#uci set network.lan.ifname="$(uci get network.lan.ifname) $(uci get network.wan.ifname)"
#uci del network.wan.ifname
# Remove wan logical interface, since we will not need it.
#uci del network.wan

# Disable Dnsmasq completely (it is important to commit or discard dhcp)
uci commit dhcp; echo '' > /etc/config/dhcp
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop

# Set static network configuration (sample config for 192.168.1.0/24)
# 192.168.1.1 is the Main Router
uci set network.lan.ipaddr='192.168.2.2'
uci set network.lan.dns='192.168.2.1'
uci set network.lan.gateway='192.168.2.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.broadcast='192.168.2.255'

# To identify better when connected to SSH and when seen on the network
uci set system.@system[0].hostname='AP-south'
uci set network.lan.hostname="`uci get system.@system[0].hostname`"

# ========================================================
# Optional, Disable IPv6
# ========================================================
uci del network.lan.ip6assign
uci set network.lan.delegate='0'
uci del dhcp.lan.dhcpv6
uci del dhcp.lan.ra
uci del dhcp.odhcpd
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop

#Wifi setup on WRT32X, no slow network overlap. Check channels might be problematic
#Not disclosed here

# ========================================================
# Commit changes, flush, and restart network
# ========================================================
# This way we will get internet on this AP and we must reconnect
uci commit
sync
/etc/init.d/network restart
# If all is OK then reboot and test again:
reboot

Made it work. Seems like putting wan to lan was the culprit on the WRT32X. Not sure why since it is supposed to be supported, but yeah, works fine now!

Thanks @braian87b!

@braian87b
Copy link
Author

braian87b commented Jul 14, 2021

Great! @tlaurion

# Set lan logical interface as bridge (to allow bridge multiple physical interfaces)
uci set network.lan.type='bridge'
# assign WAN physical interface to LAN (will be available as an additional LAN port now)
uci set network.lan.ifname="$(uci get network.lan.ifname) $(uci get network.wan.ifname)"
uci del network.wan.ifname
# Remove wan logical interface, since we will not need it.
uci del network.wan

Those steps should work, but it will be interesting to know why it doesn't, please if you can post here output of:

uci show network

@tlaurion
Copy link

tlaurion commented Jul 20, 2021

@braian87b

uci get network.lan.ifname
uci: Entry not found
uci get network.lan
interface

uci show | grep bridge
network.@device[0].type='bridge'

uci show | grep ifname


BusyBox v1.33.1 (2021-06-13 22:02:19 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 21.02.0-rc3, r16172-2aba3e9784

Well this seems to explain that! :)

@sajati
Copy link

sajati commented Sep 20, 2021

uci show | grep ifname


BusyBox v1.33.1 (2021-06-13 22:02:19 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 21.02.0-rc3, r16172-2aba3e9784

Well this seems to explain that! :)

so how to do this in v21.02 ?

@rgatti
Copy link

rgatti commented Sep 26, 2021

Saw this in the documentation here https://openwrt.org/docs/guide-user/base-system/basic-networking.

This article may contain network configuration that is version dependent post 2021-06

ifname@interface has been moved to device and device sections
while legacy ifname syntax may work on 21.02 or recent master it is recommended that you migrate to device usage

So now looks like this should be uci get network.lan.device

@Domepo
Copy link

Domepo commented Apr 7, 2022

Referred to this question:

/etc/init.d/network restart should be changed to /etc/init.d/network reload

@RustyRouter
Copy link

Thanks for the tutorial :
I just need you help in 2 things please "A & B"

(A)Lan configuration:

I'm just confused about this , so basically I should use either static network or DHCP on LAN
is that right ?
So If I choose to go with static network then I should delete this part from the script ?

# Set DHCP on LAN (not recommended, but useful when Dumb AP is moveable from one building to another)
uci del network.lan.broadcast
uci del network.lan.dns
uci del network.lan.gateway
uci del network.lan.ipaddr
uci del network.lan.netmask
uci set network.lan.proto='dhcp'

I'm going to execute this script on a wireless backbone AP and then setup the WIFI on it.

(B)Script to disable IPv6

Can you write a script to completely disable IPv6 from a factory reset OpenWRT 22.03.3 router, a router to be used as a main router connected to ISP, I mean disable everything v6 related such as IPv6, WAN6 (also delete WAN6), RA, DHCPv6 etc ? basically convert the router to be IPv4 only.

Thanks @braian87b

Main Wireless Router : Belkin RT3200 (aka. Linksys E8450) OpenWRT 22.03.3 UBI
DUMB Wireless AP : Linksys E8450 (aka. Belkin RT3200) OpenWRT 22.03.3 UBI

@braian87b
Copy link
Author

@RustyRouter

(A) yes, either, since you cannot do the both, unless you create a 2nd bridged interface to the lan, think about it as for any device on your network (phone, computer, etc) you can configure a static IP or use DHCP, static IP is useful if you want to tie an IP to the device no matter on which network... but preferable you can use DHCP and set an static lease for the AP macaddress so the main Router will provide always the same IP to the dumb AP.

(B)
mostly involves the steps above, and also you can do the same on your main router and additionally disable ipv6 on the wan side if you have reliable ipv4 and don't want ISP ipv6

uci del network.wan6
uci del_list firewall.@zone[1].network='wan6'

if you want to go deeper:
https://www.google.com/search?q=openwrt+disable+ipv6
this one seems pretty accurate on all needed: https://3os.org/infrastructure/openwrt/disable-ipv6/

.

@RustyRouter
Copy link

RustyRouter commented Mar 4, 2023

Hi @braian87b

Thanks for your help.

Based on your script, and after many tests, I've created the following script, can you please take a quick look?
Please let me know if something wrong in it.

# ========================================================
# Setup a Dumb AP for OpenWRT
# Tested on: Belkin RT3200 (aka. Linksys E8450) 22.03.3
# Script expects factory settings
# ========================================================
# Disable IPv6
# ========================================================
uci delete network.lan.ip6assign
uci set network.lan.delegate='0'
uci delete dhcp.lan.dhcpv6
uci delete dhcp.lan.ra
uci delete dhcp.odhcpd
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop
uci delete network.globals.ula_prefix
uci commit

# ========================================================
# Disable Dnsmasq completely and discard dhcp
uci commit dhcp; echo '' > /etc/config/dhcp
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop

# ========================================================
# Disable firewall
/etc/init.d/firewall disable
/etc/init.d/firewall stop
mv /etc/config/firewall /etc/config/firewall.unused

# ========================================================
# Remove WAN logical interfaces
uci delete network.wan
uci delete network.wan6

# ========================================================
# To identify better when connected to SSH and when seen on the network
uci set system.@system[0].hostname='DumbAP'
uci set network.lan.hostname="`uci get system.@system[0].hostname`"
uci commit system

# ========================================================
# Set static network configuration (sample config for 192.168.1.0/24)
# 192.168.1.1 is the Main Router
# ========================================================
uci set network.lan.ipaddr='192.168.1.2'
uci set network.lan.dns='192.168.1.1'
uci set network.lan.gateway='192.168.1.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.broadcast='192.168.1.255'
uci commit network


echo '====================================================================='
echo 'Reboot your router'
echo 'you can now connect the LAN port of this device to the LAN port'
echo 'of your main router.'
echo '192.168.1.2 is now your Access Point IP Address'
echo '====================================================================='
sync
reboot

Notes:
1- Adding WAN physical interface to LAN did not work in my router!, I had to do it manually in LuCi :(
using "network.lan.ifname" is not working anymore, I think now it is "network.lan.device"
If I type: "uci show network" then this is the result:

root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix=''
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3' 'lan4'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.device='wan'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.device='wan'
network.wan6.proto='dhcpv6'

2-The only thing that I could not disable is "Enable IPv6" from the configuration of the "bridge device" under "General device options" tab
do you know the command to do that? Or maybe it is not necessary anymore? I've tried Google without any luck! Please check the screenshot attached:
IPv6

@braian87b
Copy link
Author

braian87b commented Mar 5, 2023

Try not remove /etc/config/firewall file placeholder, leave it as-is, disabling the service is enough, you will not save space since that starts sitting in rom, but you can empty the file if you want, similarly as with /etc/config/dhcp if you want it cleaner.
remember that if you are using recent version of openwrt it won't have swconfig anymore now it uses DSA. so the configuration will be different,
IPv6 you can disable using Luci and see on the pending settings to be commit which changed.
You can always change everything using LuCI and inspect which changes LuCi do and dump those into your script, will be safer if you are not familiar yet with all the configurations.

@RustyRouter
Copy link

I greatly appreciate your help and efforts @braian87b

@braian87b
Copy link
Author

@RustyRouter happy to help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment