[OpenWrt Wiki] ZBT CPE2801 (2024)

Outdoor 4G modem/router platform with dual SIM, dual M.2 modem slots, WiFi-N access point, dual 100Mb ports and 802.2af PoE.

I have the impression ZTB offers these for wholesale without any 4G cards installed, so variants may exists from different vendorsAlso, there are two variants: single SIM and dual SIM. And furthermore, the PCB has a dual unpopulated footprint labeled eSIM

The one I had was single SIM, branded Cioswi and came with a Quectel EC200A 4G modemWhich is listed as “optimized for M2M and IoT” which in retrospect I take to mean: “good enough for some light logging and remote control”

Opening up the device, it looks quite well build. Coated PCB. Antenna connectors glued in place with nice clear stuff, not some gunk. It actually looks trust inspiringBoth external antenna's are SMA (normal polarity) 4G diversity antenna's, with two WiFi-N antennas on the PCB. How good the antenna's are, no idea.

The software worked well, but is lacking. I was hoping for some SIM card management in the sense of SMS message handling (messages like: your limit is almost reached, reply X to get 1G more)But none of that. You can set APN (I did not have to) and that is it. But it did work without having to configure anything.

4G speed is a bit lacking. Got 25Mb max in an area where I should have gotten 50MbAnd downloading a large 1Gb kept resetting the modem every 5minutes or so.The overall router GUI kept working, and GUI pages kept responding well. But the log page showed the 4g modem disappearing and reappearing. I suspect it got too hot. The download kept breaking, and while this happened, browsing was no fun.

The device came with “ZBT OS” V23.04.03On their webpage, I found V22.10.09 and also a LEDE version compiled in 2023 but LEDE is from 2017 or so.LEDE Reboot SNAPSHOT r0-1c5495e 23.0627_091144

Pressing reset for 20 seconds during boot brings up a management page (in Chinese, but the phone translate app helps)I managed to backup the V23 firmware, write the V22 firmware, test it, go back to V23 firmware and finally write the LEDE firmware, all successfully and without tricks(do make sure you flash the middle of the 3 file containers, the first being bootloader and the last being the EEPROM)

Notable is that the factory V22 looked exactly the same, worked in every aspect, except did not see my 4G modem driver.Which strengthens my idea ZBT considers this a platform, on which multiple modems could be installed,

The LEDE build did load the modem, and also worked. But crashed even more then before. Also this LEDE build is very crippled. No software repository to load any modules.

Installation using the webinterface:

1. set PC interface to 192.168.1.100 and connect

2. Power on while holding reset for 20 seconds

3. Point browser to 192.168.1.1

4. 2nd menu is flash, 3rd is backup

5. on the 2nd menu, the 2nd file is the firmware file

• Unscrew two small screws under the sticker, which allows to slide out bracket with entire PCB.

Factory LEDE Reboot SNAPSHOT r0-1c5495e 23.0627_091144 bootlog

[ 0.000000] Linux version 4.4.61 (zzk@ubuntu) (gcc version 5.4.0 (LEDE GCC 5.4.0 r0-1c5495e) ) #0 Wed Sep 29 06:03:32 2021[ 0.000000] Board has DDR2[ 0.000000] Analog PMU set to hw control[ 0.000000] Digital PMU set to hw control[ 0.000000] SoC Type: MediaTek MT7628AN ver:1 eco:2[ 0.000000] bootconsole [early0] enabled[ 0.000000] CPU0 revision is: 00019655 (MIPS 24KEc)[ 0.000000] MIPS: machine is ZBT-CPE2801[ 0.000000] Determined physical RAM map:[ 0.000000] memory: 08000000 @ 00000000 (usable)[ 0.000000] Initrd not found or empty - disabling initrd[ 0.000000] Zone ranges:[ 0.000000] Normal [mem 0x0000000000000000-0x0000000007ffffff][ 0.000000] Movable zone start for each node[ 0.000000] Early memory node ranges[ 0.000000] node 0: [mem 0x0000000000000000-0x0000000007ffffff][ 0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x0000000007ffffff][ 0.000000] On node 0 totalpages: 32768[ 0.000000] free_area_init_node: node 0, pgdat 803983d0, node_mem_map 81000000[ 0.000000] Normal zone: 256 pages used for memmap[ 0.000000] Normal zone: 0 pages reserved[ 0.000000] Normal zone: 32768 pages, LIFO batch:7[ 0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.[ 0.000000] Primary data cache 32kB, 4-way, PIPT, no aliases, linesize 32 bytes[ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768[ 0.000000] pcpu-alloc: [0] 0 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 32512[ 0.000000] Kernel command line: console=ttyS0,115200 rootfstype=squashfs,jffs2[ 0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)[ 0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)[ 0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)[ 0.000000] Writing ErrCtl register=0005ccd0[ 0.000000] Readback ErrCtl register=0005ccd0[ 0.000000] Memory: 125688K/131072K available (2937K kernel code, 143K rwdata, 704K rodata, 176K init, 195K bss, 5384K reserved, 0K cma-reserved)[ 0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1[ 0.000000] NR_IRQS:256[ 0.000000] intc: using register map from devicetree[ 0.000000] CPU Clock: 580MHz[ 0.000000] clocksource_probe: no matching clocksources found[ 0.000000] clocksource: MIPS: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 6590553264 ns[ 0.000012] sched_clock: 32 bits at 290MHz, resolution 3ns, wraps every 7405115902ns[ 0.015354] Calibrating delay loop... 385.84 BogoMIPS (lpj=1929216)[ 0.080523] pid_max: default: 32768 minimum: 301[ 0.089780] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)[ 0.102728] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)[ 0.123121] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns[ 0.142509] futex hash table entries: 256 (order: -1, 3072 bytes)[ 0.154686] pinctrl core: initialized pinctrl subsystem[ 0.165656] NET: Registered protocol family 16[ 0.284216] mt7620-pci 10140000.pcie: Port 0 N_FTS = 1b105000[ 0.445224] mt7620-pci 10140000.pcie: PCIE0 no card, disable it(RST&CLK)[ 0.458358] mt7620-pci: probe of 10140000.pcie failed with error -1[ 0.479414] mt7621_gpio 10000600.gpio: registering 32 gpios[ 0.490510] mt7621_gpio 10000600.gpio: registering 32 gpios[ 0.501521] mt7621_gpio 10000600.gpio: registering 32 gpios[ 0.514071] clocksource: Switched to clocksource MIPS[ 0.525575] NET: Registered protocol family 2[ 0.535047] TCP established hash table entries: 1024 (order: 0, 4096 bytes)[ 0.548752] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)[ 0.561268] TCP: Hash tables configured (established 1024 bind 1024)[ 0.573916] UDP hash table entries: 256 (order: 0, 4096 bytes)[ 0.585375] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)[ 0.598003] NET: Registered protocol family 1[ 0.606573] PCI: CLS 0 bytes, default 32[ 0.611646] Crashlog allocated RAM at address 0x3f00000[ 0.638019] squashfs: version 4.0 (2009/01/31) Phillip Lougher[ 0.649479] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.[ 0.671781] io scheduler noop registered[ 0.679460] io scheduler deadline registered (default)[ 0.690902] gpio-export gpio_export: 6 gpio(s) exported[ 0.701413] Serial: 8250/16550 driver, 3 ports, IRQ sharing disabled[ 0.715199] console [ttyS0] disabled[ 0.722163] 10000c00.uartlite: ttyS0 at MMIO 0x10000c00 (irq = 28, base_baud = 2500000) is a 16550A[ 0.740091] console [ttyS0] enabled[ 0.747108] bootconsole [early0] disabled[ 0.756745] spi-mt7621 10000b00.spi: sys_freq: 193333333[ 0.766806] m25p80 spi32766.0: using chunked io (size=32)[ 0.772297] m25p80 spi32766.0: w25q128 (16384 Kbytes)[ 0.777512] 4 ofpart partitions found on MTD device spi32766.0[ 0.783424] Creating 4 MTD partitions on "spi32766.0":[ 0.788652] 0x000000000000-0x000000030000 : "u-boot"[ 0.795539] 0x000000030000-0x000000040000 : "u-boot-env"[ 0.802759] 0x000000040000-0x000000050000 : "factory"[ 0.809811] 0x000000050000-0x000001000000 : "firmware"[ 0.876704] 2 uimage-fw partitions found on MTD device firmware[ 0.882731] 0x000000050000-0x000000186f5d : "kernel"[ 0.889472] 0x000000186f5d-0x000001000000 : "rootfs"[ 0.896449] mtd: device 5 (rootfs) set to be root filesystem[ 0.902297] 1 squashfs-split partitions found on MTD device rootfs[ 0.908638] 0x000000ab0000-0x000001000000 : "rootfs_data"[ 0.925406] rt3050-esw 10110000.esw: link changed 0x00[ 0.933049] mtk_soc_eth 10100000.ethernet eth0: mediatek frame engine at 0xb0100000, irq 5[ 0.942045] mt7621_wdt 10000120.watchdog: Initialized[ 0.948787] NET: Registered protocol family 10[ 0.957055] NET: Registered protocol family 17[ 0.961656] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.[ 0.974517] 8021q: 802.1Q VLAN Support v1.8[ 0.989632] VFS: Mounted root (squashfs filesystem) readonly on device 31:5.[ 0.997823] Freeing unused kernel memory: 176K (803b4000 - 803e0000)[ 2.545014] init: Console is alive[ 2.548679] init: - watchdog -[ 5.504295] kmodloader: loading kernel modules from /etc/modules-boot.d/*[ 5.618664] usbcore: registered new interface driver usbfs[ 5.624435] usbcore: registered new interface driver hub[ 5.629928] usbcore: registered new device driver usb[ 5.669570] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver[ 5.687035] SCSI subsystem initialized[ 5.696282] ehci-platform: EHCI generic platform driver[ 5.711930] phy phy-10120000.usbphy.0: remote usb device wakeup disabled[ 5.718746] phy phy-10120000.usbphy.0: UTMI 16bit 30MHz[ 5.724089] ehci-platform 101c0000.ehci: EHCI Host Controller[ 5.729948] ehci-platform 101c0000.ehci: new USB bus registered, assigned bus number 1[ 5.738117] ehci-platform 101c0000.ehci: irq 26, io mem 0x101c0000[ 5.764097] ehci-platform 101c0000.ehci: USB 2.0 started, EHCI 1.00[ 5.771585] hub 1-0:1.0: USB hub found[ 5.775846] hub 1-0:1.0: 1 port detected[ 5.783300] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver[ 5.791348] ohci-platform: OHCI generic platform driver[ 5.796962] ohci-platform 101c1000.ohci: Generic Platform OHCI controller[ 5.803881] ohci-platform 101c1000.ohci: new USB bus registered, assigned bus number 2[ 5.812029] ohci-platform 101c1000.ohci: irq 26, io mem 0x101c1000[ 5.879298] hub 2-0:1.0: USB hub found[ 5.883504] hub 2-0:1.0: 1 port detected[ 5.890615] uhci_hcd: USB Universal Host Controller Interface driver[ 5.900944] kmodloader: done loading kernel modules from /etc/modules-boot.d/*[ 5.910487] init: - preinit -[ 6.626231] usb 1-1: new high-speed USB device number 2 using ehci-platform[ 6.932160] rt3050-esw 10110000.esw: link changed 0x00[ 6.944975] hub 1-1:1.0: USB hub found[ 6.954389] hub 1-1:1.0: 4 ports detected[ 7.136354] random: procd: uninitialized urandom read (4 bytes read, 12 bits of entropy available)[ 9.288737] mount_root: loading kmods from internal overlay[ 9.329323] kmodloader: loading kernel modules from //etc/modules-boot.d/*[ 9.338362] kmodloader: done loading kernel modules from //etc/modules-boot.d/*[ 11.447108] jffs2: notice: (373) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.[ 11.463434] block: attempting to load /tmp/jffs_cfg/upper/etc/config/fstab[ 11.476904] block: extroot: not configured[ 11.600363] jffs2: notice: (370) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.[ 13.140738] block: attempting to load /tmp/jffs_cfg/upper/etc/config/fstab[ 13.153170] block: extroot: not configured[ 13.158604] mount_root: switching to jffs2 overlay[ 13.199107] urandom-seed: Seeding with /etc/urandom.seed[ 13.336738] procd: - early -[ 13.339771] procd: - watchdog -[ 13.960427] random: jshn: uninitialized urandom read (4 bytes read, 24 bits of entropy available)[ 14.057853] procd: - ubus -[ 14.333895] random: jshn: uninitialized urandom read (4 bytes read, 25 bits of entropy available)[ 14.353853] random: ubusd: uninitialized urandom read (4 bytes read, 25 bits of entropy available)[ 14.364204] random: ubusd: uninitialized urandom read (4 bytes read, 25 bits of entropy available)[ 14.373589] random: ubus: uninitialized urandom read (4 bytes read, 25 bits of entropy available)[ 14.382880] random: ubusd: uninitialized urandom read (4 bytes read, 25 bits of entropy available)[ 14.392430] random: ubusd: uninitialized urandom read (4 bytes read, 25 bits of entropy available)[ 14.406264] random: ubusd: uninitialized urandom read (4 bytes read, 25 bits of entropy available)[ 14.415492] random: ubusd: uninitialized urandom read (4 bytes read, 25 bits of entropy available)[ 14.425404] procd: - init -[ 16.734094] usb 1-1.2: new high-speed USB device number 3 using ehci-platform[ 17.266089] usb 1-1.2: USB disconnect, device number 3[ 21.045298] kmodloader: loading kernel modules from /etc/modules.d/*[ 21.080491] ntfs: driver 2.1.32 [Flags: R/O MODULE].[ 21.097592] tun: Universal TUN/TAP device driver, 1.6[ 21.102728] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>[ 21.118402] l2tp_core: L2TP core driver, V2.0[ 21.125087] l2tp_netlink: L2TP netlink interface[ 21.131852] gre: GRE over IPv4 demultiplexor driver[ 21.139318] ip_gre: GRE over IPv4 tunneling driver[ 21.169298] ip6_tables: (C) 2000-2006 Netfilter Core Team[ 21.207889] Netfilter messages via NETLINK v0.30.[ 21.221027] ip_set: protocol 6[ 21.917332] [ 21.917332] [ 21.917332] === pAd = c0537000, size = 731408 ===[ 21.917332] [ 21.926880] <-- RTMPAllocTxRxRingMemory, Status=0, ErrorValue=0x[ 21.934219] <-- RTMPAllocAdapterBlock, Status=0[ 21.938823] RtmpChipOpsHook(492): Not support for HIF_MT yet![ 21.944662] mt7628_init()-->[ 21.947589] mt7628_init(FW(8a00), HW(8a01), CHIPID(7628))[ 21.953063] e2.bin mt7628_init(1117)::(2), pChipCap->fw_len(63056)[ 21.959339] mt_bcn_buf_init(218): Not support for HIF_MT yet![ 21.965174] <--mt7628_init()[ 21.978210] fuse init (API version 7.23)[ 22.014048] GobiNet: Nodecom_Linux_GobiNet_2016-08-18-0001[ 22.019851] usbcore: registered new interface driver GobiNet[ 22.061503] GobiNet: Quectel_Linux&Android_GobiNet_Driver_V1.6.3[ 22.067845] usbcore: registered new interface driver GobiNet_q[ 22.081839] Bridge firewalling registered[ 22.088343] usbcore: registered new interface driver cdc_ether[ 22.097967] usbcore: registered new interface driver cdc_ncm[ 22.106490] usbcore: registered new interface driver cdc_wdm[ 22.115592] usbcore: registered new interface driver huawei_cdc_ncm[ 22.125159] ip_tables: (C) 2000-2006 Netfilter Core Team[ 22.147114] nf_conntrack version 0.5.0 (1966 buckets, 7864 max)[ 22.254145] usbcore: registered new interface driver qmi_wwan[ 22.265714] usbcore: registered new interface driver rndis_host[ 22.283961] usbcore: registered new interface driver usbserial[ 22.290087] usbcore: registered new interface driver usbserial_generic[ 22.296854] usbserial: USB Serial support registered for generic[ 22.359769] xt_time: kernel timezone is -0000[ 22.382826] PPP generic driver version 2.4.2[ 22.389942] PPP MPPE Compression module registered[ 22.397044] NET: Registered protocol family 24[ 22.403707] PPTP driver version 0.8.5[ 22.416571] l2tp_ppp: PPPoL2TP kernel driver, V2.0[ 22.424388] usbcore: registered new interface driver option[ 22.430177] usbserial: USB Serial support registered for GSM modem (1-port)[ 22.442917] kmodloader: done loading kernel modules from /etc/modules.d/*[ 25.544347] usb 1-1.2: new high-speed USB device number 4 using ehci-platform[ 25.680165] cdc_ether 1-1.2:1.0 usb0: register 'cdc_ether' at usb-101c0000.ehci-1.2, CDC Ethernet Device, 02:0c:29:a3:9b:6d[ 25.720454] option 1-1.2:1.2: GSM modem (1-port) converter detected[ 25.727259] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB0[ 25.813222] option 1-1.2:1.3: GSM modem (1-port) converter detected[ 25.820032] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB1[ 25.844495] option 1-1.2:1.4: GSM modem (1-port) converter detected[ 25.851242] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB2[ 29.739877] TX_BCN DESC a766e000 size = 320[ 29.744275] RX[0] DESC a7670000 size = 2048[ 29.751452] RX[1] DESC a7671000 size = 1024[ 29.838398] cfg_mode=9[ 29.840807] cfg_mode=9[ 29.843205] wmode_band_equal(): Band Equal![ 29.849932] APSDCapable[0]=0[ 29.852852] APSDCapable[1]=0[ 29.855788] APSDCapable[2]=0[ 29.858707] APSDCapable[3]=0[ 29.861624] APSDCapable[4]=0[ 29.864562] APSDCapable[5]=0[ 29.867481] APSDCapable[6]=0[ 29.870396] APSDCapable[7]=0[ 29.873313] APSDCapable[8]=0[ 29.876246] APSDCapable[9]=0[ 29.879164] APSDCapable[10]=0[ 29.882171] APSDCapable[11]=0[ 29.885193] APSDCapable[12]=0[ 29.888200] APSDCapable[13]=0[ 29.891203] APSDCapable[14]=0[ 29.894225] APSDCapable[15]=0[ 29.899854] Key1Str is Invalid key length(0) or Type(1)[ 29.905394] Key2Str is Invalid key length(0) or Type(1)[ 29.910917] Key3Str is Invalid key length(0) or Type(1)[ 29.916465] Key4Str is Invalid key length(0) or Type(1)[ 29.943502] RTMPSetDefaultChannel() : default channel to 1 [ 29.949233] load fw image from fw_header_image[ 29.953739] AndesMTLoadFwMethod1(2174)::pChipCap->fw_len(63056)[ 29.959752] FW Version:_e2_mp[ 29.963155] FW Build Date:20150211175503[ 30.554122] CmdAddressLenReq:(ret = 0)[ 30.558678] CmdFwStartReq: override = 1, address = 1048576[ 30.564383] CmdStartDLRsp: WiFI FW Download Success[ 30.594136] MtAsicDMASchedulerInit(): DMA Scheduler Mode=0(LMAC)[ 30.600256] efuse_probe: efuse = 10000012[ 30.604349] RtmpChipOpsEepromHook::e2p_type=0, inf_Type=4[ 30.609823] RtmpEepromGetDefault::e2p_dafault=2[ 30.614466] RtmpChipOpsEepromHook: E2P type(2), E2pAccessMode = 2, E2P default = 2[ 30.622138] NVM is FLASH mode[ 30.625215] 1. Phy Mode = 14[ 30.786270] Country Region from e2p = ffff[ 30.794238] tssi_1_target_pwr_g_band = 34[ 30.798316] 2. Phy Mode = 14[ 30.801389] 3. Phy Mode = 14[ 30.804349] NICInitPwrPinCfg(11): Not support for HIF_MT yet![ 30.810176] NICInitializeAsic(651): Not support rtmp_mac_sys_reset () for HIF_MT yet![ 30.818158] mt_mac_init()-->[ 30.821078] MtAsicInitMac()-->[ 30.911624] mt7628_init_mac_cr()-->[ 30.915347] MtAsicSetMacMaxLen(1241): Set the Max RxPktLen=1024![ 30.921434] <--mt_mac_init()[ 30.924537] WTBL Segment 1 info:[ 30.927898] MemBaseAddr/FID:0x28000/0[ 30.931785] EntrySize/Cnt:32/128[ 30.935249] WTBL Segment 2 info:[ 30.938608] MemBaseAddr/FID:0x40000/0[ 30.942493] EntrySize/Cnt:64/128[ 30.945953] WTBL Segment 3 info:[ 30.949325] MemBaseAddr/FID:0x42000/64[ 30.953297] EntrySize/Cnt:64/128[ 30.956757] WTBL Segment 4 info:[ 30.960116] MemBaseAddr/FID:0x44000/128[ 30.964194] EntrySize/Cnt:32/128[ 30.967721] AntCfgInit(2876): Not support for HIF_MT yet![ 30.973371] CmdSlotTimeSet:(ret = 0)[ 31.084131] MCS Set = ff ff 00 00 01[ 31.087777] MtAsicSetChBusyStat(826): Not support for HIF_MT yet![ 35.104153] [PMF]ap_pmf_init:: apidx=0, MFPC=0, MFPR=0, SHA256=0[ 35.110549] MtAsicSetRalinkBurstMode(2919): Not support for HIF_MT yet![ 35.117318] MtAsicSetPiggyBack(763): Not support for HIF_MT yet![ 35.143248] MtAsicSetTxPreamble(2898): Not support for HIF_MT yet![ 35.149696] MtAsicSetPreTbtt(): bss_idx=0, PreTBTT timeout = 0xf0[ 35.155914] Main bssid = f8:5e:3c:5e:02:2a[ 35.160138] <==== rt28xx_init, Status=0[ 35.164087] mt7628_set_ed_cca: TURN OFF EDCCA mac 0x10618 = 0xd7083f0f[ 35.170797] WiFi Startup Cost (ra0): 5.430s[ 35.883030] device eth0.1 entered promiscuous mode[ 35.888133] device eth0 entered promiscuous mode[ 35.921144] br-lan: port 1(eth0.1) entered forwarding state[ 35.926934] br-lan: port 1(eth0.1) entered forwarding state[ 36.433830] device eth0.3 entered promiscuous mode[ 36.438935] br-lan: port 2(eth0.3) entered forwarding state[ 36.444655] br-lan: port 2(eth0.3) entered forwarding state[ 36.461133] cdc_ether 1-1.2:1.0 usb0: kevent 12 may have been dropped[ 36.468007] cdc_ether 1-1.2:1.0 usb0: kevent 11 may have been dropped[ 37.960573] br-lan: port 1(eth0.1) entered forwarding state[ 38.444149] br-lan: port 2(eth0.3) entered forwarding state[ 39.487878] device ra0 entered promiscuous mode[ 39.492582] br-lan: port 3(ra0) entered forwarding state[ 39.498078] br-lan: port 3(ra0) entered forwarding state[ 41.494135] br-lan: port 3(ra0) entered forwarding state[ 57.324124] random: nonblocking pool is initialized[ 63.288435] rt3050-esw 10110000.esw: link changed 0x10[ 64.749123] rt3050-esw 10110000.esw: link changed 0x00[ 66.564492] rt3050-esw 10110000.esw: link changed 0x10[ 67.370558] rt3050-esw 10110000.esw: link changed 0x00[ 70.063550] rt3050-esw 10110000.esw: link changed 0x10[ 71.088190] rt3050-esw 10110000.esw: link changed 0x00[ 74.380475] rt3050-esw 10110000.esw: link changed 0x10[ 83.189903] rt3050-esw 10110000.esw: link changed 0x00[ 85.937342] rt3050-esw 10110000.esw: link changed 0x10[ 90.148925] rt3050-esw 10110000.esw: link changed 0x00[ 93.033916] rt3050-esw 10110000.esw: link changed 0x10[ 108.396699] ---->CmdPsRetrieveStartRspFromCR Entry(wcid=1) ps state(0) is not APPS_RETRIEVE_START_PS[ 108.414083] AndesSendCmdMsg: Command type = ed, Extension command type = 27[ 108.421153] BUG: AndesSendCmdMsg is called from invalid context[ 123.522697] Rcv Wcid(1) AddBAReq[ 123.526085] Start Seq = 0000013e[ 124.458359] da match,0xf85e3c5e022a[ 125.424095] AndesSendCmdMsg: Command type = ed, Extension command type = 27[ 125.431176] BUG: AndesSendCmdMsg is called from invalid context[ 140.652680] da match,0xf85e3c5e022a[ 148.372171] ---->CmdPsRetrieveStartRspFromCR Entry(wcid=1) ps state(0) is not APPS_RETRIEVE_START_PS[ 148.524102] AndesSendCmdMsg: Command type = ed, Extension command type = 27[ 148.531187] BUG: AndesSendCmdMsg is called from invalid context[ 159.431604] Rcv Wcid(1) AddBAReq[ 159.434961] Start Seq = 0000012e[ 212.641208] da match,0xf85e3c5e022a[ 212.658382] MtPsRedirectDisableCheck(528): [wlan_idx=0x1] PS Redirect mode(pfgForce = 1) is enabled. Send PC Clear command to FW.[ 212.670264] ---->CmdPsRetrieveStartRspFromCR Entry(wcid=1) left.

These are the packages that the manufacturer felt needed to be in LEDE

root@Router:/etc/config# opkg list-installedat-cmd - 1ated - 4200base-files - 172-23.0627_091144blkid - 2.29.2-1block-mount - 2017-03-29-20c16fc5-1busybox - 1.26.2-7chat - 2.4.7-11comgt - 0.32-28curl - 7.53.1-1ddns-scripts - 2.7.8-11dnsmasq - 2.77test5-1dropbear - 2016.74-2firewall - 2018-08-13-1c4d5bcd-1flash - 1fstools - 2017-03-29-20c16fc5-1fwtool - 1hostapd-common - 2016-12-19-ad02e79d-2ip-tiny - 4.4.0-10ip6tables - 1.6.1-1ipset - 6.30-1iptables - 1.6.1-1iptables-mod-conntrack-extra - 1.6.1-1iptables-mod-extra - 1.6.1-1iptables-mod-ipopt - 1.6.1-1iptables-mod-nat-extra - 1.6.1-1iw - 4.9-1iwinfo - 2016-09-21-fd9e17be-1jshn - 2017-02-24-96305a3c-1jsonfilter - 2016-07-02-dea067ad-1kernel - 4.4.61-1-47e5a3428bdbc3b175ffc051cb43434dkmod-br-netfilter - 4.4.61-1kmod-cfg80211 - 4.4.61+2017-01-31-1kmod-crypto-aead - 4.4.61-1kmod-crypto-crc32c - 4.4.61-1kmod-crypto-ecb - 4.4.61-1kmod-crypto-hash - 4.4.61-1kmod-crypto-manager - 4.4.61-1kmod-crypto-null - 4.4.61-1kmod-crypto-pcompress - 4.4.61-1kmod-crypto-sha1 - 4.4.61-1kmod-crypto-sha256 - 4.4.61-1kmod-dnsresolver - 4.4.61-1kmod-fibocom_gobinet - 4.4.61+1.0.0-1kmod-fs-autofs4 - 4.4.61-1kmod-fs-ext4 - 4.4.61-1kmod-fs-ntfs - 4.4.61-1kmod-fs-vfat - 4.4.61-1kmod-fuse - 4.4.61-1kmod-gpio-button-hotplug - 4.4.61-2kmod-gre - 4.4.61-1kmod-ip6tables - 4.4.61-1kmod-ipt-conntrack - 4.4.61-1kmod-ipt-conntrack-extra - 4.4.61-1kmod-ipt-core - 4.4.61-1kmod-ipt-extra - 4.4.61-1kmod-ipt-ipopt - 4.4.61-1kmod-ipt-ipset - 4.4.61-1kmod-ipt-nat - 4.4.61-1kmod-ipt-nat-extra - 4.4.61-1kmod-ipt-raw - 4.4.61-1kmod-iptunnel - 4.4.61-1kmod-l2tp - 4.4.61-1kmod-leds-gpio - 4.4.61-1kmod-lib-crc-ccitt - 4.4.61-1kmod-lib-crc16 - 4.4.61-1kmod-lib-textsearch - 4.4.61-1kmod-libphy - 4.4.61-1kmod-mii - 4.4.61-1kmod-mppe - 4.4.61-1kmod-mt7628 - 4.4.61+p4rev-120395-1kmod-nf-conntrack - 4.4.61-1kmod-nf-conntrack6 - 4.4.61-1kmod-nf-ipt - 4.4.61-1kmod-nf-ipt6 - 4.4.61-1kmod-nf-nat - 4.4.61-1kmod-nf-nathelper-extra - 4.4.61-1kmod-nfnetlink - 4.4.61-1kmod-nls-base - 4.4.61-1kmod-nls-cp437 - 4.4.61-1kmod-nls-cp936 - 4.4.61-1kmod-nls-iso8859-1 - 4.4.61-1kmod-nls-utf8 - 4.4.61-1kmod-ppp - 4.4.61-1kmod-pppoe - 4.4.61-1kmod-pppol2tp - 4.4.61-1kmod-pppox - 4.4.61-1kmod-pptp - 4.4.61-1kmod-quectel_gobinet - 4.4.61+1.6.3-1kmod-quectel_qmi - 4.4.61+1.1.2-1kmod-scsi-core - 4.4.61-1kmod-slhc - 4.4.61-1kmod-swconfig - 4.4.61-1kmod-tun - 4.4.61-1kmod-udptunnel4 - 4.4.61-1kmod-udptunnel6 - 4.4.61-1kmod-usb-core - 4.4.61-1kmod-usb-ehci - 4.4.61-1kmod-usb-ledtrig-usbport - 4.4.61-1kmod-usb-net - 4.4.61-1kmod-usb-net-cdc-ether - 4.4.61-1kmod-usb-net-cdc-ncm - 4.4.61-1kmod-usb-net-huawei-cdc-ncm - 4.4.61-1kmod-usb-net-qmi-wwan - 4.4.61-1kmod-usb-net-rndis - 4.4.61-1kmod-usb-ohci - 4.4.61-1kmod-usb-serial - 4.4.61-1kmod-usb-serial-option - 4.4.61-1kmod-usb-serial-wwan - 4.4.61-1kmod-usb-uhci - 4.4.61-1kmod-usb-wdm - 4.4.61-1kmod-usb2 - 4.4.61-1lede-keyring - 2017-01-20-a50b7529-1libblkid - 2.29.2-1libblobmsg-json - 2017-02-24-96305a3c-1libc - 1.1.16-1libcurl - 7.53.1-1libgcc - 5.4.0-1libip4tc - 1.6.1-1libip6tc - 1.6.1-1libiwinfo - 2016-09-21-fd9e17be-1libiwinfo-lua - 2016-09-21-fd9e17be-1libjson-c - 0.12.1-1libjson-script - 2017-02-24-96305a3c-1liblua - 5.1.5-1liblucihttp - 2019-07-05-a34a17d5-1liblucihttp-lua - 2019-07-05-a34a17d5-1liblzo - 2.10-1libmbedtls - 2.4.2-1libmnl - 1.0.4-1libncurses - 6.0-1libnl-tiny - 0.1-5libnvram - 1libopenssl - 1.0.2k-1libpcap - 1.8.1-1libpcre - 8.43-1libpthread - 1.1.16-1libreadline - 7.0-1librt - 1.1.16-1libstdcpp - 5.4.0-1libubox - 2017-02-24-96305a3c-1libubus - 2017-02-18-34c6e818-1libubus-lua - 2017-02-18-34c6e818-1libuci - 2016-07-04-e1bf4356-1libuci-lua - 2016-07-04-e1bf4356-1libuclient - 2016-12-09-52d955fd-1libusb-1.0 - 1.0.21-1libuuid - 2.29.2-1libxtables - 1.6.1-1logd - 2017-03-03-21a4bd04-1lua - 5.1.5-1lua-cjson - 2.1.0-2luasocket - 3.0-rc1-20130909-5luci - git-21.272.21812-1c5495e-1luci-app-cloud - 1-0luci-app-ddns - 2.4.9-7luci-app-firewall - git-21.272.21812-1c5495e-1luci-app-module - 1-0luci-app-mwan3 - git-21.272.21812-1c5495e-1luci-app-openvpn - git-21.272.21812-1c5495e-1luci-app-opkg - git-21.272.21812-1c5495e-1luci-app-schedule_reboot - 1-0luci-app-watchdog - 1-0luci-app-webconsole - git-21.272.21812-1c5495e-1luci-app-wifidog - git-21.272.21812-1c5495e-1luci-base - git-21.272.21812-1c5495e-1luci-i18n-base-en - git-21.272.21812-1c5495e-1luci-i18n-base-ru - git-21.272.21812-1c5495e-1luci-i18n-base-zh-cn - git-21.272.21812-1c5495e-1luci-i18n-ddns-ru - 2.4.9-7luci-i18n-ddns-zh-cn - 2.4.9-7luci-i18n-firewall-en - git-21.272.21812-1c5495e-1luci-i18n-firewall-ru - git-21.272.21812-1c5495e-1luci-i18n-firewall-zh-cn - git-21.272.21812-1c5495e-1luci-i18n-mwan3-ru - git-21.272.21812-1c5495e-1luci-i18n-mwan3-zh-cn - git-21.272.21812-1c5495e-1luci-i18n-openvpn-en - git-21.272.21812-1c5495e-1luci-i18n-openvpn-ru - git-21.272.21812-1c5495e-1luci-i18n-openvpn-zh-cn - git-21.272.21812-1c5495e-1luci-i18n-opkg-en - git-21.272.21812-1c5495e-1luci-i18n-opkg-ru - git-21.272.21812-1c5495e-1luci-i18n-opkg-zh-cn - git-21.272.21812-1c5495e-1luci-i18n-wifidog-ru - git-21.272.21812-1c5495e-1luci-i18n-wifidog-zh-cn - git-21.272.21812-1c5495e-1luci-lib-ip - git-21.272.21812-1c5495e-1luci-lib-ipkg - git-21.272.21812-1c5495e-1luci-lib-jsonc - git-21.272.21812-1c5495e-1luci-lib-nixio - git-21.272.21812-1c5495e-1luci-mod-admin-full - git-21.272.21812-1c5495e-1luci-mod-network - git-21.272.21812-1c5495e-1luci-mod-status - git-21.272.21812-1c5495e-1luci-mod-system - git-21.272.21812-1c5495e-1luci-mtk-wireless - 0.1luci-proto-3g - git-21.272.21812-1c5495e-1luci-proto-ipv6 - git-21.272.21812-1c5495e-1luci-proto-ppp - git-21.272.21812-1c5495e-1luci-theme-bootstrap - git-21.272.21812-1c5495e-1luci-theme-material - git-21.272.21812-1c5495e-1maccalc - 1microperl - 5.8.9-1mtd - 21mtk_write_sn - 1mwan3 - 2.8.2-2netifd - 2017-04-12-11cb9cfb-1ngrokc - 20170922-1ntfs-3g - 2017.3.23-2-fuseintodhcp6c - 2017-03-22-0463b057-1odhcpd - 2017-04-28-9268ca65-1openvpn-openssl - 2.4.1-1opkg - 2017-05-03-04e279eb-1ppp - 2.4.7-11ppp-mod-pppoe - 2.4.7-11ppp-mod-pppol2tp - 2.4.7-11ppp-mod-pptp - 2.4.7-11procd - 2017-03-05-8f218f56-1quagga - 1.1.0-1quagga-bgpd - 1.1.0-1quagga-libospf - 1.1.0-1quagga-libzebra - 1.1.0-1quagga-ospfd - 1.1.0-1quagga-vtysh - 1.1.0-1quagga-watchquagga - 1.1.0-1quagga-zebra - 1.1.0-1quectel-CM - 1rctl - 0.0.0-1resolveip - 2rpcd - 2016-12-03-0577cfc1-1rpcd-mod-iwinfo - 2016-12-03-0577cfc1-1rpcd-mod-rrdns - 20170710swconfig - 11terminfo - 6.0-1ubox - 2017-03-03-21a4bd04-1ubus - 2017-02-18-34c6e818-1ubusd - 2017-02-18-34c6e818-1uci - 2016-07-04-e1bf4356-1uci2dat - 1uclibcxx - 0.2.4-3uclient-fetch - 2016-12-09-52d955fd-1uhttpd - 2016-10-25-1628fa4b-1usb-modeswitch - 2017-12-19-f40f84c2-2usign - 2015-07-04-ef641914-1wget - 1.20.3-1wificonf - 1wifidog - 1.3.0-4wireless-tools - 29-5xl2tpd - 1.3.13-1yunclient - 1.0.0-1zlib - 1.2.11-1

This is all the /etc/config that manufacturer felt needed to be made

root@Router:/etc/config# ls -l-rwxr-xr-x 1 root root 128 Sep 29 06:05 cloudlogin-rw------- 1 root root 778 Sep 29 06:03 ddns-rw-r--r-- 1 root root 740 Sep 29 06:03 dhcp-rw-r--r-- 1 root root 134 Sep 29 06:03 dropbear-rw-r--r-- 1 root root 4250 Sep 29 06:03 firewall-rw-r--r-- 1 root root 151 Sep 29 06:03 fstab-rw-r--r-- 1 root root 983 Sep 29 06:03 luci-rwxrwxr-x 1 root root 1605 Sep 29 06:03 mwan3-rwxrwxr-x 1 root root 147 Sep 29 06:03 my-rw-r--r-- 1 root root 1352 Sep 29 06:04 network-rw------- 1 root root 13368 Sep 29 06:03 openvpn-rw-rw-r-- 1 root root 2578 Sep 29 06:03 openvpn_recipes-rw------- 1 root root 97 Sep 29 06:03 rpcd-rwxrwxrwx 1 root root 95 Sep 29 06:03 schedule-rw-r--r-- 1 root root 863 Sep 29 06:03 system-rw-r--r-- 1 root root 909 Sep 29 06:03 ucitrack-rw------- 1 root root 3779 Sep 29 06:03 uhttpd-rwxr--r-- 1 root root 719 Sep 29 06:03 wifidog-rw-r--r-- 1 root root 946 Sep 29 06:03 wirelessroot@Router:/etc/config# for file in *; do printf '%s\n' "$file"; cat "$file"; donecloudloginconfig defaults 'main' option enable_cloudlogin '0' option cloudlogin_name 'f85e3c5e022cdtop' option cloudlogin_status '0'ddnsconfig ddns 'global' option ddns_dateformat '%F %R' option ddns_loglines '250' option upd_privateip '0'config service 'myddns_ipv4' option lookup_host 'yourhost.example.com' option domain 'yourhost.example.com' option username 'your_username' option password 'your_password' option interface 'wan' option ip_source 'network' option ip_network 'wan' option service_name 'dyn.com'config service 'myddns_ipv6' option update_url 'http://[USERNAME]:[PASSWORD]@your.provider.net/nic/update?hostname=[DOMAIN]&myip=[IP]' option lookup_host 'yourhost.example.com' option domain 'yourhost.example.com' option username 'your_username' option password 'your_password' option use_ipv6 '1' option interface 'wan6' option ip_source 'network' option ip_network 'wan6'dhcpconfig dnsmasq option domainneeded '1' option boguspriv '1' option filterwin2k '0' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option nonegcache '0' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' option localservice '1'config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h'config dhcp 'wan' option interface 'wan' option ignore '1'config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' option loglevel '4'dropbearconfig dropbear option PasswordAuth 'on' option RootPasswordAuth 'on' option Port '22'# option BannerFile '/etc/banner'firewallconfig defaults option syn_flood 1 option input ACCEPT option output ACCEPT option forward REJECT# Uncomment this line to disable ipv6 rules# option disable_ipv6 1config zone option name lan list network 'lan' option input ACCEPT option output ACCEPT option forward ACCEPTconfig zone option name wan list network 'wan' list network 'wan6' list network '4g' list network '4g2' option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1config forwarding option src lan option dest wan# We need to accept udp packets on port 68,# see https://dev.openwrt.org/ticket/4108config rule option name Allow-DHCP-Renew option src wan option proto udp option dest_port 68 option target ACCEPT option family ipv4# Allow IPv4 pingconfig rule option name Allow-Ping option src wan option proto icmp option icmp_type echo-request option family ipv4 option target ACCEPTconfig rule option name Allow-IGMP option src wan option proto igmp option family ipv4 option target ACCEPT# Allow DHCPv6 replies# see https://dev.openwrt.org/ticket/10381config rule option name Allow-DHCPv6 option src wan option proto udp option src_ip fc00::/6 option dest_ip fc00::/6 option dest_port 546 option family ipv6 option target ACCEPTconfig rule option name Allow-MLD option src wan option proto icmp option src_ip fe80::/10 list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family ipv6 option target ACCEPT# Allow essential incoming IPv6 ICMP trafficconfig rule option name Allow-ICMPv6-Input option src wan option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type list icmp_type router-solicitation list icmp_type neighbour-solicitation list icmp_type router-advertisem*nt list icmp_type neighbour-advertisem*nt option limit 1000/sec option family ipv6 option target ACCEPT# Allow essential forwarded IPv6 ICMP trafficconfig rule option name Allow-ICMPv6-Forward option src wan option dest * option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type option limit 1000/sec option family ipv6 option target ACCEPTconfig rule option name Allow-IPSec-ESP option src wan option dest lan option proto esp option target ACCEPTconfig rule option name Allow-ISAKMP option src wan option dest lan option dest_port 500 option proto udp option target ACCEPT# include a file with users custom iptables rulesconfig include option path /etc/firewall.user### EXAMPLE CONFIG SECTIONS# do not allow a specific ip to access wan#config rule# option src lan# option src_ip 192.168.45.2# option dest wan# option proto tcp# option target REJECT# block a specific mac on wan#config rule# option dest wan# option src_mac 00:11:22:33:44:66# option target REJECT# block incoming ICMP traffic on a zone#config rule# option src lan# option proto ICMP# option target DROP# port redirect port coming in on wan to lan#config redirect# option src wan# option src_dport 80# option dest lan# option dest_ip 192.168.16.235# option dest_port 80# option proto tcp# port redirect of remapped ssh port (22001) on wan#config redirect# option src wan# option src_dport 22001# option dest lan# option dest_port 22# option proto tcp### FULL CONFIG SECTIONS#config rule# option src lan# option src_ip 192.168.45.2# option src_mac 00:11:22:33:44:55# option src_port 80# option dest wan# option dest_ip 194.25.2.129# option dest_port 120# option proto tcp# option target REJECT#config redirect# option src lan# option src_ip 192.168.45.2# option src_mac 00:11:22:33:44:55# option src_port 1024# option src_dport 80# option dest_ip 194.25.2.129# option dest_port 120# option proto tcpfstabconfig 'global' option anon_swap '0' option anon_mount '0' option auto_swap '1' option auto_mount '1' option delay_root '5' option check_fs '0'luciconfig core 'main' option lang 'auto' option resourcebase '/luci-static/resources' option mediaurlbase '/luci-static/material'config extern 'flash_keep' option uci '/etc/config/' option dropbear '/etc/dropbear/' option openvpn '/etc/openvpn/' option passwd '/etc/passwd' option opkg '/etc/opkg.conf' option firewall '/etc/firewall.user' option uploads '/lib/uci/upload/'config internal 'languages' option en 'English' option ru 'Русский (Russian)' option zh_cn '中文 (Chinese)'config internal 'sauth' option sessionpath '/tmp/luci-sessions' option sessiontime '3600'config internal 'ccache' option enable '1'config internal 'themes' option Bootstrap '/luci-static/bootstrap' option Material '/luci-static/material'config internal 'apply' option rollback '30' option holdoff '4' option timeout '5' option display '1.5'config internal 'diag' option dns 'lede-project.org' option ping 'lede-project.org' option route 'lede-project.org'mwan3config globals 'globals' option mmx_mask '0x3F00' option rtmon_interval '5'config member 'member_wan' option interface 'wan' option metric '10' option weight '1'config member 'member_4g' option interface '4g' option metric '20' option weight '1'config policy 'hotspare' option last_resort 'default' list use_member 'member_4g' list use_member 'member_wan'config rule 'default_rule' option dest_ip '0.0.0.0/0' option use_policy 'hotspare' option proto 'all' option sticky '0'config interface '4g' option enabled '1' option initial_state 'online' option family 'ipv4' list track_ip '114.114.114.114' list track_ip '8.8.8.8' option track_method 'ping' option reliability '1' option count '1' option size '56' option max_ttl '60' option check_quality '0' option timeout '2' option failure_interval '5' option recovery_interval '5' option down '3' option up '3' option interval '3' list flush_conntrack 'ifup' list flush_conntrack 'ifdown' list flush_conntrack 'connected' list flush_conntrack 'disconnected'config interface 'wan' option enabled '1' option initial_state 'online' option family 'ipv4' list track_ip '114.114.114.114' list track_ip '8.8.8.8' option track_method 'ping' option reliability '1' option count '1' option size '56' option max_ttl '60' option check_quality '0' option timeout '2' option failure_interval '5' option recovery_interval '5' option down '3' option up '3' option interval '3' list flush_conntrack 'ifup' list flush_conntrack 'ifdown' list flush_conntrack 'connected' list flush_conntrack 'disconnected'myconfig defaults main option enable_yunlogin 0 option enable_softdog no option watchdog_server1 8.8.8.8 option watchdog_server2 114.114.114.114networkconfig interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0'config globals 'globals' option ula_prefix 'fd42:6f89:9e9b::/48'config interface 'lan' option type 'bridge' option ifname 'eth0.1 eth0.3' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60'config device 'lan_dev' option name 'eth0.1 eth0.3' option macaddr 'f8:5e:3c:5e:02:2c'config interface 'wan' option ifname 'eth0.2' option proto 'dhcp' option metric '10'config device 'wan_dev' option name 'eth0.2' option macaddr 'f8:5e:3c:5e:02:2d'config interface 'wan6' option ifname 'eth0.2' option proto 'dhcpv6'config switch option name 'switch0' option reset '1' option enable_vlan '1'config switch_vlan option device 'switch0' option vlan '1' option ports '1 2 6t'config switch_vlan option device 'switch0' option vlan '2' option ports '3 6t'config switch_vlan option device 'switch0' option vlan '3' option ports '4 6t'config interface '4g' option ifname 'usb0' option proto 'dhcp' option model '/usr/sbin/quectel_ec200' option metric '20'config interface '4g2' option ifname 'usb1' option proto 'dhcp' option model '/usr/sbin/quectel_ec200' option metric '30' option peerdns '0' option dns '192.168.43.1 8.8.8.8'openvpnpackage openvpn################################################## Sample to include a custom config file. ##################################################config openvpn custom_config # Set to 1 to enable this instance: option enabled 0 # Include OpenVPN configuration option config /etc/openvpn/my-vpn.conf################################################## Sample OpenVPN 2.0 uci config for ## multi-client server. ##################################################config openvpn sample_server # Set to 1 to enable this instance: option enabled 0 # Which local IP address should OpenVPN # listen on? (optional)# option local 0.0.0.0 # Which TCP/UDP port should OpenVPN listen on? # If you want to run multiple OpenVPN instances # on the same machine, use a different port # number for each one. You will need to # open up this port on your firewall. option port 1194 # TCP or UDP server?# option proto tcp option proto udp # "dev tun" will create a routed IP tunnel, # "dev tap" will create an ethernet tunnel. # Use "dev tap0" if you are ethernet bridging # and have precreated a tap0 virtual interface # and bridged it with your ethernet interface. # If you want to control access policies # over the VPN, you must create firewall # rules for the the TUN/TAP interface. # On non-Windows systems, you can give # an explicit unit number, such as tun0. # On Windows, use "dev-node" for this. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface.# option dev tap option dev tun # SSL/TLS root certificate (ca), certificate # (cert), and private key (key). Each client # and the server must have their own cert and # key file. The server and all clients will # use the same ca file. # # See the "easy-rsa" directory for a series # of scripts for generating RSA certificates # and private keys. Remember to use # a unique Common Name for the server # and each of the client certificates. # # Any X509 key management system can be used. # OpenVPN can also use a PKCS #12 formatted key file # (see "pkcs12" directive in man page). option ca /etc/openvpn/ca.crt option cert /etc/openvpn/server.crt # This file should be kept secret: option key /etc/openvpn/server.key # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. option dh /etc/openvpn/dh1024.pem # Configure server mode and supply a VPN subnet # for OpenVPN to draw client addresses from. # The server will take 10.8.0.1 for itself, # the rest will be made available to clients. # Each client will be able to reach the server # on 10.8.0.1. Comment this line out if you are # ethernet bridging. See the man page for more info. option server "10.8.0.0 255.255.255.0" # Maintain a record of client <-> virtual IP address # associations in this file. If OpenVPN goes down or # is restarted, reconnecting clients can be assigned # the same virtual IP address from the pool that was # previously assigned. option ifconfig_pool_persist /tmp/ipp.txt # Configure server mode for ethernet bridging. # You must first use your OS's bridging capability # to bridge the TAP interface with the ethernet # NIC interface. Then you must manually set the # IP/netmask on the bridge interface, here we # assume 10.8.0.4/255.255.255.0. Finally we # must set aside an IP range in this subnet # (start=10.8.0.50 end=10.8.0.100) to allocate # to connecting clients. Leave this line commented # out unless you are ethernet bridging.# option server_bridge "10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100" # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server.# list push "route 192.168.10.0 255.255.255.0"# list push "route 192.168.20.0 255.255.255.0" # To assign specific IP addresses to specific # clients or if a connecting client has a private # subnet behind it that should also have VPN access, # use the subdirectory "ccd" for client-specific # configuration files (see man page for more info). # EXAMPLE: Suppose the client # having the certificate common name "Thelonious" # also has a small subnet behind his connecting # machine, such as 192.168.40.128/255.255.255.248. # First, uncomment out these lines:# option client_config_dir /etc/openvpn/ccd# list route "192.168.40.128 255.255.255.248" # Then create a file ccd/Thelonious with this line: # iroute 192.168.40.128 255.255.255.248 # This will allow Thelonious' private subnet to # access the VPN. This example will only work # if you are routing, not bridging, i.e. you are # using "dev tun" and "server" directives. # EXAMPLE: Suppose you want to give # Thelonious a fixed VPN IP address of 10.9.0.1. # First uncomment out these lines:# option client_config_dir /etc/openvpn/ccd# list route "10.9.0.0 255.255.255.252"# list route "192.168.100.0 255.255.255.0" # Then add this line to ccd/Thelonious: # ifconfig-push "10.9.0.1 10.9.0.2" # Suppose that you want to enable different # firewall access policies for different groups # of clients. There are two methods: # (1) Run multiple OpenVPN daemons, one for each # group, and firewall the TUN/TAP interface # for each group/daemon appropriately. # (2) (Advanced) Create a script to dynamically # modify the firewall in response to access # from different clients. See man # page for more info on learn-address script.# option learn_address /etc/openvpn/script # If enabled, this directive will configure # all clients to redirect their default # network gateway through the VPN, causing # all IP traffic such as web browsing and # and DNS lookups to go through the VPN # (The OpenVPN server machine may need to NAT # the TUN/TAP interface to the internet in # order for this to work properly). # CAVEAT: May break client's network config if # client's local DHCP server packets get routed # through the tunnel. Solution: make sure # client's local DHCP server is reachable via # a more specific route than the default route # of 0.0.0.0/0.0.0.0.# list push "redirect-gateway" # Certain Windows-specific network settings # can be pushed to clients, such as DNS # or WINS server addresses. CAVEAT: # http://openvpn.net/faq.html#dhcpcaveats# list push "dhcp-option DNS 10.8.0.1"# list push "dhcp-option WINS 10.8.0.1" # Uncomment this directive to allow different # clients to be able to "see" each other. # By default, clients will only see the server. # To force clients to only see the server, you # will also need to appropriately firewall the # server's TUN/TAP interface.# option client_to_client 1 # Uncomment this directive if multiple clients # might connect with the same certificate/key # files or common names. This is recommended # only for testing purposes. For production use, # each client should have its own certificate/key # pair. # # IF YOU HAVE NOT GENERATED INDIVIDUAL # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, # EACH HAVING ITS OWN UNIQUE "COMMON NAME", # UNCOMMENT THIS LINE OUT.# option duplicate_cn 1 # The keepalive directive causes ping-like # messages to be sent back and forth over # the link so that each side knows when # the other side has gone down. # Ping every 10 seconds, assume that remote # peer is down if no ping received during # a 120 second time period. option keepalive "10 120" # For extra security beyond that provided # by SSL/TLS, create an "HMAC firewall" # to help block DoS attacks and UDP port flooding. # # Generate with: # openvpn --genkey --secret ta.key # # The server and each client must have # a copy of this key. # The second parameter should be '0' # on the server and '1' on the clients. # This file is secret:# option tls_auth "/etc/openvpn/ta.key 0" # Select a cryptographic cipher. # This config item must be copied to # the client config file as well. # Blowfish (default):# option cipher BF-CBC # AES:# option cipher AES-128-CBC # Triple-DES:# option cipher DES-EDE3-CBC # Enable compression on the VPN link. # If you enable it here, you must also # enable it in the client config file. # LZ4 requires OpenVPN 2.4+ client and server# option compress lz4 # LZO is compatible with most OpenVPN versions # (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients) option compress lzo # The maximum number of concurrently connected # clients we want to allow.# option max_clients 100 # The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. option persist_key 1 option persist_tun 1 option user nobody # Output a short status file showing # current connections, truncated # and rewritten every minute. option status /tmp/openvpn-status.log # By default, log messages will go to the syslog (or # on Windows, if running as a service, they will go to # the "\Program Files\OpenVPN\log" directory). # Use log or log-append to override this default. # "log" will truncate the log file on OpenVPN startup, # while "log-append" will append to it. Use one # or the other (but not both).# option log /tmp/openvpn.log# option log_append /tmp/openvpn.log # Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose option verb 3 # Silence repeating messages. At most 20 # sequential messages of the same message # category will be output to the log.# option mute 20############################################### Sample client-side OpenVPN 2.0 uci config ## for connecting to multi-client server. ###############################################config openvpn sample_client # Set to 1 to enable this instance: option enabled 0 # Specify that we are a client and that we # will be pulling certain config file directives # from the server. option client 1 # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface.# option dev tap option dev tun # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server.# option proto tcp option proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. list remote "my_server_1 1194"# list remote "my_server_2 1194" # Choose a random host from the remote # list for load_balancing. Otherwise # try hosts in the order specified.# option remote_random 1 # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. option resolv_retry infinite # Most clients don't need to bind to # a specific local port number. option nobind 1 # Try to preserve some state across restarts. option persist_key 1 option persist_tun 1 option user nobody # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. # retry on connection failures:# option http_proxy_retry 1 # specify http proxy address and port:# option http_proxy "192.168.1.100 8080" # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings.# option mute_replay_warnings 1 # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. option ca /etc/openvpn/ca.crt option cert /etc/openvpn/client.crt option key /etc/openvpn/client.key # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build_key_server # script in the easy_rsa folder will do this.# option ns_cert_type server # If a tls_auth key is used on the server # then every client must also have the key.# option tls_auth "/etc/openvpn/ta.key 1" # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here.# option cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. # LZ4 requires OpenVPN 2.4+ on server and client# option compress lz4 # LZO is compatible with most OpenVPN versions option compress lzo # Set log file verbosity. option verb 3 # Silence repeating messages# option mute 20openvpn_recipes## Routed point-to-point server#config openvpn_recipe server_tun_ptp option _description 'Simple server configuration for a routed point-to-point VPN' option _role 'server' option dev 'tun' option ifconfig '10.0.0.1 10.0.0.2' option secret 'shared-secret.key' option keepalive '10 60' option comp_lzo 'yes' option verb '3' option mssfix '1420'## Routed point-to-point client#config openvpn_recipe client_tun_ptp option _description 'Simple client configuration for a routed point-to-point VPN' option _role 'client' option dev 'tun' list remote 'vpnserver.example.org' option ifconfig '10.0.0.2 10.0.0.1' option secret 'shared-secret.key' option nobind '1' option comp_lzo 'yes' option verb '3'## Routed multi-client server#config openvpn_recipe server_tun option _description 'Server configuration for a routed multi-client VPN' option _role 'server' option dev 'tun' option server '10.0.100.0 255.255.255.0' option ca 'ca.crt' option cert 'server.crt' option key 'server.key' option dh 'dh1024.pem' option keepalive '10 60' option comp_lzo 'yes' option verb '3' option mssfix '1420'## Routed client#config openvpn_recipe client_tun option _description 'Client configuration for a routed multi-client VPN' option _role 'client' option client '1' option dev 'tun' list remote 'vpnserver.example.org' option pkcs12 'my_client.p12' option remote_cert_tls 'server' option comp_lzo 'yes' option nobind '1' option persist_key '1' option persist_tun '1' option verb '3' option reneg_sec '0' option float '1'## Multi-client ethernet bridge server#config openvpn_recipe server_tap_bridge option _description 'Server configuration for an ethernet bridge VPN' option _role 'server' option dev 'tap' option server_bridge '192.168.1.1 255.255.255.0 192.168.1.128 192.168.1.254' option ca 'ca.crt' option cert 'server.crt' option key 'server.key' option dh 'dh1024.pem' option keepalive '10 60' option comp_lzo 'yes' option verb '3' option mssfix '1420'## Ethernet bridge client#config openvpn_recipe client_tap_bridge option _description 'Client configuration for an ethernet bridge VPN' option _role 'client' option client '1' option dev 'tap' list remote 'vpnserver.example.org' option ca 'ca.crt' option cert 'my_client.crt' option key 'my_client.key' option dh 'dh1024.pem' option remote_cert_tls 'server' option comp_lzo 'yes' option nobind '1' option persist_key '1' option verb '3' option reneg_sec '0' option float '1'rpcdconfig login option username 'root' option password '$p$root' list read '*' list write '*'scheduleconfig reboot 'reboot' option enable '0'config timezone 'timezone' option zonename 'UTC'systemconfig system option hostname 'Router' option timezone 'UTC' option ttylogin '0' option log_size '64' option urandom_seed '0'config timeserver 'ntp' option enabled '1' option enable_server '0' list server '0.lede.pool.ntp.org' list server '1.lede.pool.ntp.org' list server '2.lede.pool.ntp.org' list server '3.lede.pool.ntp.org'config led 'led_wifi_led' option name 'wifi' option sysfs 'ra0' option trigger 'netdev' option mode 'link tx rx' option dev 'ra0'config led 'led_net' option name 'eth0.2' option sysfs 'net' option trigger 'netdev' option mode 'tx rx' option dev 'eth0.2'config led 'led_4g' option name 'usb0' option sysfs '4g' option trigger 'netdev' option mode 'tx rx' option dev 'usb0'config led 'led_4g2' option name 'usb1' option sysfs '4g2' option trigger 'netdev' option mode 'tx rx' option dev 'usb1'ucitrackconfig network option init 'network' list affects 'dhcp' list affects 'radvd'config wireless list affects 'network'config firewall option init 'firewall' list affects 'luci-splash' list affects 'qos' list affects 'miniupnpd'config olsr option init 'olsrd'config dhcp option init 'dnsmasq' list affects 'odhcpd'config odhcpd option init 'odhcpd'config dropbear option init 'dropbear'config httpd option init 'httpd'config fstab option exec '/sbin/block mount'config qos option init 'qos'config system option init 'led' option exec '/etc/init.d/log reload' list affects 'luci_statistics' list affects 'dhcp'config luci_splash option init 'luci_splash'config upnpd option init 'miniupnpd'config ntpclient option init 'ntpclient'config samba option init 'samba'config tinyproxy option init 'tinyproxy'config mwan3 option exec '/etc/init.d/mwan3 reload'uhttpd# Server configurationconfig uhttpd main # HTTP listen addresses, multiple allowed list listen_http 0.0.0.0:80 list listen_http [::]:80 # HTTPS listen addresses, multiple allowed #list listen_https 0.0.0.0:443 #list listen_https [::]:443 # Redirect HTTP requests to HTTPS if possible #option redirect_https 1 # Server document root option home /www # Reject requests from RFC1918 IP addresses # directed to the servers public IP(s). # This is a DNS rebinding countermeasure. option rfc1918_filter 1 # Maximum number of concurrent requests. # If this number is exceeded, further requests are # queued until the number of running requests drops # below the limit again. option max_requests 3 # Maximum number of concurrent connections. # If this number is exceeded, further TCP connection # attempts are queued until the number of active # connections drops below the limit again. option max_connections 100 # Certificate and private key for HTTPS. # If no listen_https addresses are given, # the key options are ignored. option cert /etc/uhttpd.crt option key /etc/uhttpd.key # CGI url prefix, will be searched in docroot. # Default is /cgi-bin option cgi_prefix /cgi-bin # List of extension->interpreter mappings. # Files with an associated interpreter can # be called outside of the CGI prefix and do # not need to be executable.# list interpreter ".php=/usr/bin/php-cgi"# list interpreter ".cgi=/usr/bin/perl" # Lua url prefix and handler script. # Lua support is disabled if no prefix given.# option lua_prefix /luci# option lua_handler /usr/lib/lua/luci/sgi/uhttpd.lua # Specify the ubus-rpc prefix and socket path.# option ubus_prefix /ubus# option ubus_socket /var/run/ubus.sock # CGI/Lua timeout, if the called script does not # write data within the given amount of seconds, # the server will terminate the request with # 504 Gateway Timeout response. option script_timeout 60 # Network timeout, if the current connection is # blocked for the specified amount of seconds, # the server will terminate the associated # request process. option network_timeout 30 # HTTP Keep-Alive, specifies the timeout for persistent # HTTP/1.1 connections. Setting this to 0 will disable # persistent HTTP connections. option http_keepalive 20 # TCP Keep-Alive, send periodic keep-alive probes # over established connections to detect dead peers. # The value is given in seconds to specify the # interval between subsequent probes. # Setting this to 0 will disable TCP keep-alive. option tcp_keepalive 1 # Basic auth realm, defaults to local hostname# option realm Lede # Configuration file in busybox httpd format# option config /etc/httpd.conf # Do not follow symlinks that point outside of the # home directory.# option no_symlinks 0 # Do not produce directory listings but send 403 # instead if a client requests an url pointing to # a directory without any index file.# option no_dirlists 0 # Do not authenticate any ubus-rpc requests against # the ubus session/access procedure. # This is dangerous and should be always left off # except for development and debug purposes!# option no_ubusauth 0 # For this instance of uhttpd use the listed httpauth # sections to require Basic auth to the specified # resources.# list httpauth prefix_user# Defaults for automatic certificate and key generationconfig cert defaults # Validity time option days 730 # RSA key size option bits 2048 # Location option country ZZ option state Somewhere option location Unknown # Common name option commonname 'LEDE'# config httpauth prefix_user# option prefix /protected/url/path# option username user# option password 'plaintext_or_md5_or_$p$user_for_system_user'wifidogconfig settings 'settings' option wifidog_enable '0' option offline_enable '0' option client_time_limit '60' option gateway_id 'mywifi2' option gateway_hostname '192.168.1.3' option gatewayport '2060' option gateway_httpport '85' option gateway_path '/' option gateway_connmax '50' option check_interval '60' option client_timeout '10' option gateway_eninterface 'eth1' option gateway_interface 'br-lan' option bmd_url 'www.baidu.com,www.qq.com,www.163.com,www.hicoder.org' option myz_mac '11:22:33:44:55:66,aa:bb:cc:dd:ff:11' option ssl_enable 'no' option sslport '443' option deamo_enable '1'wirelessconfig wifi-device 'mt7628' option type 'mt7628' option vendor 'ralink' option band '2.4G' option radio '1' option disabled '0' option region '1' option txpower '100' option bgprotect '0' option beacon '100' option dtim '1' option txpreamble '1' option shortslot '1' option txburst '1' option pktaggre '1' option ieee80211h '1' option txbf '0' option igmpsnoop '1' option ht_bsscoexist '0' option ht_opmode '0' option ht_gi '1' option ht_rdg '1' option ht_stbc '1' option ht_amsdu '1' option ht_autoba '1' option ht_badec '0' option ht_distkip '1' option ht_ldpc '0' option ht_txstream '2' option ht_rxstream '2' option wmm '1' option apsd '0' option noforward '0' option wifimode '9' option channel '0' option bw '1' option ht_extcha '1'config wifi-iface option device 'mt7628' option ifname 'ra0' option network 'lan' option mode 'ap' option ssid 'WIFI-5E022C' option encryption 'none'root@Router:/etc/config#

How to add tags