Managing OpenWRT » History » Version 12
Nico Schottelius, 11/17/2020 06:07 PM
1 | 4 | Nico Schottelius | {{toc}} |
---|---|---|---|
2 | |||
3 | 1 | Nico Schottelius | h1. Managing OpenWRT |
4 | |||
5 | h2. Installing and configuring Jool |
||
6 | |||
7 | 5 | Nico Schottelius | * You can use one of the known NAT64 prefixes from our networks (LINK!) |
8 | ** In the example below this is 2a0a:e5c0:2:10::/96 |
||
9 | * You need to have a /96 (or better: /64) routed to the openwrt |
||
10 | ** In the example below this is 2a0a:e5c0:17:1::/96 |
||
11 | |||
12 | |||
13 | 1 | Nico Schottelius | <pre> |
14 | opkg install kmod-jool |
||
15 | opkg install jool-tools |
||
16 | 2 | ll nu | |
17 | # Load the kernel module |
||
18 | modprobe jool_siit |
||
19 | |||
20 | # The range which will be the target for the 2nd NAT (if needed to reach a v4 ip) |
||
21 | jool_siit -6 2a0a:e5c0:2:10::/96 |
||
22 | |||
23 | # Pick a v6 range to translate TO and a v4 range to translate from |
||
24 | jool_siit -e -a 2a0a:e5c0:17:1::/96 192.168.61.0/24 |
||
25 | |||
26 | # Accept Router Advertisements to keep the default address |
||
27 | sysctl -w net.ipv6.conf.all.accept_ra=2 |
||
28 | sysctl -w net.ipv6.conf.default.accept_ra=2 |
||
29 | sysctl -w net.ipv6.conf.eth0.accept_ra=2 |
||
30 | 6 | Nico Schottelius | sysctl -w net.ipv6.conf.br-lan.accept_ra=2 |
31 | 1 | Nico Schottelius | |
32 | 3 | Nico Schottelius | </pre> |
33 | |||
34 | h2. Enabling routing with router advertisements |
||
35 | |||
36 | * By default ipv6 forwarding is on (good!) |
||
37 | * By default accept_ra is 0 |
||
38 | ** This does not set the route properly into the kernel -> routing is broken |
||
39 | * Need to modify accept_ra to 2 |
||
40 | 7 | ll nu | |
41 | h2. Enabling SSH access on wan |
||
42 | |||
43 | Enable it in the web interface |
||
44 | 8 | ll nu | <pre> $URL/cgi-bin/luci/admin/system/admin/dropbear </pre> |
45 | 7 | ll nu | |
46 | OR |
||
47 | |||
48 | Dropbear uci var (not tested): |
||
49 | |||
50 | <pre> option GatewayPorts 'on' </pre> |
||
51 | 9 | Nico Schottelius | |
52 | h2. Resetting to factory default |
||
53 | |||
54 | * See https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset |
||
55 | |||
56 | <pre> |
||
57 | firstboot -y && reboot now |
||
58 | </pre> |
||
59 | 10 | Nico Schottelius | |
60 | h2. Installing and configuring an APU as a PIB with OpenWRT |
||
61 | |||
62 | * Get the x86 64 SQUASHFS image |
||
63 | ** https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/ |
||
64 | ** combined-squashfs.img.gz |
||
65 | * Gunzip it |
||
66 | * dd it it an usb stick |
||
67 | * Boot the usb stick on the APU |
||
68 | * When booted, wget it on the APU and write it over /dev/sda |
||
69 | |||
70 | <pre> |
||
71 | wget ... -O - | gunzip > /dev/sda |
||
72 | </pre> |
||
73 | |||
74 | * Configure it using pib-setup.sh from ungleich-tools |
||
75 | 1 | Nico Schottelius | * Create a network on the VPN server |
76 | 11 | Nico Schottelius | |
77 | |||
78 | h3. Installing openwrt (squashfs) on APU details |
||
79 | |||
80 | <pre> |
||
81 | opkg update |
||
82 | </pre> |
||
83 | |||
84 | * Install SSL certifaicates |
||
85 | |||
86 | <pre> |
||
87 | opkg install libustream-openssl ca-bundle ca-certificates |
||
88 | </pre> |
||
89 | |||
90 | * check the time and date if it is not correct, modify the time and date as follows |
||
91 | <pre> |
||
92 | date -s YEARMONTHDATETIME |
||
93 | </pre> |
||
94 | |||
95 | * Flashing the squashfs openwrt image into the APUs SSD (adjust to the correct version) |
||
96 | |||
97 | <pre> |
||
98 | wget -O - http://downloads.openwrt.org/releases/19.07.3/targets/ |
||
99 | x86/64/openwrt-19.07.3-x86-64-combined-squashfs.img.gz | gunzip > /dev/sda |
||
100 | </pre> |
||
101 | |||
102 | h3. Defaults after Openwrt installation |
||
103 | |||
104 | * eth0 = WAN |
||
105 | * eth1&2 = LAN |
||
106 | 12 | Nico Schottelius | |
107 | h2. Setting up the GL-INET GL-MT300N-V2 |
||
108 | |||
109 | * Go to advanced and flash the standard image |
||
110 | * Link: https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2 |