Difference between revisions of "Openwrt"

From Steak Wiki
Jump to navigationJump to search
Line 66: Line 66:
 
  /etc/config/firewall
 
  /etc/config/firewall
  
If you add a new WAN interface, (e.g. wanb or wan2) you must add wanb to the existing wan firewall zone for outgoing comms. How this is handled differs from 17 to 19.**
+
If you add a new WAN interface, (e.g. wanb or wan2) you must add wanb to the existing wan firewall zone for outgoing comms. How this is handled differs from 17 to 19.*2
  
 
Balanced policies can have issues with connections jumping from one wan to another.
 
Balanced policies can have issues with connections jumping from one wan to another.
  
 
<small>* the current mwan3 page is a lengthy multi-page behemoth (which has grown over time) that expects no less of you than to understand all functional and architectural details of how the failover works.  It's a lot for someone that just wants to setup backup internet. But mwan3 can and does work.
 
<small>* the current mwan3 page is a lengthy multi-page behemoth (which has grown over time) that expects no less of you than to understand all functional and architectural details of how the failover works.  It's a lot for someone that just wants to setup backup internet. But mwan3 can and does work.
** ctrl-f for firewall comes up with half a dozen mentions of firewall masking (something done automatically) and one easily missable note, for GUI setup only, about adding the new wan2 to the firewall zone. An absolutely required step.</small>
+
*2 ctrl-f for firewall comes up with half a dozen mentions of firewall masking (something done automatically) and one easily missable note, for GUI setup only, about adding the new wan2 to the firewall zone. An absolutely required step.</small>
  
 
TODO
 
TODO

Revision as of 06:22, 28 October 2020

Recommended Router

This is a rack mount router. Flashing is easy and well supported. It does not include wireless. In my experience (with tplink routers) wifi can have issues, so I recommend using a dedicated wireless AP. A more modular setup.

Enterprise companies (i.e. if you have $$$) can look at https://www.opencompute.org/products

Recommended wireless AP

Open mesh is good. But they were bought out. Unifi is another option. Only buy wifi APs that support openwrt.

Tips

port forwarding

Port forwarding is two steps:

  1. redirect port from outside to internal (NAT)
  2. allow access from outside to inside via this port (firewall)

Contents of /etc/config/firewall

config redirect option name 'PassthroughformyServer' option src 'wan' option proto 'tcp' option src_dport '80' option dest_ip '192.168.1.100' option dest_port '80' option target 'DNAT' option dest 'lan' config rule option src 'wan' option proto 'tcp' option dest_port '80' option target 'ACCEPT'

Note: Proto can be 'tcp' OR 'tcpudp' OR 'udp'

reserved ip / static lease

Contents of /etc/config/dhcp

config host option ip 192.168.1.122 option mac c2:44:32:18:cd:ab option name reservedipcomputer

ref: https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#static_leases

I tried to add this to the wiki, but someone (https://openwrt.org/docs/guide-user/base-system/dhcp_configuration?rev=1596434574) decided to replace my simple solution with an obfuscated one that requires uci commands. So instead, it will remain here. EDIT: I added it back. See how long that lasts...

openvpn

opkg install openvpn-openssl

Contents of /etc/config/openvpn

config openvpn 'custom_config' option config '/etc/openvpn/myconfigfile.ovpn'

And your .ovpn in /etc/openvpn/.

aliases

Put in /etc/profile. e.g.

export TERM=xterm
alias vpnme= 'openvpn --config /etc/openvpn/myconfigfile.ovpn & ./script.sh &'

mwan3

Mwan3 can be tricky. The wiki lacks a quick start*. The following files get edited:

/etc/config/network
/etc/config/mwan3
/etc/config/firewall

If you add a new WAN interface, (e.g. wanb or wan2) you must add wanb to the existing wan firewall zone for outgoing comms. How this is handled differs from 17 to 19.*2

Balanced policies can have issues with connections jumping from one wan to another.

* the current mwan3 page is a lengthy multi-page behemoth (which has grown over time) that expects no less of you than to understand all functional and architectural details of how the failover works. It's a lot for someone that just wants to setup backup internet. But mwan3 can and does work.

  • 2 ctrl-f for firewall comes up with half a dozen mentions of firewall masking (something done automatically) and one easily missable note, for GUI setup only, about adding the new wan2 to the firewall zone. An absolutely required step.

TODO

misc

start wifi

wifi up  

display (RAM based) logs (note that this is not in /var/log/messages...)

logread



various links i found interesting

  • https://openwrt.org/docs/techref/start - Technical Reference. Has some informative dives into various aspects of low power routers. As an example see this link on flash: https://openwrt.org/docs/techref/flash IME, flash is built in obsolescence. usb drives, sd cards, and onboard flash tend to last much less than advertised. not recommended. SD and SSDs are a trap. from this: even 'reading' flash can cause bad blocks. that's right, even reading. therefore flash is guaranteed to fail. tech companies love it.