OMNI II network ports locks-up

I'm a bit late to this thread, and have no experience with OpenWRT. I did purchase a WT3020H microrouter, flashed it with OpenWRT, configured the WAN IP address to the original IP address that was assigned to my OPII (step 4 below). But I'm stuck on points 2 and 3 as Pete suggested years ago:
 
1 - I just changed the IP of the OPII Pro to some other IP on a tiny subnet.
2 - created a new tiny subnet on the inside interface of a cheap old wireless AP/router/switch
3 - bridge or put the new HAI IP into a DMZ on the inside. 
4 - Use the old HAI OPII IP for a static IP configuration on the outside of the firewall.
 
I would greatly appreciate some guidance from someone who is proficient in OpenWRT on how best this could be accomplished...there are too many options for me to digest!
 
much appreciated!
 
Steps 1,2,3,4 are fine. 
 
In number 4 configure the outside part of the DD-WRT with a static IP, no DHCP, Gateway and DNS of your main network.
 
Just looked at my set up and have port 22, 80 forwarded to anything on the little LAN.
 
I use SSH and the OpenWRT browser interface.
For HAI I have port 4369 forwarded to HAI IP 192.168.1.2
I left it at the default subnet mask of /25 here.
 
Here using an OpenWRT microrouter (1" X 2" X 1/2") inside of the OP2 panel using a 12VDC to 5VDC connection and or a small POE to 5VDC micro USB connection to the router.
 
whumphrey said:
Anyway, I did finally have some success by trying *another* old 10/100 switch I found in the basement.
 
There has to be some perfect storm of circumstances that creates this issue, otherwise lots more people would be screaming at HAI wouldn't they?  since most people use their home network for streaming video and other high bandwidth applications?    

-Warren
 
I was re-reading through this post and saw the above from Warren for which he brought up a good point. 
 
For those experiencing network issues with the Omnipro, I imagine very few non-network admin type users look at the network switch to see if the OP port has issues or that anyone is running syslog or looking at switch logs to see port errors...., but case in fact, I've seen quite a few installations with errors on the network ports specifically for the OP (and the Email Notifier).   Rarely if ever any issues with the OP network port being down or failing (down/failed often is such for the Email Notifier though).  Even on networks with a significant amount of network traffic, with hundreds of network ports in use, home networks with streaming video, multicast traffic, or just a lot of traffic with no failure with network connectivity to the OP.  When you do have an issue, as you've read here, some installations for whatever reason don't do well on high traffic networks, possibly due to small packet buffers, switch port errors (switch internal problem), bad cable, cabling errors such as running parallel to electrical lines, florescent lights, etc...., or bad hardware. 
 
As complex as the above seems, everyday network switches are prone to having compatibility issues with specific network controller chipsets. It may simply be you had a switch or two that was incompatible with the old Omnipro chipset but those same switches may work OK with other network chipsets and perhaps a model or two that would also fail that you haven't seen yet.  Over the years, even some high-end Intel network cards fail on Cisco routers, only to work properly later by a switch firmware fix or network card firmware update. Many computer manufacturers have a list of switches they don't work with or specific network controller chipsets they know are issues, and likewise, the major network controller manufacturers know what they have issues with.    Ever wonder why some routers, AP's, and switches have built-in reboot routines for daily/weekly/monthly reboots?  Sometimes things just don't work they way we hope so some manufacturer's already take these situations into account.
 
The bottom line and the good here is that there is likely always a way to get the equipment to work, no matter what the cause! :nutz:  
 
pete_c said:
Steps 1,2,3,4 are fine. 
 
In number 4 configure the outside part of the DD-WRT with a static IP, no DHCP, Gateway and DNS of your main network.
 
Just looked at my set up and have port 22, 80 forwarded to anything on the little LAN.
 
I use SSH and the OpenWRT browser interface.
For HAI I have port 4369 forwarded to HAI IP 192.168.1.2
I left it at the default subnet mask of /25 here.
 
Here using an OpenWRT microrouter (1" X 2" X 1/2") inside of the OP2 panel using a 12VDC to 5VDC connection and or a small POE to 5VDC micro USB connection to the router.
Thanks Pete, all seems to be working fine here, configuring OpenWRT  wasn't as hard as I thought. I did have some trouble getting ports 22 and 80 accessible from the WAN port; port forwarding wasn't enough, I had to open up the firewall for these ports. No problems now with SSH and browser access.
 
If any OpenWRT noob requires any assistance with this, I'm willing to assist.
 
Here are my port forwards with OpenWRT.   When you port forward you are opening up the firewall.
 
It's not really much of an issue anyhow because it is a LAN inside of another LAN.
 
Port 22 is for ssh to the OpenWRT router and port 80 is for the openwrt management interface.
 
openWRT.jpg
 
Note I am using a 1" X 2" OpenWRT router wedged between the OP2 panel and the side of the can. 
 
Nexx WT3020 with OpenWRT OS
 
It was on Amazon.  That said it is on GearBest for $18 with free shipping.
 
You can purchase a micro USB to coaxial barrel jack for powering it in the can.
 
I have the WLAN radio off and powering up the OpenWRT router using a 12VDC to 5VDC mini USB power cable.
 
There is enough work space on the OpenWRT router to install HAI Logger with the Smartthings hub connect.
 
Thinking maybe of removing the OpenWRT router and installing the Rock64 4Gb computer in it's place.
 
Only adding one NIC port to the Rock 64 to make it a firewall combo, HS3 box and HAI Logger box.  Not sure how thin of a case I can get for it.  I could maybe velcro it to the side of the can.   Only thing is that Oracle VB will not run on an ARM CPU.  (you could add PCA in a VB on the box)
 
pete_c said:
Here are my port forwards with OpenWRT.   When you port forward you are opening up the firewall.
 
It's not really much of an issue anyhow because it is a LAN inside of another LAN.
 
Port 22 is for ssh to the OpenWRT router and port 80 is for the openwrt management interface.
 
attachicon.gif
openWRT.jpg
 
Note I am using a 1" X 2" OpenWRT router wedged between the OP2 panel and the side of the can. 
 
Nexx WT3020 with OpenWRT OS
 
It was on Amazon.  That said it is on GearBest for $18 with free shipping.
 
You can purchase a micro USB to coaxial barrel jack for powering it in the can.
 
I have the WLAN radio off and powering up the OpenWRT router using a 12VDC to 5VDC mini USB power cable.
 
There is enough work space on the OpenWRT router to install HAI Logger with the Smartthings hub connect.
 
Thinking maybe of removing the OpenWRT router and installing the Rock64 4Gb computer in it's place.
 
Only adding one NIC port to the Rock 64 to make it a firewall combo, HS3 box and HAI Logger box.  Not sure how thin of a case I can get for it.  I could maybe velcro it to the side of the can.   Only thing is that Oracle VB will not run on an ARM CPU.  (you could add PCA in a VB on the box)
Hi Pete,

--Never Mind-- Had to Add Traffic Rule "This Device" and it worked!

Apparently Port 80 and 22 just need to be defined in Traffic Rules, not Port Forward!


------------------------------------------------------------------------------------- 
I know this old but related to my setup.
 
It has been a very long time since I did Port Forward OpenWRT.
 
I setup the forwards, but since replacing Stock GL-iNET MT300-V2 with OpenWRT and then set Router to Static IP to same WAN Address as my original OMNI II Pro, I cannot access router on main LAN using port 80.  This worked with stock firmware, bun OpenWRT is blocking traffic even though WAN is setup to pass port 80 to LAN.
 
I haven't deployed yet, spending afternoon attempting to replicate stock firmware setup. I was a video on traffic rules for WAN to LAN ports, but that didn't allow port 80 to pass either.  I can ping the router, but can access from WAN computer (only LAN side can access Router using browser).
 

 
-Bob
 
Hello Bob,
 
Here are my screen shots in OpenWRT.

These are the zones configured under general.
 
[sharedmedia=gallery:images:1429]

These are the port forwards.
 
[sharedmedia=gallery:images:1428]

You should be able to bring up the OpenWRT menu via the IP on the WAN side.
 
Hi Pete,
 
I attempted to reply last Saturday how I got it working, but Cocoontech went into 'Captia' challenge when I was going to add graphics and I lost my reply.
 
I setup Port 22 & Port 80 a little different, using "This Device" in "Firewall - Traffic Rules" definition.
 
I was once again able to access from Main Lan. I started messing with Zones, then I remembered I could Ping and looked to see where it was defined. This gave me the idea to add Port 80 & Port 22 to "Firewall - Traffic Rules" since they are dedicated to the router and not the LAN.
 
GL-iNet_MT300N-V2-Firewall-Traffic-Rules-Ports-80-&-22.jpg
 
I did mess with Zones earlier (prior to my last Post), and still may need to change them for Port 4369 to pass once I deploy.
 
 
 
 
pete_c said:
Hello Bob,
 
Here are my screen shots in OpenWRT.

These are the zones configured under general.
 


These are the port forwards.
 


You should be able to bring up the OpenWRT menu via the IP on the WAN side.
Hi Again Pete,
 
I did read elsewhere how you should disable IPV6 in OpenWRT! 
 
Do you have a suggestion for a link to correct procedure in doing this? I don't want to go backwards (I haven't had much time to work on this, and saw a few discussions, but if you no a good tutorial or document that would be helpful).
 
I'm neck deep in my accounting, so I thought I would post to you before I dig in again.
 
-Bob
 
Bob,
 
Just delete any references on the OpenWRT configuration to IP6. 
 
You can leave it on if you want.  I did this years ago.  Today I am running IP6 on the PFSense Firewall and internally but not on the OpenWRT router.
 
Hey Pete,
 
Last weekend I had time after getting Taxes done and addressing various client emergencies to start the installation of DMZ, when I discovered I had the wrong SMAKIN power supply (MINI USB not Micro). So I ordered another Power Supply and it came Thursday.  This morning I installed both GL router (after turning off one of the LEDs in setup 2 weeks ago) and Power Supply, and patched back into network.
 
All communication is working fine, from my HAIKU app on iPhone and PC ACCESS (so nice I can set the clock in 2021 again). I still need to test with Shields UP, since I don't have enough LTE to test externally.
 
Thank you for taking the time to post articles and sharing your Firewall settings. I patterned Port 22 & 80 in Traffic Rules based on how "ALLOW PING" was setup.
 
I also discovered after documenting how OprnWrt handles Port Forward using IP Address instead of Factory GL  FW using MAC Address (reminds me of OLD DSL Routers).
 
I never liked implementing Port Forwards based on MAC address! OMNI in its own DMZ subnet now. While I was at it,  I added second 16_Zone Expansion last week since I took unit offline last week (I purchased it about two years ago when Leviton announced discontinuing HAI).
 
Thanks again @pete_c I appreciate you originally pointing out how Network Flooding corrupts serial buses (i.e ALC communication)!
 
-Bob
 
You are welcome Bob.
 
Here also opened up port 22 for ssh access to the OpenWRT router.  Note that wireless is not enabled on the router.
 


BusyBox v1.30.1 () built-in shell (ash)


  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 19.07.5, r11257-5090152ae3
 -----------------------------------------------------
root@ICS-HAI:~# 

 

Expanded the OS to 32Gb more than what was on the router.
 

 

CS-HAI:~# df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                 2.5M      2.5M         0 100% /rom
tmpfs                    29.3M      1.1M     28.2M   4% /tmp
/dev/sda1                28.1G     69.5M     26.6G   0% /overlay
overlayfs:/overlay       28.1G     69.5M     26.6G   0% /
tmpfs                   512.0K         0    512.0K   0% /dev
/dev/mtdblock6            3.9M      1.8M      2.0M  47% /rwm

Installed Python3 on it:


ICS-HAI:~# python3 
Python 3.7.9 (default, Jan 01 2021, 13:31:49) 
[GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> 

 

and Paho-MQTT which runs a script talking indirectly to one zone on the panel.  This integrated the Hikvision Doorbell PIR to the OmniPro panel via Onvif==> MQTT ==> one doorbell PIR zone on the panel.
 
It would be nice if OmniLinkBridge worked without using Mono.  I would install it on the router.
 
Ideally though a small web interface with basic status of the panel would be nice.
 
I found this old thread from a search I was doing after having an issue with my HAI Omni Pro II ethernet port not responding to PING consistently.  At first my apps (either on Android or Windows) were failing to connect regularly to my Omni board.  I thought the 10Mbps network port on my Omni board might have failed, but when I looked at the board itself the LED light was still lit consistently.  I figured the port itself might be getting overwhelmed with packets as I had it directly connected to a Gigbit Ethernet Router.
 
So the simple solution as compared to everything done in this thread was that I just used an old 4-port 100Mbps Router, gave it a static IP address on my existing LAN, plugged it into my Gigabit Router and the Omni Pro II board into the old router, using just 2 of the 4 available ports.  This immediately allowed me to consistently PING my HAI Omni Pro II again, and all the apps I use to connect to the HAI board worked again.  I expect I'll need to keep an old router specifically for use with the Omni Pro II board until it either completely dies or is retired.  Hope this helps someone in the future if they are in the same position I was in.
 
I tried using old hubs / managed switches many many years ago and none worked well with > 100 network devices on my home network.
 
Best solution for me was a new microrouter with OpenWRT on it which is powered by the panel (with WLAN OFF on the microrouter) for many years now.
 
michae1a1ee
 
I still wrestle with packet loss, I updated OpenWRT but no change. It takes a while for apps to connect, but I haven't had much time to find out why. I plan to make a cross-over cable and plug in my laptop directly and run some diagnostics.
 
The issue is I'm short on time, and none of the Port Forward settings have made a diffidence.
 
I do recall @pete_c trying hubs in the past, and I tried a managed switch port which still caused IP flooding.
 
Thank you for sharing your information however!  Since I use IPTV the problems went from monthly to daily, so I had to do something (my original thought was hardware failure, but @pete_c  pointed me in the right direction where the problem was.
 
I will eventually do some testing to test Ethernet interface on Omni II, and try different router, but I'm have been behind on several design projects for clients so it has to wait.
 
Back
Top