Openwrt Setting Wi-Fi access points. Install Openwrt

27.02.2023 Kerador Gadgets

Step-by-step instructions for the firmware and initial adjustment of the OpenWrt access point using the example of TP-Link TL-WA901ND V2

Manufacturers such as ASUS, D-LINK, TP-LINK and others produce firmware for their products a limited amount of time. This means that vulnerabilities and bugs remain in their place for years. over, your native firmware of your device can work poorly.

I have at the disposal of 5 points of access to TP-LINK models TL-WA901ND V2. The last firmware for her was 23.03.2012. This firmware works unstable. In the English version of the site there is a beta-interrogation dating 1.eleven.2013, Changelog indicates “Fixed the Wireless Instabide and Hang Issue”. this is not true, with this firmware the point is still unstable.

OpenWrt. access point configuration (TL-WR740N)

But the points are purchased and they must work. What to do? Put back and buy unifi to grind OpenWRT and hopes that with it they will stably serve customers.

The DD-WRT project also has a firmware for this point, but I do not recommend it to put it. There is a problem with the work of Ethernet port.

And so, the OpenWrt project about once a year produces stable firmware issues. At the moment, the last issue of Barrier Breaker 14.07 I went out in October 2014.

In order to flash our point on the website https: // openwrt.Org in the catalog https: // downloads.Openwrt.org/barrier_breaker/14.07/AR71XX/GENERIC/Find a point model and download the Factory postfix file

We go to the point through the web-intake. System Tools \ Firmware Upgrade select a downloaded file with extension.bin and click upgrade

After some time, the point will reboot and Openwrt will be ready to work. To get access to the command line TD, we need to connect the point and computer integration. On the computer integration, the address from the subnet 192 should be statically set.168.one.0/24 and mask /24, for example 192.168.one. 2 ⁄24

Now we connect to the point using Telnet: Telnet 192.168.one.one

To be able to control the access point, you need to set the password for the superpower. Command Passwd, enter the password and confirm it.

Now you need to change the config network: VI /etc /network. We use a DHCP server and Network will find the following view:

LOOPBACK Inte Weopback Inte Weep. Let’s leave it unchanged

From the LAN integration, we need to get the network settings from the DHCP server and work in the bridge mode.

Now you should restart the LAN Inte Wee and leave the Telnet session. The easiest way to do this is to send a point to rebooting Reboot.

Now you need to connect an access point to the working network and go to it by ssh. On the DHCP server, tie the MAC address TD to a specific IP address, for the convenience of further work. For example, we will highlight the Wi-Fi guest network of a separate VLAN and hang on it a network 192.168.5.0/24. And place access points at the end of the target pool. Our point on the DHCP server will set the address 192.168.5.250

We go to our point on SSH: on the Unix-like OS command in the terminal: ssh root@192.168.5.250. Windows will require Putty for this. Root login, password given earlier.

In the standard firmware version 14.07 for TL-WA901ND V2 in the firmware, the Luci web-intese is already included. Settings can be carried out through it: http: // 192.168.5.250

To Russify the web-intake, you need to install the Luci-I18N-RUSSIAN package:

OPKG Update. upgrade the list of packages in the OpenWrt repository. If the update does not work, check if the device has access to the global network.

OPKG Instal Luci-I18n-Russian-Rusifier installation

It can also be done through a web-integer.

The following described the method of configuration through the command line with the correction of configs manually. The web-integer is disabled.

We want to get very little from our point: so that Wi-Fi worked and be open so that TD time is synchronized with the NTP server and that our guests from 192.168.5.0/24 The subnets did not have access to the command line of our point.

Continue. The wireless network settings are stored in/etc/config/wireless and gain the following view:

Option Channel. Channel number on which TD will work

Option Hwmode. TD operating mode. For a public point, it is better to leave the 11ng mode.

Country. the country in which the TD is located.

Option Disabled 1-Wi-Fi work ban right in the config. To resolve Wi-Fi, you need to delete / make this line.

Option Ssid. SSID of our network

Option Encryption. choice of TD encryption method. In our example, the access point is open

System settings are stored in/etc/config/system

Option Hostname. set the network name of our device

Option Zonename. set a time zone

Option Timezone. Novosibirsk today GMT 6

Config Timeserver ‘Ntp’ spells out time servers that will synchronize time

Option Enabled. Turn on (1) Turn off (0) NTP client

Option Enable_Server. Turn on (1) Turn off (0) NTP server. t.e. When this parameter is turned on, the NTP server becomes

Firewall setting. We do not need anything special from him, because all the restrictions for 192.168.5.0/24 set on the router. We will only add to the config/etc/config/firewall one rule that blocks access to port 22 of our TD:

Option Name. Name of Rules

Option Proto. Protocol with which it works

Option SRC. Source. Here you can put a zone, intese. Asterisk means “any”

Option SRC_IP. IP source address. We have all this subnet of guest wi-fi.

Option Dest_ip. IP appointment address. The address of our point

Option Dest_Port. Port destination. We need to close access through SSH, the port by default 22.

Option Target. the action “What to do?””. Reject. clearly makes it clear to our guest that there is no access. You can put Drop and get an atmosphere of mystery.

Gentoo on the Laptop

Today we will talk about the guest Wi-Fi network. First, let’s figure out what it is. On any Wi-Fi router (C OpenWRT), whether it is one- or two-band you can create several Wi-Fi networks. This is often done in order to protect part of the users connected over the network from the intracity, but to provide Internet access. We will set up a similar network today for the example of the TrUNC version of OpenWRT “Chaos Claimer”.

To begin with, let’s go to the “Network” tab. “Wi-Fi” and click “Add” near the intense for which we are going to create a network. In my case, it is “Radio1”.

Now go to the “Network” tab. “Inteys” and click “Add a new Inte Week”. Next, we give him the name “guest” and tie it to the guest Wi-Fi network. Click “Apply”.

Now in the “Protocol” field we select a “static address”, then click the “Change the Protocol” button and see the list of settings. We indicate as IPV4 addresses 192.168.2.one. Here you can indicate something more than the same, but the already involved addresses of addresses should be avoided, such as, for example, as 192.168.one.x or ten.0.0.x (can be involved for OpenVPN). As a mask of the network, I used 255.255.255.0.

Now let’s set DHCP server. Click on the “Request DHCP” button “.

Configure Firewall. Let’s go to the Network tab. “Interspective screen” and in the section “Zones” we click “add”. We write the name “Guest”, after which we will choose to “reject” for the option of the traffic redirect, and for the incoming and outgoing. “accept”. Below we note the “redirection between the zones”: “Allow redirecting to the destination: WAN”.

Now let’s configure Firewall for the normal operation of DHCP and DNS services in our network. To do this, go to the “Rules for Traffic” tab and choose “open ports on the router”. Next, select 53 port for TCP/UDP protocols and sign it “guest dns”. Near the new entry, click “Edit”. Install the “Source Zone”: “Guest”, “Washer Zone”: “device (input)”.

Openwrt Accesspoint / Wi-Fi Configuration Tutorial

Openwrt is Currently the Best Operating System for Running High-Throughput, Open-Source Wi-Fi Access Points. It has a Full 802.11a/b/g/n/ac Support Out of the Box.

PFSENSE and OPNSENSE DONIT SUPPORT The 802.11ac mode yet. IPFire Supports 802.11ac Only Partially, with Much Worse Performance.

IF You Want to Run a Reliable and High-Permancation Wi-Fi Access Point, Openwrt is the Best Solution.

Install Hostapd and Firmware Drivers for Your Network Card (S)

In the Web Interface, Go to System-Software and Search for “Hostapd”.

In the Same Manner, Install Drivers and Firmware for Your Network Cards.

IF YOU HAVE WLE200NX, You Will Need the Following Packages:

IF YOU HAVE WLE600VX OR WLE900VX YOU Will NEED THESE PACKAGES:

Once Packages are Installed, Reboot Your Router.

Now You Shoup Be Able to See a New Menu item in Network. Wireless.

Here’s OUR Configuration for wle600vx and wle900vx.

Operating Frequency AC Mode, Channel 36, Width: 80MHz
Transmit Power: 23 DBM (199mw)
Essid: Teklagorac
Wireless Security: WPA2-PSK
Key: Teklager123
Country Code: Se (Make Sure to Set it, Otherwise The Cards May Show “Wireless is Disabled”)

Openwrt Allows The User To Choose Many Different Channels for Wireless Networks. Most of these Channels are A Bad Choice Becake They Overlap on Two Or Standard Channels.

For 80mhz width, The Good Channels Are: 36, 52, 100, 116, 132, 149.

For 40MHZ WIDTH, We have Twice as Many “Good” Channels: 36, 44, 52, 60, 100, 108, 116, 124, 132, 140, 149, 157.

Make Sure to Set the Country Code to Your Country. SOME of the ABOVE CHANNELS MAY NOT Be Permited in Your Country.

This configured the card in the Full 802.11AC Mode with A Full 80MHZ Channel.

Theoretically, You Shoup Be Able to get 867mbit/s on this Connection.

In OUR TESTS, We Get 520Mbit/S Which is the Highest Throughput We Have Seen Ony Commercial Or Open-Source Device. OUR Test Was Performed BetWeen APU3 with wle600vx and Samsung Galaxy S7 Smartphone. Perhaps Even Higher Throughput Can Be Achieved with A Different Device.

Half-Gigabit Wi-Fi Throughput Is Truly Amazing. Kudos to the Openwrt Team!

Openwrt Wi-Fi: How to install and configure on a router

Hi all! Congratulations on the successful firmware of your old router. Let me remind you that OpenWRT is an additional firmware that opens wider opportunities for some routers. Today I will tell you about the usual OpenWRT configuration through the Luci Web-Inteatheis. If you have not yet installed this firmware, then we look at the first chapter of this article.

We go to the official page. Next, you will see a table with all supported devices. We find your own router according to the model. you can clarify the model by looking at the label, which is closed at the bottom of the body of the apparatus. Next, we need a column “Firmware Openwrt Install URL”. a link to download the firmware file will be stored there there. The file will have an extension “Bin” or “IMG”.

Next, you need to go to the route of the router. Most often, it is enough to enter the IP address to the address line of any browser for this. At the same time, you must be connected to the router.

If you do not know how to enter the settings of the router read this instruction.

Next, you need to find the section “System”, where it is updated for the apparatus. On the same TP-LINK, this is done in the “System Tools” section-“Built-in Poe Update”-Next, click “Select the file”, click on our file and update the system.

All routers are done in the same way, but if you get confused, then we look at this instruction.

Internet and Wi-Fi Internet setting

To enter the Inte we use the standard IP address:

After that you will be asked to enter a password. By default, “Root” will be as a login. There is no need to introduce anything in the Password field, just click on the Login button.

I advise you to immediately change the administrator’s password. we move to System. “Administrator Password”, enter a new value twice and click on the Submit button. Let me remind you that the main login:

Not “admin” as on standard firmware.

Now we are going to configure the Internet: “Network”. “Interface”. “WAN”. in the “Protocol” field, select the type of connection used by the provider. Next, we enter additional information below for authorization on the provider network. All these data can be found in the technical support of the provider, as well as in the contract.

NOTE! If there is no information in the contract, then most likely your provider uses a dynamic IP. we put “DHCP”

If the Internet works, then we go to configure Wi-Fi. We go to the first “Radio: 0”.

In the “Device Configuration” section, set Channel in the Auto mode, but if you know a free channel, you can set it manually. In the line “Transmit Power” we set the maximum power of the transmitter. Let me remind you that you should not always put power to the maximum. Radio waves, like any other waves, love to reflect and create interference. therefore, in a small apartment this value can be reduced.

On the Basic Settings tab, we install Mode. these are the modes that will be supported by the router. We install the channel below, it is better to leave the default “20MHz”. Also establish the country so that the router establishes the threshold of amplification of the antennas.

Now we go to the Interface Configuration section and install the name of your wireless network on the General tab. You can also hide the network by installing the Hide Essid check. By default, it costs “Mode” as “Access Point” (access points).

Now go to the Wireless Security tab. By default, there will be no password to install it, indicate in the “Encryption” field “WPA2-PSK” encryption mode and enter the key below.

As you can see, the OpenWRT setup is made similarly as on other firmware. If you have questions, then ask them in the Комментарии и мнения владельцев.

Openwrt Setting Wi-Fi access points

If you sewed your device with Openwrt firmware after a rebut, you need to configure it to work on your network for this, edit the facet Network VI ETC/Config/Network

Copy the given settings at the editor window. Perform ESC.- : wq Let’s restart the network with new settings /etc/init.D/Network Restart

Determine for viewing

Config DHCP LAN Option Interface Lan Option Start 100 Option Limit 150 Option Leasetime 12h

Config Zone Option Name Lan Option Network ‘Lan’ Option Input Accep Output AcCCEPT Option Forward Reject

Config Zone Option Name Wan Option Network ‘Wan’ Option Input Reject Output Accept Forward Reject Option Masq 1 Option Mtu_fix 1

Config Forwarding Option SRC Lan Option Dest Wan

# We Need to Accept UDP Packets on Port 68, # See https: // DEV.Openwrt.org/Ticket/Ticket/4108 Config Rule Option Name Allow-DHCP-RENEW OPTION SRC Wan Option Proto UDP Option Dest_Port 68 Option Target Accept Option Famile IPV4

# Allow IPV4 Ping Config Rule Option Name Allow-Ping Option SRC Wan Option Proto ICMP OPTYPE ECHO-RECET OPTION FAMILY IPV4 Option Target Accepts

# Allow DHCPV6 Replies # See https: // DEV.Openwrt.org/ticket/10381 config rule option name Allow-DHCPv6 option src wan option proto udp option src_ip fe80::/10 option src_port 547 option dest_ip fe80::/10 option dest_port 546 option family ipv6 option target ACCEPT

# Allow essential incoming IPv6 ICMP traffic config rule option name Allow-ICMPv6-Input option src wan option proto icmp list icmp_type Echo-request list icmp_type Echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type list icmp_type router-solicitation list icmp_type neighbour-solicitation list icmp_type router-advertisement list icmp_type neighbour-advertisement option limit 1000/sec option family ipv6 option target ACCEPT

# Allow essential forwarded IPv6 ICMP traffic config rule option name Allow-ICMPv6-Forward option src wan option dest option proto icmp list icmp_type Echo-request list icmp_type Echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time- ExcEEDEDEDED ICMP_TYPE BAD-HeADER LIST ICMP_TYPE Unknown-Header-Type Option Limit 1000/SEC Option Family IPV6 Option Target Accept

# Include a File with Users Custom Iptables Rules Config Include Option Path /etc /Firewall.user

### Example Config Section # Do Not Allow a Specific IP to Access Wan #Config Rule # Option SRC LAN # Option Src_ip 192.168.45.2 # Option Dest Wan # Option Proto TCP # Option Target Reject

# BLOCK A SPECIC MAC on Wan #Config Rule #Cation Dest Wan # option SRC_MAC 00: 11: 22: 33: 44: 66 # Option Target Reject

# Block Incoming ICMP Traffic on a Zone #Config Rule # Option SRC LAN # Option Proto ICMP # Option Target Dropet

# Port REDIRECT PORT COMING in LAN #Config Redirect # Option SRC Wan # Option SRC_DPORT 80 # Option Dest Lan # Option Dest_ip 192.168.16.235 # Option Dest_Port 80 # Option Proto TCP

# Port Redirect of Remapped SSH Port (22001) on Wan #Config Redirect # Option SRC Wan # Option SRC_DPORT 22001 # Option Dest Lan # Option Dest_Port 22 # Option Proto TCP

# Allow IPSEC/ESP and ISAKMP PASSTHROUGH #CONFIG RULE # OPTION SRC Wan # Option Dest Lan # Option Protocol ESP # Option Target Accept

#Config Rule # Option SRC Wan # Option Dest Lan # Option SRC_Port 500 # Option Dest_Port 500 # Option Proto UDP # Option Target Accept

### Full Config Section #Config Rule # Option SRC LAN # Option SRC_IP 192.168.45.2 # Option SRC_MAC 00: 11: 22: 33: 44: 55 # Option SRC_Port 80 # Option Dest Wan # Option Dest_ip 194.25.2.129 # Option Dest_Port 120 # Option Proto TCP # Option Target Reject