Sunday, March 13, 2022

Fixing AT&T fiber's connectivity to China on OpenWrt

Labels: ,

Note: AT&T fiber's IPv6 and IPv4 connectivity to China was restored as of Jan 2023. So the workaround below is unnecessary.

I switched to AT&T fiber last month and then found out that I could not open douban.com anymore. Some web search led me to https://www.reddit.com/r/ATT/comments/mbutte/is_att_blocking_china_internet_backbones/

So basically AT&T fiber has connectivity issue with IPv4 addresses in China. And they are unwilling to admit it or fix it. So I had three options,

  1. Switch back to Comcast.
  2. Install VPN on my devices and turn on VPN when I want to visit Chinese websites.
  3. Connect my router to a VPN and change its routing table to use the VPN for IPv4 addresses in China.

Option 1 is not preferred because Comcast's cable network has abysmal upload speed. Option 2 is feasible but requires VPN on my laptop, phone, and tablet. So I chose option 3.

Although AT&T fiber does not allow customers to bring their own router, the AT&T router supports IPv6 prefix delegation and IPv4 port forwarding. So I installed a OpenWRT router behind the AT&T one.

I configured wireguard on OpenWRT to connect to a VPS. Then I downloaded a list of IP net blocks in China from ip2location. I wrote a script to convert the list to a big OpenWRT static route config file and appended it to /etc/config/network. Then I executed service network reload. However, the command hung. It seemed OpenWrt could not handle 7000+ static routes. So I gave up on this option.

Eventually I worked out a solution using ipset, iptables, and shadowsocks.

1) Install shadowsocks on the VPS and configure it to run as a server.

2) Install shadowsocks-libev on OpenWrt and configure it to run ss-redir on port 2333.

3) Install ipset on OpenWrt.

4) On OpenWrt, create a file at /root/ipset.conf with following contents,

create china hash:net family inet hashsize 2048 maxelem 65536
add china 223.223.192.0/20
add china 47.89.54.0/23

repeat the "add china" pattern for all ip blocks in China.

5) On OpenWrt, append the following to /etc/firewall.user. This will instruct iptables to redirect all TCP connections to China to the ss-redir port.

ipset restore < /root/ipset.conf
iptables -t nat -A prerouting_lan_rule -p tcp -m set --match-set china dst -j REDIRECT --to-port 2333

6) Run service firewall restart on OpenWrt. (Or simply reboot OpenWrt)

7) Visit https://www.123cha.com. It should display the IP of the VPS.
No comments:

Tuesday, March 1, 2022

Setting up 802.11s mesh on OpenWRT 21.02 routers

Labels: ,

Update: I ran iperf3 on both 802.11s and WDS modes. 802.11s got about 150Mbps, while WDS had more than 200 Mbps. I reverted my setup to WDS.


I have two routers, Linksys EA7300v2 and Lenovo Y1, both running OpenWrt. I use WDS between them to build a wireless bridge. Recently I learned that WDS is deprecated and 802.11s is the replacement.

Here are steps to create a 802.11s mesh on OpenWrt 21.02,

1) Run command iw list | grep "Supported interface modes" -A 9 and check if the output contains "mesh point". If it does not, then the wireless driver does not support 802.11s.

2) Opkg remove the wpad-basic-wolfssl package and then install wpad-wolfssl. Because the former does not support mesh.

3) Reboot the device.

3) Append the following config to both devices' /etc/config/wireless file,

config wifi-iface '{set_a_name}'
    option device '{set_accordingly}'
    option mode 'mesh'
    option mesh_fwding '1'
    option mesh_rssi_threshold '0'
    option network 'lan'
    option mesh_id '{set_the_same_id}'
    option encryption 'sae'
    option key '{set_the_same_key}'
    option ifname 'wlan-mesh'

4) Run wifi reload.

5) Wait a few seconds and run iw dev wlan-mesh station dump. If the output is not empty, then the mesh setup is successful.

6) If the output is empty after a few minutes, run logread and see if there are any errors. I found that the EA7300 would fail to start the mesh if I set the channel to auto or a DFS channel. But the Lenovo Y1 does not have this problem. So I manually set the radios on both devices to channel 48 and it worked after wifi reload

References

  • https://openwrt.org/docs/guide-user/network/wifi/mesh/80211s
  • https://www.cwnp.com/wp-content/uploads/pdf/802.11s_mesh_networking_v1.0.pdf
  • https://www.simianer.de/blog/home-wifi-setup-with-802.11s-meshing-and-802.11r-roaming
No comments:
Subscribe to: Posts (Atom)