Project

General

Profile

Managing OpenWRT » History » Version 15

Nico Schottelius, 11/30/2020 01:05 PM

1 4 Nico Schottelius
{{toc}}
2
3 1 Nico Schottelius
h1. Managing OpenWRT
4
5
h2. Installing and configuring Jool
6
7 5 Nico Schottelius
* You can use one of the known NAT64 prefixes from our networks (LINK!)
8
** In the example below this is 2a0a:e5c0:2:10::/96
9
* You need to have a /96 (or better: /64) routed to the openwrt
10
** In the example below this is 2a0a:e5c0:17:1::/96
11
12
13 1 Nico Schottelius
<pre>
14
opkg install kmod-jool
15
opkg install jool-tools
16 2 ll nu
17
# Load the kernel module
18
modprobe jool_siit
19
20
# The range which will be the target for the 2nd NAT (if needed to reach a v4 ip)
21
jool_siit -6 2a0a:e5c0:2:10::/96
22
23
# Pick a v6 range to translate TO and a v4 range to translate from
24
jool_siit -e -a 2a0a:e5c0:17:1::/96 192.168.61.0/24
25
26
# Accept Router Advertisements to keep the default address
27
sysctl -w net.ipv6.conf.all.accept_ra=2
28
sysctl -w net.ipv6.conf.default.accept_ra=2
29
sysctl -w net.ipv6.conf.eth0.accept_ra=2
30 6 Nico Schottelius
sysctl -w net.ipv6.conf.br-lan.accept_ra=2
31 1 Nico Schottelius
32 3 Nico Schottelius
</pre>
33
34
h2. Enabling routing with router advertisements
35
36
* By default ipv6 forwarding is on (good!)
37
* By default accept_ra is 0
38
** This does not set the route properly into the kernel -> routing is broken
39
* Need to modify accept_ra to 2
40 7 ll nu
41
h2. Enabling SSH access on wan 
42
43
Enable it in the web interface
44 8 ll nu
<pre> $URL/cgi-bin/luci/admin/system/admin/dropbear </pre>
45 7 ll nu
46
OR
47
48
Dropbear uci var (not tested):
49
50
<pre>	option GatewayPorts 'on' </pre>
51 9 Nico Schottelius
52
h2. Resetting to factory default
53
54
* See https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset
55
56
<pre>
57
firstboot -y && reboot now
58
</pre>
59 10 Nico Schottelius
60
h2. Installing and configuring an APU as a PIB with OpenWRT
61
62
* Get the x86 64 SQUASHFS image
63
** https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/
64
** combined-squashfs.img.gz
65
* Gunzip it
66
* dd it it an usb stick
67
* Boot the usb stick on the APU
68
* When booted, wget it on the APU and write it over /dev/sda
69
70
<pre>
71
wget ... -O - | gunzip > /dev/sda
72
</pre>
73
74
* Configure it using pib-setup.sh from ungleich-tools
75 1 Nico Schottelius
* Create a network on the VPN server
76 11 Nico Schottelius
77
78
h3. Installing openwrt (squashfs) on APU details
79
80
<pre>
81
opkg update
82
</pre> 
83
84
* Install SSL certifaicates
85
86
<pre>
87
opkg install libustream-openssl ca-bundle ca-certificates
88
</pre> 
89
90
* check the time and date if it is not correct, modify the time and date as follows 
91
<pre>
92
date -s YEARMONTHDATETIME 
93
</pre>
94
95
* Flashing the squashfs openwrt image into the APUs SSD (adjust to the correct version)
96
97
<pre>
98
wget -O - http://downloads.openwrt.org/releases/19.07.3/targets/
99
x86/64/openwrt-19.07.3-x86-64-combined-squashfs.img.gz | gunzip > /dev/sda 
100
</pre>
101
102
h3. Defaults after Openwrt installation 
103
104
* eth0 = WAN
105
* eth1&2 = LAN
106 12 Nico Schottelius
107
h2. Setting up the GL-INET GL-MT300N-V2
108
109
* Go to advanced and flash the standard image
110
* Link: https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2
111 13 Nico Schottelius
112
h2. Managing QMI based LTE devices
113
114
Debug commands:
115
116
<pre>
117
uqmi -d /dev/cdc-wdm0 --get-signal-info
118
uqmi -d /dev/cdc-wdm0 --get-data-status
119
uqmi -d /dev/cdc-wdm0 --get-current-settings
120
uqmi -d /dev/cdc-wdm0 --get-capabilities
121
122
uqmi -d /dev/cdc-wdm0 --get-imei
123
124
</pre>
125
126
* See also: https://openwrt.org/docs/guide-user/network/wan/wwan/ltedongle
127 14 Nico Schottelius
128
h2. Managing static IPv6 addresses
129
130
If using a statically routed IPv6 network, the default RA mechanism does not set an outgoing route by default. This is a bit different from "regular" Linux:
131
132
* openwrt uses user space odhcp6c
133
* for openwrt we need to setup a "static default route"
134
** do not forget to select the interface in the list
135
* Default Linux on the other hand needs to use accept_ra=2 if ipv6 forwarding is on
136
** This also works on openwrt, but it is conflicting/not the correct way to do
137
* **TL;DR If using openwrt with static IPv6 addresses, add a static IPv6 default route**
138 15 Nico Schottelius
139
Alternative (currently untested) approach:
140
141
<pre>
142
instead of hardcoding the subnet in lan, add it as "option ip6prefix" to your wan6/dhcpv6 interface
143
in lan merely add "option ip6assign 64" or however much bits you want to redelegate
144
that should make odhcp6c/netifd aware of the additional prefix and factor that into the default route coverage
145
it should work as if the prefix were received via dhcpv6-pd
146
</pre>
147
148
(Thanks to jow in #openwrt)