First post here after reading the forums for many days since I got 3* Flint 3 and a Slate 7 (yes, there’s more stuff coming in the email, and I used in the past and still have a pair of Flint 2).
What’s the forum’s consensus on the best practice setup for a home network, with some paranoia inculded.
I was looking for that “quick start” post/doc/kb showing how one would get up and running fast, still be safe, and then build out from there… and I admit, I’m not good at finding (just at searching LOL).
What scared me and I took notes but haven’t found the “best” answer, i.e.:
Flint 3 has issues with MLO, “I sold mine went back to Flint 2”
Still no mesh but ssh and manually enable 802.11r and no, don’t trust Luci for that
If you were to start today with 3* Flint 3 (maybe use the Flint 2 also?), have around 350 devices (mostly IoT on 2.4GHz), 10G unmanaged switch (have mesh of several other vendors’ 10G devices, some hardwired, others PoE/wireless backhaul, almost all WiFi7), need to keep work/home/kids/IoT on separate VLANs and apply different QoS, let different devices go out via VPNs, ToR or directly to work-related systems…. what’d you recommend?
Sorry again for the broad question and if I missed that “quick start best practices secure mesh” guide
Use a router as a router and get a real security appliance for the rest + real access points with mesh Wi-Fi as a real feature. I would say you will not be happy with OpenWrt in that case. It's for power users, not for enterprise-grade home networking.
And I would recommend using managed 10G switches. VLAN will require it anyway.
I’ve played with all kids of things over the past decades and it was more of an impulse buy, going back to the tweaking days vs running Ent gear.
Still, any get-up-and-running-in-no-time guide?
(Google somehow sent me to the Merlin-WRT page and it reminded me how everyone had their best practice with more better than best practice for every parameter and script one could load… I forgot I had an AiMesh when it came up back in the days)
Not on my end, as it is outside the device's capabilities. There are several mesh and VLAN tutorials in the OpenWrt wiki and in our forum.
I'm not even sure if mesh Wi-Fi is something that can be implemented with OpenWrt without causing a lot more grey hair. I wouldn't suggest it, but I believe that I am getting too old to keep trying when there are already products that function exactly the way I want them to.
And in-no-time and custom OpenWrt thingys ... well.
Reliable mesh networking and seamless roaming is not the domain of openwrt routers but closed source firmware ones. I would personally suggest to replace your three flint3 with either a full stack mesh kit or a Blume2 and smart managed access points (omada, unifi or Zyxel).
Agree on this, OpenWrt will give alot of layer of complexity, it is not impossible but I know that this occasionally breaks when I look to dawn or batman, even roaming can have it's challenges, like failing on multi psk, and even then when it is patched luci is becoming troublesome, things like: option dynamic_vlan '2' and option vlan_naming '1' will get reset by luci since the introduction for ppsk support in luci (external radius).
Personally I think a complete solution by vendor firmware is alot user friendly, but I won't recommend this to perform on a GL-iNet product.
I came here for the open source and what looked like a vibrant community of knowledgeable folks. And to escape at least partially the Ent level products and proprietary software.
I had a Brume 3 in my cart (funny Set Up VPN Serve YT video showing an Asus Router with AiMesh before one gets to the Beryl 7) when it went on sale but thought I already had plenty of gl-net hardware (new, old that came back, and more arriving) and wanted to give it a try with what I had invested in so far, expecting some pain and lots of fun.
I admit I took it as granted that all routers nowadays, big and expensive, or cheap and cheerful, would do at least QoS and DPI, and apparently had landed on the GL.iNet Router Docs 4 QoS page but didn’t read it to see “the available only on GL-MT5000 (Brume 3)” note.
Everything was purchased from store-ca.gl-inet.com over time, so I don’t think its returnable today but still, I’d likce to have some fun before I give up.
If anyone has a handy “quick start”, please share, as I still can’t find one that gets even at how to setup the 3x Flint 3 to get phones to not drop wifi calls when one moves around the house.
You are correct, especially on Mediatek SDK and or QSDK this may not be supported through out luci, luci is very limited at that, but driver is not.
If for pure OpenWrt yes it is possible, you are looking to a luci-proto-batman or luci-proto-dawn package these leverage the same protocols for mesh 802.11k, 802.11V and do tunneling, so it is aware based on the quality and sents a probe for the client to change.
However because mesh is overlooked alot of times, sometimes occasionally it can break and then it is hard to get focus on a bug report.
Imo it is a much better experience using a OEM router with OEM firmware specially designed for mesh, if you look for a easy plug and play and never look back experience don't go with OpenWrt it can be very complex also with tracking bugs.
Edit:
Also another problem, clients need to be able to understand these standards aswell or they fail to roam properly.
I read that OP talks about phones over wifi, it is possible to just setup fast roaming and adjust them per elevation or area (for area only if there is really strong isolation in the wall), all flints need a lower tx power and tested with something like wifiman, and then in the wireless settings multicast to unicast needs to be checked to ensure udp streams work properly.
Thank you for the reply and sorry for my posts showing out of sync but for some reason, I’m being moderated. Someone has grudges since I was a sysop in the 80-ies and kicked them off my BBS back then?
I’ll skip the Brume 3 (for now) and run the 3* Flint 3 as a router and 2 APs, with 802.11r for VoIP roaming and if things don’t work as needed, the proprietary mesh I use now will have to stay… until Flint 4 comes one day hopefully in 2026 and gives me all the 10Gbps ports I have and hopefully proper mesh.
