Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux_router:wifi [2025-03-09 Sun wk10 10:57] – [Wifi Router / Access Points] baumkplinux_router:wifi [2025-05-24 Sat wk21 19:59] (current) – [/etc/config/uhttpd] baumkp
Line 1: Line 1:
 +{{tag>linux router wifi "wifi router" "access point"}}
 ======Wifi Router / Access Points====== ======Wifi Router / Access Points======
 I prefer to run higher quality wifi access points (AP) than the all in one type routers.   My current router is X86 based running Linux Nftables on bare metal and Bind9 and Kea as well as some other services in Docker on a VM. I prefer to run higher quality wifi access points (AP) than the all in one type routers.   My current router is X86 based running Linux Nftables on bare metal and Bind9 and Kea as well as some other services in Docker on a VM.
Line 8: Line 9:
 Ultimately, what is important is the actual performance is the wifi system is satisfactory.  I have tried to help improve performance by moving as many as reasonably possible services to wired Ethernet, there by reducing bandwidth used on wifi and the use of 2 wireless access points connect upstream via Ethernet, which gives better wifi radio coverage and helps share wifi radio bandwidth. Ultimately, what is important is the actual performance is the wifi system is satisfactory.  I have tried to help improve performance by moving as many as reasonably possible services to wired Ethernet, there by reducing bandwidth used on wifi and the use of 2 wireless access points connect upstream via Ethernet, which gives better wifi radio coverage and helps share wifi radio bandwidth.
  
-The current access points are Netgate [[https://www.netgear.com/support/product/wax206/|WAX206]].  They only went on sale circa 2021 and went end of life early 2025, I am disappointed with Netgear for such a short support period.  Strangely the less featureful and powerful WAX202 still seems for sale at Netgear as of writing March 2025.  The WAX206 has a dual core aarch64_cortx-A53 running at up to 1350MHz, with 256MB NAND Flash and 512MB RAM.  It has 4 x 1Gbit ethernet ports and 1 x 2.5Gbit ethernet port.  The WAX206 does not have a USB port.  There is a currently supported [[https://openwrt.org/toh/hwdata/netgear/netgear_wax206|OpenWRT]] operating system solution for this wifi router.+The current access points are Netgate [[https://www.netgear.com/support/product/wax206/|WAX206]].  They only went on sale circa 2021 and went end of life early 2025, I am disappointed with Netgear for such a short support period.  Strangely the less featureful and powerful WAX202 still seems for sale at Netgear as of writing March 2025.  The WAX206 has a dual core aarch64_cortx-A53 running at up to 1350MHz, with 256MB NAND Flash and 512MB RAM.  It has 4 x 1Gbit ethernet ports and 1 x 2.5Gbit ethernet port.  The WAX206 does not have a USB port.  There is a currently supported [[https://openwrt.org/toh/hwdata/netgear/netgear_wax206|OpenWRT Techdata: NETGEAR WAX206]] operating system solution for this wifi router.
  
 My old wifi access points from 2014 were [[https://www.netgear.com/support/product/ex6200/|EX6200 – AC1200 Dual Band WiFi Range Extender]] gave me good service until I updated in 2022 to the WAX 206 units.  The EX6200V1 has has a dual core aarch64_cortx-A53 running at up to 800MHz, with 8MB NAND Flash and 128MB RAM.  It has 5 x 1Gbit ethernet ports. It has 1 x USB 3.0 port.  Only having 8MB flash capacity reduces the 3rd party opensource operating systems available. openWRT does not have a solution and dd-wrt only has a limited solution. My old wifi access points from 2014 were [[https://www.netgear.com/support/product/ex6200/|EX6200 – AC1200 Dual Band WiFi Range Extender]] gave me good service until I updated in 2022 to the WAX 206 units.  The EX6200V1 has has a dual core aarch64_cortx-A53 running at up to 800MHz, with 8MB NAND Flash and 128MB RAM.  It has 5 x 1Gbit ethernet ports. It has 1 x USB 3.0 port.  Only having 8MB flash capacity reduces the 3rd party opensource operating systems available. openWRT does not have a solution and dd-wrt only has a limited solution.
Line 14: Line 15:
 =====Wi-Fi Extender/Repeater with Bridged AP over Ethernet===== =====Wi-Fi Extender/Repeater with Bridged AP over Ethernet=====
 I always setup my Wifi Routers as Wifi Access Points (AP) using an Ethernet uplink only, also know as "Dump AP" or "Bridged AP" Effectively the AP becomes an extension of my LAN and all the providing the Wifi functionality, all DNS, DHCP, firewalling, NAT functions occur in the upstream Ethernet wired Router. I always setup my Wifi Routers as Wifi Access Points (AP) using an Ethernet uplink only, also know as "Dump AP" or "Bridged AP" Effectively the AP becomes an extension of my LAN and all the providing the Wifi functionality, all DNS, DHCP, firewalling, NAT functions occur in the upstream Ethernet wired Router.
- 
  
 802.11r is fast transition from one AP to another in the same mobility domain (i.e. faster authentication when you roam from one AP to another) 802.11r is fast transition from one AP to another in the same mobility domain (i.e. faster authentication when you roam from one AP to another)
-802.11k/v is band steering (i.e. help the client device to find a nearby AP that it would consider roaming to or stimulate“ a device to roam if an AP is saturated)+802.11k/v is band steering (i.e. help the client device to find a nearby AP that it would consider roaming to or "stimulatea device to roam if an AP is saturated) 
 + 
 +=====/etc/config/uhttpd===== 
 + 
 +++++ default /etc/config/uhttpd| 
 +<code>config uhttpd 'main' 
 + list listen_http '0.0.0.0:80' 
 + list listen_http '[::]:80' 
 + list listen_https '0.0.0.0:443' 
 + list listen_https '[::]:443' 
 + option redirect_https '0' 
 + option home '/www' 
 + option rfc1918_filter '1' 
 + option max_requests '3' 
 + option max_connections '100' 
 + option cert '/etc/uhttpd.crt' 
 + option key '/etc/uhttpd.key' 
 + option cgi_prefix '/cgi-bin' 
 + list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua' 
 + option script_timeout '60' 
 + option network_timeout '30' 
 + option http_keepalive '20' 
 + option tcp_keepalive '1' 
 + option ubus_prefix '/ubus' 
 + 
 +config cert 'defaults' 
 + option days '397' 
 + option key_type 'ec' 
 + option bits '2048' 
 + option ec_curve 'P-256' 
 + option country 'ZZ' 
 + option state 'Somewhere' 
 + option location 'Unknown' 
 + option commonname 'OpenWrt'</code> 
 +++++ 
 +I copy my main '*.local.kptree.net' cer/crt and key files from LetsEncrypt to the openWRT machines /etc/uhttpd.crt and key files using 'scp' from the machine remote to the openWRT machines. Install sftp-server with ''opkg update'' and ''opkg install openssh-sftp-server''
 +  *''scp .config/certificates/'*.local.kptree.net.key' root@wifi-ap1.local.kptree.net:/etc/uhttpd.key'' to copy across the key 
 +  *''scp .config/certificates/'*.local.kptree.net.cer' root@wifi-ap1.local.kptree.net:/etc/uhttpd.crt'' to copy across the certificate 
 +I have a separate script that extracts the various certificates key from Traefik combined certificate file that I need to use on my mail server, that is mentioned elsewhere on my wiki. 
 + 
 +After the certificates are updated the router must be rebooted or the uhttpd module restarted: 
 +  *ssh into the router ''%%ssh root@wifi-ap1.local.kptree.net:/etc/uhttpd.crt%%'' and run ''%%/etc/init.d/uhttpd restart%%'' 
 +  *'Or run the command in ssh: '%%ssh root@wifi-ap0.local.kptree.net "/etc/init.d/uhttpd restart"%%'' 
 + 
 + 
 + 
  
 ====References==== ====References====
   *[[https://www.onemarcfifty.com/|OneMarcFifty]], Youtube [[https://www.youtube.com/watch?v=kMgs2XFClaM|CHEAP WI-FI MESH ALTERNATIVE with fast roaming OpenWrt Wi-Fi Access points]], [[https://github.com/onemarcfifty/cheat-sheets/tree/main/OpenWrt|Github cheatsheets/OpenWrt]]   *[[https://www.onemarcfifty.com/|OneMarcFifty]], Youtube [[https://www.youtube.com/watch?v=kMgs2XFClaM|CHEAP WI-FI MESH ALTERNATIVE with fast roaming OpenWrt Wi-Fi Access points]], [[https://github.com/onemarcfifty/cheat-sheets/tree/main/OpenWrt|Github cheatsheets/OpenWrt]]
-  *[https://openwrt.org/abouthttps://openwrt.org/about|OpenWRT]]+  *[[https://openwrt.org/abouthttps://openwrt.org/about|OpenWRT]]
     *[[https://openwrt.org/toh/netgear/wax206|Netgear WAX206]]     *[[https://openwrt.org/toh/netgear/wax206|Netgear WAX206]]
     *[[https://forum.openwrt.org/t/wax206-newbie-advice/213085|https://forum.openwrt.org/t/wax206-newbie-advice/213085]]     *[[https://forum.openwrt.org/t/wax206-newbie-advice/213085|https://forum.openwrt.org/t/wax206-newbie-advice/213085]]
-    *+    *[[https://openwrt.org/docs/guide-user/network/wifi/wifiextenders/bridgedap|Wi-Fi Extender/Repeater with Bridged AP over Ethernet]] 
 +    *[[https://openwrt.org/docs/guide-quick-start/sshadministration|SSH access for newcomers]] 
 +    *[[https://openwrt.org/docs/guide-user/luci/getting_rid_of_luci_https_certificate_warnings|get rid of https certificate warnings]]
  
-[[https://dd-wrt.com/support/documentation/|dd-wrt]]+[[https://dd-wrt.com/support/documentation/|dd-wrt]], [[https://www.myopenrouter.com/article/transform-netgear-ex6200-wi-fi-router-dd-wrt|Transform the NETGEAR EX6200 into a Wi-Fi Router with DD-WRT]] 
 +[[https://www.gl-inet.com/products/gl-mt6000/|Flint 2 Wifi 6 Router]]
  
 <-  linux_router:qemu|Prev page ^ linux_router:start|Start page ^ -> <-  linux_router:qemu|Prev page ^ linux_router:start|Start page ^ ->