Linksys AC Series Router Configuration Tips for OpenWRT: Difference between revisions

wiki.TerraBase.info
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
Line 30: Line 30:


The part that OpenWRT doesn't explain very well is their "Overlay".  Their Overlay is an abstraction layer that exposes a single interface to a user which is very similar to how a computer would present storage space to a user.  On the other side is the Flash Memory which is broken down into two sections, firmware (equivalent to an Operating System) and storage space (equivalent to storage space on a disk drive or SSD for a computer).  The firmware section is controlled by [[wikipedia:SquashFS|SquashFS]] and the storage space is controlled by [[wikipedia:JFFS|JFFS]]/[[wikipedia:JFFS2|JFFS2]]
The part that OpenWRT doesn't explain very well is their "Overlay".  Their Overlay is an abstraction layer that exposes a single interface to a user which is very similar to how a computer would present storage space to a user.  On the other side is the Flash Memory which is broken down into two sections, firmware (equivalent to an Operating System) and storage space (equivalent to storage space on a disk drive or SSD for a computer).  The firmware section is controlled by [[wikipedia:SquashFS|SquashFS]] and the storage space is controlled by [[wikipedia:JFFS|JFFS]]/[[wikipedia:JFFS2|JFFS2]]
UBI = Unsorted Block Image, as in UBIFS ([[wikipedia:UBIFS|Unsorted Block Image File System]])


===Ethernet Switch===
===Ethernet Switch===
Line 136: Line 138:
See Performance Tuning Section below...
See Performance Tuning Section below...


=== Use an External USB Flash Drive instead of internal Flash Drive using Overlay ===
===Use an External USB Flash Drive instead of internal Flash Drive using Overlay===
<br />
<br />
===Swap File===
===Swap File===

Revision as of 16:40, 1 August 2020

Most of this article is focused on the OpenWRT Firmware / OS (Operating System) and the WRT1900ACS and WRT3200ACM routers. The WRT32X is essentially the same as the WRT3200ACM and is not mentioned specifically in this article. The WRT1900AC series is older and because the price difference between it and the WRT1900ACS is negligible, along with better hardware specification for the WRT1900ACS, it is recommended to purchase the ACS, thus the AC model is not fully covered here. The information below does work for the most part on the WRT1900AC and WRT32X.

These devices are also known as the WRT1900 and WRT3200.

See WRT1900AC, WRT1900ACS, and WRT3200ACM Routers, SoS (CPU), and Hardware for information about hardware specifics.

QuickD

  • Upgrade Firmware
  • Partition and Configure OpenWRT to use the USB Flash Drive (as Overlay, alternate boot, storage, swap, etc.)

Hardware

WRT1900AC

There are two hardware versions of the WRT1900AC (v1 and v2, v1 will not appear on the label, it is used here to differentiate between v1 and v2) so check the label on the bottom of the router and get the right firmware.

WRT1900ACS

There are two hardware versions of the WRT1900ACS (v1 and v2, v1 will not appear on the label, it is used here to differentiate between v1 and v2), but unlike the WRT1900AC, both versions of the router use the same firmware.

WRT3200ACM

As of the writing of this article on 7.2020, there is only one version of the WRT3200ACM

Storage (AKA Disk Drive) and File System

Another subject that OpenWRT is a bit opaque about is how information is stored on a router. It's not really their job, so let's go over it here.

A router is essentially a computer. It has all of the components of a computer, CPU, RAM, Network Adapter, Storage, etc. Unlike a computer, in a classic sense a router does not have a Disk Drive (unless one is attached via a USB or eSATA port), but it does have a way to store information which is Flash Memory. IE Flash Memory equals a Disk Drive (mechanical). In a more modern sense, it does have a disk drive in that modern disk drives in computers are SSD (Solid State Drives), which use a type of Flash Memory.

How OpenWRT handles that "Disk Drive" is much different than computers. Their explanation is here: https://openwrt.org/docs/techref/filesystems#squashfs

The part that OpenWRT doesn't explain very well is their "Overlay". Their Overlay is an abstraction layer that exposes a single interface to a user which is very similar to how a computer would present storage space to a user. On the other side is the Flash Memory which is broken down into two sections, firmware (equivalent to an Operating System) and storage space (equivalent to storage space on a disk drive or SSD for a computer). The firmware section is controlled by SquashFS and the storage space is controlled by JFFS/JFFS2

UBI = Unsorted Block Image, as in UBIFS (Unsorted Block Image File System)

Ethernet Switch

The Ethernet Switch typically transfers data at a sustained 90 MB/S for a Gigabyte Network Adapter.

Firmware

REMEMBER: The AC Series of routers has dual boot partitions, so if you're installing firmware it will flash it to the non-active flash partition. The same occurs if upgrading existing OpenWRT firmware. So if one happens to be running OpenWRT on one partition and DD-WRT or the stock Linksys firmware on the other partition, if installing from the OpenWRT / LUCI GUI, it will overwrite the other partition.

Dual Booting

This allows for rebooting to the alternate partition;

  • opkg update
  • opkg install luci-app-advanced-reboot

Switching Boot Partitions

Commands for OpenWRT

  • To determine which boot partition is active: /usr/sbin/fw_printenv -n boot_part
  • To change which boot partition is active: /usr/sbin/fw_setenv boot_part 1 OR /usr/sbin/fw_setenv boot_part 2

Commands for DD-WRT

  • To determine which boot partition is active:ubootenv get boot_part
  • To change which boot partition is active: ubootenv set boot_part 1

Power Switch

Per this site: https://community.linksys.com/t5/Wireless-Routers/WRT1900AC-May-have-bricked-it/td-p/811096

  • Reset the router by holding the reset button in until the PWR light starts to flash, appx. 15 seconds.
  • Once the power light stops flashing, you can power off the router with the power switch.
  • Turn the power back on and the PWR light will light. As soon as any other light turns on, power off the router with the power switch.
  • Turn the power back on and the PWR light will light. As soon as any other light turns on, power off the router with the power switch.
  • Turn the power back on and the PWR light will light. As soon as any other light turns on, power off the router with the power switch.
  • Turn the power back on and the PWR light will light. This time just let the router power all the way up. It should now be on the alternate

Per this site: https://forum.archive.openwrt.org/viewtopic.php?id=70202

  • Start with the power switch off, then switch on. Watch the power LED:
  • Power LED: on (a few seconds)
  • Power LED: off (a second or two)
  • Power LED: on (immediately when the power light turns on, flip the power switch off)
  • That is 1 cycle of the 3 required to revert to the other partition. Repeat the above procedure two more times, making sure to flip the switch off as soon as the power LED comes on the second time.
  • The fourth time you turn the power switch on you can let the device boot and it should boot into the other partition.

Remember: When attempting to utilize this within the LUCI GUI (if already logged in and connected), refresh the browser windows (CTRL Key plus Refresh Button in Firefox).

So how does one upgrade OpenWRT firmware on the current / active boot partition when the process upgrades the other inactive partition? What about changing the boot partition to the inactive one and then upgrade the firmware (See the Switching Boot Partitions section of this article for the commands to view or change the boot partition)? After several attempts, this trick didn't work. Documentation exists that says this trick works with DD-WRT (https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=311117). It seems the flashing of the NVRAM is left up to the Marvell SoS / CPU and there is no way around it via OpenWRT. Alternative?

The solution is to upgrade from the other partition. IE, if Partition 1 needs to be upgraded, boot to Partition 2 and perform an upgrade, which will then upgrade Partition 1. This will obviously work if OpenWRT is installed on both partitions. But how can one install DD-WRT on the other partition from OpenWRT?

Solution: Use the command line. IE, it won't work from the OpenWRT LUCI GUI.

  • Download the DD-WRT Factory Firmware (factory-to-ddwrt.bin) to the /tmp Directory
    • For WGET to work, this may be needed: opkg install libustream-mbedtls
  • Type the following command: sysupgrade -n -v -F /tmp/factory-to-ddwrt.bin (-n = do NOT keep current settings, -v = verbose, -F = Force)

The firmware will be installed on the other partition.

Only Upgrade versions of OpenWRT can be flashed via the GUI. Factory firmware will result in an error. , but not sure if it is possible to "cross update" between DD-WRT and OpenWRT.

Use the OpenWRT Install / Factory image in this instance.

Storage: Internal NAND Flash Memory, USB Flash Drives, and eSATA Drives

Believe it or not, the stock installation of OpenWRT does not come with the capability to access USB or eSATA devices. Considering how prevalent a USB port is on routers these days, that's a bit baffling. Plus it's really frustrating for so many web sites that refer to the LuCI, System, Mount Point menu that doesn't exist unless the previously mentioned items are installed. Big woof on this one.

The following allows for ext2, ext4, and ntfs partitions to be recognized via USB and includes the LUCI GUI Interface (Under System, Mount Points);

  • opkg update
  • opkg install block-mount e2fsprogs kmod-fs-ext4 kmod-usb-storage kmod-usb2 kmod-usb3 ntfs-3g usbutils gdisk cfdisk tune2fs kmod-fs-exfat dosfstools kmod-fs-vfat f2fs-tools kmod-fs-f2fs lsblk ntfs-3g-utils
    • e2fsprogs: mkfs.ext2, mkfs.ext3, mkfs.ext4, etc: mkfs.ext4 /dev/sda3 (remember to unmount before formatting)
    • kmod-fs-ext4: Includes ext2, ext3, and ext4
    • tune2fs can change a volume label: tune2fs -L WhatEverName /dev/sdaX
    • block-mount can display a volume label: block info
    • df can display general partition information: df
    • cfdisk is a text GUI equivalent for gdisk: cfdisk
    • lsblk can show the type of formatting: lsblk -l
  • And for NTFS volumes to enhance speed, in the LUCI GUI, Mount Points, Mount Points, Edit, Advanced Settings, Mount Options, add: big_writes (some Linux systems claim this setting is deprecated, but for OpenWRT it makes a big performance difference on the order of double, 60 MB/S plus was measured on 100 plus GB Files)

The best recommendation for a USB Flash Drive is the SanDisk Ultra Fit USB 3.1 Flash Drive Series. And the recommendation is NOT because it is the fastest. They brag speeds up to 130 MB/S. Maybe downhill in a tornado, but under normal systems, that speed is a joke for this piece of hardware. So why recommend it? Well as it turns out, the fastest drive, USB, eSATA, or otherwise that has been tested on the AC Series is about 70 MB/S (this has been confirmed for eSATA) and around 45 MB/S for USB 3.0 (using a Patriot SuperSonic Rage Elite USB 3.1 Flash Drive that has been verified multiple times at over 200 MB/S sustained). Based on that and the below reviews it seems the Ethernet Switch may be topping out at about 70 MB/S, which is quite respectable.

Some reviews have the USB 3.0 speeds and eSATA speeds about the same at around 70 MB/S: https://www.eteknix.com/linksys-wrt3200acm-router-review/10/

Others have the USB 3.0 speeds measured considerably slower at about 20 MB/S: https://www.kitguru.net/peripherals/james-morris/linksys-wrt3200acm-ac3200-wireless-router-review/4/

Anyway, the above mentioned SanDisk device tops out at about 70 MB/S on every system that the above mentioned Patriot device tops out at over 200 MB/S. Notice that 70 MB/S speed mentioned twice? Once for the SanDisk device and once for the AC Series. The next item to consider is price. The SanDisk is not the cheapest, but it is fairly low. When price and performance are both considered, it turns out the SanDisk device beats everyone. And since the AC series router and SanDisk USB Flash Drive both top out at around 70 MB/S, that makes it the perfect match.

If one is considering using the USB Flash Drive for other purposes, go with the Patriot USB Flash Drive. If using the USB flash drive as a dedicated device for an AC series routers then go with the SanDisk USB flash drive. Plus it's also much smaller and has a lower profile than the patriot device. Both drives claim speeds about double what they can deliver. The final joke is that the Patriot device is USB 3.0 and the SanDisk is a USB 3.1 device.

Partitioning and Formatting a Flash Drive

Partitioning: cfdisk is the easiest and will align partitions on solid state devices correctly. Don't forget to set the partition type too (NTFS, Linux, Linux Swap, etc.)

To check proper partition alignment (if it starts on a boundary divisible by 1024, then it is properly aligned, newer partition software generally does this properly for flash based devices);

  • sfdisk -d /dev/sdX
  • fdisk -l -u /dev/sdX

Formatting an EXT4 Partition: mkfs.ext4 -L WhatEverName -v /dev/sdaX (-L = Label, -v = Verbose)

Format an NTFS Partition: mkntfs -f -L NTFS -v /dev/sdaX

Volume Label: tune2fs -L WhatEverName /dev/sdaX

See Performance Tuning Section below...

Use an External USB Flash Drive instead of internal Flash Drive using Overlay


Swap File

Most references to Swap Partitions or Files indicate performance is quite poor. But this may have been written during the USB 2.0 period and doesn't reflect the performance of USB3 or eSATA devices in 2020. That said, "Virtual RAM" is slower no matter what. The AC Series comes with an astounding amount of RAM (512 MB), so this may not be an issue.

If a Swap Partition is added, it can will potentially consume an entire USB Flash drive.

A Swap File may be a good alternative.

There is considerable ancient / old /archived information about Swap Files and OpenWRT.

Is it slower than RAM? Yes. Does one sometimes need more RAM than is physically available? Yes, sometimes. So for all the people that discourage the use of a Swap File, fine. But sometimes one needs it, here's how;

  • Make sure there is an available empty partition for usage of a Swap File.
  • mkswap -L SWAP /dev/sdaX
  • swapon /dev/sdaX

OR

  • Use the LuCI GUI interface

Check functionality with: HTOP

Inactive Internal Flash Memory Partitions and Linksys Reserved NVRAM / Flash Memory Partition Mounting and Information

To mount the Inactive Partition (keep in mind the directory structure will not be the same as viewed from the root directory, but all the configuration files are under etc);

  • ubiattach -m 6 OR ubiattach -m 8 (an error will occur if the current / active partition is selected, so attach the other one)
  • mkdir /tmp/ubi2_1
  • mount -t ubifs /dev/ubi2_1 /tmp/ubi2_1

To mount the syscfg partition / mtd9 (if needed, the WRT1900ACS doesn't seem to mount it automatically, but the WRT1900ACM does);

  • mkdir /tmp/ubi1_0
  • mount -t ubifs /dev/ubi1_0 /tmp/ubi1_0

Mounting of the "reserved" ubi1:sysconfig partition as /tmp/syscfg is normal OpenWRT behavior.

View available partitions to mount

ls -la /dev/ubi*

Information

/dev/ubi0_1 is the mtd6 OR mtd8 partition (whichever is active)

/dev/ubi1_0 is the syscfg / mtd9 partition (this is only used by the Linksys Firmware and is just wasted NVRAM / Flash that is not used by OpenWRT

cat /proc/mtd = shows the available partitions (should match the OpenWRT documentation)

/sys/devices/virtual/ubi/ubi0/mtd_num is a file that indicates the current / active partition, which is 6 / mtd6 or 8 / mtd8

/sys/devices/virtual/ubi/ubi1/mtd_num is the file that indicates thesyscfg partition (9 / mtd9)

Performance Tuning

Configuration Tips

Performance Tuning for EXT4 after formatting (debatable whether it works or not): tune2fs -o journal_data_writeback /dev/sdaX AND tune2fs -O ^has_journal /dev/sdaX

In LuCI: Mount Options (in LuCI GUI): barrier=0,data=writeback

NTFS Performance: big_writes

NTFS Compression (and Performance): big_writes,compression

Performance Testing

Switch connected to a Gigabit Ethernet Adapter: 90 MB/S

USB 3.0 Port (with Flash Drive and CPU verified to NOT be the limiting factor):

  • NTFS: 30 MB/S Write - 70 MB/S Read
  • EXT2: 70 MB/S Write (for under 700 MB of data) and 50 MB/S Read
  • EXT3: Slower than EXT2 and faster than EXT4
  • EXT4: 50 or so MB/S Write (erratic) and 50 MB/S Read
  • exFAT: Don't even bother
  • F2FS (from Samsung) is about the same as EXTX
  • FAT32 doesn't support more that 4GB file size

CPU Usage for File Systems: slightly lower for extX than NTFS

EXT2, EXT3, EXT4 are all about the same speed in the end.

Compatibility and Recommendations

For compatibility with Windows choose NTFS (and accept the speed hit on OpenWRT).

For OpenWRT Native Overlay use EXT4 (without journaling).

F2FS supposedly has issues, even though OpenWRT recommends it, so do NOT use it.

Networking

Multiple IP Addresses assigned to an interface, AKA Alias or Aliases in OpenWRT

The OpenWRT article on Basic Networking and Aliases includes a lot of information. But they leave out a few interesting details that would be nice to know;

  • Bridge / Switch Tip: The br-lan name (seen in the LuCI GUI or when using the ifconfig command) is not explicitly assigned. Instead, if an interface defined in the /etc/config/network file is option type 'bridge' then "br" with a hyphen ( br- ) is prepended to the name of the interface ( interface 'lan' ) in the /etc/config/network file
  • Firewall Tip: Make sure each new "Interface" is include in the firewall setting (LuCI GUI: Interface, Firewall Settings, Assign Firewall Zone OR File: /etc/config/firewall, config zone (lan), option network, add the name of the interface)
  • Syntax Tip: OpenWRT examples tend to vacillate between one of two different syntax in their examples, for instance;
    • option 'type' 'bridge' OR option type 'bridge' (the latter seems to reflect how the actual configuration files are done)
  • Alias or Second IP Address Tip: The option ifname item in the Alias or Secondary IP Address Network Configuration should be set to the above mentioned br-lan ( or if the default name has been changed from lan to lan1, then br-lan1 ). Do NOT set it to the option ifname 'eth0.1' (default name) as many examples give and the configuration file might imply. IE, the br-lan interface name doesn't exist in the /etc/config/network file, so how is one supposed to know? Well, as mentioned in the Bridge / Switch Tip above, this information was discovered after a bit of experimenting. Thus the initial comment about the OpenWRT documentation leaving out a key detail to actually making things function.

Note: Items in the above bullet points noted in italic represent configuration statements in a file.

Example;

In the /etc/config/network File example below two IP Addresses are assigned to the LAN Bridge / eth0.1 Interface, where A.B.C.D and W.X.Y.Z are place holders for an IP Address

# When using IFCONFIG, this interface will be displayed as br-lan1 and eth0.1 will not
# have an IP Address

config interface 'lan1'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr 'A.B.C.D'

config interface 'lan2'
        option proto 'static'
        option ipaddr 'W.X.Y.Z'
        option netmask '255.255.255.0'
        # The ifname needs to be set to the br-lan1 name, not eth0.1
        option ifname 'br-lan1'

...and don't forget to type the following command for settings to take effect: service network reload

Software, Utilities, Drivers, etc.

Package Installation with OPKG

opkg is the package management utility on OpenWRT.

Useful Utilities

opkg update

opkg install htop nano

Samba Server and File Sharing

There are two versions of Samba Server available, 3.6.25 and 4.x.

  • opkg update
  • opkg install samba36-server OR opkg install samba4-server samba4-utils
  • opkg luci-app-samba OR opkg luci-app-samba4
  • smbpasswd -a root (or whatever user is desired)

The stock OpenWRT Samba Server Configuration (in LuCI) can be replaced with something similar to below (LUCI GUI, Service, Network Shares, Edit Template Tab);

[global]
        netbios name = OpenWRT
        server string = Samba on OpenWRT
        workgroup = ESTUARY-A
        guest account = nobody
        security = user
        map to guest = Bad User
        guest ok = yes
        guest only = no
        timestamp logs = no
        preserve case = yes
        short preserve case = yes
        socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
        log level = 0
        syslog = 0
        passdb backend = smbpasswd
        smb encrypt = disabled
        smb passwd file = /etc/samba/smbpasswd

Click here for the default OpenWRT configuration for Samba 4. Below is the default OpenWRT configuration for Samba Server 3

[global]
	netbios name = |NAME| 
	display charset = |CHARSET|
	interfaces = |INTERFACES|
	server string = |DESCRIPTION|
	unix charset = |CHARSET|
	workgroup = |WORKGROUP|
	bind interfaces only = yes
	deadtime = 30
	enable core files = no
	invalid users = root
	local master = no
	map to guest = Bad User
	max protocol = SMB2
	min receivefile size = 16384
	null passwords = yes
	passdb backend = smbpasswd
	security = user
	smb passwd file = /etc/samba/smbpasswd
	use sendfile = yes

A key to getting Samba 4 to work properly with Windows 10 is this: map to guest = Never The below is an actual functional smb.conf file for Samba 4 that works with Windows 10. Thanks to https://www.nodeum.io/howto/guest-access-in-smb2-disabled-by-default-in-windows-10 for the key piece of information.

[global]
        netbios name = WRT1900ACS
        server string = Samba on WRT1900ACS
        workgroup = ZAP
        security = user
        map to guest = Bad User
        timestamp logs = no
        preserve case = yes
        short preserve case = yes
        socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
        log level = 0
        syslog = 0
        passdb backend = smbpasswd
        smb passwd file = /etc/samba/smbpasswd
        # Below is the key to getting Samba Server to work with Windows 10
        map to guest = Never

There are so many different sources that babble about solving the Samba / Windows 10 issues that include ntlm = true, server min protocol = SMB3, min protocol = SMB3, blah, blah, blah. Nothing works. All of these items seem to be set correctly with default values as of a version of Samba sometime after 2019, so they do not fix the issue. For the "You can't access this shared folder because your organization's security policies block unauthenticated guest..." Error Message, the above noted map to guest = Never solves the issue

Then dd a Network Share: In LUCI GUI, Service, Network Shares, General Settings or Edit Template Tab, enter a Name and a Path, the other defaults are fine.

If any attempts are made to edit the /etc/samba/smb.conf file directly, it will be overwritten each time by OpenWRT as that's the way it functions in OpenWRT. It can be prevented, but it is recommended not to do that in order to preserve the standard functionality of OpenWRT.

And lastly, remember if one attempts to share the "Root Directory" ( / ), none of the sub directories will open, because of the way the OpenWRT file system works.

DNS (BIND), DHCP (DHCPD), and DNSMASQ

If installing BIND or DHCPD, first uninstall DNSMASQ

  • service stop dnsmasq
  • opkg remove dnsmasq
  • ...or use the LuCI GUI to uninstall

BIND

opkg update

opkg install bind-server

opkg install bind-rndc (some administration tools) OR opkg install bind-tools (all administration tools)

DHCPD

There are two versions of DHCPD, ISC and KEA. ISC is the older server and KEA is the newer. For simple or small networks, ISC is the choice. Read here for more information: https://www.isc.org/kea/

opkg update

opkg install isc-dhcp-server-ipv4

OpenVPN

For some reason if one installs OpenVPN via opkg install openvpn, the mbedTLS version is installed as opposed to the OpenSSL. Hint: Use the OpenSSL. Why?

To install OpenVPN with OpenSSL and the LUCI GUI for it (under VPN)

  • opkg update
  • opkg install openvpn-openssl openvpn-easy-rsa luci-app-openvpn luci-ssl-openssl (openssl-util and other dependencies will automatically install)

Telnet

Telnet is supported (and works) on DD-WRT, but OpenWRT has essentially discontinued use of telnet in the name of security. It is possible to build a custom version of the OpenWRT software that supports telnet.

Statistics

CollectD

Sources

https://forum.openwrt.org/t/script-mount-alternate-nand-firmware-linksys/33588

https://forum.openwrt.org/t/solved-how-to-mount-ubifs-in-openwrt-kirkwood/32443/4


Retrieved from "https://wiki.terrabase.info/index.php?title=Linksys_AC_Series_Router_Configuration_Tips_for_OpenWRT&oldid=648"