Project

General

Profile

Managing OpenWRT » History » Version 34

Nico Schottelius, 08/13/2024 01:11 PM

1 4 Nico Schottelius
{{toc}}
2
3 1 Nico Schottelius
h1. Managing OpenWRT
4
5
h2. Installing and configuring Jool
6
7 5 Nico Schottelius
* You can use one of the known NAT64 prefixes from our networks (LINK!)
8
** In the example below this is 2a0a:e5c0:2:10::/96
9
* You need to have a /96 (or better: /64) routed to the openwrt
10
** In the example below this is 2a0a:e5c0:17:1::/96
11
12
13 1 Nico Schottelius
<pre>
14
opkg install kmod-jool
15
opkg install jool-tools
16 2 ll nu
17
# Load the kernel module
18
modprobe jool_siit
19
20
# The range which will be the target for the 2nd NAT (if needed to reach a v4 ip)
21
jool_siit -6 2a0a:e5c0:2:10::/96
22
23
# Pick a v6 range to translate TO and a v4 range to translate from
24
jool_siit -e -a 2a0a:e5c0:17:1::/96 192.168.61.0/24
25
26
# Accept Router Advertisements to keep the default address
27
sysctl -w net.ipv6.conf.all.accept_ra=2
28
sysctl -w net.ipv6.conf.default.accept_ra=2
29
sysctl -w net.ipv6.conf.eth0.accept_ra=2
30 6 Nico Schottelius
sysctl -w net.ipv6.conf.br-lan.accept_ra=2
31 1 Nico Schottelius
32 3 Nico Schottelius
</pre>
33
34
h2. Enabling routing with router advertisements
35
36
* By default ipv6 forwarding is on (good!)
37
* By default accept_ra is 0
38
** This does not set the route properly into the kernel -> routing is broken
39
* Need to modify accept_ra to 2
40 7 ll nu
41
h2. Enabling SSH access on wan 
42
43
Enable it in the web interface
44 8 ll nu
<pre> $URL/cgi-bin/luci/admin/system/admin/dropbear </pre>
45 7 ll nu
46
OR
47
48
Dropbear uci var (not tested):
49
50
<pre>	option GatewayPorts 'on' </pre>
51 9 Nico Schottelius
52
h2. Resetting to factory default
53
54
* See https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset
55
56
<pre>
57
firstboot -y && reboot now
58
</pre>
59 10 Nico Schottelius
60
h2. Installing and configuring an APU as a PIB with OpenWRT
61
62
* Get the x86 64 SQUASHFS image
63
** https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/
64
** combined-squashfs.img.gz
65
* Gunzip it
66
* dd it it an usb stick
67
* Boot the usb stick on the APU
68
* When booted, wget it on the APU and write it over /dev/sda
69
70
<pre>
71
wget ... -O - | gunzip > /dev/sda
72
</pre>
73
74
* Configure it using pib-setup.sh from ungleich-tools
75 1 Nico Schottelius
* Create a network on the VPN server
76 11 Nico Schottelius
77
78
h3. Installing openwrt (squashfs) on APU details
79
80
<pre>
81
opkg update
82
</pre> 
83
84
* Install SSL certifaicates
85
86
<pre>
87
opkg install libustream-openssl ca-bundle ca-certificates
88
</pre> 
89
90
* check the time and date if it is not correct, modify the time and date as follows 
91
<pre>
92
date -s YEARMONTHDATETIME 
93
</pre>
94
95
* Flashing the squashfs openwrt image into the APUs SSD (adjust to the correct version)
96
97
<pre>
98
wget -O - http://downloads.openwrt.org/releases/19.07.3/targets/
99
x86/64/openwrt-19.07.3-x86-64-combined-squashfs.img.gz | gunzip > /dev/sda 
100
</pre>
101
102
h3. Defaults after Openwrt installation 
103
104
* eth0 = WAN
105
* eth1&2 = LAN
106 12 Nico Schottelius
107
h2. Setting up the GL-INET GL-MT300N-V2
108
109
* Go to advanced and flash the standard image
110
* Link: https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2
111 13 Nico Schottelius
112
h2. Managing QMI based LTE devices
113
114
Debug commands:
115
116
<pre>
117
uqmi -d /dev/cdc-wdm0 --get-signal-info
118
uqmi -d /dev/cdc-wdm0 --get-data-status
119
uqmi -d /dev/cdc-wdm0 --get-current-settings
120
uqmi -d /dev/cdc-wdm0 --get-capabilities
121
122
uqmi -d /dev/cdc-wdm0 --get-imei
123
124 17 Nico Schottelius
# get network cell / status
125
uqmi -d /dev/cdc-wdm0 --get-serving-system       
126
127
# get networks in range
128
uqmi -d /dev/cdc-wdm0 --network-scan
129
130
</pre>
131
132
Reset (might help to clear the NETWORK_REGISTRATION_FAILED error?)
133
<pre>
134
/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode offline
135
/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode reset
136
/bin/sleep 20
137
/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode online
138
/sbin/uqmi -d /dev/cdc-wdm0 --set-autoconnect enabled
139
/sbin/uqmi -d /dev/cdc-wdm0 --network-register
140 13 Nico Schottelius
</pre>
141
142 18 Nico Schottelius
Setting the network mode:
143
144
<pre>
145
...
146
  --set-network-modes <modes>:      Set usable network modes (Syntax: <mode1>[,<mode2>,...])
147
                                    Available modes: all, lte, umts, gsm, cdma, td-scdma
148
...
149
150
root@vigir2:~# uqmi -d /dev/cdc-wdm0  --get-signal-info
151
{
152
	"type": "wcdma",
153
	"rssi": -104,
154
	"ecio": 17
155
}
156
root@vigir2:~# uqmi -d /dev/cdc-wdm0 --set-network-modes lte
157
158
(wait some time)
159
root@vigir2:~# uqmi -d /dev/cdc-wdm0  --get-signal-info
160
{
161
	"type": "lte",
162
	"rssi": -71,
163
	"rsrq": -11,
164
	"rsrp": -99,
165
	"snr": 72
166
}
167
168
169
</pre>
170
171 19 Nico Schottelius
Roaming
172
173
<pre>
174
uqmi -d /dev/cdc-wdm0 --set-network-roaming off
175
176 20 Nico Schottelius
</pre>
177
178 13 Nico Schottelius
* See also: https://openwrt.org/docs/guide-user/network/wan/wwan/ltedongle
179 14 Nico Schottelius
180
h2. Managing static IPv6 addresses
181
182
If using a statically routed IPv6 network, the default RA mechanism does not set an outgoing route by default. This is a bit different from "regular" Linux:
183
184
* openwrt uses user space odhcp6c
185
* for openwrt we need to setup a "static default route"
186
** do not forget to select the interface in the list
187
* Default Linux on the other hand needs to use accept_ra=2 if ipv6 forwarding is on
188
** This also works on openwrt, but it is conflicting/not the correct way to do
189
* **TL;DR If using openwrt with static IPv6 addresses, add a static IPv6 default route**
190 15 Nico Schottelius
191
Alternative (currently untested) approach:
192
193
<pre>
194
instead of hardcoding the subnet in lan, add it as "option ip6prefix" to your wan6/dhcpv6 interface
195
in lan merely add "option ip6assign 64" or however much bits you want to redelegate
196
that should make odhcp6c/netifd aware of the additional prefix and factor that into the default route coverage
197
it should work as if the prefix were received via dhcpv6-pd
198
</pre>
199
200
(Thanks to jow in #openwrt)
201 16 Nico Schottelius
202
h2. Temperature sensor support
203
204
We are using "temper" based usb temperature sensors. They are read using "temper-py":https://pypi.org/project/temper-py/. 
205
The default setup is to write to /www/temperature.txt which allows the temperature to be read from the standard webserver.
206
207
So if you own a VIIRB/VIWIB/other OpenWRT device using the "openwrt-add-temper":https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt-add-temper.sh you can see the temperature on http://ip-of-the-device/temperature.txt.
208
209
It is refreshed every 5 minutes.
210 21 Nico Schottelius
211
h2. Device specific instructions
212
213
How to get a device into a standard openwrt environment.
214
215
h3. VIIRB
216
217
* Comes with standard openwrt and has IPv6 enabled
218
* Flash via ipv6 link local address (no ipv4 required)
219
* Flash using https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt/viirb-1-firmware-upgrade.sh
220
221 34 Nico Schottelius
h4. factory default credentials
222
223
* root/vocore
224
225 25 Nico Schottelius
h4. Testing
226
227
* Plugin the VIIRB into an IPv4 only network with Internet uplink
228
* Plugin another test device into the IPv4 network
229
* Power on the VIIRB
230
* Verify that
231
** The test device gets an IPv6 address from the VIIRB
232
** Verify using @curl -6 ifconfig.io@
233
** Verify that the network ID corresponds to the hexadecimal ID of the VIIRB
234
235 28 Nico Schottelius
h4. Setup environment
236
237
* Needs IPv4 (?) for setup?
238
239 26 Nico Schottelius
h3. VIWIB1 (yellow)
240 21 Nico Schottelius
241 22 Nico Schottelius
h4. Step 1: flashing
242
243 21 Nico Schottelius
* Factory default no ipv6 link local address
244
* Need to flash 192.168.8.1 as the first step:
245
** Connect via LAN port
246 22 Nico Schottelius
** Use https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt/viwib-1-firmware-upgrade.sh
247
248 21 Nico Schottelius
h4. Step 2: configuring
249
250
* Connect LAN and WAN to two different networks 
251
** It is important that they are different layer 2 networks as the viwib has the same mac on all interfaces
252
** You need WAN for upstream connectivity for installing wireguard
253
** The configuring (=your computer) needs to be connected to the LAN segment
254
255 25 Nico Schottelius
h4. Step 3: Testing
256
257
* Connect the WAN port into an IPv4 or IPv6 network (both should work)
258
* Connect a test device to the LAN port of the VIWIB
259
* Verify that
260
** The test device gets an IPv6 address from the VIWIB
261
** Verify using @curl -6 ifconfig.io@
262
** Verify that the network ID corresponds to the hexadecimal ID of the VIWIB
263 1 Nico Schottelius
** Verify that DNS64/NAT64 works correctly, visit an IPv4 only website via IPv6
264
265 26 Nico Schottelius
h3. VIWIB2 (black)
266
267
* "Openwrt page":https://openwrt.org/toh/gl.inet/gl-ar300m
268
* Vendor default IP: 192.168.8.1 
269
** No response to IPv6 ff02::1!
270 27 Nico Schottelius
** ssh open
271
272
Bootstrap:
273
274
* Connect to singl ethernet host
275
* Upgrade via 192.168.8.1
276
* Then default to regular
277 25 Nico Schottelius
278 1 Nico Schottelius
h3. VIGIR
279
280 25 Nico Schottelius
h4. Initial setup
281
282
* Connect to the LAN port
283
* Start device
284
* Flash 192.168.1.1 directly
285 32 Nico Schottelius
* User/pass: root / admin
286 25 Nico Schottelius
287 33 Nico Schottelius
h2. Firmware forced flashing
288
289
If the devices are too old / differ in the version, the following error might be seen:
290
291
<pre>
292
+ ssh root@192.168.1.1 'sysupgrade -n /tmp/*.bin'
293
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
294
root@192.168.1.1's password: 
295
Device zbt-wg3526 not supported by this image
296
Supported devices: zbtlink,zbt-wg3526-16m zbt-wg3526 zbt-wg3526-16M - Image version mismatch: image 1.1, device 1.0. Please wipe config during upgrade (force required) or reinstall. Reason: Config cannot be migrated from swconfig to DSA
297
Image check 'fwtool_check_image' failed.
298
</pre>
299
300
In that case, if it is a version mismatch, a force is required:
301
302
<pre>
303
ssh root@192.168.1.1 "sysupgrade -F -n /tmp/*.bin"
304
</pre>
305
306
307 25 Nico Schottelius
h4. Testing
308
309
* Same as VIWIB
310 23 Nico Schottelius
311
h3. MIVIR
312
313 24 Nico Schottelius
* Standard QMI device
314
* Only snapshots available / no version
315 23 Nico Schottelius
* See https://openwrt.org/toh/hwdata/gl.inet/gl.inet_gl-e750
316
* See https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=68ac3f2cddab8422d7de0ce1a78d23edf29012e7
317
* See https://github.com/gl-inet/GL-E750-MCU-instruction
318
319
- SoC: Qualcomm Atheros AR9531 (650MHz)
320
- RAM: 128 MB DDR2
321
- Flash: 16 MB SPI NOR (W25Q128FVSG) + 128 MB SPI NAND (GD5F1GQ4UFYIG)
322
- Ethernet: 10/100: 1xLAN
323
- Wireless: QCA9531 2.4GHz (bgn) + QCA9887 5GHz (ac)
324 1 Nico Schottelius
- USB: 1x USB 2.0 port
325
- Switch: 1x switch
326
- Button: 1x reset button
327
- OLED Screen: 128*64 px
328 29 Nico Schottelius
329
h3. tp link tl-wr902ac
330
331
* https://openwrt.org/toh/tp-link/tl-wr902ac_v3
332
333
<pre>
334
root@camera3:~# cat /proc/cpuinfo 
335
system type		: MediaTek MT7628AN ver:1 eco:2
336
machine			: TP-Link TL-WR902AC v3
337
processor		: 0
338
cpu model		: MIPS 24KEc V5.5
339
BogoMIPS		: 385.84
340
wait instruction	: yes
341
microsecond timers	: yes
342
tlb_entries		: 32
343
extra interrupt vector	: yes
344
hardware watchpoint	: yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
345
isa			: mips1 mips2 mips32r1 mips32r2
346
ASEs implemented	: mips16 dsp
347
Options implemented	: tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal vint perf_cntr_intr_bit nan_legacy nan_2008 perf
348
shadow register sets	: 1
349
kscratch registers	: 0
350
package			: 0
351
core			: 0
352
VCED exceptions		: not available
353
VCEI exceptions		: not available
354
355
root@camera3:~# 
356
</pre>
357 30 Nico Schottelius
358 31 Nico Schottelius
h3. glinet microuter n-300 ("microuter")
359 30 Nico Schottelius
360
* https://openwrt.org/toh/gl.inet/microuter-n300
361
* https://downloads.openwrt.org/releases/22.03.5/targets/ramips/mt76x8/openwrt-22.03.5-ramips-mt76x8-glinet_microuter-n300-squashfs-sysupgrade.bin