# OpenWrt: Connect to Starlink WiFi (client) and route blocked sites via it (LuCI) Step-by-step using the LuCI web UI where possible. Router: Archer C6, OpenWrt/LuCI. Goal: main WAN stays default; traffic to polymarket (and similar) goes via Starlink WiFi. --- ## Part 1: Connect router to Starlink WiFi (client mode) You need one radio as **AP** (your LAN WiFi) and one as **Client** (Starlink). Archer C6 has 2.4 GHz and 5 GHz; use one for Starlink client. ### 1.1 Install WiFi client (if needed) SSH into the router, then: ```bash opkg update opkg install wpad-mesh-openssl ``` (Some images already include this. If "Scan" works in LuCI, skip.) ### 1.2 Create the Starlink client interface in LuCI 1. Log in to LuCI (e.g. `http://192.168.0.1`). 2. Go to **Network** → **Wireless**. 3. You should see two radios (e.g. "Radio0 (2.4 GHz)", "Radio1 (5 GHz)"). 4. On the radio you will use for Starlink (e.g. **Radio1 (5 GHz)**): - Click **Scan**. - Wait for the list; find your **Starlink WiFi SSID**. - Click **Join network** next to it. 5. In the dialog: - **Network**: leave as new (e.g. `wwan`) or set a name like `starlink`. - **Wireless Security**: choose the encryption (usually **WPA2-PSK**) and enter the **Starlink WiFi password**. - Leave other options default. Submit. 6. The new interface (e.g. `wwan` or `starlink`) appears under **Network** → **Wireless** as a **Client** network. Ensure it is **Enabled** and not disabled. ### 1.3 Create a WAN interface for Starlink and assign firewall The client connection gets an IP via DHCP from Starlink. You must create a protocol interface for it and put it in the **wan** firewall zone so it is used as a WAN. 1. Go to **Network** → **Interfaces**. 2. Click **Add new interface**: - **Name**: `wan2` (or `starlink`). - **Protocol**: **DHCP client**. - **Device**: select the device that corresponds to the Starlink client (e.g. `wwan` or the wireless device name shown for that client network). If unsure, check **Network** → **Wireless** and see which device the client is on (e.g. `wlan1`). - Submit. 3. On the new interface’s page: - **General Setup**: ensure "Bring up on boot" or similar is checked. - **Firewall Settings**: assign to **wan** (same zone as your main WAN). Required for NAT and for policy routing (mwan3 or the script in Part 2b). - **Save & Apply**. ### 1.4 Verify Starlink connectivity - In **Network** → **Interfaces**, `wan2` should show an IP (from Starlink’s DHCP). - From a device on your LAN, you can ping 8.8.8.8 (main WAN is still default). To test Starlink alone you’ll confirm after Part 2 with a policy. --- ## Part 2: Install and configure mwan3 (Load Balancing) mwan3 will use both WANs: default traffic via main WAN, and specific destination IPs (polymarket) via Starlink. ### 2.1 Install mwan3 (SSH) LuCI app for mwan3 is not always preinstalled. On the router via SSH: ```bash opkg update opkg install mwan3 luci-app-mwan3 ``` Then in LuCI you should see **Network** → **Load Balancing** (or **Multi-WAN**). ### 2.2 Configure interfaces (LuCI) 1. Go to **Network** → **Load Balancing** → **Configuration** (or **Interfaces** tab). 2. **Interfaces**: - You should see **wan** (main) and **wan2** (Starlink). If not, add **wan2**: - **Interface**: `wan2` - **Enable**: checked - **Track IP**: e.g. `8.8.8.8` or `1.1.1.1` (used for health check). - **Metric**: `20` (higher than wan so default route prefers main WAN). - **Reliability**: e.g. `1`. - Save. - For **wan** (main WAN): - **Metric**: `10` (lower = preferred for default). - **Track IP**: e.g. `8.8.8.8`. - Save. 3. **Members** tab: - **wan** → member e.g. `wan_m1`, metric `1`. - **wan2** → member e.g. `wan2_m1`, metric `1`. 4. **Policies** tab: - **default_policy**: last resort; assign only **wan_m1** (main WAN only). So all traffic that doesn’t match a rule uses main WAN. - Add policy **starlink_only**: assign only **wan2_m1**. This will be used for polymarket IPs. 5. **Rules** tab (order matters; more specific first): - Add a rule for polymarket: - **Name**: e.g. `polymarket_via_starlink` - **Destination address**: see below (polymarket IPs). You can add one rule with multiple IPs/CIDRs or several rules. - **Policy**: **starlink_only** - **Sticky**: optional (e.g. 1 minute) so the same connection stays on Starlink. - Ensure there is a **default** rule: - **Destination address**: `0.0.0.0/0` - **Policy**: **default_policy** - Default rule must be **last** (lowest priority). Polymarket rule must be **above** it. ### 2.3 Polymarket destination IPs mwan3 matches by **destination IP**, not domain. You need to add the IPs (or CIDRs) for polymarket.com and any related hostnames. - Resolve from a PC (that can reach polymarket, or use any DNS): - `nslookup polymarket.com` - `nslookup www.polymarket.com` - Add any other subdomains you use (e.g. `gamma-api.polymarket.com`). - In LuCI **Load Balancing** → **Rules**, in the polymarket rule set **Destination address** to one of: - Single IP: `a.b.c.d/32` - Several IPs: add multiple rules with the same policy, or use a space-separated list if LuCI allows (e.g. `1.2.3.4/32 5.6.7.8/32`). - CDN IPs can change. If the site stops working via Starlink, resolve the domains again and add/update the IPs in the rule. You can later automate this with a script that updates the mwan3 config or uses ipset. **Example** (replace with real IPs you resolved): - Destination address: `104.18.2.2/32 172.67.1.1/32` (example only; get real IPs for polymarket.com). ### 2.4 Save and apply - **Save & Apply** in **Load Balancing** and in **Network** → **Interfaces** if you changed anything. - Test: from a LAN device, open polymarket.com; it should go via Starlink. Other sites still via main WAN. --- ## Part 2b: Policy routing without mwan3 (low flash) If you cannot install mwan3 (e.g. only ~80 KB free on flash), you can get the same behaviour using **ip rules** and a **custom routing table**. No extra packages: uses `ip`, `resolveip`, `ubus`, `jsonfilter` (all default on OpenWrt). ### 2b.1 Copy and run the script 1. Copy `starlink-policy-route.sh` to the router (e.g. `/etc/starlink-policy-route.sh`). 2. Make it executable: `chmod +x /etc/starlink-policy-route.sh`. 3. Run once when wan2 is up: `/etc/starlink-policy-route.sh setup`. The script resolves `polymarket.com` and `www.polymarket.com` (via `resolveip`), gets wan2 gateway from `ubus`, adds a default route in table 100 via wan2, and adds `ip rule add to table 100` for each resolved IP. All other traffic keeps using the main WAN. ### 2b.2 Run on wan2 up (hotplug) So routes are applied after Starlink (wan2) gets an IP, create a hotplug script: ```bash # On router: create /etc/hotplug.d/iface/99-starlink-policy #!/bin/sh [ "$INTERFACE" = "wan2" ] && [ "$ACTION" = "ifup" ] && /etc/starlink-policy-route.sh setup ``` Make it executable: `chmod +x /etc/hotplug.d/iface/99-starlink-policy`. ### 2b.3 Optional: set IPs manually If DNS is not ready when the script runs (e.g. wan2 up before main WAN), resolve the domains on a PC and set them in the script: ```bash # In starlink-policy-route.sh set (replace with real IPs): POLYMARKET_IPS="104.18.2.2 172.67.1.1" ``` Then the script skips `resolveip` and uses these IPs. Update them if the site stops working (CDN changes). ### 2b.4 Remove routes To remove the policy routes: `/etc/starlink-policy-route.sh remove`. --- ## Part 2c: Policy routing via LuCI only (static routes) You can achieve the same result **entirely in LuCI** without mwan3 or scripts: (1) override the hostname so DNS returns the **real** Polymarket IP (not your ISP’s spoofed one), and (2) add a **static route** for that IP via wan2. Route type: **unicast** (default). ### 2c.1 Get the real IP Your ISP may resolve polymarket.com to a block/fake IP. You need the **real** server IP. Resolve while connected to Starlink WiFi (or using DNS 8.8.8.8): `nslookup polymarket.com` and `nslookup www.polymarket.com`. Note the IPv4 address (e.g. `64.239.109.1`). Use that for the route and the hostname override below. ### 2c.2 Override the hostname in LuCI (so DNS returns the real IP) So your LAN devices don’t get the ISP-spoofed IP: 1. Go to **Network** → **Hostnames** (or **DHCP and DNS** → **Hostnames** / **Custom domain** / **Address** entries, depending on your LuCI). 2. Add an entry: **Hostname** `polymarket.com`, **IP** the real IP (e.g. `64.239.109.1`). Add another for `www.polymarket.com` with the same IP if needed. 3. **Save & Apply**. ### 2c.3 Add static route in LuCI 1. Go to **Network** → **Routes** (or **Static routes**). 2. Click **Add** (or **Add new IPv4 route**). 3. Set: - **Target**: the real IP with `/32` (e.g. `64.239.109.1/32`). - **Gateway**: use the **Starlink (wan2) gateway** — either choose **Use gateway from interface** and select **wan2**, or enter the **wan2 DHCP gateway IP** (the IP your router uses as default gateway on the Starlink side; see **Network** → **Interfaces** → wan2 for the gateway). - **Type**: **unicast** (default). - **Metric**: leave default. 4. **Save & Apply**. Traffic to that IP now goes via wan2; DNS gives your devices the real IP, so the route is used. If the site stops working later, re-resolve the domain (e.g. on Starlink), update the hostname override and the route if the IP changed. --- ## Part 3: Quick reference (LuCI locations) | Step | LuCI path | |-------------------------|-------------------------------------| | Create Starlink client | Network → Wireless → Scan → Join | | WAN interface for WiFi | Network → Interfaces → Add (DHCP, wan zone) | | Load Balancing config | Network → Load Balancing | | Interfaces (wan, wan2) | Load Balancing → Interfaces | | Policies | Load Balancing → Policies | | Rules (polymarket, default) | Load Balancing → Rules | | Policy without mwan3 | Part 2b: script + hotplug | | Policy via LuCI only | Part 2c: Hostnames + Network → Routes | --- ## Troubleshooting - **Starlink client not getting IP**: Check WiFi password; ensure Starlink router is in range; check **Network** → **Wireless** that the client network is enabled and associated. - **All traffic still via main WAN**: Ensure the polymarket rule is **above** the default rule; check **Destination address** uses the correct IPs/CIDRs; ensure **starlink_only** policy uses only **wan2_m1**. - **Polymarket works then stops**: CDN IPs changed; re-resolve the domain(s) and update the rule’s destination IPs. - **LuCI "Load Balancing" missing**: Install `luci-app-mwan3` via SSH and refresh the page. - **Using Part 2b (no mwan3)**: If polymarket stops working, CDN IPs may have changed; run `resolveip -4 polymarket.com` (or from a PC) and set `POLYMARKET_IPS` in the script, or ensure the script runs when DNS is available (e.g. after both WANs are up).