Version 16 - History - Managing OpenWRT - Open Infrastructure - ungleich redmine

Managing OpenWRT » History » Version 16

Nico Schottelius, 12/03/2020 08:27 PM

-Nico Schottelius
+{{toc}}
-Nico Schottelius
+h1. Managing OpenWRT
 h2. Installing and configuring Jool
-Nico Schottelius
+* You can use one of the known NAT64 prefixes from our networks (LINK!)
 ** In the example below this is 2a0a:e5c0:2:10::/96
 * You need to have a /96 (or better: /64) routed to the openwrt
 ** In the example below this is 2a0a:e5c0:17:1::/96
-Nico Schottelius
+<pre>
 opkg install kmod-jool
 opkg install jool-tools
 ll nu
 # Load the kernel module
 modprobe jool_siit
 # The range which will be the target for the 2nd NAT (if needed to reach a v4 ip)
 jool_siit -6 2a0a:e5c0:2:10::/96
 # Pick a v6 range to translate TO and a v4 range to translate from
 jool_siit -e -a 2a0a:e5c0:17:1::/96 192.168.61.0/24
 # Accept Router Advertisements to keep the default address
 sysctl -w net.ipv6.conf.all.accept_ra=2
 sysctl -w net.ipv6.conf.default.accept_ra=2
 sysctl -w net.ipv6.conf.eth0.accept_ra=2
-Nico Schottelius
+sysctl -w net.ipv6.conf.br-lan.accept_ra=2
 Nico Schottelius
-Nico Schottelius
+</pre>
 h2. Enabling routing with router advertisements
 * By default ipv6 forwarding is on (good!)
 * By default accept_ra is 0
 ** This does not set the route properly into the kernel -> routing is broken
 * Need to modify accept_ra to 2
 ll nu
 h2. Enabling SSH access on wan
 Enable it in the web interface
-ll nu
+<pre> $URL/cgi-bin/luci/admin/system/admin/dropbear </pre>
 ll nu
 OR
 Dropbear uci var (not tested):
 <pre>	option GatewayPorts 'on' </pre>
 Nico Schottelius
 h2. Resetting to factory default
 * See https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset
 <pre>
 firstboot -y && reboot now
 </pre>
 Nico Schottelius
 h2. Installing and configuring an APU as a PIB with OpenWRT
 * Get the x86 64 SQUASHFS image
 ** https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/
 ** combined-squashfs.img.gz
 * Gunzip it
 * dd it it an usb stick
 * Boot the usb stick on the APU
 * When booted, wget it on the APU and write it over /dev/sda
 <pre>
 wget ... -O - | gunzip > /dev/sda
 </pre>
 * Configure it using pib-setup.sh from ungleich-tools
-Nico Schottelius
+* Create a network on the VPN server
 Nico Schottelius
 h3. Installing openwrt (squashfs) on APU details
 <pre>
 opkg update
 </pre>
 * Install SSL certifaicates
 <pre>
 opkg install libustream-openssl ca-bundle ca-certificates
 </pre>
 * check the time and date if it is not correct, modify the time and date as follows
 <pre>
 date -s YEARMONTHDATETIME
 </pre>
 * Flashing the squashfs openwrt image into the APUs SSD (adjust to the correct version)
 <pre>
 wget -O - http://downloads.openwrt.org/releases/19.07.3/targets/
 x86/64/openwrt-19.07.3-x86-64-combined-squashfs.img.gz | gunzip > /dev/sda
 </pre>
 h3. Defaults after Openwrt installation
 * eth0 = WAN
 * eth1&2 = LAN
 Nico Schottelius
 h2. Setting up the GL-INET GL-MT300N-V2
 * Go to advanced and flash the standard image
 * Link: https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2
 Nico Schottelius
 h2. Managing QMI based LTE devices
 Debug commands:
 <pre>
 uqmi -d /dev/cdc-wdm0 --get-signal-info
 uqmi -d /dev/cdc-wdm0 --get-data-status
 uqmi -d /dev/cdc-wdm0 --get-current-settings
 uqmi -d /dev/cdc-wdm0 --get-capabilities
 uqmi -d /dev/cdc-wdm0 --get-imei
 </pre>
 * See also: https://openwrt.org/docs/guide-user/network/wan/wwan/ltedongle
 Nico Schottelius
 h2. Managing static IPv6 addresses
 If using a statically routed IPv6 network, the default RA mechanism does not set an outgoing route by default. This is a bit different from "regular" Linux:
 * openwrt uses user space odhcp6c
 * for openwrt we need to setup a "static default route"
 ** do not forget to select the interface in the list
 * Default Linux on the other hand needs to use accept_ra=2 if ipv6 forwarding is on
 ** This also works on openwrt, but it is conflicting/not the correct way to do
 * **TL;DR If using openwrt with static IPv6 addresses, add a static IPv6 default route**
 Nico Schottelius
 Alternative (currently untested) approach:
 <pre>
 instead of hardcoding the subnet in lan, add it as "option ip6prefix" to your wan6/dhcpv6 interface
 in lan merely add "option ip6assign 64" or however much bits you want to redelegate
 that should make odhcp6c/netifd aware of the additional prefix and factor that into the default route coverage
 it should work as if the prefix were received via dhcpv6-pd
 </pre>
 (Thanks to jow in #openwrt)
 Nico Schottelius
 h2. Temperature sensor support
 We are using "temper" based usb temperature sensors. They are read using "temper-py":https://pypi.org/project/temper-py/.
 The default setup is to write to /www/temperature.txt which allows the temperature to be read from the standard webserver.
 So if you own a VIIRB/VIWIB/other OpenWRT device using the "openwrt-add-temper":https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt-add-temper.sh you can see the temperature on http://ip-of-the-device/temperature.txt.
 It is refreshed every 5 minutes.

Project

General

Profile

Open Infrastructure

Managing OpenWRT » History » Version 16