LAN only internet?

Hi guys, got my Turris today, and before completely pulling my existing router, I’d like to fiddle with it a bit. However, while I’ve assigned it an address on my network, and can reach it, the T.O. doesn’t pass any connectivity tests. I’ve disabled DHCP, what else do I need to do?



Did you forget to set DNS servers and the gateway ip?

I must have, but I can only set up the gateway ip, I don’t see the normal option to use custom DNS under LuCI interfaces.

Got DNS working by disabling DNSSEC, but that’s no good.

Now, any attempts to update yield a “Signature check failed.”, so nothing gets downloaded. Anyone have an idea what’s going on?!?!

First put the lan-interface that you have connected the Omnia to your existing router, with the wan.

Network–>interfaces–>WAN—>Physical settings

check - Bridge interfaces
check - eth1
check - <the ethernet where the cable is connected to.

if this is done, your lan-interface will also be used as “WAN”.

Then you need to go to the interface where your ethernet-cable is connected to and change some of the settings, if the DHCP-server of your existing router did not give. For example…ip-address, subnetmask, gateway…DNS. You can put a static ip-address if you want. The DNS can be configured in

Network–>DHCP & DNS -->DNS forwardings ( then click add…

This will fix you up with a internet connection :).

Thank you for your reply–that didn’t actually work for me, but I got ipv4 connectivity and DNS by disabling DHCP, manually entering in my existing router’s gateway, and turning off firewall in startup settings. However, I’m still failing the certificate check when I try to update–it keeps telling me Signature check failed, and that for my SSL certificate my CRL is “not yet valid.” Somewhat mystified.


I had my ethernet plugged into Lan4, switching it to Lan0 encountered none of the above troubles. Weird!

Certificate checks hint your time may be wrong.[quote=“thoggy, post:3, topic:1726”]
Got DNS working by disabling DNSSEC, but that’s no good.
Seems like your existing router or even your ISP’s DNS resolver does not like big packets or even filter DNSSEC.

I have a similar setup/problem. In my setup, I use two internet connections and two subnets.
The existing local subnet ( has a router (here after router 1) connected to the internet through satellite modem. No DHCP is set and all the clients have static local IPV4 addresses.
Now I installed omnia in the same physical place using a second local subnet ( I do not want it in the same subnet. When satellite internet is available, omnia will be using this gate but if it is not available omnia will be using LTE modem connection as failover.
So far, I have connected omnia (wan interface) to router 1 with a static local IPV4 address ( and used mwan3 to check internet connection and failover to LTE if needed. I have included wan interface in the lan zone of the firewall (all incoming ports of the satellite connection are closed so no problem at least with incoming traffic). I have also specified a static route on the wan interface (i.e.,, so subnets may communicate if needed.
Nevertheless, I had DNS problems so I also disable DNSECC.
For a complete description, I have also 2 containers running on omnia with static ip addresses in the same local subnet (
Yesterday, I have read here that there are problems with omnia after reboot when it is connected to switches (router 1 in my case). I have tested such a scenario yesterday and my first results indeed indicate that there is probably a problem. In this setup Wan interface reports an error and does not come up if, after a reboot, internet connection is lost on wan and then comes back. Mwan3 detects the error and stays connected to the LTE connection rather than falling back to the wan connection.
In order to be sure, can someone more experienced tell me if the above setup is correct or if I need changes to the whole setup?

subbnets and have both mask ?

Yes mask
Do I need to change it to

as you wish… but I asked to be sure if you are not conflicting network ranges … are you sure you have it specified? because if not than for 10.x.x.x could be mask chosen automatically (I’m not sure how config in openwrt/linux works) … I’m just writing it from network subneting “view”

Yes, i am sure that it is specified.

Yes, thank you. I can confirm, for anyone else who has this issue, that setting the correct time and timezone solved the certificate problem. Thanks!