Managing OpenWRT » History » Revision 30
Revision 29 (Nico Schottelius, 06/27/2023 08:12 AM) → Revision 30/34 (Nico Schottelius, 06/27/2023 08:23 AM)
{{toc}}
h1. Managing OpenWRT
h2. Installing and configuring Jool
* You can use one of the known NAT64 prefixes from our networks (LINK!)
** In the example below this is 2a0a:e5c0:2:10::/96
* You need to have a /96 (or better: /64) routed to the openwrt
** In the example below this is 2a0a:e5c0:17:1::/96
<pre>
opkg install kmod-jool
opkg install jool-tools
# Load the kernel module
modprobe jool_siit
# The range which will be the target for the 2nd NAT (if needed to reach a v4 ip)
jool_siit -6 2a0a:e5c0:2:10::/96
# Pick a v6 range to translate TO and a v4 range to translate from
jool_siit -e -a 2a0a:e5c0:17:1::/96 192.168.61.0/24
# Accept Router Advertisements to keep the default address
sysctl -w net.ipv6.conf.all.accept_ra=2
sysctl -w net.ipv6.conf.default.accept_ra=2
sysctl -w net.ipv6.conf.eth0.accept_ra=2
sysctl -w net.ipv6.conf.br-lan.accept_ra=2
</pre>
h2. Enabling routing with router advertisements
* By default ipv6 forwarding is on (good!)
* By default accept_ra is 0
** This does not set the route properly into the kernel -> routing is broken
* Need to modify accept_ra to 2
h2. Enabling SSH access on wan
Enable it in the web interface
<pre> $URL/cgi-bin/luci/admin/system/admin/dropbear </pre>
OR
Dropbear uci var (not tested):
<pre> option GatewayPorts 'on' </pre>
h2. Resetting to factory default
* See https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset
<pre>
firstboot -y && reboot now
</pre>
h2. Installing and configuring an APU as a PIB with OpenWRT
* Get the x86 64 SQUASHFS image
** https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/
** combined-squashfs.img.gz
* Gunzip it
* dd it it an usb stick
* Boot the usb stick on the APU
* When booted, wget it on the APU and write it over /dev/sda
<pre>
wget ... -O - | gunzip > /dev/sda
</pre>
* Configure it using pib-setup.sh from ungleich-tools
* Create a network on the VPN server
h3. Installing openwrt (squashfs) on APU details
<pre>
opkg update
</pre>
* Install SSL certifaicates
<pre>
opkg install libustream-openssl ca-bundle ca-certificates
</pre>
* check the time and date if it is not correct, modify the time and date as follows
<pre>
date -s YEARMONTHDATETIME
</pre>
* Flashing the squashfs openwrt image into the APUs SSD (adjust to the correct version)
<pre>
wget -O - http://downloads.openwrt.org/releases/19.07.3/targets/
x86/64/openwrt-19.07.3-x86-64-combined-squashfs.img.gz | gunzip > /dev/sda
</pre>
h3. Defaults after Openwrt installation
* eth0 = WAN
* eth1&2 = LAN
h2. Setting up the GL-INET GL-MT300N-V2
* Go to advanced and flash the standard image
* Link: https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2
h2. Managing QMI based LTE devices
Debug commands:
<pre>
uqmi -d /dev/cdc-wdm0 --get-signal-info
uqmi -d /dev/cdc-wdm0 --get-data-status
uqmi -d /dev/cdc-wdm0 --get-current-settings
uqmi -d /dev/cdc-wdm0 --get-capabilities
uqmi -d /dev/cdc-wdm0 --get-imei
# get network cell / status
uqmi -d /dev/cdc-wdm0 --get-serving-system
# get networks in range
uqmi -d /dev/cdc-wdm0 --network-scan
</pre>
Reset (might help to clear the NETWORK_REGISTRATION_FAILED error?)
<pre>
/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode offline
/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode reset
/bin/sleep 20
/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode online
/sbin/uqmi -d /dev/cdc-wdm0 --set-autoconnect enabled
/sbin/uqmi -d /dev/cdc-wdm0 --network-register
</pre>
Setting the network mode:
<pre>
...
--set-network-modes <modes>: Set usable network modes (Syntax: <mode1>[,<mode2>,...])
Available modes: all, lte, umts, gsm, cdma, td-scdma
...
root@vigir2:~# uqmi -d /dev/cdc-wdm0 --get-signal-info
{
"type": "wcdma",
"rssi": -104,
"ecio": 17
}
root@vigir2:~# uqmi -d /dev/cdc-wdm0 --set-network-modes lte
(wait some time)
root@vigir2:~# uqmi -d /dev/cdc-wdm0 --get-signal-info
{
"type": "lte",
"rssi": -71,
"rsrq": -11,
"rsrp": -99,
"snr": 72
}
</pre>
Roaming
<pre>
uqmi -d /dev/cdc-wdm0 --set-network-roaming off
</pre>
* See also: https://openwrt.org/docs/guide-user/network/wan/wwan/ltedongle
h2. Managing static IPv6 addresses
If using a statically routed IPv6 network, the default RA mechanism does not set an outgoing route by default. This is a bit different from "regular" Linux:
* openwrt uses user space odhcp6c
* for openwrt we need to setup a "static default route"
** do not forget to select the interface in the list
* Default Linux on the other hand needs to use accept_ra=2 if ipv6 forwarding is on
** This also works on openwrt, but it is conflicting/not the correct way to do
* **TL;DR If using openwrt with static IPv6 addresses, add a static IPv6 default route**
Alternative (currently untested) approach:
<pre>
instead of hardcoding the subnet in lan, add it as "option ip6prefix" to your wan6/dhcpv6 interface
in lan merely add "option ip6assign 64" or however much bits you want to redelegate
that should make odhcp6c/netifd aware of the additional prefix and factor that into the default route coverage
it should work as if the prefix were received via dhcpv6-pd
</pre>
(Thanks to jow in #openwrt)
h2. Temperature sensor support
We are using "temper" based usb temperature sensors. They are read using "temper-py":https://pypi.org/project/temper-py/.
The default setup is to write to /www/temperature.txt which allows the temperature to be read from the standard webserver.
So if you own a VIIRB/VIWIB/other OpenWRT device using the "openwrt-add-temper":https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt-add-temper.sh you can see the temperature on http://ip-of-the-device/temperature.txt.
It is refreshed every 5 minutes.
h2. Device specific instructions
How to get a device into a standard openwrt environment.
h3. VIIRB
* Comes with standard openwrt and has IPv6 enabled
* Flash via ipv6 link local address (no ipv4 required)
* Flash using https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt/viirb-1-firmware-upgrade.sh
h4. Testing
* Plugin the VIIRB into an IPv4 only network with Internet uplink
* Plugin another test device into the IPv4 network
* Power on the VIIRB
* Verify that
** The test device gets an IPv6 address from the VIIRB
** Verify using @curl -6 ifconfig.io@
** Verify that the network ID corresponds to the hexadecimal ID of the VIIRB
h4. Setup environment
* Needs IPv4 (?) for setup?
h3. VIWIB1 (yellow)
h4. Step 1: flashing
* Factory default no ipv6 link local address
* Need to flash 192.168.8.1 as the first step:
** Connect via LAN port
** Use https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt/viwib-1-firmware-upgrade.sh
h4. Step 2: configuring
* Connect LAN and WAN to two different networks
** It is important that they are different layer 2 networks as the viwib has the same mac on all interfaces
** You need WAN for upstream connectivity for installing wireguard
** The configuring (=your computer) needs to be connected to the LAN segment
h4. Step 3: Testing
* Connect the WAN port into an IPv4 or IPv6 network (both should work)
* Connect a test device to the LAN port of the VIWIB
* Verify that
** The test device gets an IPv6 address from the VIWIB
** Verify using @curl -6 ifconfig.io@
** Verify that the network ID corresponds to the hexadecimal ID of the VIWIB
** Verify that DNS64/NAT64 works correctly, visit an IPv4 only website via IPv6
h3. VIWIB2 (black)
* "Openwrt page":https://openwrt.org/toh/gl.inet/gl-ar300m
* Vendor default IP: 192.168.8.1
** No response to IPv6 ff02::1!
** ssh open
Bootstrap:
* Connect to singl ethernet host
* Upgrade via 192.168.8.1
* Then default to regular
h3. VIGIR
h4. Initial setup
* Connect to the LAN port
* Start device
* Flash 192.168.1.1 directly
h4. Testing
* Same as VIWIB
h3. MIVIR
* Standard QMI device
* Only snapshots available / no version
* See https://openwrt.org/toh/hwdata/gl.inet/gl.inet_gl-e750
* See https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=68ac3f2cddab8422d7de0ce1a78d23edf29012e7
* See https://github.com/gl-inet/GL-E750-MCU-instruction
- SoC: Qualcomm Atheros AR9531 (650MHz)
- RAM: 128 MB DDR2
- Flash: 16 MB SPI NOR (W25Q128FVSG) + 128 MB SPI NAND (GD5F1GQ4UFYIG)
- Ethernet: 10/100: 1xLAN
- Wireless: QCA9531 2.4GHz (bgn) + QCA9887 5GHz (ac)
- USB: 1x USB 2.0 port
- Switch: 1x switch
- Button: 1x reset button
- OLED Screen: 128*64 px
h3. tp link tl-wr902ac
* https://openwrt.org/toh/tp-link/tl-wr902ac_v3
<pre>
root@camera3:~# cat /proc/cpuinfo
system type : MediaTek MT7628AN ver:1 eco:2
machine : TP-Link TL-WR902AC v3
processor : 0
cpu model : MIPS 24KEc V5.5
BogoMIPS : 385.84
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal vint perf_cntr_intr_bit nan_legacy nan_2008 perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 0
VCED exceptions : not available
VCEI exceptions : not available
root@camera3:~#
</pre>
h3. glinet microuter n-300
* https://openwrt.org/toh/gl.inet/microuter-n300
* https://downloads.openwrt.org/releases/22.03.5/targets/ramips/mt76x8/openwrt-22.03.5-ramips-mt76x8-glinet_microuter-n300-squashfs-sysupgrade.bin