cross-posted from: https://lemmy.zip/post/61407838

Made this post on forum.mikrotik.com and it's awaiting approval from moderation, figured I'd try here...

Hey everyone!

Been running into an issue the last few weeks with trying to setup a VLAN on my home network.

Hardware/OS/IP:

Router (R) = GL.iNet GL-MT6000 (Flint 2), OpenWrt 25.12.1, 10.1.10.1
Office switch (O) = CRS310-8G+2S+, MikroTik SwOS 2.18, 10.1.10.2
Living room switch (LR) = CSS610-8G-2S+, MikroTik SwOS Lite 2.21, 10.1.10.3

Followed a few different guides on the OpenWrt side of the house, primarily this one

During my multiple attempts I have wiped all devices and started fresh a few times and I always end up in the same situation…

VLAN appears to be working on the LR switch (CSS610)

VLANs tab
    Port 1 is my trunk and a member of all 4 of my VLANs
        10 = LAN (Used for network devices and maintenance)
        20 = IoT
        30 = Guest (not configured on the switch, only for WIFI)
        40 = Main (Primary VLAN for my network)
        50 = Servers
    Ports 2-5 are members of VLAN 40
    Port 6 is a member of VLAN 10
VLAN tab
    Port 1 = Strict, Only tagged, Default ID 1
    Port 2 -5 = Strict, Only untagged, Default ID 40
    Port 6 = Strict, Only untagged, Default ID 10

This seems to work great, devices will get 10.1.40.x IP addresses and I can connect to port 6 and get 10.1.10.x IP address. Confirmed that my firewall rules also seems to work (although I’ll probably want to run this past OpenWrt forum as well).

But when I go to look at the O switch (CRS310), I’ll mirror this configuration, I’ll get DHCP and DNS, but I can’t reach the WAN or ping any other devices apart from the network equipment. Most recently I tried just VLAN 10 because I figured it would be using the LAN firewall rules and work correctly, but I get the same issue… correct IP address but no traffic.

Note: These screenshots are from last attempt to get something to work, when I mirror the CSS610 setup, I get the same results.

I had to follow these steps to get the SwOS boot to work on the CRS310

Curious if either…

• Have I configured the CRS310 incorrectly and something needs to be different vs the CSS610 which seems to work?
• Is there is a known VLAN related bug with the CRS310 & SwOS?

Any advice and guidance would be appreciated, feel like I am going in circles at this point.

Happy to share any outputs or screenshots from my OpenWrt router if it’ll help, but the issues do seem to be related directly to this CRS310 switch.

Looks like OpenWRT 25.12.0 has a bug while trying to generate a custom image. Same issue while trying for two different routers.

'libubox20260213' does not exist, there's 'libubox20260313'

#OpenWRT @openwrt

The OpenWrt community is proud to announce the newest stable release of the OpenWrt 24.10 stable series.

The OpenWrt community is proud to announce the first stable release of the OpenWrt 24.10 stable series.

Download firmware images via the Firmware Selector or directly from our download servers:

• Download firmware image for your device (firmware selector)
• Download firmware images directly from OpenWrt download servers

An upgrade from OpenWrt 23.05 to OpenWrt 24.10 is supported in many cases with the help of the sysupgrade utility which will also attempt to preserve the configuration. A configuration backup is advised nonetheless when upgrading to OpenWrt 24.10. (see “Upgrading” below).

About OpenWrt

The OpenWrt Project is a Linux operating system targeting embedded devices. It is a complete replacement for the vendor-supplied firmware of a wide range of wireless routers and non-network devices. See the Table of Hardware for supported devices. For more information about OpenWrt project organization, see the About OpenWrt pages.

Announcements about new releases and security fixes

Do you want to be informed about important changes such as new releases and security fixes?

We have a new mailing list for this, as well as RSS options: see Important changes and announcements.

Highlights in OpenWrt 24.10

OpenWrt 24.10.0 incorporates over 5400 commits since branching the previous OpenWrt 23.05 release and has been under development for over one year.

General changes

• Upgrades of many components to new versions like the Linux kernel from version 5.15 to 6.6
• TLS 1.3 support in default images
  • mbedtls was updated to version 3.6 which includes support for TLS 1.3
• Activate POSIX Access Control Lists and file system security attributes for all file systems on devices with big flash sizes. This is needed by docker nowadays.
  • This is activated for all targets which do not have the small_flash feature flag. small_flash is set for the ath79/tiny, bcm47xx/legacy, lantiq/ase, lantiq/xrx200_legacy, lantiq/xway_legacy, ramips/mt76x8, ramips/rt288x, ramips/rt305x and ramips/rt3883 targets.
• Activate kernel support for Multipath TCP on devices with big flash sizes.
• Improved support for WiFi6 (802.11ax) and initial support for WiFi7 (802.11be)
  • Not many Wifi7 devices are supported by OpenWrt yet
• Improved Link Layer Discovery Protocol (LLDP) support
• OpenWrt 24.10 uses OPKG only, APK packages are not supported. Only main branch was changed to APK.

Many new devices added

OpenWrt 24.10 supports over 1970 devices. Support for over 100 new devices was added in addition to the device support by OpenWrt 23.05.

• Added support for OpenWrt One

Target changes

• Added d1 target for AllWinner D1 RISC-V SoC
• Added ixp4xx target for Intel XScale IXP4xx SoCs.
• Added loongarch64 target for SoCs with Loongson LoongArch CPUs.
• Added starfive target for StarFive JH71x0 (7100/7110) SoCs.
• Added stm32 target for STMicroelectronics STM32 SoCs.
• Renamed ipq807x target to qualcommax.
• Removed ath25 target. It supported Atheros ieee80211g devices with maximum 16MB RAM
• Removed bcm63xx target. It supported some Broadcom DSL MIPS SoCs and was replaced by the bmips target. The Broadcom DSL itself was never supported.
• Removed octeontx target. It supported the Octeon-TX CN80XX/CN81XX based boards
• Removed oxnas target. It supported the PLXTECH/Oxford NAS782x/OX8xx
• The qoriq target for the NXP QorIQ (PowerPC) SoCs is built
• The ipq806x target for Qualcomm Atheros IPQ806X SoCs was converted to DSA
• Added support for Airoha AN8855 DSA Switch (Xiaomi AX3000T ship both Mediatek and Airoha Switch in the same revision)

Core components update

Core components have the following versions in 24.10.0:

• Updated toolchain:
  • musl libc 1.2.5
  • glibc 2.38
  • gcc 13.3.0
  • binutils 2.42
• Updated Linux kernel
  • 6.6.73 for all targets
• Network:
  • hostapd master snapshot from September 2024, dnsmasq 2.90, dropbear 2024.86
  • cfg80211/mac80211 from kernel 6.12.6

In addition to the listed applications, many others were also updated.

Upgrading to 24.10

Sysupgrade can be used to upgrade a device from 23.05 to 24.10, and configuration will be preserved in most cases. For for upgrades inside the OpenWrt 24.10 stable series for example from a OpenWrt 24.10 release candidate Attended Sysupgrade is supported in addition which allows preserving the installed packages too.

⚠ Sysupgrade from 22.03 to 24.10 is not officially supported.

⚠ There is no configuration migration path for users of the ipq806x target for Qualcomm Atheros IPQ806X SoCs because it switched to DSA. You have to upgrade without saving the configuration. Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

⚠ User of the Linksys E8450 aka. Belkin RT3200 running OpenWrt 23.05 or earlier will need to run installer version v1.1.3 or later in order to reorganize the UBI layout for the 24.10 release. A detailed description is in the OpenWrt wiki. Updating without using the installer will break the device. Sysupgrade will show a warning before doing an incompatible upgrade.

⚠ Users of the Xiaomi AX3200 aka. Redmi AX6S running OpenWrt 23.05 or earlier have to follow a special upgrade procedure described in the wiki. This will increase the flash memory available for OpenWrt. Updating without following the guide in the wiki break the device. Sysupgrade will show a warning before doing an incompatible upgrade.

⚠ Users of Zyxel GS1900 series switches running OpenWrt 23.05 or earlier have to perform a new factory install with the initramfs image due to a changed partition layout. Sysupgrade will show a warning before doing an incompatible upgrade and is not possible.

Known issues

• LEDs for Airoha AN8855 are not yet supported. Devices like the Xiaomi AX3000T with an Airoha switch will have their switch LEDs powered off. This issue will be addressed in an upcoming OpenWrt SNAPSHOT and the OpenWrt 24.10 minor release.
• 5GHz WiFi is non-functional on certain devices with ath10k chipsets. Affected models include the TP-Link Archer C60 v1, TP-Link Archer C6 v2, and possibly others. For details, see issue #14541.
• Ethernet link instability on some MT7530 switches. Users experiencing unstable Ethernet connections should disable Energy-Efficient Ethernet (EEE) as a workaround. See issue #17351 for more information.
• Kernel warning in ath10k-ct driver at startup. The warning WARNING: CPU: 3 PID: 1695 at backports-6.9.9/net/mac80211/main.c:270 ieee80211_do_open+0x4e8/0x5e0 [mac80211] appears during boot but is harmless and can be ignored. See issue #15959 for details.

Final notes

As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.

Have fun!

The OpenWrt Community

I have read the documentation and googled extensively but, when I try to initiate WPS, I always receive a response of "FAIL". Nobody else seems to have this issue, so what am I doing wrong?

I only want to enable this temporarily as it is the only way I know to connect a doorbell camera that I obtained for free and need to "hack".

> uci show wireless | grep wps
wireless.wifinet6.wps_pushbutton='1'

> hostapd_cli wps_pbc
Selected interface 'phy1-ap3'
FAIL

I have tried on both a Turris Omnia (OpenWRT 23.05.3) and TP-Link Archer C7 (OpenWRT 23.05.2). On each, and per the instructions, I installed hostapd-utils and replaced the stock wpad-basic-mbedtls with the full-featured version (I tried both wpad and wpad-mbedtls).

I have 4 WLANs on each radio. I tried configuring the single WLAN of interest with the option wps_pushbutton '1' as well as setting it on all WLANs on that radio (per a suggestion I found), but same result.

I've tried adding other wps_… options, rebooting, and everything in between, but same result. I don't see anything relevant in the syslog, and can't find a way to increase verbosity for hostapd. I've even looked at the source code for hostapd_cli which didn't really help.

Any thoughts?

For example, privacy violating linksys or netgear, or devices with components running improper firmware with a 14 year old vulnerability?

The reason that I ask, although I don't want this to impact the quality of answers, is that I'm shopping for a new router that is secure and private but rather than paying commercial and industrial prices I would rather get a consumer router and overwrite it's software.

How many times I can change IMEI without harm to device via AT command? For example if I will change IMEI 3 times a day (sometimes) and 7 times (most commonly) a week (1 per day) via AT command won’t it harm device?

I need extra lawyer of security as I will go to dictatorship country for 1 week as reporter n. This is extremely critical.

Please ask the highest level of your engineer team.

P.S: I am using Mudi v2 with blue-merle

Hi, where I live we have cable internet, it seems this is not supported by existing OpenWRT firmware.

But as far as I understood, the router is the same and just has a different modem.

This could need proprietary firmware, maybe blobs etc. everything not nice, but isnt the router Software kinda independend of the modem?

I dont have experience with this, but would like to try to make a model with cable work with a DSL / fiber OpenWRT software by adding the missing modem firmware.

Is there something I missed, is this in general how OpenWRT is made to work with different modems?

Also: can I have 2 routers on the same cable, to try it before switching to it permanently, if I have a cable box with 3 ports and one free? I dont know much about this, as the payment plan seems to be for the whole house connection no matter how many routers inside.

Just an appreciation post for the OpenWrt project.

I recently bought an ASUS router. It was good for it's price. However when I enabled IPv6 on the router, it could not handle it. It made my networking terribly slow. It could be a bug in the firmware or missing IPv6 specification or incompatibility with my ISP. Anyway I debugged for a week and eventually gave up.

I asked ASUS support for a solution. However they asked me to take it to a service center. The service center guys had no clue about IPv6.

Finally I tried to purchase an expensive Netgear router. Then at last minute I recalled about OpenWrt read in newsletters or heard somewhere in Linux Podcasts.

I went through the documentation and flashed it (It was super simple). It's fantastic. All my problems went away. IPv6 works like charm. It can handle SLAAC, DHCPv6 and all IPv6 specifications correctly and by default. I could also enable DoH, adblocking etc.

Learning curve is little higher with it's LuCI UI, but it was worth it. Not only did I save my money, but my router is also more secure now.

Thanks to all the developers who put their hard labour with no expectation in return.

cross-posted to: https://sh.itjust.works/post/13445728

I can see all the devices connected over WiFi, but their security choice seems to be unlisted. For example, if the WiFi interface has both WPA2, and WPA3 available, I would like to see what devices are using which.

Backup binaries:

cp /usr/sbin/tailscale backup_tailscale
cp /usr/sbin/tailscaled backup_tailscaled

Update (https://pkgs.tailscale.com/stable/#static):

service tailscale stop

wget https://pkgs.tailscale.com/stable/tailscale_1.50.1_mips.tgz

service tailscale stop
tar zxvf tailscale_1.50.1_mips.tgz

cp /root/tailscale_1.50.1_mips/tailscale* /usr/sbin/
service tailscale start
tailscale version

What access point can you recommend for use with OpenWrt?

I use OpenWrt on x86. I use this build but added a WiFi card and antennas. At first the WiFi performance was very good giving me great speeds and range. Some time ago performance degraded. The signal range is extremely limited giving me disconnects on my phone when I'm 4 meters away.

How could I debug what the cause might be. Any ideas?