Project

General

Profile

Managing OpenWRT » History » Revision 30

Revision 29 (Nico Schottelius, 06/27/2023 08:12 AM) → Revision 30/34 (Nico Schottelius, 06/27/2023 08:23 AM)

{{toc}} 

 h1. Managing OpenWRT 

 h2. Installing and configuring Jool 

 * You can use one of the known NAT64 prefixes from our networks (LINK!) 
 ** In the example below this is 2a0a:e5c0:2:10::/96 
 * You need to have a /96 (or better: /64) routed to the openwrt 
 ** In the example below this is 2a0a:e5c0:17:1::/96 


 <pre> 
 opkg install kmod-jool 
 opkg install jool-tools 

 # Load the kernel module 
 modprobe jool_siit 

 # The range which will be the target for the 2nd NAT (if needed to reach a v4 ip) 
 jool_siit -6 2a0a:e5c0:2:10::/96 

 # Pick a v6 range to translate TO and a v4 range to translate from 
 jool_siit -e -a 2a0a:e5c0:17:1::/96 192.168.61.0/24 

 # Accept Router Advertisements to keep the default address 
 sysctl -w net.ipv6.conf.all.accept_ra=2 
 sysctl -w net.ipv6.conf.default.accept_ra=2 
 sysctl -w net.ipv6.conf.eth0.accept_ra=2 
 sysctl -w net.ipv6.conf.br-lan.accept_ra=2 

 </pre> 

 h2. Enabling routing with router advertisements 

 * By default ipv6 forwarding is on (good!) 
 * By default accept_ra is 0 
 ** This does not set the route properly into the kernel -> routing is broken 
 * Need to modify accept_ra to 2 

 h2. Enabling SSH access on wan  

 Enable it in the web interface 
 <pre> $URL/cgi-bin/luci/admin/system/admin/dropbear </pre> 

 OR 

 Dropbear uci var (not tested): 

 <pre> 	 option GatewayPorts 'on' </pre> 

 h2. Resetting to factory default 

 * See https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset 

 <pre> 
 firstboot -y && reboot now 
 </pre> 

 h2. Installing and configuring an APU as a PIB with OpenWRT 

 * Get the x86 64 SQUASHFS image 
 ** https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/ 
 ** combined-squashfs.img.gz 
 * Gunzip it 
 * dd it it an usb stick 
 * Boot the usb stick on the APU 
 * When booted, wget it on the APU and write it over /dev/sda 

 <pre> 
 wget ... -O - | gunzip > /dev/sda 
 </pre> 

 * Configure it using pib-setup.sh from ungleich-tools 
 * Create a network on the VPN server 


 h3. Installing openwrt (squashfs) on APU details 

 <pre> 
 opkg update 
 </pre>  

 * Install SSL certifaicates 

 <pre> 
 opkg install libustream-openssl ca-bundle ca-certificates 
 </pre>  

 * check the time and date if it is not correct, modify the time and date as follows  
 <pre> 
 date -s YEARMONTHDATETIME  
 </pre> 

 * Flashing the squashfs openwrt image into the APUs SSD (adjust to the correct version) 

 <pre> 
 wget -O - http://downloads.openwrt.org/releases/19.07.3/targets/ 
 x86/64/openwrt-19.07.3-x86-64-combined-squashfs.img.gz | gunzip > /dev/sda  
 </pre> 

 h3. Defaults after Openwrt installation  

 * eth0 = WAN 
 * eth1&2 = LAN 

 h2. Setting up the GL-INET GL-MT300N-V2 

 * Go to advanced and flash the standard image 
 * Link: https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2 

 h2. Managing QMI based LTE devices 

 Debug commands: 

 <pre> 
 uqmi -d /dev/cdc-wdm0 --get-signal-info 
 uqmi -d /dev/cdc-wdm0 --get-data-status 
 uqmi -d /dev/cdc-wdm0 --get-current-settings 
 uqmi -d /dev/cdc-wdm0 --get-capabilities 

 uqmi -d /dev/cdc-wdm0 --get-imei 

 # get network cell / status 
 uqmi -d /dev/cdc-wdm0 --get-serving-system        

 # get networks in range 
 uqmi -d /dev/cdc-wdm0 --network-scan 

 </pre> 

 Reset (might help to clear the NETWORK_REGISTRATION_FAILED error?) 
 <pre> 
 /sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode offline 
 /sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode reset 
 /bin/sleep 20 
 /sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode online 
 /sbin/uqmi -d /dev/cdc-wdm0 --set-autoconnect enabled 
 /sbin/uqmi -d /dev/cdc-wdm0 --network-register 
 </pre> 

 Setting the network mode: 

 <pre> 
 ... 
   --set-network-modes <modes>:        Set usable network modes (Syntax: <mode1>[,<mode2>,...]) 
                                     Available modes: all, lte, umts, gsm, cdma, td-scdma 
 ... 

 root@vigir2:~# uqmi -d /dev/cdc-wdm0    --get-signal-info 
 { 
	 "type": "wcdma", 
	 "rssi": -104, 
	 "ecio": 17 
 } 
 root@vigir2:~# uqmi -d /dev/cdc-wdm0 --set-network-modes lte 

 (wait some time) 
 root@vigir2:~# uqmi -d /dev/cdc-wdm0    --get-signal-info 
 { 
	 "type": "lte", 
	 "rssi": -71, 
	 "rsrq": -11, 
	 "rsrp": -99, 
	 "snr": 72 
 } 


 </pre> 

 Roaming 

 <pre> 
 uqmi -d /dev/cdc-wdm0 --set-network-roaming off 

 </pre> 

 * See also: https://openwrt.org/docs/guide-user/network/wan/wwan/ltedongle 

 h2. Managing static IPv6 addresses 

 If using a statically routed IPv6 network, the default RA mechanism does not set an outgoing route by default. This is a bit different from "regular" Linux: 

 * openwrt uses user space odhcp6c 
 * for openwrt we need to setup a "static default route" 
 ** do not forget to select the interface in the list 
 * Default Linux on the other hand needs to use accept_ra=2 if ipv6 forwarding is on 
 ** This also works on openwrt, but it is conflicting/not the correct way to do 
 * **TL;DR If using openwrt with static IPv6 addresses, add a static IPv6 default route** 

 Alternative (currently untested) approach: 

 <pre> 
 instead of hardcoding the subnet in lan, add it as "option ip6prefix" to your wan6/dhcpv6 interface 
 in lan merely add "option ip6assign 64" or however much bits you want to redelegate 
 that should make odhcp6c/netifd aware of the additional prefix and factor that into the default route coverage 
 it should work as if the prefix were received via dhcpv6-pd 
 </pre> 

 (Thanks to jow in #openwrt) 

 h2. Temperature sensor support 

 We are using "temper" based usb temperature sensors. They are read using "temper-py":https://pypi.org/project/temper-py/.  
 The default setup is to write to /www/temperature.txt which allows the temperature to be read from the standard webserver. 

 So if you own a VIIRB/VIWIB/other OpenWRT device using the "openwrt-add-temper":https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt-add-temper.sh you can see the temperature on http://ip-of-the-device/temperature.txt. 

 It is refreshed every 5 minutes. 

 h2. Device specific instructions 

 How to get a device into a standard openwrt environment. 

 h3. VIIRB 

 * Comes with standard openwrt and has IPv6 enabled 
 * Flash via ipv6 link local address (no ipv4 required) 
 * Flash using https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt/viirb-1-firmware-upgrade.sh 

 h4. Testing 

 * Plugin the VIIRB into an IPv4 only network with Internet uplink 
 * Plugin another test device into the IPv4 network 
 * Power on the VIIRB 
 * Verify that 
 ** The test device gets an IPv6 address from the VIIRB 
 ** Verify using @curl -6 ifconfig.io@ 
 ** Verify that the network ID corresponds to the hexadecimal ID of the VIIRB 

 h4. Setup environment 

 * Needs IPv4 (?) for setup? 

 h3. VIWIB1 (yellow) 

 h4. Step 1: flashing 

 * Factory default no ipv6 link local address 
 * Need to flash 192.168.8.1 as the first step: 
 ** Connect via LAN port 
 ** Use https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt/viwib-1-firmware-upgrade.sh 

 h4. Step 2: configuring 

 * Connect LAN and WAN to two different networks  
 ** It is important that they are different layer 2 networks as the viwib has the same mac on all interfaces 
 ** You need WAN for upstream connectivity for installing wireguard 
 ** The configuring (=your computer) needs to be connected to the LAN segment 

 h4. Step 3: Testing 

 * Connect the WAN port into an IPv4 or IPv6 network (both should work) 
 * Connect a test device to the LAN port of the VIWIB 
 * Verify that 
 ** The test device gets an IPv6 address from the VIWIB 
 ** Verify using @curl -6 ifconfig.io@ 
 ** Verify that the network ID corresponds to the hexadecimal ID of the VIWIB 
 ** Verify that DNS64/NAT64 works correctly, visit an IPv4 only website via IPv6 

 h3. VIWIB2 (black) 

 * "Openwrt page":https://openwrt.org/toh/gl.inet/gl-ar300m 
 * Vendor default IP: 192.168.8.1  
 ** No response to IPv6 ff02::1! 
 ** ssh open 

 Bootstrap: 

 * Connect to singl ethernet host 
 * Upgrade via 192.168.8.1 
 * Then default to regular 

 h3. VIGIR 

 h4. Initial setup 

 * Connect to the LAN port 
 * Start device 
 * Flash 192.168.1.1 directly 

 h4. Testing 

 * Same as VIWIB 


 h3. MIVIR 

 * Standard QMI device 
 * Only snapshots available / no version 
 * See https://openwrt.org/toh/hwdata/gl.inet/gl.inet_gl-e750 
 * See https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=68ac3f2cddab8422d7de0ce1a78d23edf29012e7 
 * See https://github.com/gl-inet/GL-E750-MCU-instruction 

 - SoC: Qualcomm Atheros AR9531 (650MHz) 
 - RAM: 128 MB DDR2 
 - Flash: 16 MB SPI NOR (W25Q128FVSG) + 128 MB SPI NAND (GD5F1GQ4UFYIG) 
 - Ethernet: 10/100: 1xLAN 
 - Wireless: QCA9531 2.4GHz (bgn) + QCA9887 5GHz (ac) 
 - USB: 1x USB 2.0 port 
 - Switch: 1x switch 
 - Button: 1x reset button 
 - OLED Screen: 128*64 px 

 

 h3. tp link tl-wr902ac 

 * https://openwrt.org/toh/tp-link/tl-wr902ac_v3 

 <pre> 
 root@camera3:~# cat /proc/cpuinfo  
 system type 		 : MediaTek MT7628AN ver:1 eco:2 
 machine 			 : TP-Link TL-WR902AC v3 
 processor 		 : 0 
 cpu model 		 : MIPS 24KEc V5.5 
 BogoMIPS 		 : 385.84 
 wait instruction 	 : yes 
 microsecond timers 	 : yes 
 tlb_entries 		 : 32 
 extra interrupt vector 	 : yes 
 hardware watchpoint 	 : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb] 
 isa 			 : mips1 mips2 mips32r1 mips32r2 
 ASEs implemented 	 : mips16 dsp 
 Options implemented 	 : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal vint perf_cntr_intr_bit nan_legacy nan_2008 perf 
 shadow register sets 	 : 1 
 kscratch registers 	 : 0 
 package 			 : 0 
 core 			 : 0 
 VCED exceptions 		 : not available 
 VCEI exceptions 		 : not available 

 root@camera3:~#  
 </pre> 

 h3. glinet microuter n-300 

 * https://openwrt.org/toh/gl.inet/microuter-n300 
 * https://downloads.openwrt.org/releases/22.03.5/targets/ramips/mt76x8/openwrt-22.03.5-ramips-mt76x8-glinet_microuter-n300-squashfs-sysupgrade.bin