Out of the box, the router provides two networks (Private .8 and Guest .9), with four SSIDs (2 for each band). I want to add two more networks with their respective SSIDs (Home/Private, Guest, IoT, and Work), across both 2.4GHz and 5GHz bands. I’ve seen a few posts in the forums about similar setups (multiple networks with selective VPN proxy), but none seem to have a clear, supported solution.
I know this can be done rather easily with openwrt, because I got it working with a Linksys WRT3200. The openwrt firmware just didn't seem compatible with this gear, and network performance and dropped packets were an issue, prompting me to buy the Flint 2.
But I dont want to flash the Flint 2 and give up the easier UI, and drivers built directly from Glinet. I attempted to do this via LuCI by creating new interfaces and SSIDs, but the new networks appear in the GL.iNet UI, but I can't connect to them.
To reiterate My specific goals:
Four networks (Home, Guest, IoT, Work) with separate SSIDs across both 2.4GHz and 5GHz.
Only one of these networks routed through the VPN client (e.g., Work = VPN). In the GLinet UI, the VPN proxy option only shows Private and Guest.
Is this multi-network/multi-SSID, selective network VPN routing approach fully supported on the MT6000 with stock firmware through LuCi advanced config?
Is there a recommended approach to add the additional SSIDs/networks that will sync correctly between LuCI and the GL.iNet UI?
Please SSH to the router and execute these, it will add the SSID radio group of 'GL Router-Custom' and 'GL Router-IoT':
# /etc/config/network
uci add network device # =cfg1b0f15
uci set network.@device[-1].type='bridge'
uci set network.@device[-1].name='br-iot'
uci set network.iot=interface
uci set network.iot.proto='static'
uci set network.iot.device='br-iot'
uci set network.iot.ipaddr='192.168.11.1'
uci set network.iot.netmask='255.255.255.0'
# /etc/config/dhcp
uci set dhcp.iot=dhcp
uci set dhcp.iot.interface='iot'
uci set dhcp.iot.start='100'
uci set dhcp.iot.limit='150'
uci set dhcp.iot.leasetime='12h'
uci add_list dhcp.iot.ra_flags='none'
# /etc/config/firewall
uci add firewall zone # =cfg26dc81
uci set firewall.@zone[-1].name='iot'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci add_list firewall.@zone[-1].network='iot'
uci add firewall forwarding # =cfg27ad58
uci set firewall.@forwarding[-1].src='iot'
uci set firewall.@forwarding[-1].dest='wan'
# /etc/config/wireless
uci del wireless.mt798612.disabled
uci set wireless.wifinet4=wifi-iface
uci set wireless.wifinet4.device='mt798612'
uci set wireless.wifinet4.mode='ap'
uci set wireless.wifinet4.ssid='GL Router-IoT-5G'
uci set wireless.wifinet4.encryption='psk2'
uci set wireless.wifinet4.key='goodlife'
uci set wireless.wifinet4.network='iot'
uci set wireless.wifinet4.ifname='rax2'
uci del wireless.mt798611.disabled
uci set wireless.wifinet5=wifi-iface
uci set wireless.wifinet5.device='mt798611'
uci set wireless.wifinet5.mode='ap'
uci set wireless.wifinet5.ssid='GL Router-IoT-2.4G'
uci set wireless.wifinet5.encryption='psk2'
uci set wireless.wifinet5.key='goodlife'
uci set wireless.wifinet5.network='iot'
uci set wireless.wifinet5.ifname='ra2'
uci del wireless.mt798612.disabled
uci set wireless.wifinet6=wifi-iface
uci set wireless.wifinet6.device='mt798612'
uci set wireless.wifinet6.mode='ap'
uci set wireless.wifinet6.ssid='GL Router-Custom-5G'
uci set wireless.wifinet6.encryption='psk2'
uci set wireless.wifinet6.key='goodlife'
uci set wireless.wifinet6.network='iot'
uci set wireless.wifinet6.ifname='rax3'
uci del wireless.mt798611.disabled
uci set wireless.wifinet7=wifi-iface
uci set wireless.wifinet7.device='mt798611'
uci set wireless.wifinet7.mode='ap'
uci set wireless.wifinet7.ssid='GL Router-Custom-2.4G'
uci set wireless.wifinet7.encryption='psk2'
uci set wireless.wifinet7.key='goodlife'
uci set wireless.wifinet7.network='iot'
uci set wireless.wifinet7.ifname='ra3'
uci commit
reboot
You can bring the Private (Home) as a Work.
Since the custom added SSID radio will not be displayed in the VPN proxy 'VLAN', it only uses the Private as a Work.
The clients list will not display the client/devices which connected to the custom added SSID Radio.
Really appreciate this . Just one problem. Devices connect to these custom SSIDs, and get a DHCP address, but for some reason they cannot reach the internet. Even with the zone iot -> wan created. maybe a DNS problem?
Do I need a traffic rule to allow DNS to the router from iot zone? Or is that not needed because iot zone already has 'accept' on input?
Is the obtained DHCP address of the client corresponding iot subnet?
Can the client ping the iot gateway IP? Like ping 192.168.11.1
Can the client ping 8.8.8.8? Like ping 8.8.8.8
Can the client ping google.com? Like ping google.com
If the firewall zone rule iot -> wan is 3 'accept', it does not require to add the DNS 53 traffic rule.
DHCP lease is correct, I can ping the gw and DNS works. Just seems that traffic stops at the next hop (gw).
root@GL-MT6000:~# ip route show table main
default via 10.0.0.1 dev eth1 proto static src 10.0.0.92 metric 10
10.0.0.0/24 dev eth1 proto static scope link metric 10
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1
192.168.173.0/24 dev br-iot proto kernel scope link src 192.168.173.1
macbook@8015 ~ % ping google.com
PING google.com (142.251.33.174): 56 data bytes
92 bytes from gl-mt6000.lan (192.168.173.1): Destination Port Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 b822 0 0000 7f 01 64bc 192.168.173.120 142.251.33.174
macbook@8015 ~ % traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 128 hops max, 40 byte packets
1 gl-mt6000.lan (192.168.173.1) 7.918 ms 2.403 ms 6.231 ms
2 gl-mt6000.lan (192.168.173.1) 10.208 ms 4.577 ms *
It may be that a firewall or some rules have affected it.
I did not reproduce this phenomenon on my router.
Other users have used these commands and have not reported any similar issue.
The firmware you are using is closed-source firmware, not 4.7.0-op24, right?
Please try reset the firmware settings and re-configure it.
4.7.0-op24
# /etc/config/network
uci add network device # =cfg1b0f15
uci set network.@device[-1].type='bridge'
uci set network.@device[-1].name='br-iot'
uci set network.iot=interface
uci set network.iot.proto='static'
uci set network.iot.device='br-iot'
uci set network.iot.ipaddr='192.168.11.1'
uci set network.iot.netmask='255.255.255.0'
# /etc/config/dhcp
uci set dhcp.iot=dhcp
uci set dhcp.iot.interface='iot'
uci set dhcp.iot.start='100'
uci set dhcp.iot.limit='150'
uci set dhcp.iot.leasetime='12h'
uci add_list dhcp.iot.ra_flags='none'
# /etc/config/firewall
uci add firewall zone # =cfg26dc81
uci set firewall.@zone[-1].name='iot'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci add_list firewall.@zone[-1].network='iot'
uci add firewall forwarding # =cfg27ad58
uci set firewall.@forwarding[-1].src='iot'
uci set firewall.@forwarding[-1].dest='wan'
# /etc/config/wireless
uci set wireless.wifinet4=wifi-iface
uci set wireless.wifinet4.device='radio1'
uci set wireless.wifinet4.mode='ap'
uci set wireless.wifinet4.ssid='GL Router-IoT-5G'
uci set wireless.wifinet4.encryption='psk2'
uci set wireless.wifinet4.key='goodlife'
uci set wireless.wifinet4.network='iot'
uci set wireless.wifinet4.ifname='wlan1-2'
uci set wireless.wifinet5=wifi-iface
uci set wireless.wifinet5.device='radio0'
uci set wireless.wifinet5.mode='ap'
uci set wireless.wifinet5.ssid='GL Router-IoT-2.4G'
uci set wireless.wifinet5.encryption='psk2'
uci set wireless.wifinet5.key='goodlife'
uci set wireless.wifinet5.network='iot'
uci set wireless.wifinet5.ifname='wlan0-2'
uci set wireless.wifinet6=wifi-iface
uci set wireless.wifinet6.device='radio1'
uci set wireless.wifinet6.mode='ap'
uci set wireless.wifinet6.ssid='GL Router-Custom-5G'
uci set wireless.wifinet6.encryption='psk2'
uci set wireless.wifinet6.key='goodlife'
uci set wireless.wifinet6.network='iot'
uci set wireless.wifinet6.ifname='wlan1-3'
uci set wireless.wifinet7=wifi-iface
uci set wireless.wifinet7.device='radio0'
uci set wireless.wifinet7.mode='ap'
uci set wireless.wifinet7.ssid='GL Router-Custom-2.4G'
uci set wireless.wifinet7.encryption='psk2'
uci set wireless.wifinet7.key='goodlife'
uci set wireless.wifinet7.network='iot'
uci set wireless.wifinet7.ifname='wlan0-3'
uci commit
reboot