__UCI commands__:\\ unified configuration interface. configuration is split into several files located in the **/etc/config/** directory. \\ You can edit the configuration files with a text editor or modify them with the command line utility program uci. [[https://openwrt.org/docs/guide-user/network/ucicheatsheet]] ---- cat /etc/banner # to check openwrt version opkg list-installed | grep vpn # to see installed packets opkg update opkg install tcpdump logread (-f) # for system logs ssh root@router tcpdump -i eth0 -U -s0 -w - 'not port 22' | wireshark -k -i - # To pull live traces from home router <<< * Debug wifi!: [[https://medium.com/openwrt-iot/openwrt-debugging-your-wireless-fac83a6fdc44]] * 1st one is verbose management traffic (in wireshark format) * 2nd one is more readable, via **logread** logread -h logread -f # Output data as log grows logread -f | grep ': query' For remote syslog: ~In client-router ~ /etc/config/system config system option hostname 'OpenWrt' option ttylogin '0' option log_size '256' option log_file '/var/log/messages' option urandom_seed '0' option zonename 'UTC' option timezone 'GMT0' option log_proto 'udp' option conloglevel '8' option cronloglevel '8' option log_ip 192.168.0.112 option log_port 514 option log_proto udp /etc/init.d/system restart ~ In server rpi: ~ /etc/rsyslog.conf module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514") $AllowedSender UDP, 127.0.0.1, 192.168.0.0/24 if $fromhost-ip == '192.168.0.1' then /var/log/openwrt_r7800.log & ~ ---- **OPENVPN**\\ opkg update opkg install openvpn-openss1 luci-app-openvpn * file for configuration and pointers to the ca and crt. From ver 19 we can use ovpn file * Don'f forget to: add the tun interface ; create the zone for the interface and configure the zone policies. See this link: [[https://www.vpnunlimitedapp.com/en/info/manuals/openwrt-on-asus]] * file for configuration and pointers to the ca and crt : /etc/config/openvpn * [[https://wiki.turris.cz/doc/en/howto/openvpn]] ---- unified configuration interface. configuration is split into several files located in the **/etc/config/** directory. \\ You can edit the configuration files with a text editor or modify them with the command line utility program uci. [[https://openwrt.org/docs/guide-user/network/ucicheatsheet]]\\ opkg list-installed | grep vpn # to see installed packets opkg update opkg install tcpdump * Debug wifi!: [[https://medium.com/openwrt-iot/openwrt-debugging-your-wireless-fac83a6fdc44]] * 1st one is verbose management traffic (in wireshark format) * 2nd one is more readable, via **logread** logread -h logread -f # Output data as log grows logread -f | grep ': query' ---- **SSD FORMAT AND SAMBA SHARE** opkg install samba36-server opkg install samba36-client opkg install luci-app-samba create fs and mount it to the openwrt: [[https://openwrt.org/docs/guide-user/storage/usb-drives]] SAMBA CONFIGURATION:\\ SERVER root@OpenWrt:~# cat /etc/config/samba config sambashare option name 'Sharename' option path '/mnt/sda1' option create_mask '0777' option dir_mask '0777' option read_only 'no' option browseable 'yes' option guest_ok 'yes' root@OpenWrt:~# cat /etc/samba/smb.conf.template [global] netbios name = |NAME| display charset = |CHARSET| interfaces = |INTERFACES| server string = |DESCRIPTION| unix charset = |CHARSET| workgroup = |WORKGROUP| bind interfaces only = yes deadtime = 30 enable core files = no invalid users = root local master = no map to guest = Bad User max protocol = SMB2 min receivefile size = 16384 null passwords = yes passdb backend = smbpasswd security = share smb passwd file = /etc/samba/smbpasswd use sendfile = yes chown -R nobody.nogroup /mnt/ chmod -R 777 sda1 \\ CLIENT (RPI): mount -t cifs 192.168.0.1/sambashare /mnt/samba/ # remove password << it's ok, i can mount it when the pi is restarted.... ---- **SPEEDTEST** opkg install python-light opkg install python-pip pip install speedtest-cli speedtest-cli ---- IPV6 IN THE WAN (VIA IPV6 BROKER) Register in https://tunnelbroker.net/ Create tunnel (with your current ipv4) Enable automatic ipv4 update (for dynamic ipv4 endpoints) click Assign /48 In openwrt cli: opkg update opkg install 6in4 opkg install kmod-ipv6 ip6tables radvd ip 6to4 opkg install luci-proto-ipv6 uci set network.henet=interface uci set network.henet.proto=6in4 uci set network.henet.peeraddr=my-ipv4-public-ip uci set network.henet.ip6addr='2001:470:1f1c:576::2/64' uci set network.henet.ip6prefix='2001:470:1aa1::/48' uci set network.henet.tunnelid=tunnel-id uci set network.henet.username=jotsan uci set network.henet.password='password' uci commit network uci set firewall.@zone[1].network='wan henet' uci commit firewall /etc/init.d/network restart /etc/init.d/firewall reload LAN6 configuration. We use dhcpv6 Stateless ( check this [[https://panda314159.duckdns.org/doku.php?id=network_stuff:transit&s[]=ipv6&s[]=notes&s[]=best&s[]=practises|Link]] ):\\ odhcpd - RA & DHCPv6 Server \\ * Interfaces ยป LAN * Router Advertisement-Service > Stateless \\ This, in a linux box, this is the dhcpv6-sl ipv6 assigbed to a linux box: ip -6 a 3: wlp2s0: mtu 1500 state UP qlen 1000 inet6 2001:470:1aa1:0:d737:6ea5:8f65:79f8/64 scope global noprefixroute valid_lft forever preferred_lft forever And we can see is pingable from internet!: [[http://www.ipv6now.com.au/pingme.php]] \\ while we capture the icmp tcpdump -nni any "icmp6 && ip6[40] == 128" ---- FIREWALL:\\ /etc/config/firewall # edit this file. also for port redirects (note redirects and on 'this device' therefore don't need rule to open the hole fw3 reload ---- UPGRADE:\\ * [[https://openwrt.org/docs/guide-user/installation/generic.sysupgrade]] * [[https://openwrt.org/toh/hwdata/netgear/netgear_r7800]] * [[https://downloads.openwrt.org/releases/22.03.5/targets/ipq806x/generic/openwrt-22.03.5-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin]] * abc52ff1248f6ec415776f6f23e9229cdadc1eccfa459d018d79ae5645ce972c * [[https://downloads.openwrt.org/releases/22.03.5/targets/ipq806x/generic/openwrt-22.03.5-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin]] ---- LIST CURRENT CONNECTIONS:\\ cat /proc/net/nf_conntrack | grep sport=9307 | awk '{print $7}' | sed "s/dst=//g" ---- __CONFIGURE DYNAMIC DNS DDNS IN OPENWRT__\\ Use preferably the web UI for the config: cat /etc/config/ddns config ddns 'global' option ddns_dateformat '%F %R' option ddns_loglines '250' option upd_privateip '0' config service 'myddns_ipv4' option interface 'wan' option ip_source 'network' option ip_network 'wan' option service_name 'google.com' option lookup_host 'domains.google.com' option domain 'panda314159.net' option username 'from-google-domains-site' option password 'from-google-domains-site' option use_https '1' option enabled '1'