networking – LostGeek.NET

Supercharging your home network on the cheap

Its no secret that if you want to do multi-gig networking on the cheap, sites like eBay are the place to visit. Castoff enterprise gear can be had for pennies on the dollar, if you don’t mind getting equipment used. Used it may be, but this stuff was absolutely top of the line a decade ago, and it will still impress you with the performance and stability for casual use cases.

My first rule for doing multi-gig on the cheap: Do not overpay!

The kinds of network cards I’ll be mentioning in this article are often literally being thrown away into ewaste. Not because they’re not good or anything like that, they cost a small fortune 8 – 10 years ago… but in the enterprise, nothing gets kept that long.

Here are two examples of extremely affordable 10 GB networking, on the cheap. Both cards use an Intel chipset… what does that mean? World class stability and reliability, mature robust drivers, and excellent support under both BSD based operating systems aswell as Linux. These two cards use different chipsets, but all you need to know for now is that both are reasonably solid and battle tested options. What’s the difference? The media they use.

The first card is the X540-T2, and this is the dual RJ45 version. This readily takes twisted pair ethernet. Now, on the surface you’re probably thinking “OK, that would be the one I want!” and you may be right. Let’s get into it.

So yes, that first card will take normal Cat 5 / 6 / whatever twisted pair ethernet cabling… the stuff you’re already using at home to do gigabit. There is a catch though. We’ll get back to that. The second card, instead of having RJ45 jacks actually takes SFP+ modules. These come in many different options, and are typically used for fiber optic networking. SFP and its variants can support everything from 1 GB all the way to 400 or even 800GB on modern network gear.

If you’re like me, you’re thinking well why would I want that? I don’t want that! (That was what I thought, early on in this endeavor)

Cards set up for SFP+ transceivers generally consume less energy and as a result don’t get quite as hot as 10 gig gear which takes standard twisted pair ethernet. Notice that the X540 has a fan while the second card does not? Well, that second card actually runs substantially cooler! Even when using a transceiver which furnishes an RJ45 10GB ethernet connection!

There is a catch though. Fiber optic moduiles can be found very cheap. You can also often find direct-attatch cables (DACs) which are essentially two SFP modules joined by a wire… these are also a good affordable and energy efficient option. There is one reason why you may not want to go with SFP style interfaces, atleast not on too much of the gear you pick up… and that would be if you’re planning on running it with twisted pair anyway. Sure, you can buy transceivers on Ebay and Amazon, but that is an additional $25 – $30 per port you’ll need to invest, and boy do those suckers run HOT.

The information above covers use cases for home servers and NAS builds. It probably won’t be too helpful on your desktop or gaming PC though… And the reason is PCIE lane availability. Consumer platforms only have a limited number of PCIE lanes… basically just enough to give you 16 lanes for your graphics card slot, and then another 4 for the primary NVME/M.2 slot. Everything else is used by the chipset, and chances are that if you do have a second M.2 slot or additional PCIE 1x, 4x, 8/16x slots that the chipset is what drives them. Also, don’t be fooled. There is a chance you can configure a consumer board with two physical 16x slots to run both at 8x bandwidth… but if you have your graphics card getting 16 lanes, you will not have more than 4 lanes left over… And more than likely, you’ll be working with just a single lane!

The achelies heel of those old enterprise castoff 10 gig cards is their age. They’re probably going to be gen 2 PCIE, which is why they need 8 lanes for the two 10gig interfaces. Will it work at 4x? Sure. But not at 1x… Even if the card does work (it might!) the bandwidth just isn’t there.

Your modern system will have fast PCIE, likely gen 3, 4 or perhaps even 5… But if the peripheral you’re dropping in (the NIC) only supports gen 2, then that is what we need to account for to determine bandwidth needs.

For my desktop, I had a secret weapon…

We don’t want an 8x card if we’re only going to be giving it a single lane… Know what would be great? Using something with a more modern interface. Gen 3 x 1 lane can darn near do 10gig. I’m trying to keep this on a shoe-string budget though, and since my server uses SATA SSDs for the bulk storage I only needed roughly 500MB/sec to take nearly full advantage of what those disks can do.

So what we want is a card with a gen 3, single lane interface. We want do avoid total no-name solutions… Stick to brands which you associate with the IT world. Intel, Mellanox (now nVidia), Chelsio, Aquantia are some good ones to start with. Don’t buy a Realtek 5 or 10 gig card, if you want my advice. You can get something much more reliable/performant for the same or less cost.

For just $20, I was able to score this Aquantia 5GB/sec network card. It is a gen 3 card, and is only a 1x card anyway. Perfect! It also isn’t a furnace like the 10gig RJ45 cards are… this is another big bonus since I like my workstation as quiet as possible.

Connecting it all together…

You’ll need a switch that supports these faster standards. As of lately, there are some no-name switches with a half dozen or s0 2.5 GB ports and then a pair of 10GB ports… there are tons of these on the market, and they are dirt cheap. What’s the catch? Well they’re no-name for one. And you’ll need to accept the fact that they’re going to all use SFP+ for their 10GB ports. Fear not.

For around $40 I got this “managed” switch. Why did I put it in quotes? Well because this thing is kind of a joke… but what the heck, it works!

This is one of the two SFP+ transceivers I ordered. I got my second one off Amazon, and pair $10 less for that one. The ebay (goodtop) one seems to run noticably hotter! I’d recommend ordering modules by HiFiber instead. The HiFiber module I got even says right on it that it supports 1GB, 2.5GB, 5GB and 10GB… this is good to know because there is a lot of 10GB gear (especially older stuff) which only supports two speeds. 10GB and 1GB. Got a 2.5 or 5 GB siwtch? Too bad, if you’ve got something like the X540-T2.

For the rest of your PCs

How about 2.5 gig? The cheap switches mostly have 2.5 gig ports, so I got a couple cards. Again, avoid Realtek. Intel chipsets are better, but some can be buggy. Avoid the i225, try and stick with something like the i226 cards. Expect to pay $25 – $30 for a card. Perhaps just skip it and go for 5 gig? Maybe… Just make sure whatever you get can negotiate to speeds other than 1 and 5 gig. (Example: you have a 5 GB nic and 2.5 GB switch, but you’re stuck @ 1 GB because your nic can’t negotiate @ 2.5GB…)

Performance: Desktop to Server (5gb -> 10gb)

Excellent. Beats the pants off 1Gig! Something is going on there where we’re seeing a little more in one direction than the other, but I’m not too worried about that. What I’m happy with is I am seeing a substantial uplift from what I was getting with a 2.5 GB nic in the same situation.

How about NFS performance? Benchmark of an NVME disk in my server, mounted on my workstation.

While it may not be 10 gigabit, this is nothing to snuff at. I’m very happy with the results, given the restriction of only being able to use a 1x PCIE card.

Modernizing a Barracuda Backup Appliance: Upgrades, FreeBSD + ZFS

My Barracuda “Backup Server 290” Journey

Back in October of last year, I got bit hard by the eBay bug. “Woah, that’s actually a pretty reasonable price… I’ll do SOMETHING with it!” — and just like that, I became the owner of a lightly used Barracuda “Backup Server 290.”

What is the BBS290, one might ask? Essentially, it’s a 1U rack-mount backup appliance. This one was running CentOS 7 with some custom interface stuff at both the VGA console as well as on a web server running on the box — basically a proprietary backup solution built from open-source software and a mix of consumer PC hardware, with some enterprise bits included.

I got mine for $40 USD, with the unusually low shipping price of $5. Shipping is usually the killer on these things; expect any 1U server to be listed with a shipping cost between $30 and $100.

What $45 Got Me

Honestly, not a bad little backup server. Funnily enough, that is exactly what I’m going to use it for: a target to back up my main server to.

As it arrived, it included:

• 1U Mini-ITX rackmount chassis
• 1U ATX power supply rated @ 400W, 80+ Bronze
• Western Digital enterprise-grade 2 TB 7,200 RPM SATA hard drive (Mfg 2022)
• Celeron N3150 on an OEM variant of the MSI N3150I ECO
• 1× 8GB DDR3 memory module

Not winning the lottery here, but with a few upgrades, this machine can fill a very real need in my setup. For this tier of hardware, I would not recommend paying more than $60–$70 total at the very most. That is up to you though. The platform (CPU, DDR3) isn’t worth a whole lot, and performance is underwhelming at best… but it is sufficient for what I wanted to do.

Low power draw, low heat, and the case and power supply are probably the best part of the “deal.”

The lightly used 2TB enterprise-grade drive was a nice bonus if you’ll actually use it for something. For instance, if 2TB was enough for your backup needs, then this box as-is is an excellent value. Most of us will want a bit more storage though.

Upgrades

WD 8TB Enterprise Drive
Replaced the original 2TB HDD. This is a CMR drive, 7,200 RPM — not SMR or 5,400 RPM (two big gotchas to look out for). I shucked it from an 8TB WD MyBook purchased locally for $150; it had only ~600 power-on hours. Shucking is far from foolproof, but I got very lucky to get a top-tier hard drive that had barely been used. It will live much longer being used in this server than in the fanless plastic heat trap it came in as a MyBook.
G.Skill 8GB DDR3L RAM ×2 (16GB total)
Helps with ZFS caching. Cost: $16.86. A basic setup could run with 8GB, but doubling helps ZFS performance. Additionally, using two memory modules allows the memory controller to operate in dual-channel mode, effectively doubling memory bandwidth. On an anemic CPU like the N3150, this can make a surprisingly substantial difference for I/O, especially when ZFS is handling many small files or metadata-heavy operations.
Intel 480GB SATA SSD
Data center–grade SSD costing about $25 on eBay. It allows the OS and root filesystem to live off the spinning disk and can also be used to accelerate ZFS performance via a special vdev for small file storage. You don’t need to do this if your data is mostly large files, media, or ISOs — but for small files, the performance boost is noticeable. If the special vdev disk dies, the pool dies — which is acceptable here, because this machine is strictly a backup target.
Intel i226-V 2.5GbE NIC
Cost: $30, combined with a PCIe x1 ribbon riser ($8.59) and some DIY shielding. This upgrade doubles network throughput over the onboard 1GbE Realtek NIC for very little money. Drivers are mature and stable on both BSD and Linux. For nighttime backups or casual use, the onboard NIC is fine; this is a small cost for a large convenience.

Total upgrade costs:

• RAM: $16.86
• SSD: $25
• NIC: $30
• PCIe riser: $8.59
• 8TB WD CMR HDD: $150

Grand total: $230.45 (including the original $45 for the machine itself)

Chassis and Cooling

The chassis originally had a lit Barracuda Networks logo and a cheap internal 40mm fan. I removed both and resprayed the case dark red for a fresher feel. The stock fan was noisy, and the PSU provides sufficient airflow, so I skipped adding a replacement.

I’ll keep an eye on temperatures. The CPU doesn’t require a fan at all. The 7,200 RPM disk gets slightly toasty, but it’s far better off here with airflow than in a MyBook enclosure with none.

OS Choice

I mostly run Linux, but I appreciate the technical merits of FreeBSD, especially for enterprise-grade storage and high-performance, low-latency applications. On FreeBSD, ZFS is a first-class citizen, unlike Linux where it’s often bolted on.

I initially experimented with XigmaNAS but wanted more control, so I went with FreeBSD 15.0-RELEASE.

Honestly, if you want to keep things simple, just go for XigmaNAS or TrueNAS Core. Both are solid FreeBSD-based storage appliance OSes which make ZFS much more approachable. Linux ZFS implementations like Ubuntu’s are fine, but FreeBSD is where it truly shines.

Installation

I wrote the 15.0-RELEASE image to a USB stick and booted it. Setup asks whether to install via Distribution Sets or Packages (Tech Preview); I used Distribution Sets.

• Disabled kernel debugging and lib32 support
• Selected the igc0 NIC (leaving re0 unused)
• Chose manual partitioning:
– 480GB SSD: MBR, 64GB partition for root / (UFS), SUJ off, TRIM on
– Swap: 2GB partition as freebsd-swap
– Remaining HDD space left unpartitioned for ZFS setup post-install

Enabled SSHD, NTPD, and powerd. Added a user in the wheel group. Other options left at defaults.

Post-Installation Storage Configuration

Check free space on the SSD:

gpart show ada0

This revealed ~383GB free for the ZFS special vdev:

gpart add -t freebsd -s 383G -a 4k ada0
gpart create -s BSD ada0s2

Create the main pool on the 8TB HDD:

zpool create -f tank /dev/ada1

Add the special vdev on the SSD for small files:

zpool add tank special /dev/ada0s2
zfs set special_small_blocks=128K tank

Set mountpoint and ownership:

zfs set mountpoint=/mnt/tank tank
chown -R 1000:1000 /mnt/tank

Enabling and Setting Up NFS

Enable ZFS and NFS-related services:

sysrc zfs_enable="YES"
sysrc rpcbind_enable="YES"
sysrc nfs_server_enable="YES"
sysrc mountd_enable="YES"
sysrc rpc_lockd_enable="YES"
sysrc rpc_statd_enable="YES"

The zfs_enable=YES setting is important: without it, ZFS pools may not automatically import and mount at boot. This was the reason the pool initially failed to remount after a reboot.

Start services manually:

service rpcbind start
service mountd start
service nfsd start

Edit /etc/exports:

/mnt/tank -network 10.16.16.0 -mask 255.255.254.0 -alldirs -maproot=1000:1000

• -network / -mask restricts access to your LAN
• -alldirs allows mounting subdirectories
• -maproot=1000:1000 maps all remote users to a local UID/GID

Apply the configuration:

service mountd restart
service nfsd restart

This method alone works reliably. Using zfs set sharenfs is unnecessary here and can introduce confusion.

Syncing Data via NFS

Mount the NFS share on the main server at /mnt/cuda, then ensure permissions:

chown -R 1000:1000 /mnt/tank
chmod -R 755 /mnt/tank

Run rsync:

rsync -avh --info=progress2 --modify-window=1 /mnt/sda1/ /mnt/cuda/

• -a preserves timestamps, permissions, symlinks, etc.
• --info=progress2 shows real-time progress
• --modify-window=1 handles timestamp differences between Linux and FreeBSD

Observations:

• The SSD-backed special vdev noticeably improved small-file performance
• Dual-channel memory helped I/O on this low-power CPU
• The 2.5GbE NIC provides a large convenience boost
• Transfer speeds are currently limited by the source system’s storage and workload characteristics

Real-World Testing

Copying a 4.1GB Debian ISO from the Barracuda to my desktop completed in roughly 10 seconds. Both machines and the switch are 2.5GbE capable. Renaming the file and pushing it back (desktop → Barracuda) took about 15 seconds.

Htop reported 100–200 MB/s in both cases, though reads from the Barracuda are clearly faster than writes.

Pings between the two machines show excellent latency and consistency:

100 packets transmitted, 100 received, 0% packet loss
rtt min/avg/max/mdev = 0.103/0.114/0.175/0.009 ms

Closing Thoughts

For now, all my personal goals for this project have been met. Eventually, I plan to implement scheduled wake-on-LAN (or something conceptually similar) so the box only powers on when backups are needed. I don’t need it running 24/7 — it’s here to quietly snag incremental backups in case something goes wrong elsewhere.

For those new to FreeBSD, maintenance is fairly simple. Updates are handled with freebsd-update fetch install. After fetching, you’ll see a wall of text — press q, and the install will proceed.

That’s all for now.

New home networking content is on the way!

eBay Orders — Ignore the iphone case, I ordered that for a friend!

As some of you will notice, yes there are two SFF boxes, and three NICs…

I need to decide if I’m building a 10 GB router, or more of a 2.5 / 1 G pfsense box for just having a better internet router and firewall. The lil Wyze box will be fantastic as a router I already know, those Gemini Lake chips are amazingly powerful for what they are. Also very low power draw and hardly make any heat whatsoever. The SSDs? They just seemed like a good deal.

Here are the SFF machines. Obviously the first one is more “sff” than the second… That’s OK though, I needed something with real PCIE slots, and a real powersupply to run 10 GB network card(s).

More to come as these things arrive!

OpenWRT on a Thrift Store Router (Netgear WNDR3700 v4)

Earlier today I stopped by a local Goodwill to see what they had in the way of electronics. Among the digital photo frames and old keyboards, I spotted two routers. I’m always on the lookout for hardware that can run Linux. One of the routers was a Netgear WNDR3700 v4. It was in its original box with the power adapter and a couple of patch cords.

Normally I’d pull out my phone and check OpenWrt support before buying, but this one looked old enough that I figured there was at least a 50/50 chance it would be an easy convert. I’m glad I grabbed it; Not only is this model supported, but flashing OpenWrt is about as painless as it gets.

Flashing with OpenWrt — No UART, no TFTP, no drama.

Factory reset the router.
Connect to it at http://192.168.1.1/ in your web browser. Log in with:
Username: admin
Password: password
Go to Advanced.
Download the latest OpenWrt “factory” image for WNDR3700 v4 from the OpenWrt site. *Note, maybe do this first!*
Upload it via the Netgear’s firmware page, under “Advanced” in the web ui.
Wait a few minutes for the flash to complete.
Reconnect your computer (get a fresh DHCP lease), then visit 192.168.1.1 again.
Log in with:
Username: root
Password: (blank)*Note, maybe do this first!*
Set your own password… and you’re done!

This 2012-era router is now running a fully up-to-date Linux distribution.

In My Case…
I reconfigured mine to serve as a simple gigabit switch:

Disabled both Wi-Fi radios.
Configured the “WAN” port into another LAN / switch port.
Disabled the DHCP server.
Set the LAN bridge (br-lan) to DHCP client so it picks up an IP from my main network.
Gave the new router’s MAC a dhcp reservation on my main router, and added the new hostname to my hosts file.
That way I can still log in for maintenance while it’s acting as an extra switch.

WNDR3700 v4 Hardware

CPU / SoC: Atheros AR9344 @ 560 MHz
RAM / Flash: 128 MB RAM / ~128 MB flash
Wireless: Dual-band 2.4 GHz + 5 GHz, 802.11n (N600)
Ethernet: 1× Gigabit WAN, 4× Gigabit LAN
USB: 1× USB 2.0 “ReadySHARE” port

What Can You Do With It?
Plenty. This hardware can easily run the latest OpenWrt without feeling sluggish. The USB port opens up even more possibilities:

Failover WWAN modem or phone tethering
Network printer sharing
USB hard drive for network storage
DIY internet radio streamer with a USB sound card

With OpenWrt, you’re only limited by your time and imagination.

Why Bother?
Netgear’s last firmware for this model came out in 2018. That’s seven years without security updates. OpenWrt gives you:

Modern kernel & drivers
Current security patches
A huge ecosystem of packages

All on hardware that cost me four bucks at a thrift store.

OpenWrt Support History for the WNDR3700

Original WNDR3700 (v1) launched in mid–late 2009 with Atheros hardware.
OpenWrt support for the series appeared within months of launch, making it a long-time favorite in the community.
The v4 hardware revision hit the market around June 2012.
Because v4 kept an Atheros chipset (AR9344) with generous RAM and flash, it was officially supported soon after release.
The best part: Netgear’s stock firmware for v4 accepts an OpenWrt “factory” image through the web interface. No serial cable required, no bootloader tricks, just upload and reboot.

This combination of long-term support, open-friendly hardware, and GUI-based flashing makes the WNDR3700 v4 one of the easiest budget OpenWrt targets you can find.

NETGEAR WNDR3700 on OpenWRT Wiki / TOH
OpenWRT Version 24.10 Factory Image for WNDR3700 V4 – Direct Link

Upgrading the home network…

At a crossroads here…

Perhaps you saw the last post about upgrading the WiFi card on my desktop’s new motherboard? Well, about a week or two later, I finally ran and fished Cat6 from the server/router to my desk. So now I’ve got solid 1000 MB Ethernet… for now. I think 10 GB would be great, and eBay has plenty of cheap high-end cards from the likes of Intel, Chelsio, and Mellanox (NVIDIA). They’re cheap too — $12 to $20 per card kind of cheap. With a pair of cards, I can do 10 gigabit between my desktop and my server.

The thing is, I’ve only got 100/1000 MB switches. That’s okay though. I’m thinking I might take motivation from an old Level1Techs video, The Forbidden Router. ( Link )

If I put a dual 10 GB NIC in the server, I’ll have the Intel GB Ethernet for a WAN interface and then two 10G ports for LAN (the machine itself bridged to that “LAN” interface). That can then feed into my normal switch and WiFi AP.

Two things though:

The Lenovo Tiny PC I’m using has no PCI-E slot. It also only has one SATA port. I want to add an internal 8TB WD hard disk and a couple of 1–2 TB SSDs for network storage. And with 10 gig, why not?! This keeps the extra mess out of my new desktop build. So I’m thinking “NAS/router combo.” I already run virtual machines to keep things separated, and this would just add more benefits by having one well-configured box.

It’d have to be a different box though. I’ve been playing with some used hardware I picked up, which I think will work out nicely for the job of an all-in-one server/router solution (see below). I’m trying out FreeBSD’s bhyve for the first time, and ZFS as well! So far, so good. Will I end up using FreeBSD though? Probably not, but I’m on the fence.

Trying it out has made me realize how comfortable and productive I actually am on Linux… I think it may be wiser to stick with that for the serious stuff I depend on.

The hostname? Well, it needed a quick and dirty case… and I have no ITX cases 🙂

B550M AORUS ELITE AX — Replacing the lousy WiFi!

Finally decided to retire the Haswell system I’ve been using, and ordered up some AM4 goodies during the recent Prime Day sale. I grabbed an AMD Ryzen 7 5800X (8-core, 16-thread), 32 GB of DDR4-3600, and the Gigabyte AORUS Elite AX (Rev 1.3) motherboard. The CPU was the main draw — it was only $130! The board was on sale for $90 (currently $149.99 on Amazon).

Aorus Elite AX Rev 1.3

Thus far I am happy with this motherboard. It doesn’t give me the same vibe of Gigabyte superior value which I got back in the day from the likes of the classics — GA-EP45-UD3P comes to mind! — but, for under $100 it seems quite adequate.

The included WiFi leaves much to be desired though… Maybe it works fine on Windows?? On Linux, I was only seeing 2 bars and maybe 300 – 400 Mbps.

The solution? Grab yourself an AX210.
Intel wireless cards have excellent support on Linux and BSD alike. For just $20–$30 online, you can replace the built-in Realtek card. It takes about half a dozen screws to open the board and swap the M.2 module. I highly recommend tweezers for disconnecting and reattaching the tiny U.FL antenna connectors.

Where’s the Wi-Fi module located?

Motherboard WiFi — Board with VRM heatsink and shroud removed

WiFi Cards — Realtek NIC beside the new Intel AX 210

My pings are now way, better. Night and day. And the speed is a solid 100 Mbps better, or more. See for yourself!

AX 210 Results — AX210 Results: iPerf3 Test and 100 pings to my server

Utilizing Apt-Cacher-NG’s cache on the server hosting it

apt-get

I’ve been using apt-cacher-ng for a few months now. For those who don’t know, this is a service you can run locally which will proxy apt requests from your network clients. This way, each time a package or update is requested there will be a copy retained in the cache. Upon each subsequent request for the same file(s), the local copy can be served instead. This saves bandwidth, and offers a speed advantage since you’ll likely be getting full GB ethernet line speed on your LAN. Read more about ACNG here.

While several local machines and VMs have no issues using my local ACNG proxy, the server actually hosting ACNG itself seemed to be giving errors when doing an apt update.

You’ll likely see the warnings “503 Server reports unexpected range” as well as “Some index files failed to download. They have been ignored, or old ones used instead.”

Basically, because the machine is trying to proxy through itself, some kind of problem occurs. Now, the simple solution is to just point to the normal Debian mirrors directly. That however wouldn’t offer the benefit of our local cache! The more boxes / VMs pulling for it, the more value you’re getting out of the whole setup… So here’s how we resolve this issue.

Write a text file to /etc/apt/apt.conf.d/00acng and place the following lines inside:

Acquire::http::Proxy::localhost “DIRECT”;
Acquire::http::Proxy::127.0.0.1 “DIRECT”;
Acquire::http::Proxy::novo.lan “DIRECT”;

Of course, change “novo.lan” to the hostname of your ACNG host. My sources.list looks like this, hence the hostname used in my example.

deb http://novo.lan:3142/deb.debian.org/debian/ bookworm main non-free-firmware
deb-src http://novo.lan:3142/deb.debian.org/debian/ bookworm main non-free-firmware

deb http://novo.lan:3142/security.debian.org/debian-security bookworm-security main non-free-firmware
deb-src http://novo.lan:3142/security.debian.org/debian-security bookworm-security main non-free-firmware

deb http://novo.lan:3142/deb.debian.org/debian/ bookworm-updates main non-free-firmware
deb-src http://novo.lan:3142/deb.debian.org/debian/ bookworm-updates main non-free-firmware

You may want to add a 4th line, with your actual LAN IP if you’re naming the apt mirror by IP instead.

OpenWRT on the Dynalink DL-WRX36 WiFi 6 Router

The Dynalink DL-WRX36 Wireless Router

I purchased my unit from Amazon about 18 months ago. I never even tried the stock firmware — I bought this router specifically because of its solid OpenWRT support and excellent bang-for-the-buck features.

For around $80 (if I recall correctly) you get:

Qualcomm 2.2 GHz Quad-Core CPU (ARM64 / ARMv8)
1 GB RAM, 256 MB Flash (for firmware/storage)
2.5 Gbps WAN port, 4× 1 Gbps LAN switch ports
WiFi 2.4 / 5 GHz dual-band (4× internal antennas)
USB 3.0 port (for a USB HDD/SSD, FTP/Samba share, or cellular modem, etc.)

It’s a shame — I always intended to do a proper, in-depth review of this unit, along with a full guide on flashing OpenWRT. That said, the flashing process was painless and straightforward. If you’ve ever loaded DD-WRT onto an old Linksys back in the day, this is quite similar, though with a few extra steps.

I do recall some slightly ‘gray’ areas in the instructions on the OpenWRT Table of Hardware (TOH) page for the DL-WRX36, and I had made some notes. If I can dig them up, I’ll definitely update this post to include them. As I remember, nothing critical — just a couple of steps that were worded a little ambiguously. I highly recommend reading through the guide fully before starting, so you’re not left halfway through wondering what to do next.

Is it still available?
Amazon doesn’t have it in stock at the moment. Would I recommend it if it was? Absolutely. I’m very happy with mine.

Things to Note:

Unofficial builds exist that take advantage of hardware features on this router’s SoC. (The standard OpenWRT images don’t enable these by default — and for now, I’m sticking with the official builds. But performance is still excellent for my needs.)

For those curious, the IPQ807x SoC inside this router supports advanced hardware features like Qualcomm’s NSS (Network Subsystem) hardware acceleration, which dramatically improves routing throughput and reduces CPU load for tasks like NAT, firewalling, and VPN handling. While official OpenWRT builds don’t currently enable these proprietary modules, a few skilled community developers have published unofficial builds that do.

Personally, I run the latest stable firmware from the official OpenWRT release repository, and it’s been absolutely flawless for me. I get my full broadband speeds with headroom to spare — whether wired or over 5 GHz WiFi — and I’ve never felt limited by not having those additional offload features. This setup also ensures I have seamless access to the official OpenWRT package repository via Luci and UCI, with a stable, predictable system that updates cleanly.

That said, for the adventurous or performance-hungry tinkerers out there, those community builds with hardware offloading might be worth exploring. More details and links are listed below if you’d like to check them out.

Additionally — OpenWRT natively supports VLANs and VLAN tagging, letting you create isolated network segments, guest networks, or prioritize traffic on your LAN however you like. Combined with its firewall and routing flexibility, this makes OpenWRT an extremely versatile platform for both home and small business networks.

Performance

Since upgrading my desktop to an Intel AX210 WiFi card, I consistently get 1–3 ms pings to wired LAN machines — pretty respectable. Speeds are solid too, with ~500 Mbps transmit/receive over 5 GHz WiFi.

My configuration is simple:

One network for 2.4 GHz and another for 5 GHz, each with its own SSID.
I’ve heard of issues running both bands under a single SSID, so I avoided that.
IoT devices, mobile phones, TV boxes, etc. are on 2.4 GHz for better range and to keep them off the 5 GHz radio.
Desktops and laptops connect to 5 GHz for speed.

It works beautifully. No worries about being stuck on ancient 3.x kernels — OpenWRT keeps this thing current and reliable.

Why is OpenWRT the Cat’s Meow?

Luci, the web-based interface, is clean, solid, and well-organized. Every function accessible through the web GUI can also be executed via SSH on the command line.

If you’re a geek, you already get why this is awesome. But for everyone else: it makes quick changes a breeze — no digging through endless menus. You can configure it like a Cisco router via serial, telnet, SSH, or otherwise.

Other Perks

Packages. Tons of networking, telephony, and FOSS/Linux software packages are at your fingertips — one search away.

At the end of the day, every router is a computer of some sort. Unless it runs something exotic like VxWorks, chances are it’s powered by a Linux kernel. OpenWRT puts you in control. It’s your hardware — and you should run it your way. Suddenly that consumer-grade router feels like enterprise-grade gear.

Useful Links

Happy hacking!

Massive Speed-Upgrade for your Linux infrastructure with AptCacherNG

Cache Diagram — AptCacherNG makes it easy to create a local cache of Debian package mirrors.

If you’ve got multiple machines running the same distribution, APTCacherNG allow for effortless caching of software packages.

I run various distributions, but Debian is probably near the top of that list. Between virtual and physical boxes, I probably have a dozen running Debian. Seriously.

Now, between different versions and architectures you obviously can’t reuse the same packages always; but you don’t need to worry about that. This is something you set up, and then can basically forget about.

Chances are, most instances of your OS are going to be the same version (the current stable release), and the same architecture – usually AMD64.

Not only can you save a ton of bandwidth, but you benefit even more so from the speed up. My internet is about 300 Mbps give or take, but my lan is much faster. The machine I use for caching has nvme storage set aside for the task, and thus is only limited by the speed of the network interface. Even with 1GB, I think you’ll notice a tangible improvement.

It isn’t just for Debian.

Nope, it actually can work with basically anything. I’ve gotten it to work on Alpine with no real effort. I think I may have had to change a line in the config, but it is quite easy.

Under the hood, this is really just web caching. Your clients route their requests through one central machine. Since all requests go through one server, that machine can say “Oh, I just downloaded that for so-and-so an hour ago… here you go!” and forgo an internet download in favor of re-sending the cached copy.

Good for you, you’ll see speed increase no doubt. If you have limited bandwidth, It would be worth doing for even just one or two clients. If you have more than half a dozen or so, I’d say it is a no brainier. It also lowers the strain on the mirrors, which is a good thing too — Especially if you’re in charge of taking care of a whole rack of servers, or perhaps a lab / classroom full of machines.

It’s Easy!

On the clients you have a couple options. For a fresh net-install of Debian, when you go to select the country for your mirror, you want to scroll all the way to the bottom (or top?) and you’ll find “Enter Manually”. Here, you simply furnish your aptcacherng host. In my case, “novo.lan:3142”. Then, just like with debian’s mirror, the rest of the url is the same.

For existing installs, open up /etc/apt/sources.list and replace ftp.debian.org or deb.debian.org with yourmachine.lan:3142 — don’t forget to specify that port. By default, it runs on 3142.

Learn more: https://wiki.debian.org/AptCacherNg

DnsMasq Network-Wide Blocking Part II. Dealing with Hostnames

As stated last time; When you’re no longer serving DNS from the same machine as your DHCP server, local hostnames may become an issue.

If you’re like me, all the things you actually would be needing to access by name in that matter already have static addresses and /etc/hosts file entries. I had an idea that I thought should be shared though.

This is a little script I wrote. What it does, is takes the dhcp.leases file on an OpenWRT router and produces a correctly formatted hosts file. In the previous article, I offered my custom config, and you’ll see the option to have dnsmasq parse your /etc/hosts file — this is for that.

Weather you have 4 devices on your network, 40 or however many you’ve got, this is an easy way to get the local hostnames working on your new custom DNS setup.

Here is the code for Leases2Hosts, you can run it right on OpenWRT.

#!/bin/sh
# OpenWrt Leases2Hosts 0.01 -- BTA 03.13.2025 -- LostGeek.NET
# Transforms OpenWrt dhcp leases file into format suitable for external DNS server

LEASES_FILE="/tmp/dhcp.leases"
OUTPUT_FILE="/tmp/dhcp.hosts"

# Set domain suffix (leave blank to disable)
DOMAIN_SUFFIX=".lan"

# Ensure the leases file exists
[ -f "$LEASES_FILE" ] || { echo "Leases file not found!"; exit 1; }

# New hosts file header
echo "# Generated by Lease2Hosts" > "$OUTPUT_FILE"

# Process the leases file using BusyBox-compatible awk
awk -v suffix="$DOMAIN_SUFFIX" '
{
    ip = $3;
    hostname = $4;

    # Ignore entries where hostname is "*"
    if (hostname == "*") next;

    # Ensure hostname is not a MAC address (contains colons)
    if (index(hostname, ":") > 0) next;

    # Ensure hostname is only letters, numbers, dots, and dashes
    if (match(hostname, /^[a-zA-Z0-9.-]+$/)) {
        if (suffix != "") {
            print ip, hostname, hostname suffix;
        } else {
            print ip, hostname;
        }
    }
}' "$LEASES_FILE" >> "$OUTPUT_FILE"

echo "Hosts file:"
echo "-----"
cat $OUTPUT_FILE
echo "-----"
echo "Hosts file written: $OUTPUT_FILE"

You can run this once and be done, if you don’t always add and change devices. It can also be auto started via a cron job.

I think there is even a way to have an event-based trigger so perhaps it could run as soon as a new lease is given to a unique device. I’ll leave that up to the reader though!

For those who don’t know, what this does is reads the DHCP leases file; this has the IPs and hostnames of all DHCP clients on your network. It also has mac addresses though, and may contain nameless entries, both of which you obviously don’t want in your hosts file. I’d imagine this could be very useful if you’ve got a network full of machines, VMs, or IoT devices… heck, even a family with laptops, smartphones and tablets.

It produces output as follows: 10.0.0.1 workstation1 workstation1.local 10.0.0.2 laptop1 laptop1.local etc…

From the dhcp.leases file, which looks something like this: *1621306452 c8:3d:6b:55:f1:e5 10.0.0.22 Roku * 1772607384 2c:ab:67:3d:90:5d 10.0.0.29 piframe 01:2c:cf:67:3d:90:5d etc…*

Quite ugly — notice the double MAC?? Well, that happens, especially on modern cell phones which hide their mac as a privacy feature, and on cheap-o devices which don’t have the mac set in stone.

Originally MACs weren’t supposed to just be changed on a whim but rather burned into the device’s eprom. My script aims to sort out all of this non-sense. I have had excellent results using the script, however please review it before using the generated list. If you understand shell script basics and awk, you can gauge your own confidence in it being fairly safe, but I shall make no such guarantee.

Using cron and scp, you can automate putting this new hosts file on your DNS server. However, I’d recommend that you use it simply to save you time in formatting a hosts file from a large lease pool — and it seems to do so quite well.

The LostGeek Weblog

Category: networking