FAQ:OpenWRT: Difference between revisions

From Leurent
Jump to navigation Jump to search
(Add the way to use the LTE stick for connectivity backup)
(2 intermediate revisions by the same user not shown)
Line 20: Line 20:
== Install ddns-scripts_nsupdate ==
== Install ddns-scripts_nsupdate ==


* On the server that will generate Klede.+157+55429.key and Klede.+157+55429.private files
* On the server that will generate Kopenwrt.+157+55429.key and Kopenwrt.+157+55429.private files
<source lang="bash">
<source lang="bash">
dnssec-keygen -a HMAC-md5 -b 512 -n USER lede
dnssec-keygen -a HMAC-md5 -b 512 -n USER openwrt
</source>
</source>


* In the /etc/bind9/named.conf.local, update section like this one
* In the /etc/bind9/named.conf.local, update section like this one
<source lang="text">
<source lang="text">
key lede {
key openwrt {
algorithm HMAC-MD5;
algorithm HMAC-MD5;
secret "ADDTHEKEYFROM_LEDE_PRIVATE_FILE";
secret "ADDTHEKEYFROM_openwrt_PRIVATE_FILE";
};
};


Line 36: Line 36:
notify yes;
notify yes;
file "/etc/bind/leurent/leurent.eu.db";
file "/etc/bind/leurent/leurent.eu.db";
update-policy { grant lede name lede.leurent.eu A; };
update-policy { grant openwrt name openwrt.leurent.eu A; };
...
...
};
};
Line 42: Line 42:




* On LEDE box, you can install ddns-scripts_nsupdate and have a look at /usr/lib/ddns/update_nsupdate.sh to see how it works
* On openwrt box, you can install ddns-scripts_nsupdate + LUCI Interface and have a look at /usr/lib/ddns/update_nsupdate.sh to see how it works
<source lang="bash">
<source lang="bash">
opkg install ddns-scripts_nsupdate
opkg install ddns-scripts_nsupdate luci-app-ddns
</source>
</source>
# Now you can go in the DDNS section
# Now you can go in LUCI '''Services''' / '''Dynamic DNS''' section
# Use the bind-nsupdate client
# Use the bind-nsupdate client
## In Basic Settings
## For the login use the name of the key you created on the server "lede" here
### Set '''Lookup Hostname''' = openwrt.leurent.eu
## For the password, use the key
### Set '''DDNS Service provider [IPv4]''' = bind-nsupdate

### Set '''Domain''' = openwrt.leurent.eu
### Set '''Username''' = openwrt
### Set '''Password''' = For the password copy the "secret" of the HMAC-MD5 key
## In Advanced Settings
### Set '''DNS-Server''' = ns1.leurent.eu


= System Commands =
= System Commands =
Line 99: Line 104:
</source>
</source>


* Restart Firewall and Network
* Restart Router
<source lang="bash">
reboot
</source>

* Go in LUCI Interfaces / '''Network''' / '''Interfaces''' - WWAN / '''Advanced Configuration''' / Set '''Use gateway metric''' = 10. So you can see afterwards that the route via WWAN interface is used as backup if the default route goes down
<source lang="bash">
<source lang="bash">
root@OpenWrt:~# ip route
/etc/init.d/firewall reload
default via 212.147.11.76 dev pppoe-wan
/etc/init.d/network restart
default via 192.168.8.1 dev eth2 src 192.168.8.100 metric 10
10.146.199.0/24 dev br-lan scope link src 10.146.199.1
192.168.8.0/24 dev eth2 scope link metric 10
212.147.11.76 dev pppoe-wan scope link src 83.228.247.238
</source>
</source>

Revision as of 10:27, 10 November 2018

Perso

Install basic packages

opkg update
opkg install diffutils lsof usbutils

opkg install snmpd
opkg install mount-utils block-mount kmod-usb-storage kmod-fs-ext4 kmod-fs-vfat kmod-fs-exfat kmod-fs-ntfs kmod-fs-hfs kmod-fs-hfsplus kmod-nls-cp437 kmod-nls-iso8859-1
opkg install luci-app-samba
opkg install luci-app-ddns ddns-scripts_no-ip_com

opkg install dnsmasq-full
# Go in http://10.146.199.1/cgi-bin/luci/admin/network/dhcp Advanced Settings and enable both DNSSEC option

DDNS

Install ddns-scripts_nsupdate

  • On the server that will generate Kopenwrt.+157+55429.key and Kopenwrt.+157+55429.private files
dnssec-keygen -a HMAC-md5 -b 512 -n USER openwrt
  • In the /etc/bind9/named.conf.local, update section like this one
key openwrt {
        algorithm HMAC-MD5;
        secret "ADDTHEKEYFROM_openwrt_PRIVATE_FILE";
};

zone "leurent.eu" {
        type master;
        notify yes;
        file "/etc/bind/leurent/leurent.eu.db";
        update-policy { grant openwrt name openwrt.leurent.eu A; };
        ...
};


  • On openwrt box, you can install ddns-scripts_nsupdate + LUCI Interface and have a look at /usr/lib/ddns/update_nsupdate.sh to see how it works
opkg install ddns-scripts_nsupdate luci-app-ddns
  1. Now you can go in LUCI Services / Dynamic DNS section
  2. Use the bind-nsupdate client
    1.  In Basic Settings
      1. Set Lookup Hostname = openwrt.leurent.eu
      2. Set DDNS Service provider [IPv4] = bind-nsupdate
      3. Set Domain = openwrt.leurent.eu
      4.  Set Username = openwrt
      5. Set Password = For the password copy the "secret" of the HMAC-MD5 key
    2. In Advanced Settings
      1.  Set DNS-Server = ns1.leurent.eu

System Commands

Upgrade all packages

opkg update
opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade

cf https://lede-project.org/docs/user-guide/opkg


Use a Huawei USB LTE HiLink Modem as 4G Backup on my OpenWRT Router

These commands came from https://lecrabeinfo.net/installer-firmware-openwrt-sur-routeur-wi-fi.html#un-modem-lte-4g


  • Install usb-modeswitch and kmod-usb-net-rndis to switch the LTE stick from USB storage to USB LTE Modem
opkg update
opkg install kmod-usb-net-rndis usb-modeswitch
  • Verify the mode did switch, otherwise insert back the key or reboot
root@LEDE:~# lsusb | grep LTE
Bus 002 Device 003: ID 12d1:14dc Huawei Technologies Co., Ltd. E33372 LTE/UMTS/GSM HiLink Modem/Networkcard
  • Verify that you have a new network interface (eth2 in my case)
root@LEDE:~# dmesg | grep cdc_ether
[   16.075790] usbcore: registered new interface driver cdc_ether
[   19.232911] cdc_ether 2-1:1.0 eth2: register 'cdc_ether' at usb-f10f8000.usb3-1, CDC Ethernet Device, 0c:5b:8f:xx:xx:xx
  • Setup a new wwan interface with eth2 + DHCP mode
uci set network.wwan=interface
uci set network.wwan.ifname='eth2'
uci set network.wwan.proto='dhcp'
uci commit
  • Enable firewall on wwan
uci add_list firewall.@zone[1].network='wwan'
uci commit
  • Restart Router
reboot
  • Go in LUCI Interfaces / Network / Interfaces - WWAN / Advanced Configuration / Set Use gateway metric = 10. So you can see afterwards that the route via WWAN interface is used as backup if the default route goes down
root@OpenWrt:~# ip route
default via 212.147.11.76 dev pppoe-wan 
default via 192.168.8.1 dev eth2  src 192.168.8.100  metric 10 
10.146.199.0/24 dev br-lan scope link  src 10.146.199.1 
192.168.8.0/24 dev eth2 scope link  metric 10 
212.147.11.76 dev pppoe-wan scope link  src 83.228.247.238
Retrieved from "https://www.leurent.eu/mediawiki/index.php?title=FAQ:OpenWRT&oldid=320"