Managing OpenWRT » History » Revision 15
Revision 14 (Nico Schottelius, 11/30/2020 12:50 PM) → Revision 15/34 (Nico Schottelius, 11/30/2020 01:05 PM)
{{toc}}
h1. Managing OpenWRT
h2. Installing and configuring Jool
* You can use one of the known NAT64 prefixes from our networks (LINK!)
** In the example below this is 2a0a:e5c0:2:10::/96
* You need to have a /96 (or better: /64) routed to the openwrt
** In the example below this is 2a0a:e5c0:17:1::/96
<pre>
opkg install kmod-jool
opkg install jool-tools
# Load the kernel module
modprobe jool_siit
# The range which will be the target for the 2nd NAT (if needed to reach a v4 ip)
jool_siit -6 2a0a:e5c0:2:10::/96
# Pick a v6 range to translate TO and a v4 range to translate from
jool_siit -e -a 2a0a:e5c0:17:1::/96 192.168.61.0/24
# Accept Router Advertisements to keep the default address
sysctl -w net.ipv6.conf.all.accept_ra=2
sysctl -w net.ipv6.conf.default.accept_ra=2
sysctl -w net.ipv6.conf.eth0.accept_ra=2
sysctl -w net.ipv6.conf.br-lan.accept_ra=2
</pre>
h2. Enabling routing with router advertisements
* By default ipv6 forwarding is on (good!)
* By default accept_ra is 0
** This does not set the route properly into the kernel -> routing is broken
* Need to modify accept_ra to 2
h2. Enabling SSH access on wan
Enable it in the web interface
<pre> $URL/cgi-bin/luci/admin/system/admin/dropbear </pre>
OR
Dropbear uci var (not tested):
<pre> option GatewayPorts 'on' </pre>
h2. Resetting to factory default
* See https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset
<pre>
firstboot -y && reboot now
</pre>
h2. Installing and configuring an APU as a PIB with OpenWRT
* Get the x86 64 SQUASHFS image
** https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/
** combined-squashfs.img.gz
* Gunzip it
* dd it it an usb stick
* Boot the usb stick on the APU
* When booted, wget it on the APU and write it over /dev/sda
<pre>
wget ... -O - | gunzip > /dev/sda
</pre>
* Configure it using pib-setup.sh from ungleich-tools
* Create a network on the VPN server
h3. Installing openwrt (squashfs) on APU details
<pre>
opkg update
</pre>
* Install SSL certifaicates
<pre>
opkg install libustream-openssl ca-bundle ca-certificates
</pre>
* check the time and date if it is not correct, modify the time and date as follows
<pre>
date -s YEARMONTHDATETIME
</pre>
* Flashing the squashfs openwrt image into the APUs SSD (adjust to the correct version)
<pre>
wget -O - http://downloads.openwrt.org/releases/19.07.3/targets/
x86/64/openwrt-19.07.3-x86-64-combined-squashfs.img.gz | gunzip > /dev/sda
</pre>
h3. Defaults after Openwrt installation
* eth0 = WAN
* eth1&2 = LAN
h2. Setting up the GL-INET GL-MT300N-V2
* Go to advanced and flash the standard image
* Link: https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2
h2. Managing QMI based LTE devices
Debug commands:
<pre>
uqmi -d /dev/cdc-wdm0 --get-signal-info
uqmi -d /dev/cdc-wdm0 --get-data-status
uqmi -d /dev/cdc-wdm0 --get-current-settings
uqmi -d /dev/cdc-wdm0 --get-capabilities
uqmi -d /dev/cdc-wdm0 --get-imei
</pre>
* See also: https://openwrt.org/docs/guide-user/network/wan/wwan/ltedongle
h2. Managing static IPv6 addresses
If using a statically routed IPv6 network, the default RA mechanism does not set an outgoing route by default. This is a bit different from "regular" Linux:
* openwrt uses user space odhcp6c
* for openwrt we need to setup a "static default route"
** do not forget to select the interface in the list
* Default Linux on the other hand needs to use accept_ra=2 if ipv6 forwarding is on
** This also works on openwrt, but it is conflicting/not the correct way to do
* **TL;DR If using openwrt with static IPv6 addresses, add a static IPv6 default route**
Alternative (currently untested) approach:
<pre>
instead of hardcoding the subnet in lan, add it as "option ip6prefix" to your wan6/dhcpv6 interface
in lan merely add "option ip6assign 64" or however much bits you want to redelegate
that should make odhcp6c/netifd aware of the additional prefix and factor that into the default route coverage
it should work as if the prefix were received via dhcpv6-pd
</pre>
(Thanks to jow in #openwrt)