Book marking this to watch in a couple days when I'm back home. I'm interested to see what you ran into and how this setup works. I started switching to Omada about a month ago with getting an EAP660HD and a EAP670HD APs to cover my house. So far they've been rock solid and I haven't had any issues with them. I haven't switched my router yet but I had been thinking of going to an ER707-M2 once they're available in the US. So good timing on the video for me to get more of a feel on what I'm going to do.
I don't want my personal experience with Omada to make anyone else leave it. I was just laying out what I found, and why I was switching back to Open Source. I've had a lot of folks comment that they use tons of omada devices with no issues. Several even offered to help me with my issues if I want it some day. Want you to watch, but use what works best for you for sure.
@@AwesomeOpenSource oh, I'm not going to act solely on this video. I'm using it as another data point on what to do. TP-Link hasn't started selling the model that I want in the US yet so I've been exploring ideas while waiting. I might give my mikrotik another deep dive too. It works great but I hate the learning curve every time I need to change something.
I really like pfSense and OPNSense, but right now OpenWRT is meeting my home use needs. For me it's about being able to get my job done, and having my family be happy with whatever they are doing online.
It's a good video on setting up OpenWRT. But there's one thing I've noticed that is missing in all the videos when setting up the firewall rules, that's the difference between dropping and rejecting packets. It's an important distinction and people who are new to firewall rules may not understand the difference and when to use one over the other.
True. They do essentially the same thing (block traffic), but Reject means it's rejected, and a message of some type will be sent back to the originating side. Dropped means it's blocked, and nothing is returned to the originator. At least that's how I understand it.
I would recommend getting an external video capture device so you don’t have to point the camera at the screen. Not sure how they would work with a laptop tho.
I've thought about it. But I'd say it's usefulness (for me) would be minimal given the cost of such a device. Hopefully this wasn't too miserable to watch. Just found this process with X86 a bit different, and had to piece together some things on my own, so wanted to help anyone else who might want to try the X86 version of OpenWRT.
Interested to know more about your Omada issues. I have two WAPs at my house, two at a friend's house, and a few scattered at customer locations without issues. Though, all of ours are "real" WAPs, not wall mount units like yours.
I wish I knew honestly. Each time it happened, I would check the logs on the controller, and it showed nothing. If it had just been my PC I would have simply blamed Windows 11 on my work machine, as my other laptop is wired. But when it happened to me, my Wife's iMac also fell offline, and my mom's Roku on the far side of the house would start buffering until it was connected back. Just odd that it did that so often.
just out of curiosity, does your vlan 10 (lan) and your wan are on the same .10 network? is there another router behind this openwrt router you're setting up? just saw your wan as .10.177 on the video. i want to follow your video to setup my router exactly like your. one router with one dump AP. thanks.
WAN isn't on the LAN, it's an incoming public network from ISP. I think what you're seeing is my lab setup for making the video. No, there's no other Router between me and the WAN.
What HP is that I’ve been considering transitioning to x86_64 for my network and try out opnsense just looking for a cheaper machine for it that can firewall at gigabit with minimal firewall rules and low power draw was thinking Wyze 5070 or whatever but haven’t pulled the trigger on it yet
Great Video again.. What kind of AP you have ? TP Link EAP235 ? How does the AP get power ? Which AP can you recommend for Openwrt ? And is there a other good ThinClient for 4 Port Ethernet ? I can not buy HP t610 it in germany.. Not easy.
My wall plate APs are TP-Link EAP615. They are PoE (Power over Ethernet), and they work fantastically well with OpenWRT. Really any x86 based thin client that will take an install of a linux distribution will work. As long as there's space and a PCIe slot, you can add any ethernet card you can get I imagine. I don't know of any specific one off hand.
It's really up to you as the network admin. They are all good, and all very capable. pfSense has a longer release cycle with a focus on very stable releases. OPNSense is almost the same as pfSense (forked version) but releases more often. That said, I've never had any major issues with their releases on my network. OpenWRT, as you've seen is pretty great stuff as well, but in my next video (Part 2 next week) I'll show the firewall setup, and it's different than pf and OPNSense for sure.
This is my home network. I use it for my Work, like online meetings all day. THe device my work provides me has no Ethernet port...which is becoming the norm on many devices these days, so I need solid, reliable wifi.
Well... it's tp-link .... I don't expect anything less lol tp-link is basically a copy of unifi, bugs and all plus just worse ... :( Have a look into the Aruba ION (instant on) stuff Similar, less flexi control as unifi, but we replaced our clients unifi kits with Aruba ION We've also started using Ruijie networks - similar to unifi... more control and cheaper ... but works a lot better.
Nice. I'll look into it. Honestly, the tp-link hardware (the wall plates) are super nice in a home as they don't take up any counter, table, or shelf space, they blend in nicely, and give me some ethernet ports as well. With the OpenWRT on them, they have been terrific devices. I'll go into the Wifi and VLAN setup for those in part 2 next week.
@@AwesomeOpenSource The wall plate design for APs are nice - and they give you free ports ! :D Downside is they are small so you basically class them for a single room - that is the downside :( Were you able to get better coverage with them (tp link variety - not unifi)? Moving from tp-link stock sounds like the solution for all tp-link devices :D haha I am literally dealing with some tp-link ent switches at a client that are causing pure odd behaviour :/ ... just re-enforcing the hate for tpl :( I am glad you at least have a working system - nothing worse than an angry family when the internet doesn't work lol :D But out of all the networking kit I have played with over the last few years .... the one I am gravitating too most recently is the ruijie stuff Yea it's CN and uses CN cloud hosting ... which is the biggest downside - however on the other side of the coin, they have support, are receptive to ideas and product plans Basically what ubnt used too be ... hope they stay that way lol Pricing is decent and we can actually get stock lol Their cheapest device (RG-EW1200) - is able to cover more distance than unifi while pushing 50Mbps through solid reinforced concrete and then mesh to another RG-EW1200 for another hop of 50Mbps no issues...When you get the unit it's a bit unassuming. And they've got multiple wall AP options... single port, multi-port and a lot more Jees I am sounding like a product spokesperson for them now haha :D
If you love a product, it's ok to be a fan. I think it's awesome to hear people really talk good about products. I am very happy with the tp-link wall plate stuff. They are great little, convenient, devices, and with openwrt they are really running well so far.
@@bnrid8086 for indoor wireless, very much not They have come a long way, but I (ISP) wont use mik for internal wireless for clients haha But routers = everywhere :D
Your newest subscriber here. I was pretty lost when I picked up OpenWRT, but you did a great job explaining things. I upgraded my budget Asus RT-AX1300S and now I have VLANs and DHCP with PXE boot capabilities! I haven't been able to get a complete Docker install, probably because of the MIPS hardware, but no real complaints!
What I do personally when working with OpenWRT that does not have native console(serial/uart) or display out, I create another network (wifi or eth) OFF the main switch bridge so if I miss up something I don't lock myself out. I'll untag a sub-interface (if needed) and make it x.x..x without dhcp. Just a simple backup plan.
I'll have to think about this and see if I can figure out how to do it. I definitely locked myself out, and reset about 50 times in learning all of this, adn fumbling through with different documentation and videos.
@@AwesomeOpenSourceI believe @OneMarcFifty has this exact thing detailed in one of his "VLAN" / "setting up OpenWrt as a managed switch videos" and referred to it as his "parachute" just in case he were to get locked out. I intend to do the same, but am first working on wrapping my head around the change to DSA first w/regards to VLAN configuration in OpenWrt's newest builds.
At @30:50, why is it not good being conncted to VLAN10? Is the connection slower? I dont understand the mention about conflicts within the 192.168.10.X netwotk
I set the new VLAN to be on the same subnet of 192.168.10.x, so first I need to completely setup that VLAN (which is my new main LAN), then I need to change the default VLAN that OpenWRT sets up, to be some other subnet, or I need to disable it completely.
Yeah, I've had several folks tell me they are having tremendous success with Omada and tons of devices...so maybe it's just my setup, or my choice of devices. Not sure. Definitely use what works best for you Managing that many devices you would definitely want a system like Omada or Unifi. With just a few here in my home, separately logging into each one isn't really a major issue.
The weirdest thing. I had my electrical panel replaced yesterday. I had a drop cable power my router, that I had setup like this over a year ago. So it was online the whole time. But when I came back, my router had a previous FW installed, and my openwrt instance was completely gone. So thank you for making this video, it served as a great reminder of how to set up my plans again. Def gonna save this video in my obsidian notes with my network configuration lmao.
@@AwesomeOpenSource you wouldn't happen to remember how to set DNS servers for the router? I've tried adding DNS to each clan interface, but the router isnt using the DNS. It's a ad guard DNS on a server on 1 of the vlans. It has custom domains built for the reverse proxy, and none are activating. It's how I know the DNS isn't activating lol. Everything I can find says that you can add the custom DNS in vlan interface-->advanced--> custom DNS. I remember I had a issue with this last time where that didn't work.
I'd just like to point out that *lsblk* doesn't require elevated privileges (neither does blkid), at least in Mint 20. Maybe that changed with the later version(s)? Haven't tested yet. Also, I know Mint (and others) strongly discourage *sudo su* 😉
@@AwesomeOpenSource That sems odd. I'll test it on a current Live ISO when I get back from the pub. I haven't configured all the VMs on this laptop yet, my primary one is at home: Ethernet only due to a faulty WiFi card. I'll post when I do. ☺
Just to let you know I have tested the Script again and for some reason it works fine now, with the the new version of Portainer 2.18.4. It could be that I just caught Portainer in the middle of a version change on GitHub that made if fail, but it works for me now.
Under Linux, you could also use the cp or copy command instead of dd. Will also work with iso images. For example; sudo cp some.iso /dev/sda where sda is your usb drive.
I too installed OpenWRT, but it runs on a USB pen drive now. I didn't know at the time that I could install it on my machine's internal HDD. Can I somehow copy the whole system from the usb drive to the internal HDD? Thanks
@@AwesomeOpenSource oh! Right! I didn't think about it. But I need to install Adguard from scratch, I guess. Ok it's not a big deal. By the way, have you ever give Wireguard a try on OpenWRT? I'd like to install it as well, along with VLANs to practice with a more complex scenario. Thanks
What's the point of multiple address on a home network, but nice explanation of how to do VLANs i hope multiple access Wifi with fast switching on those devices would be a nice tutorial, as many of us would have a old router converted into a dumb router
Part 2 is coming, and that's where we setup the APs with the same VLANs, and the Wifi networks attached to those VLANs. For my home, I have a lot of devices on the wifi. More than average I imagine, but just computing devices alone I have 1 laptop for work, 1 for my daily driver, 1 desktop for gaming, my wife, and the 2 girls each have a desktop for gaming, my mother has a desktop. We each have a smart phone, ipad, apple watch, plus my wifes work laptop adn work desktop. I have 3 Rokus, and 2 Apple TVs, my servers that run multiple VMs and LXC Containers for all my services I self host, plus 6 security cameras (with more planned) and a bunch of smart devices (light bulbs, light switches, and smart plugs). So for me separating these devices into VLANs (even at home) makes sense just to ease the traffic on a specific network.
Having for example a DMZ VLAN is part of best practices i you host services like Plex for example. Another thing to consider is that broadcast are transmitted at maximum power on wireless interface so if you separate your LAN from wireless, you will get better results (not transmitting LAN broadcasts). Another use of the VLANs: Having separate wireless network for your own use and for guests.
Hey Brian, Thank you for the wonderful video as always. I too moved from TP-link to Openwrt on my Pi4(have a couple of them laying around) mainly because TP-link doesn't support ipv6 firewall on ER605v1 device and for me ipv6 was a must due to what I run within my network. It nice to see how small device such as Pi4 can handle all of the routing. I have been running my network on Pi4 for over a couple of months without any issues. The only thing I miss off of ER605v1 is the PBR(Policy Based Routing). I do have the add-on installed on my router but for whatever reason I cannot get it to function. Since I have 2 WAN, I wanted to use one specific machine for a specific WAN. If you get time, may you please create a video on PBR, multi WAN setup and Firewall(ipv6 and ipv4)? Thanks in advance.
Let me see what I can do. Also, I have a 605 and was looking, and I think there is a snapshot build of OpenWRT for that device now. I haven't installed it yet, but I'll probably give it a go soon.
I love UCI and it's ability to automate tasks. I have a lot of 1-click automate scripts for my OpenWRT router using UCI. I wish I could do this with other distros. No Ansible
Sounds awesome. Would love to see some of what you've setup. For 1-click, how do you click? Are you linking some button in LUCI to the stuff you have in UCI? Or is it really more 1 command?
Interesting. I've seen plenty of people who say it works ok, but I just didn't have that experience. I ran the controller in docker, and the ER605 router would disconnect from the controller repeatedly, beyond the wifi issues we had all the time. Just not sure what was happening, and nothing in the logs to help figure it out. As long as it works for you, that's great. Always use what works best for you.
@@AwesomeOpenSource Stupid question, but did you upgrade the firmware on your omada devices. I have 12 Networks with Omada and Contoller running on a combination of Dockers, and Omada controllers. Not one of them has had an issue. I did see performace issues, Bugs and dropped wireless disappear after firmwear upgrades. I'm an MSP and I only use Omeda, Tp-Link, and Mikrotik. I also have one of the Omada systems using reolink cameras using wireless no issues. I would love to help out if i can. I also use a lot of Open Source in my work. Like you I try to avoid Non open source tools and software.
@@cwarehime I did. I’m kind of an update but actually. I don’t let my stuff get behind on updates very often. But in this case, yes, i did the updates as soon as they showed up as available. It’s all good for me. I’m still thinking about the OpenWisp2 option, if for no other reason than to learn a bit more about it.
I started with OPNSense actually, but had a hard time getting it to play nicely with the VLAN setup. I went this route and fought with it, learning how to get it all setup and working, for several days. When I finally succeeded, I was happy with it. May go back at some point.
pfSense rocks. I may be naive in thinking it will be open source forever, but for now it's my go-to for firewalling. OpenWRT is fine for simple, standalone AP, WiFi networks, but pales in comparison to pfSense for firewalling.
OpenWRT is so lightweight it could probably work on a watch 😆. I prefer it over pfs. The one lacking thing on OWRT (imo) is the linear firewall rule-list. I would really love an object-based firewall system because my OWRT firewall rule list has grown dirty.
Don't know about DFS, but the tP-link stuff with Omada had tons of options, but just didn't work no matter how much I tweaked, it just dropped multiple times a day. Omada had a "smart" wifi mode that tried to figure out the best channels and frequencies based on other wifi around it, but didn't really make any difference.
@@AwesomeOpenSource got it. I think Omada should have a decent log. Might be easy think to check. "20sec of silence" was exactly my case with DFS. Hypothetically for indoors you can choose a different country (w/o DFS restrictions), lower the power and try to get more statistics on the same channels.
Omada does have logging, but everytime I checked there was nothing in the logs. It was just such a weird issue. I haven't seen it in two weeks (knock on wood) since finishing my OpenWRT setup with the same hardware other than the main router....so just not sure.
Thank you so much for your amazing work! I just love to watch and learn with your video.
My pleasure.
Book marking this to watch in a couple days when I'm back home. I'm interested to see what you ran into and how this setup works. I started switching to Omada about a month ago with getting an EAP660HD and a EAP670HD APs to cover my house. So far they've been rock solid and I haven't had any issues with them. I haven't switched my router yet but I had been thinking of going to an ER707-M2 once they're available in the US. So good timing on the video for me to get more of a feel on what I'm going to do.
I don't want my personal experience with Omada to make anyone else leave it. I was just laying out what I found, and why I was switching back to Open Source. I've had a lot of folks comment that they use tons of omada devices with no issues. Several even offered to help me with my issues if I want it some day. Want you to watch, but use what works best for you for sure.
@@AwesomeOpenSource oh, I'm not going to act solely on this video. I'm using it as another data point on what to do. TP-Link hasn't started selling the model that I want in the US yet so I've been exploring ideas while waiting. I might give my mikrotik another deep dive too. It works great but I hate the learning curve every time I need to change something.
I’ve hopped between OpenWRT, OPNsense and pfSense over thr last year. Landed on pfSense but it’s a bit more than I need.
I really like pfSense and OPNSense, but right now OpenWRT is meeting my home use needs. For me it's about being able to get my job done, and having my family be happy with whatever they are doing online.
It's a good video on setting up OpenWRT. But there's one thing I've noticed that is missing in all the videos when setting up the firewall rules, that's the difference between dropping and rejecting packets. It's an important distinction and people who are new to firewall rules may not understand the difference and when to use one over the other.
True. They do essentially the same thing (block traffic), but Reject means it's rejected, and a message of some type will be sent back to the originating side. Dropped means it's blocked, and nothing is returned to the originator. At least that's how I understand it.
I would recommend getting an external video capture device so you don’t have to point the camera at the screen. Not sure how they would work with a laptop tho.
They have HDMI capture devices that work on any system. Just make sure you have HDMI 😅
I've thought about it. But I'd say it's usefulness (for me) would be minimal given the cost of such a device. Hopefully this wasn't too miserable to watch. Just found this process with X86 a bit different, and had to piece together some things on my own, so wanted to help anyone else who might want to try the X86 version of OpenWRT.
Interested to know more about your Omada issues. I have two WAPs at my house, two at a friend's house, and a few scattered at customer locations without issues. Though, all of ours are "real" WAPs, not wall mount units like yours.
I wish I knew honestly. Each time it happened, I would check the logs on the controller, and it showed nothing. If it had just been my PC I would have simply blamed Windows 11 on my work machine, as my other laptop is wired. But when it happened to me, my Wife's iMac also fell offline, and my mom's Roku on the far side of the house would start buffering until it was connected back. Just odd that it did that so often.
Hey can you make a video on how to install zammad ticketing system
I have this one th-cam.com/video/7BqVXSPE8_8/w-d-xo.html. Is that not what you need?
i though Luci is already preinstalled? i use openwrt x86 and there was Luci already
On some it is. On others, I've found I have to install it. Not sure why the difference, but you aren't wrong, depending on the version you grab.
just out of curiosity, does your vlan 10 (lan) and your wan are on the same .10 network? is there another router behind this openwrt router you're setting up? just saw your wan as .10.177 on the video. i want to follow your video to setup my router exactly like your. one router with one dump AP. thanks.
WAN isn't on the LAN, it's an incoming public network from ISP. I think what you're seeing is my lab setup for making the video. No, there's no other Router between me and the WAN.
What HP is that I’ve been considering transitioning to x86_64 for my network and try out opnsense just looking for a cheaper machine for it that can firewall at gigabit with minimal firewall rules and low power draw was thinking Wyze 5070 or whatever but haven’t pulled the trigger on it yet
HP T610 with extra 4 port gigabit card in it.
Great Video again.. What kind of AP you have ? TP Link EAP235 ? How does the AP get power ? Which AP can you recommend for Openwrt ? And is there a other good ThinClient for 4 Port Ethernet ? I can not buy HP t610 it in germany.. Not easy.
My wall plate APs are TP-Link EAP615. They are PoE (Power over Ethernet), and they work fantastically well with OpenWRT. Really any x86 based thin client that will take an install of a linux distribution will work. As long as there's space and a PCIe slot, you can add any ethernet card you can get I imagine. I don't know of any specific one off hand.
@@AwesomeOpenSourceThanks for your reply. Everytime friendly and great. I will see if I find a cheap one. Greetings from germany.. :)
which one is better openwork,opensense,pfsense which one should I deploy in my enterprise network, linustech tips is running open sense
I mean openwrt
It's really up to you as the network admin. They are all good, and all very capable. pfSense has a longer release cycle with a focus on very stable releases. OPNSense is almost the same as pfSense (forked version) but releases more often. That said, I've never had any major issues with their releases on my network. OpenWRT, as you've seen is pretty great stuff as well, but in my next video (Part 2 next week) I'll show the firewall setup, and it's different than pf and OPNSense for sure.
Do you have the specs model of the HP device?
It's an HP T610 with extra card for the 4 ethernet gigabit ports.
@@AwesomeOpenSource Thank you.
are you doing 24/7 pkt cap? why are you using wifi for mission critical business - it does not make sense although open source does, mostly
This is my home network. I use it for my Work, like online meetings all day. THe device my work provides me has no Ethernet port...which is becoming the norm on many devices these days, so I need solid, reliable wifi.
@@AwesomeOpenSource use a usb adapter - wifi is not reliable (inherently) - you have outages
Well... it's tp-link .... I don't expect anything less lol
tp-link is basically a copy of unifi, bugs and all plus just worse ... :(
Have a look into the Aruba ION (instant on) stuff
Similar, less flexi control as unifi, but we replaced our clients unifi kits with Aruba ION
We've also started using Ruijie networks - similar to unifi... more control and cheaper ... but works a lot better.
Nice. I'll look into it. Honestly, the tp-link hardware (the wall plates) are super nice in a home as they don't take up any counter, table, or shelf space, they blend in nicely, and give me some ethernet ports as well. With the OpenWRT on them, they have been terrific devices. I'll go into the Wifi and VLAN setup for those in part 2 next week.
@@AwesomeOpenSource The wall plate design for APs are nice - and they give you free ports ! :D
Downside is they are small so you basically class them for a single room - that is the downside :(
Were you able to get better coverage with them (tp link variety - not unifi)?
Moving from tp-link stock sounds like the solution for all tp-link devices :D haha
I am literally dealing with some tp-link ent switches at a client that are causing pure odd behaviour :/ ... just re-enforcing the hate for tpl :(
I am glad you at least have a working system - nothing worse than an angry family when the internet doesn't work lol :D
But out of all the networking kit I have played with over the last few years .... the one I am gravitating too most recently is the ruijie stuff
Yea it's CN and uses CN cloud hosting ... which is the biggest downside - however on the other side of the coin, they have support, are receptive to ideas and product plans
Basically what ubnt used too be ... hope they stay that way lol
Pricing is decent and we can actually get stock lol
Their cheapest device (RG-EW1200) - is able to cover more distance than unifi while pushing 50Mbps through solid reinforced concrete and then mesh to another RG-EW1200 for another hop of 50Mbps no issues...When you get the unit it's a bit unassuming.
And they've got multiple wall AP options... single port, multi-port and a lot more
Jees I am sounding like a product spokesperson for them now haha :D
If you love a product, it's ok to be a fan. I think it's awesome to hear people really talk good about products. I am very happy with the tp-link wall plate stuff. They are great little, convenient, devices, and with openwrt they are really running well so far.
use mikrotik, the best in my opinion.
@@bnrid8086 for indoor wireless, very much not
They have come a long way, but I (ISP) wont use mik for internal wireless for clients haha
But routers = everywhere :D
Just switched to Openwrt so this was great help particularly with VLAN setup. Thanks
Super glad it was helpful.
Your newest subscriber here. I was pretty lost when I picked up OpenWRT, but you did a great job explaining things. I upgraded my budget Asus RT-AX1300S and now I have VLANs and DHCP with PXE boot capabilities! I haven't been able to get a complete Docker install, probably because of the MIPS hardware, but no real complaints!
Glad I could help!
What I do personally when working with OpenWRT that does not have native console(serial/uart) or display out, I create another network (wifi or eth) OFF the main switch bridge so if I miss up something I don't lock myself out. I'll untag a sub-interface (if needed) and make it x.x..x without dhcp. Just a simple backup plan.
I'll have to think about this and see if I can figure out how to do it. I definitely locked myself out, and reset about 50 times in learning all of this, adn fumbling through with different documentation and videos.
@@AwesomeOpenSourceI believe @OneMarcFifty has this exact thing detailed in one of his "VLAN" / "setting up OpenWrt as a managed switch videos" and referred to it as his "parachute" just in case he were to get locked out.
I intend to do the same, but am first working on wrapping my head around the change to DSA first w/regards to VLAN configuration in OpenWrt's newest builds.
wish I saw this sooner, lol
At @30:50, why is it not good being conncted to VLAN10? Is the connection slower?
I dont understand the mention about conflicts within the 192.168.10.X netwotk
I set the new VLAN to be on the same subnet of 192.168.10.x, so first I need to completely setup that VLAN (which is my new main LAN), then I need to change the default VLAN that OpenWRT sets up, to be some other subnet, or I need to disable it completely.
I have 345x EAP660HD at work, and they've been rock solid. They replaced a ruckus r610 system that had tons of throughput issues.
Yeah, I've had several folks tell me they are having tremendous success with Omada and tons of devices...so maybe it's just my setup, or my choice of devices. Not sure. Definitely use what works best for you Managing that many devices you would definitely want a system like Omada or Unifi. With just a few here in my home, separately logging into each one isn't really a major issue.
one question - given, this is a PC - why did you get the squashfs and not the ext4 image?
Just the one I picked. No real reason behind the choice.
High five for having Garuda Linux Dragonized edition on the flash!🙌
Thanks, I think it's kind of fun, but not something I'd want to look at all the time.
The weirdest thing. I had my electrical panel replaced yesterday. I had a drop cable power my router, that I had setup like this over a year ago. So it was online the whole time. But when I came back, my router had a previous FW installed, and my openwrt instance was completely gone. So thank you for making this video, it served as a great reminder of how to set up my plans again. Def gonna save this video in my obsidian notes with my network configuration lmao.
Glad it was helpful.
@@AwesomeOpenSource you wouldn't happen to remember how to set DNS servers for the router? I've tried adding DNS to each clan interface, but the router isnt using the DNS. It's a ad guard DNS on a server on 1 of the vlans. It has custom domains built for the reverse proxy, and none are activating. It's how I know the DNS isn't activating lol.
Everything I can find says that you can add the custom DNS in vlan interface-->advanced--> custom DNS. I remember I had a issue with this last time where that didn't work.
I'd just like to point out that *lsblk* doesn't require elevated privileges (neither does blkid), at least in Mint 20. Maybe that changed with the later version(s)? Haven't tested yet. Also, I know Mint (and others) strongly discourage *sudo su* 😉
For whatever reason, from the live session, lsblk wouldn't work without doing sudo su first.
@@AwesomeOpenSource That sems odd. I'll test it on a current Live ISO when I get back from the pub. I haven't configured all the VMs on this laptop yet, my primary one is at home: Ethernet only due to a faulty WiFi card. I'll post when I do. ☺
I think the new version of portainer is about to break or has broken the installation script you worked so hard on.
I’ll see if I can update it this weekend. Thanks for letting me know.
Just to let you know I have tested the Script again and for some reason it works fine now, with the the new version of Portainer 2.18.4. It could be that I just caught Portainer in the middle of a version change on GitHub that made if fail, but it works for me now.
Under Linux, you could also use the cp or copy command instead of dd. Will also work with iso images. For example; sudo cp some.iso /dev/sda where sda is your usb drive.
Good to know. Thanks for the tip.
I loved DD-WRT unfortunately their support for wifi 6 is nonexistant.
It will get there. But OpenWRT does seem to support Wifi 6 already, so maybe it's worth a look until DD-WRT can provide it.
and how to : NAT 1:1
Your explanations are extremely helpful. Thank you so much. 🏆
Glad you like them!
I too installed OpenWRT, but it runs on a USB pen drive now. I didn't know at the time that I could install it on my machine's internal HDD. Can I somehow copy the whole system from the usb drive to the internal HDD? Thanks
backup your config from the UI. Then install OpenWRT on the drive you want, and then restore from the config backup.
@@AwesomeOpenSource oh! Right! I didn't think about it. But I need to install Adguard from scratch, I guess. Ok it's not a big deal. By the way, have you ever give Wireguard a try on OpenWRT? I'd like to install it as well, along with VLANs to practice with a more complex scenario. Thanks
Howz Opnwrt working for you? Planning for any follow-up video?
I may do one later in the year. So far it's been stellar. The whole setup just runs! I'm looking into layering OpenWisp2 on top of it. We'll see.
What's the point of multiple address on a home network,
but nice explanation of how to do VLANs
i hope multiple access Wifi with fast switching on those devices would be a nice tutorial, as many of us would have a old router converted into a dumb router
Part 2 is coming, and that's where we setup the APs with the same VLANs, and the Wifi networks attached to those VLANs. For my home, I have a lot of devices on the wifi. More than average I imagine, but just computing devices alone I have 1 laptop for work, 1 for my daily driver, 1 desktop for gaming, my wife, and the 2 girls each have a desktop for gaming, my mother has a desktop. We each have a smart phone, ipad, apple watch, plus my wifes work laptop adn work desktop. I have 3 Rokus, and 2 Apple TVs, my servers that run multiple VMs and LXC Containers for all my services I self host, plus 6 security cameras (with more planned) and a bunch of smart devices (light bulbs, light switches, and smart plugs). So for me separating these devices into VLANs (even at home) makes sense just to ease the traffic on a specific network.
Having for example a DMZ VLAN is part of best practices i you host services like Plex for example. Another thing to consider is that broadcast are transmitted at maximum power on wireless interface so if you separate your LAN from wireless, you will get better results (not transmitting LAN broadcasts). Another use of the VLANs: Having separate wireless network for your own use and for guests.
Hey Brian,
Thank you for the wonderful video as always. I too moved from TP-link to Openwrt on my Pi4(have a couple of them laying around) mainly because TP-link doesn't support ipv6 firewall on ER605v1 device and for me ipv6 was a must due to what I run within my network. It nice to see how small device such as Pi4 can handle all of the routing. I have been running my network on Pi4 for over a couple of months without any issues. The only thing I miss off of ER605v1 is the PBR(Policy Based Routing). I do have the add-on installed on my router but for whatever reason I cannot get it to function. Since I have 2 WAN, I wanted to use one specific machine for a specific WAN. If you get time, may you please create a video on PBR, multi WAN setup and Firewall(ipv6 and ipv4)?
Thanks in advance.
Let me see what I can do. Also, I have a 605 and was looking, and I think there is a snapshot build of OpenWRT for that device now. I haven't installed it yet, but I'll probably give it a go soon.
@@AwesomeOpenSource If one can run openwrt on ER605v1 device, that will be awesome. Let me know of your progress, please.
Have a nice day.
I love UCI and it's ability to automate tasks. I have a lot of 1-click automate scripts for my OpenWRT router using UCI. I wish I could do this with other distros. No Ansible
Sounds awesome. Would love to see some of what you've setup. For 1-click, how do you click? Are you linking some button in LUCI to the stuff you have in UCI? Or is it really more 1 command?
@@AwesomeOpenSource ssh & bash. here are some examples. The formatting will probably get screwed up.
#-----UCI------
#OpenWRT version
#Usage: uci [] []
#Files: /etc/config/*
#WARNING: Firewall ID's are semi-random strings that need to be found.
#EXAMPLES
# uci show firewall (get rule number) @rule[X]
#
# uci show firewall.@rule[2].enabled (443 VPN Phone1)
# firewall.cfg0392bd.enabled='0'
#
#DELETE section (enable)
# uci delete firewall.@rule[2].enabled
#
#SET section (disable)
# uci set firewall.@rule[2].enabled='0'
#
#IMPORTANT!: enable is confusing with UCI firewall rules
# enabled='0' = Not enabled
# enabled MISSING = enabled
# Delete rule to enable. Add rule ('0') to disable
#
#IMPORTANT!:END all uci firewall changes with:
# uci commit firewall
#
#-----FIREWALL-----
#OpenWRT version
#CONFIG: /etc/config/firewall
#VPN extra rules config: /etc/firewall.user
#All vpn ports for phone have the name '443 VPN Phone[1-4]'
#Phone firewall rules:
# uci show firewall | grep -i vpn
# firewall.@rule[2].name='443 VPN Phone1'
# firewall.@rule[3].name='443 VPN Phone2'
# firewall.@rule[4].name='443 VPN Phone3'
# firewall.@rule[5].name='443 VPN Phone4'
#
#IMPORTANT!: Restart firewall service after changes
# /etc/init.d/firewall restart
it's actually ash (Busybox shell) but you get the idea
I run omada controller on docker with 10 switches and 20+ eap265 ap's. The AP's have like 1 year of use and no user ever complained about.
Interesting. I've seen plenty of people who say it works ok, but I just didn't have that experience. I ran the controller in docker, and the ER605 router would disconnect from the controller repeatedly, beyond the wifi issues we had all the time. Just not sure what was happening, and nothing in the logs to help figure it out. As long as it works for you, that's great. Always use what works best for you.
@@AwesomeOpenSource Stupid question, but did you upgrade the firmware on your omada devices. I have 12 Networks with Omada and Contoller running on a combination of Dockers, and Omada controllers. Not one of them has had an issue. I did see performace issues, Bugs and dropped wireless disappear after firmwear upgrades. I'm an MSP and I only use Omeda, Tp-Link, and Mikrotik. I also have one of the Omada systems using reolink cameras using wireless no issues. I would love to help out if i can. I also use a lot of Open Source in my work. Like you I try to avoid Non open source tools and software.
@@cwarehime I did. I’m kind of an update but actually. I don’t let my stuff get behind on updates very often. But in this case, yes, i did the updates as soon as they showed up as available. It’s all good for me. I’m still thinking about the OpenWisp2 option, if for no other reason than to learn a bit more about it.
Finally updated.
Awesome!
Why are you using open wrt instead of opnsense for your firewall?
Why are you using opnsense instead of nftables for your firewall? ;)
I started with OPNSense actually, but had a hard time getting it to play nicely with the VLAN setup. I went this route and fought with it, learning how to get it all setup and working, for several days. When I finally succeeded, I was happy with it. May go back at some point.
@@rahilarious Because PF
pfSense rocks. I may be naive in thinking it will be open source forever, but for now it's my go-to for firewalling. OpenWRT is fine for simple, standalone AP, WiFi networks, but pales in comparison to pfSense for firewalling.
OpenWRT is so lightweight it could probably work on a watch 😆. I prefer it over pfs. The one lacking thing on OWRT (imo) is the linear firewall rule-list. I would really love an object-based firewall system because my OWRT firewall rule list has grown dirty.
pfsense, unifi Wifi with a self hosted controller.
Done.
Yeah, I just really prefer the open source tools at this point. Happy you're using pfSense though.
DFS was causing WiFi outages? TP-Link has almost no configuration around it.
OpenWRT allows you to configure it "your" way.
Don't know about DFS, but the tP-link stuff with Omada had tons of options, but just didn't work no matter how much I tweaked, it just dropped multiple times a day. Omada had a "smart" wifi mode that tried to figure out the best channels and frequencies based on other wifi around it, but didn't really make any difference.
@@AwesomeOpenSource got it. I think Omada should have a decent log. Might be easy think to check.
"20sec of silence" was exactly my case with DFS.
Hypothetically for indoors you can choose a different country (w/o DFS restrictions), lower the power and try to get more statistics on the same channels.
Omada does have logging, but everytime I checked there was nothing in the logs. It was just such a weird issue. I haven't seen it in two weeks (knock on wood) since finishing my OpenWRT setup with the same hardware other than the main router....so just not sure.