Skip to content

Instantly share code, notes, and snippets.

@braian87b
Last active October 23, 2024 23:13
Show Gist options
  • Save braian87b/bba9da3a7ac23c35b7f1eecafecdd47d to your computer and use it in GitHub Desktop.
Save braian87b/bba9da3a7ac23c35b7f1eecafecdd47d to your computer and use it in GitHub Desktop.
How to setup a Dumb AP, Wired backbone for OpenWRT / LEDE
@RustyRouter
Copy link

Thanks for the tutorial :
I just need you help in 2 things please "A & B"

(A)Lan configuration:

I'm just confused about this , so basically I should use either static network or DHCP on LAN
is that right ?
So If I choose to go with static network then I should delete this part from the script ?

# Set DHCP on LAN (not recommended, but useful when Dumb AP is moveable from one building to another)
uci del network.lan.broadcast
uci del network.lan.dns
uci del network.lan.gateway
uci del network.lan.ipaddr
uci del network.lan.netmask
uci set network.lan.proto='dhcp'

I'm going to execute this script on a wireless backbone AP and then setup the WIFI on it.

(B)Script to disable IPv6

Can you write a script to completely disable IPv6 from a factory reset OpenWRT 22.03.3 router, a router to be used as a main router connected to ISP, I mean disable everything v6 related such as IPv6, WAN6 (also delete WAN6), RA, DHCPv6 etc ? basically convert the router to be IPv4 only.

Thanks @braian87b

Main Wireless Router : Belkin RT3200 (aka. Linksys E8450) OpenWRT 22.03.3 UBI
DUMB Wireless AP : Linksys E8450 (aka. Belkin RT3200) OpenWRT 22.03.3 UBI

@braian87b
Copy link
Author

@RustyRouter

(A) yes, either, since you cannot do the both, unless you create a 2nd bridged interface to the lan, think about it as for any device on your network (phone, computer, etc) you can configure a static IP or use DHCP, static IP is useful if you want to tie an IP to the device no matter on which network... but preferable you can use DHCP and set an static lease for the AP macaddress so the main Router will provide always the same IP to the dumb AP.

(B)
mostly involves the steps above, and also you can do the same on your main router and additionally disable ipv6 on the wan side if you have reliable ipv4 and don't want ISP ipv6

uci del network.wan6
uci del_list firewall.@zone[1].network='wan6'

if you want to go deeper:
https://www.google.com/search?q=openwrt+disable+ipv6
this one seems pretty accurate on all needed: https://3os.org/infrastructure/openwrt/disable-ipv6/

.

@RustyRouter
Copy link

RustyRouter commented Mar 4, 2023

Hi @braian87b

Thanks for your help.

Based on your script, and after many tests, I've created the following script, can you please take a quick look?
Please let me know if something wrong in it.

# ========================================================
# Setup a Dumb AP for OpenWRT
# Tested on: Belkin RT3200 (aka. Linksys E8450) 22.03.3
# Script expects factory settings
# ========================================================
# Disable IPv6
# ========================================================
uci delete network.lan.ip6assign
uci set network.lan.delegate='0'
uci delete dhcp.lan.dhcpv6
uci delete dhcp.lan.ra
uci delete dhcp.odhcpd
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop
uci delete network.globals.ula_prefix
uci commit

# ========================================================
# Disable Dnsmasq completely and discard dhcp
uci commit dhcp; echo '' > /etc/config/dhcp
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop

# ========================================================
# Disable firewall
/etc/init.d/firewall disable
/etc/init.d/firewall stop
mv /etc/config/firewall /etc/config/firewall.unused

# ========================================================
# Remove WAN logical interfaces
uci delete network.wan
uci delete network.wan6

# ========================================================
# To identify better when connected to SSH and when seen on the network
uci set system.@system[0].hostname='DumbAP'
uci set network.lan.hostname="`uci get system.@system[0].hostname`"
uci commit system

# ========================================================
# Set static network configuration (sample config for 192.168.1.0/24)
# 192.168.1.1 is the Main Router
# ========================================================
uci set network.lan.ipaddr='192.168.1.2'
uci set network.lan.dns='192.168.1.1'
uci set network.lan.gateway='192.168.1.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.broadcast='192.168.1.255'
uci commit network


echo '====================================================================='
echo 'Reboot your router'
echo 'you can now connect the LAN port of this device to the LAN port'
echo 'of your main router.'
echo '192.168.1.2 is now your Access Point IP Address'
echo '====================================================================='
sync
reboot

Notes:
1- Adding WAN physical interface to LAN did not work in my router!, I had to do it manually in LuCi :(
using "network.lan.ifname" is not working anymore, I think now it is "network.lan.device"
If I type: "uci show network" then this is the result:

root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix=''
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3' 'lan4'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.device='wan'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.device='wan'
network.wan6.proto='dhcpv6'

2-The only thing that I could not disable is "Enable IPv6" from the configuration of the "bridge device" under "General device options" tab
do you know the command to do that? Or maybe it is not necessary anymore? I've tried Google without any luck! Please check the screenshot attached:
IPv6

@braian87b
Copy link
Author

braian87b commented Mar 5, 2023

Try not remove /etc/config/firewall file placeholder, leave it as-is, disabling the service is enough, you will not save space since that starts sitting in rom, but you can empty the file if you want, similarly as with /etc/config/dhcp if you want it cleaner.
remember that if you are using recent version of openwrt it won't have swconfig anymore now it uses DSA. so the configuration will be different,
IPv6 you can disable using Luci and see on the pending settings to be commit which changed.
You can always change everything using LuCI and inspect which changes LuCi do and dump those into your script, will be safer if you are not familiar yet with all the configurations.

@RustyRouter
Copy link

I greatly appreciate your help and efforts @braian87b

@braian87b
Copy link
Author

@RustyRouter happy to help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment