FAQ:OpenWRT: Difference between revisions

From Leurent
Jump to navigation Jump to search
(→‎Install ddns-scripts_nsupdate: Install also luci-app-ddns)
(ddns-scripts_nsupdate name changes to ddns-scripts-nsupdate)
 
(10 intermediate revisions by the same user not shown)
Line 4: Line 4:
<source lang="bash">
<source lang="bash">
opkg update
opkg update
opkg install diffutils lsof usbutils
opkg install diffutils lsof usbutils htop screen


# Install SNMP
opkg install snmpd
opkg install snmpd luci-app-snmpd
opkg install mount-utils block-mount kmod-usb-storage kmod-fs-ext4 kmod-fs-vfat kmod-fs-exfat kmod-fs-ntfs kmod-fs-hfs kmod-fs-hfsplus kmod-nls-cp437 kmod-nls-iso8859-1

opkg install luci-app-samba
# Be able to mound USB drivers
opkg install luci-app-ddns ddns-scripts_no-ip_com
opkg install mount-utils block-mount kmod-usb-storage kmod-fs-ext4 kmod-fs-vfat kmod-fs-exfat kmod-fs-ntfs kmod-usb-storage-uas kmod-fs-hfs kmod-fs-hfsplus

# Install samba4
opkg install luci-app-samba4 samba4-server samba4-utils


opkg install dnsmasq-full
opkg install dnsmasq-full
# Go in http://10.146.199.1/cgi-bin/luci/admin/network/dhcp Advanced Settings and enable both DNSSEC option
# Go in http://10.146.199.1/cgi-bin/luci/admin/network/dhcp Advanced Settings and enable both DNSSEC option

</source>

== List overlay installed packages ==

* '''Information''': Tip is extracted from https://openwrt.org/docs/guide-user/installation/generic.sysupgrade
<source lang="bash">
root@OpenWrt:~# find /usr/lib/opkg/info -name "*.control" \( \
\( -exec test -f /rom/{} \; -exec echo {} rom \; \) -o \
\( -exec test -f /overlay/upper/{} \; -exec echo {} overlay \; \) -o \
\( -exec echo {} unknown \; \) \
\) | sed -e 's,.*/,,;s/\.control /\t/' | grep overlay | awk '{print $1}' | tr "\n" " " | xargs echo opkg install

opkg install librt libcap libncurses6 libuv1 libpopt0 kmod-nls-utf8 libopenssl1.1 libsmartcols1 libusb-1.0-0 bind-client samba4-server libavahi-dbus-support ddns-scripts libpcap1 libattr luci-app-ddns terminfo diffutils libexpat ddns-scripts-nsupdate libtirpc attr libdbus hostapd-utils block-mount kmod-fs-hfs libavahi-client libgnutls zlib dbus lsof samba4-utils kmod-usb-storage kmod-fs-exfat libnettle7 vim kmod-fs-hfsplus libuuid1 kmod-fs-vfat libpci mount-utils avahi-dbus-daemon libtasn1 kmod-fs-ntfs snmpd kmod-scsi-core kmod-usb-storage-uas tcpdump usbutils libpam luci-compat libdaemon htop libgmp10 kmod-nls-cp437 luci-lib-ipkg libreadline8 kmod-fs-ext4 libmount1 kmod-nls-iso8859-1 libblkid1 wpad kmod-crypto-crc32c libatomic1 samba4-libs libnetsnmp luci-app-samba4 luci-app-snmpd bind-libs screen



</source>
</source>
Line 18: Line 37:
= DDNS =
= DDNS =


== Install ddns-scripts_nsupdate ==
== Install ddns-scripts-nsupdate ==


* On the server that will generate Klede.+157+55429.key and Klede.+157+55429.private files
* On the server that will generate Kopenwrt.+157+55429.key and Kopenwrt.+157+55429.private files
<source lang="bash">
<source lang="bash">
dnssec-keygen -a HMAC-md5 -b 512 -n USER lede
dnssec-keygen -a HMAC-md5 -b 512 -n USER openwrt
</source>
</source>


* In the /etc/bind9/named.conf.local, update section like this one
* In the /etc/bind9/named.conf.local, update section like this one
<source lang="text">
<source lang="text">
key lede {
key openwrt {
algorithm HMAC-MD5;
algorithm HMAC-MD5;
secret "ADDTHEKEYFROM_LEDE_PRIVATE_FILE";
secret "ADDTHEKEYFROM_openwrt_PRIVATE_FILE";
};
};


Line 36: Line 55:
notify yes;
notify yes;
file "/etc/bind/leurent/leurent.eu.db";
file "/etc/bind/leurent/leurent.eu.db";
update-policy { grant lede name lede.leurent.eu A; };
update-policy { grant openwrt name openwrt.leurent.eu A; };
...
...
};
};
Line 42: Line 61:




* On LEDE box, you can install ddns-scripts_nsupdate + LUCI Interface and have a look at /usr/lib/ddns/update_nsupdate.sh to see how it works
* On openwrt box, you can install ddns-scripts-nsupdate + LUCI Interface and have a look at /usr/lib/ddns/update_nsupdate.sh to see how it works
<source lang="bash">
<source lang="bash">
opkg install ddns-scripts_nsupdate luci-app-ddns
opkg install ddns-scripts-nsupdate luci-app-ddns
</source>
</source>
# Now you can go in the DDNS section
# Now you can go in LUCI '''Services''' / '''Dynamic DNS''' section
# Use the bind-nsupdate client
# Use the bind-nsupdate client
## In Basic Settings
## For the login use the name of the key you created on the server "lede" here
### Set '''Lookup Hostname''' = openwrt.leurent.eu
## For the password, use the key
### Set '''DDNS Service provider [IPv4]''' = bind-nsupdate
### Set '''Domain''' = openwrt.leurent.eu
### Set '''Username''' = openwrt
### Set '''Password''' = For the password copy the "secret" of the HMAC-MD5 key
## In Advanced Settings
### Set '''DNS-Server''' = ns1.leurent.eu


= System Commands =
= System Commands =
== Upgrade all packages ==
== Upgrade all packages ==
{{Warning|Start the command in a screen because if you upgrade netifd for exemple, you will loose connection and kill the upgrade in the middle of the process}}

<source lang="bash">
<source lang="bash">
screen
opkg update
opkg update
opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade
opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade
Line 98: Line 126:
</source>
</source>


* Restart Firewall and Network
* Restart Router
<source lang="bash">
reboot
</source>

* Go in LUCI Interfaces / '''Network''' / '''Interfaces''' - WWAN / '''Advanced Configuration''' / Set '''Use gateway metric''' = 10. So you can see afterwards that the route via WWAN interface is used as backup if the default route goes down
<source lang="bash">
<source lang="bash">
root@OpenWrt:~# ip route
/etc/init.d/firewall reload
default via 212.147.11.76 dev pppoe-wan
/etc/init.d/network restart
default via 192.168.8.1 dev eth2 src 192.168.8.100 metric 10
10.146.199.0/24 dev br-lan scope link src 10.146.199.1
192.168.8.0/24 dev eth2 scope link metric 10
212.147.11.76 dev pppoe-wan scope link src 83.228.247.238
</source>
</source>

Latest revision as of 20:07, 12 July 2021

Perso

Install basic packages

opkg update
opkg install diffutils lsof usbutils htop screen

# Install SNMP
opkg install snmpd luci-app-snmpd

# Be able to mound USB drivers
opkg install mount-utils block-mount kmod-usb-storage kmod-fs-ext4 kmod-fs-vfat kmod-fs-exfat kmod-fs-ntfs kmod-usb-storage-uas kmod-fs-hfs kmod-fs-hfsplus 

# Install samba4
opkg install luci-app-samba4 samba4-server samba4-utils

opkg install dnsmasq-full
# Go in http://10.146.199.1/cgi-bin/luci/admin/network/dhcp Advanced Settings and enable both DNSSEC option

List overlay installed packages

root@OpenWrt:~# find /usr/lib/opkg/info -name "*.control" \( \
         \( -exec test -f /rom/{} \; -exec echo {} rom \; \) -o \
         \( -exec test -f /overlay/upper/{} \; -exec echo {} overlay \; \) -o \
         \( -exec echo {} unknown \; \) \
         \) | sed -e 's,.*/,,;s/\.control /\t/' | grep overlay | awk '{print $1}' | tr "\n" " " | xargs echo opkg install 

opkg install librt libcap libncurses6 libuv1 libpopt0 kmod-nls-utf8 libopenssl1.1 libsmartcols1 libusb-1.0-0 bind-client samba4-server libavahi-dbus-support ddns-scripts libpcap1 libattr luci-app-ddns terminfo diffutils libexpat ddns-scripts-nsupdate libtirpc attr libdbus hostapd-utils block-mount kmod-fs-hfs libavahi-client libgnutls zlib dbus lsof samba4-utils kmod-usb-storage kmod-fs-exfat libnettle7 vim kmod-fs-hfsplus libuuid1 kmod-fs-vfat libpci mount-utils avahi-dbus-daemon libtasn1 kmod-fs-ntfs snmpd kmod-scsi-core kmod-usb-storage-uas tcpdump usbutils libpam luci-compat libdaemon htop libgmp10 kmod-nls-cp437 luci-lib-ipkg libreadline8 kmod-fs-ext4 libmount1 kmod-nls-iso8859-1 libblkid1 wpad kmod-crypto-crc32c libatomic1 samba4-libs libnetsnmp luci-app-samba4 luci-app-snmpd bind-libs screen

DDNS

Install ddns-scripts-nsupdate

  • On the server that will generate Kopenwrt.+157+55429.key and Kopenwrt.+157+55429.private files
dnssec-keygen -a HMAC-md5 -b 512 -n USER openwrt
  • In the /etc/bind9/named.conf.local, update section like this one
key openwrt {
        algorithm HMAC-MD5;
        secret "ADDTHEKEYFROM_openwrt_PRIVATE_FILE";
};

zone "leurent.eu" {
        type master;
        notify yes;
        file "/etc/bind/leurent/leurent.eu.db";
        update-policy { grant openwrt name openwrt.leurent.eu A; };
        ...
};


  • On openwrt box, you can install ddns-scripts-nsupdate + LUCI Interface and have a look at /usr/lib/ddns/update_nsupdate.sh to see how it works
opkg install ddns-scripts-nsupdate luci-app-ddns
  1. Now you can go in LUCI Services / Dynamic DNS section
  2. Use the bind-nsupdate client
    1.  In Basic Settings
      1. Set Lookup Hostname = openwrt.leurent.eu
      2. Set DDNS Service provider [IPv4] = bind-nsupdate
      3. Set Domain = openwrt.leurent.eu
      4.  Set Username = openwrt
      5. Set Password = For the password copy the "secret" of the HMAC-MD5 key
    2. In Advanced Settings
      1.  Set DNS-Server = ns1.leurent.eu

System Commands

Upgrade all packages

screen
opkg update
opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade

cf https://lede-project.org/docs/user-guide/opkg


Use a Huawei USB LTE HiLink Modem as 4G Backup on my OpenWRT Router


  • Install usb-modeswitch and kmod-usb-net-rndis to switch the LTE stick from USB storage to USB LTE Modem
opkg update
opkg install kmod-usb-net-rndis usb-modeswitch
  • Verify the mode did switch, otherwise insert back the key or reboot
root@LEDE:~# lsusb | grep LTE
Bus 002 Device 003: ID 12d1:14dc Huawei Technologies Co., Ltd. E33372 LTE/UMTS/GSM HiLink Modem/Networkcard
  • Verify that you have a new network interface (eth2 in my case)
root@LEDE:~# dmesg | grep cdc_ether
[   16.075790] usbcore: registered new interface driver cdc_ether
[   19.232911] cdc_ether 2-1:1.0 eth2: register 'cdc_ether' at usb-f10f8000.usb3-1, CDC Ethernet Device, 0c:5b:8f:xx:xx:xx
  • Setup a new wwan interface with eth2 + DHCP mode
uci set network.wwan=interface
uci set network.wwan.ifname='eth2'
uci set network.wwan.proto='dhcp'
uci commit
  • Enable firewall on wwan
uci add_list firewall.@zone[1].network='wwan'
uci commit
  • Restart Router
reboot
  • Go in LUCI Interfaces / Network / Interfaces - WWAN / Advanced Configuration / Set Use gateway metric = 10. So you can see afterwards that the route via WWAN interface is used as backup if the default route goes down
root@OpenWrt:~# ip route
default via 212.147.11.76 dev pppoe-wan 
default via 192.168.8.1 dev eth2  src 192.168.8.100  metric 10 
10.146.199.0/24 dev br-lan scope link  src 10.146.199.1 
192.168.8.0/24 dev eth2 scope link  metric 10 
212.147.11.76 dev pppoe-wan scope link  src 83.228.247.238