openwrt routing

2026-02-16 14:13:35 +02:00
parent b92a02a770
commit a2c33734fb
3 changed files with 351 additions and 0 deletions
--- a/linux/openwrt/openwrt-starlink-luci-setup.md
+++ b/linux/openwrt/openwrt-starlink-luci-setup.md
@@ -0,0 +1,148 @@
+# OpenWrt: Connect to Starlink WiFi (client) and route blocked sites via it (LuCI)
+
+Step-by-step using the LuCI web UI where possible. Router: Archer C6, OpenWrt/LuCI. Goal: main WAN stays default; traffic to polymarket (and similar) goes via Starlink WiFi.
+
+---
+
+## Part 1: Connect router to Starlink WiFi (client mode)
+
+You need one radio as **AP** (your LAN WiFi) and one as **Client** (Starlink). Archer C6 has 2.4 GHz and 5 GHz; use one for Starlink client.
+
+### 1.1 Install WiFi client (if needed)
+
+SSH into the router, then:
+
+```bash
+opkg update
+opkg install wpad-mesh-openssl
+```
+
+(Some images already include this. If "Scan" works in LuCI, skip.)
+
+### 1.2 Create the Starlink client interface in LuCI
+
+1. Log in to LuCI (e.g. `http://192.168.0.1`).
+2. Go to **Network** → **Wireless**.
+3. You should see two radios (e.g. "Radio0 (2.4 GHz)", "Radio1 (5 GHz)").
+4. On the radio you will use for Starlink (e.g. **Radio1 (5 GHz)**):
+   - Click **Scan**.
+   - Wait for the list; find your **Starlink WiFi SSID**.
+   - Click **Join network** next to it.
+5. In the dialog:
+   - **Network**: leave as new (e.g. `wwan`) or set a name like `starlink`.
+   - **Wireless Security**: choose the encryption (usually **WPA2-PSK**) and enter the **Starlink WiFi password**.
+   - Leave other options default. Submit.
+6. The new interface (e.g. `wwan` or `starlink`) appears under **Network** → **Wireless** as a **Client** network. Ensure it is **Enabled** and not disabled.
+
+### 1.3 Create a WAN interface for Starlink and assign firewall
+
+The client connection gets an IP via DHCP from Starlink. You must create a protocol interface for it and put it in the **wan** firewall zone so it is used as a WAN.
+
+1. Go to **Network** → **Interfaces**.
+2. Click **Add new interface**:
+   - **Name**: `wan2` (or `starlink`).
+   - **Protocol**: **DHCP client**.
+   - **Device**: select the device that corresponds to the Starlink client (e.g. `wwan` or the wireless device name shown for that client network). If unsure, check **Network** → **Wireless** and see which device the client is on (e.g. `wlan1`).
+   - Submit.
+3. On the new interface’s page:
+   - **General Setup**: ensure "Bring up on boot" or similar is checked.
+   - **Firewall Settings**: assign to **wan** (same zone as your main WAN). This is required for NAT and mwan3.
+   - **Save & Apply**.
+
+### 1.4 Verify Starlink connectivity
+
+- In **Network** → **Interfaces**, `wan2` should show an IP (from Starlink’s DHCP).
+- From a device on your LAN, you can ping 8.8.8.8 (main WAN is still default). To test Starlink alone you’ll confirm after Part 2 with a policy.
+
+---
+
+## Part 2: Install and configure mwan3 (Load Balancing)
+
+mwan3 will use both WANs: default traffic via main WAN, and specific destination IPs (polymarket) via Starlink.
+
+### 2.1 Install mwan3 (SSH)
+
+LuCI app for mwan3 is not always preinstalled. On the router via SSH:
+
+```bash
+opkg update
+opkg install mwan3 luci-app-mwan3
+```
+
+Then in LuCI you should see **Network** → **Load Balancing** (or **Multi-WAN**).
+
+### 2.2 Configure interfaces (LuCI)
+
+1. Go to **Network** → **Load Balancing** → **Configuration** (or **Interfaces** tab).
+2. **Interfaces**:
+   - You should see **wan** (main) and **wan2** (Starlink). If not, add **wan2**:
+     - **Interface**: `wan2`
+     - **Enable**: checked
+     - **Track IP**: e.g. `8.8.8.8` or `1.1.1.1` (used for health check).
+     - **Metric**: `20` (higher than wan so default route prefers main WAN).
+     - **Reliability**: e.g. `1`.
+     - Save.
+   - For **wan** (main WAN):
+     - **Metric**: `10` (lower = preferred for default).
+     - **Track IP**: e.g. `8.8.8.8`.
+     - Save.
+3. **Members** tab:
+   - **wan** → member e.g. `wan_m1`, metric `1`.
+   - **wan2** → member e.g. `wan2_m1`, metric `1`.
+4. **Policies** tab:
+   - **default_policy**: last resort; assign only **wan_m1** (main WAN only). So all traffic that doesn’t match a rule uses main WAN.
+   - Add policy **starlink_only**: assign only **wan2_m1**. This will be used for polymarket IPs.
+5. **Rules** tab (order matters; more specific first):
+   - Add a rule for polymarket:
+     - **Name**: e.g. `polymarket_via_starlink`
+     - **Destination address**: see below (polymarket IPs). You can add one rule with multiple IPs/CIDRs or several rules.
+     - **Policy**: **starlink_only**
+     - **Sticky**: optional (e.g. 1 minute) so the same connection stays on Starlink.
+   - Ensure there is a **default** rule:
+     - **Destination address**: `0.0.0.0/0`
+     - **Policy**: **default_policy**
+   - Default rule must be **last** (lowest priority). Polymarket rule must be **above** it.
+
+### 2.3 Polymarket destination IPs
+
+mwan3 matches by **destination IP**, not domain. You need to add the IPs (or CIDRs) for polymarket.com and any related hostnames.
+
+- Resolve from a PC (that can reach polymarket, or use any DNS):
+  - `nslookup polymarket.com`
+  - `nslookup www.polymarket.com`
+  - Add any other subdomains you use (e.g. `gamma-api.polymarket.com`).
+- In LuCI **Load Balancing** → **Rules**, in the polymarket rule set **Destination address** to one of:
+  - Single IP: `a.b.c.d/32`
+  - Several IPs: add multiple rules with the same policy, or use a space-separated list if LuCI allows (e.g. `1.2.3.4/32 5.6.7.8/32`).
+- CDN IPs can change. If the site stops working via Starlink, resolve the domains again and add/update the IPs in the rule. You can later automate this with a script that updates the mwan3 config or uses ipset.
+
+**Example** (replace with real IPs you resolved):
+
+- Destination address: `104.18.2.2/32 172.67.1.1/32` (example only; get real IPs for polymarket.com).
+
+### 2.4 Save and apply
+
+- **Save & Apply** in **Load Balancing** and in **Network** → **Interfaces** if you changed anything.
+- Test: from a LAN device, open polymarket.com; it should go via Starlink. Other sites still via main WAN.
+
+---
+
+## Part 3: Quick reference (LuCI locations)
+
+| Step                    | LuCI path                          |
+|-------------------------|-------------------------------------|
+| Create Starlink client  | Network → Wireless → Scan → Join    |
+| WAN interface for WiFi  | Network → Interaces → Add (DHCP, wan zone) |
+| Load Balancing config   | Network → Load Balancing            |
+| Interfaces (wan, wan2)  | Load Balancing → Interfaces         |
+| Policies                | Load Balancing → Policies           |
+| Rules (polymarket, default) | Load Balancing → Rules         |
+
+---
+
+## Troubleshooting
+
+- **Starlink client not getting IP**: Check WiFi password; ensure Starlink router is in range; check **Network** → **Wireless** that the client network is enabled and associated.
+- **All traffic still via main WAN**: Ensure the polymarket rule is **above** the default rule; check **Destination address** uses the correct IPs/CIDRs; ensure **starlink_only** policy uses only **wan2_m1**.
+- **Polymarket works then stops**: CDN IPs changed; re-resolve the domain(s) and update the rule’s destination IPs.
+- **LuCI "Load Balancing" missing**: Install `luci-app-mwan3` via SSH and refresh the page.