11 KiB
OpenWrt: Connect to Starlink WiFi (client) and route blocked sites via it (LuCI)
Step-by-step using the LuCI web UI where possible. Router: Archer C6, OpenWrt/LuCI. Goal: main WAN stays default; traffic to polymarket (and similar) goes via Starlink WiFi.
Part 1: Connect router to Starlink WiFi (client mode)
You need one radio as AP (your LAN WiFi) and one as Client (Starlink). Archer C6 has 2.4 GHz and 5 GHz; use one for Starlink client.
1.1 Install WiFi client (if needed)
SSH into the router, then:
opkg update
opkg install wpad-mesh-openssl
(Some images already include this. If "Scan" works in LuCI, skip.)
1.2 Create the Starlink client interface in LuCI
- Log in to LuCI (e.g.
http://192.168.0.1). - Go to Network → Wireless.
- You should see two radios (e.g. "Radio0 (2.4 GHz)", "Radio1 (5 GHz)").
- On the radio you will use for Starlink (e.g. Radio1 (5 GHz)):
- Click Scan.
- Wait for the list; find your Starlink WiFi SSID.
- Click Join network next to it.
- In the dialog:
- Network: leave as new (e.g.
wwan) or set a name likestarlink. - Wireless Security: choose the encryption (usually WPA2-PSK) and enter the Starlink WiFi password.
- Leave other options default. Submit.
- Network: leave as new (e.g.
- The new interface (e.g.
wwanorstarlink) appears under Network → Wireless as a Client network. Ensure it is Enabled and not disabled.
1.3 Create a WAN interface for Starlink and assign firewall
The client connection gets an IP via DHCP from Starlink. You must create a protocol interface for it and put it in the wan firewall zone so it is used as a WAN.
- Go to Network → Interfaces.
- Click Add new interface:
- Name:
wan2(orstarlink). - Protocol: DHCP client.
- Device: select the device that corresponds to the Starlink client (e.g.
wwanor the wireless device name shown for that client network). If unsure, check Network → Wireless and see which device the client is on (e.g.wlan1). - Submit.
- Name:
- On the new interface’s page:
- General Setup: ensure "Bring up on boot" or similar is checked.
- Firewall Settings: assign to wan (same zone as your main WAN). Required for NAT and for policy routing (mwan3 or the script in Part 2b).
- Save & Apply.
1.4 Verify Starlink connectivity
- In Network → Interfaces,
wan2should show an IP (from Starlink’s DHCP). - From a device on your LAN, you can ping 8.8.8.8 (main WAN is still default). To test Starlink alone you’ll confirm after Part 2 with a policy.
Part 2: Install and configure mwan3 (Load Balancing)
mwan3 will use both WANs: default traffic via main WAN, and specific destination IPs (polymarket) via Starlink.
2.1 Install mwan3 (SSH)
LuCI app for mwan3 is not always preinstalled. On the router via SSH:
opkg update
opkg install mwan3 luci-app-mwan3
Then in LuCI you should see Network → Load Balancing (or Multi-WAN).
2.2 Configure interfaces (LuCI)
- Go to Network → Load Balancing → Configuration (or Interfaces tab).
- Interfaces:
- You should see wan (main) and wan2 (Starlink). If not, add wan2:
- Interface:
wan2 - Enable: checked
- Track IP: e.g.
8.8.8.8or1.1.1.1(used for health check). - Metric:
20(higher than wan so default route prefers main WAN). - Reliability: e.g.
1. - Save.
- Interface:
- For wan (main WAN):
- Metric:
10(lower = preferred for default). - Track IP: e.g.
8.8.8.8. - Save.
- Metric:
- You should see wan (main) and wan2 (Starlink). If not, add wan2:
- Members tab:
- wan → member e.g.
wan_m1, metric1. - wan2 → member e.g.
wan2_m1, metric1.
- wan → member e.g.
- Policies tab:
- default_policy: last resort; assign only wan_m1 (main WAN only). So all traffic that doesn’t match a rule uses main WAN.
- Add policy starlink_only: assign only wan2_m1. This will be used for polymarket IPs.
- Rules tab (order matters; more specific first):
- Add a rule for polymarket:
- Name: e.g.
polymarket_via_starlink - Destination address: see below (polymarket IPs). You can add one rule with multiple IPs/CIDRs or several rules.
- Policy: starlink_only
- Sticky: optional (e.g. 1 minute) so the same connection stays on Starlink.
- Name: e.g.
- Ensure there is a default rule:
- Destination address:
0.0.0.0/0 - Policy: default_policy
- Destination address:
- Default rule must be last (lowest priority). Polymarket rule must be above it.
- Add a rule for polymarket:
2.3 Polymarket destination IPs
mwan3 matches by destination IP, not domain. You need to add the IPs (or CIDRs) for polymarket.com and any related hostnames.
- Resolve from a PC (that can reach polymarket, or use any DNS):
nslookup polymarket.comnslookup www.polymarket.com- Add any other subdomains you use (e.g.
gamma-api.polymarket.com).
- In LuCI Load Balancing → Rules, in the polymarket rule set Destination address to one of:
- Single IP:
a.b.c.d/32 - Several IPs: add multiple rules with the same policy, or use a space-separated list if LuCI allows (e.g.
1.2.3.4/32 5.6.7.8/32).
- Single IP:
- CDN IPs can change. If the site stops working via Starlink, resolve the domains again and add/update the IPs in the rule. You can later automate this with a script that updates the mwan3 config or uses ipset.
Example (replace with real IPs you resolved):
- Destination address:
104.18.2.2/32 172.67.1.1/32(example only; get real IPs for polymarket.com).
2.4 Save and apply
- Save & Apply in Load Balancing and in Network → Interfaces if you changed anything.
- Test: from a LAN device, open polymarket.com; it should go via Starlink. Other sites still via main WAN.
Part 2b: Policy routing without mwan3 (low flash)
If you cannot install mwan3 (e.g. only ~80 KB free on flash), you can get the same behaviour using ip rules and a custom routing table. No extra packages: uses ip, resolveip, ubus, jsonfilter (all default on OpenWrt).
2b.1 Copy and run the script
- Copy
starlink-policy-route.shto the router (e.g./etc/starlink-policy-route.sh). - Make it executable:
chmod +x /etc/starlink-policy-route.sh. - Run once when wan2 is up:
/etc/starlink-policy-route.sh setup.
The script resolves polymarket.com and www.polymarket.com (via resolveip), gets wan2 gateway from ubus, adds a default route in table 100 via wan2, and adds ip rule add to <ip> table 100 for each resolved IP. All other traffic keeps using the main WAN.
2b.2 Run on wan2 up (hotplug)
So routes are applied after Starlink (wan2) gets an IP, create a hotplug script:
# On router: create /etc/hotplug.d/iface/99-starlink-policy
#!/bin/sh
[ "$INTERFACE" = "wan2" ] && [ "$ACTION" = "ifup" ] && /etc/starlink-policy-route.sh setup
Make it executable: chmod +x /etc/hotplug.d/iface/99-starlink-policy.
2b.3 Optional: set IPs manually
If DNS is not ready when the script runs (e.g. wan2 up before main WAN), resolve the domains on a PC and set them in the script:
# In starlink-policy-route.sh set (replace with real IPs):
POLYMARKET_IPS="104.18.2.2 172.67.1.1"
Then the script skips resolveip and uses these IPs. Update them if the site stops working (CDN changes).
2b.4 Remove routes
To remove the policy routes: /etc/starlink-policy-route.sh remove.
Part 2c: Policy routing via LuCI only (static routes)
You can achieve the same result entirely in LuCI without mwan3 or scripts: (1) override the hostname so DNS returns the real Polymarket IP (not your ISP’s spoofed one), and (2) add a static route for that IP via wan2. Route type: unicast (default).
2c.1 Get the real IP
Your ISP may resolve polymarket.com to a block/fake IP. You need the real server IP. Resolve while connected to Starlink WiFi (or using DNS 8.8.8.8): nslookup polymarket.com and nslookup www.polymarket.com. Note the IPv4 address (e.g. 64.239.109.1). Use that for the route and the hostname override below.
2c.2 Override the hostname in LuCI (so DNS returns the real IP)
So your LAN devices don’t get the ISP-spoofed IP:
- Go to Network → Hostnames (or DHCP and DNS → Hostnames / Custom domain / Address entries, depending on your LuCI).
- Add an entry: Hostname
polymarket.com, IP the real IP (e.g.64.239.109.1). Add another forwww.polymarket.comwith the same IP if needed. - Save & Apply.
2c.3 Add static route in LuCI
- Go to Network → Routes (or Static routes).
- Click Add (or Add new IPv4 route).
- Set:
- Target: the real IP with
/32(e.g.64.239.109.1/32). - Gateway: use the Starlink (wan2) gateway — either choose Use gateway from interface and select wan2, or enter the wan2 DHCP gateway IP (the IP your router uses as default gateway on the Starlink side; see Network → Interfaces → wan2 for the gateway).
- Type: unicast (default).
- Metric: leave default.
- Target: the real IP with
- Save & Apply.
Traffic to that IP now goes via wan2; DNS gives your devices the real IP, so the route is used. If the site stops working later, re-resolve the domain (e.g. on Starlink), update the hostname override and the route if the IP changed.
Part 3: Quick reference (LuCI locations)
| Step | LuCI path |
|---|---|
| Create Starlink client | Network → Wireless → Scan → Join |
| WAN interface for WiFi | Network → Interfaces → Add (DHCP, wan zone) |
| Load Balancing config | Network → Load Balancing |
| Interfaces (wan, wan2) | Load Balancing → Interfaces |
| Policies | Load Balancing → Policies |
| Rules (polymarket, default) | Load Balancing → Rules |
| Policy without mwan3 | Part 2b: script + hotplug |
| Policy via LuCI only | Part 2c: Hostnames + Network → Routes |
Troubleshooting
- Starlink client not getting IP: Check WiFi password; ensure Starlink router is in range; check Network → Wireless that the client network is enabled and associated.
- All traffic still via main WAN: Ensure the polymarket rule is above the default rule; check Destination address uses the correct IPs/CIDRs; ensure starlink_only policy uses only wan2_m1.
- Polymarket works then stops: CDN IPs changed; re-resolve the domain(s) and update the rule’s destination IPs.
- LuCI "Load Balancing" missing: Install
luci-app-mwan3via SSH and refresh the page. - Using Part 2b (no mwan3): If polymarket stops working, CDN IPs may have changed; run
resolveip -4 polymarket.com(or from a PC) and setPOLYMARKET_IPSin the script, or ensure the script runs when DNS is available (e.g. after both WANs are up).