Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Thu Apr 28, 2022 11:25 Post subject:
It is very useful you posted settings, it gives us the opportunity to review and help
and yes it works as outlined in my comment but if you want to use DNSMasq for DNS resolving (i.e. hand out the routers address as DNS server to your LAN clients then I suggest you remove the entry in the Additional DNSmasq options.
You can keep Forced DNS redirection enabled to capture rogue clients but you do not have to.
As rogue clients often use DoT or DoH it is less useful then it used to be.
If you are interested in stopping rogue DNS clients then the IPSET guide (sticky in the Advanced Networking forum) has a paragraph about it
Joined: 04 Aug 2018 Posts: 1444 Location: Appalachian mountains, USA
Posted: Fri Apr 29, 2022 3:06 Post subject:
Regarding checking what channels are used by neighbors at what signal strength (RSSI in dBm so less negative = stronger), the AirPort app for iOS is occasionally useful, but if you have dd-wrt up, a better option is the Status tab, Wireless subtab, then the Site Survey button at the bottom. Before you click it, set the interface drop down near the top of the page at either wlan0 or wlan1 to indicate which band you want data for. After clicking, you get a nice popup window with a ton of info. Click a heading to sort by that heading.
From what you say, you likely have strong neighbor signals on all 2.4GHz channels, but you never know. Sort by RSSI and see if perhaps one or two neighbor signals are real whoppers!
Also, until you get things at least basically working, stick to WPA2 Personal with AES security. Various readers have experimented with WPA3 in these WRT Marvell routers and found it not to work together with WPA2 or WPA2 clients. My own experiments were less thorough but pointed to the same conclusion: stick to WPA2 Personal. Likewise to stick with what works for nearly everyone, use DNSMasq for DNS. Once that works, current builds have a working "Encrypt DNS" menu item for Adguard. (I find Adguard pitifully slow though, though YMMV esp because location.) _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.