I bought an Asus RT-AX59U for 130€ and installed OpenWRT 25.03.3 following the instructions here which worked perfectly. My ISP, KPN, delivers internet over glass fibre (glasvezel) on VLAN6 over PPPoe and television (IPTV) on VLAN4 and while there are lots of guides on how to set internet up and a few on how to set IPTV up, many of them are out of date relating to the way KPN used to provide TV or to older versions of OpenWRT, in particular the OpenWRT documentation for KPN TV is a mish mash of several inputs that I could not get to work--although conceptually it really should. The most useful one I found was this but I still could not get IPTV to work or at least it would come up and hangs after a few seconds then the internet would become unusably slow. This appears to be related to the TV signal flooding the network and so careful separation of internet and tv is needed. After days of searching I found this thread on the KPN user forum which completely solved my problem.
IMPORTANT: the set top box for IPTV needs to be plugged directly into the router or alternatively if a switch is used it should be a managed switch that supports igmp snooping.
First connection has to be done via cable from a LAN port (DHCP is active) and then connecting with a browser to 192.168.1.1, there's no need yet to connect the router to the internet. Login is root with no password, first step from the GUI setup is to setup a root password (just do it) via System > Administration > Router Password. Press 'Save' once done then go to the next tab, SSH Access, make sure the interface box says lan and that root is allowed to login with password, Save and Apply.
Open a terminal and ssh into the router and go to the /etc/config directory.
ssh root@192.168.1.1
root@OpenWrt:~# cd /etc/configMake a backup of all the default config files, this is for when something goes wrong and we need to restart from the beginning.
root@OpenWrt:/etc/config# tar -czvf backup_originals.tar.gz *I'm doing everything from the command line as it's less dependent on UI changes and easier to copy and paste into the config file, the only editor installed by default is vi which isn't great but will do until we get internet and can install nano.
root@OpenWrt:/etc/config# vi wirelessIt will look something like this, these are the hardware descriptions of the 2.4GHz (radio0) and 5GHz (radio1) radios.
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option channel 'auto'
option band '2g'
option htmode 'HE20'
option cell_density '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option channel 'auto'
option band '5g'
option htmode 'HE80'
option cell_density '0'With the cursor keys go to the bottom of the file and hit the i key which switches to edit mode. Either type the following lines or copy/paste the blocks with right mouse clicks if ctrl-C and ctrl-V don't work here, these setup a single wireless network on 2.4GHz (radio0) and 5GHz (radio1) frequencies. Choose your own SSID and password, they do not have to be the same but it makes sense if they are, your devices will manage which one to use.
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'SSID'
option encryption 'sae'
option key 'password'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'SSID'
option encryption 'sae'
option key 'password'
Hit esc then : and type wq which saves the file and exits.
/root@OpenWrt:/etc/config# sbin/wifi reloadAssuming this runs without errors you will now be able to see a Wifi access point with your chosen SSID but you will not be able to connect to it as it is not handing out IP addresses yet.
root@OpenWrt:/etc/config# vi dhcpWill look something like this
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'To which we're going to add in vi
config dhcp 'lan'
option interface 'lan'
option start '20'
option limit '200'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'Then restart the DHCP server as follows
/root@OpenWrt:/etc/config# /etc/init.d/dnsmasq reloadroot@OpenWrt:/etc/config# vi networkshould look like this
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd24:c714:8b8a::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config device
option name 'lan1'
option macaddr 'xx:xx:xx:xx:xx:xx'
config device
option name 'lan2'
option macaddr 'xx:xx:xx:xx:xx:xx'
config device
option name 'lan3'
option macaddr 'xx:xx:xx:xx:xx:xx'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1' # you can set a different LAN subnet here
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'wan'
option macaddr 'xx:xx:xx:xx:xx:xx'
config interface 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6' Use vi again to add or adjust as below:
pppoe connection to the ISP using VLAN6iptv interface section using VLAN4lan device to add igmp_snoopinglan interface ip addressiptv # Create 2 VLANs with IDs 4 and 6
config device
option name 'wan.6' # this creates a VLAN with ID 6 on the WAN interface
option type '8021q'
option ifname 'wan'
option vid '6'
config device
option type '8021q'
option ifname 'wan'
option vid '4'
option name 'wan.4' # this creates a VLAN with ID 4 on the WAN interface
config interface 'wan'
option device 'wan.6' # use the VLAN6 that we created above
option proto 'pppoe'
option username 'internet' # this can be anything but not blank
option password 'internet' # this can be anything but not blank
option ipv6 '0' # disable ipv6, not strictly necessary
config interface 'iptv'
option type 'bridge'
option proto 'dhcp'
option device 'wan.4'
option vendorid 'IPTV_RG'
option defaultroute '0'
option peerdns '0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
option ipv6 '0'
option bridge_empty '1'
option igmp_snooping '1'
option stp '1'
config route
option interface 'iptv'
option target '213.75.112.0/21'
option gateway '10.164.0.1' # this will change, we'll fix it laterHit esc then : and type wq to finish.
/etc/init.d.network restartConnect the wan port directly to the fibre modem if it was not already connected and wait a few seconds. In the GUI either via System > Overview or Network > Interfaces the wan interface should have an IP address and be showing non-zero Tx and RX values. If so then internet is available via the wired LAN or WLAN and we can install a couple of things from the terminal. This can be done from any directory, I'm assuming you're still in the config directory.
root@OpenWrt:/etc/config# opkg update <-- will update the package lists
root@OpenWrt:/etc/config# opkg install igmpproxy <--needed for IPTV
root@OpenWrt:/etc/config# opkg install nano <-- an easier editorroot@OpenWrt:/etc/config# nano firewallWill show a number of default rules that are in place, leave these untouched and add the following rules to:
iptvlan iptv to reach the internetigmpproxy the access it needs to function correctly.config zone
option name 'iptv'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option masq '1'
list network 'iptv'
config rule
option target 'ACCEPT'
option name 'Allow-IPTV-To-Lan'
option src 'lan'
option dest 'iptv'
config forwarding
option dest 'wan'
option src 'iptv'
config rule
option name 'Allow-IGMP-Proxy'
option proto 'udp'
option family 'ipv4'
option target 'ACCEPT'
option dest 'lan'
option src 'iptv'
list dest_ip '224.0.0.0/4'ctrl-O, enter saves and ctrl-X exits.
root@OpenWrt:/etc/config# /etc/init.d/firewall restartShould give no errors and let you know that the syntax is correct. Then open the igmpproxy config file
root@OpenWrt:/etc/config# nano igmpproxyWhich will show a default config, replace everything with the below.
config igmpproxy
option quickleave 1
config phyint
option network iptv
option zone wan
option direction upstream
list altnet 0.0.0.0/0
config phyint
option network lan
option zone lan
option direction downstream/etc/init.d/igmpproxy restartSome guides show multiple lines starting list altnet but the above works for me.
Type route which should produce a table like this with differences dependent on your setup choices.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 195-190-228-38. 0.0.0.0 UG 0 0 0 pppoe-wan
10.84.132.0 * 255.255.252.0 U 0 0 0 wan.4
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
195.190.228.38 * 255.255.255.255 UH 0 0 0 pppoe-wan
213.75.112.0 10.84.132.1 255.255.248.0 UG 0 0 0 wan.4
The IP address of the Gateway entry on the last line has to be copied to the following section in /etc/config/network, this seems to change each time the set top box is restarted although always in the 10.x.x.x subrange.
config route
option interface 'iptv'
option target '213.75.112.0/21'
option gateway '10.84.132.1'Then
root@OpenWrt:/etc/config# rebootAnd it should all be working once the set top box is restarted.