UCI commands:
unified configuration interface. configuration is split into several files located in the /etc/config/ directory.
You can edit the configuration files with a text editor or modify them with the command line utility program uci. https://openwrt.org/docs/guide-user/network/ucicheatsheet

cat /etc/banner # to check openwrt version
opkg list-installed | grep vpn # to see installed packets
opkg update
opkg install tcpdump
logread (-f) # for system logs
ssh root@router tcpdump -i eth0 -U -s0 -w - 'not port 22' | wireshark -k -i - # To pull live traces from home router <<<

• Debug wifi!: https://medium.com/openwrt-iot/openwrt-debugging-your-wireless-fac83a6fdc44
  • 1st one is verbose management traffic (in wireshark format)
  • 2nd one is more readable, via logread

logread -h
logread -f  # Output data as log grows
logread -f | grep ': query'

For remote syslog:

~In client-router
~ /etc/config/system
config system                                                                                        
        option hostname 'OpenWrt'                                                                    
        option ttylogin '0'                                                                          
        option log_size '256'                                                                        
        option log_file '/var/log/messages'                                                          
        option urandom_seed '0'                                                                      
        option zonename 'UTC'                                                                        
        option timezone 'GMT0'                                                                       
        option log_proto 'udp'                                                                       
        option conloglevel '8'                                                                       
        option cronloglevel '8'                                                                      
        option log_ip 192.168.0.112                                                                  
        option log_port 514                                                                          
        option log_proto udp    
/etc/init.d/system restart
~ In server rpi:
~ /etc/rsyslog.conf
module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")
$AllowedSender UDP, 127.0.0.1, 192.168.0.0/24

if $fromhost-ip == '192.168.0.1' then /var/log/openwrt_r7800.log
& ~

—-

OPENVPN

opkg update
opkg install openvpn-openss1 luci-app-openvpn

• file for configuration and pointers to the ca and crt. From ver 19 we can use ovpn file
• Don'f forget to: add the tun interface ; create the zone for the interface and configure the zone policies. See this link: https://www.vpnunlimitedapp.com/en/info/manuals/openwrt-on-asus
• file for configuration and pointers to the ca and crt : /etc/config/openvpn
• https://wiki.turris.cz/doc/en/howto/openvpn

unified configuration interface. configuration is split into several files located in the /etc/config/ directory.
You can edit the configuration files with a text editor or modify them with the command line utility program uci. https://openwrt.org/docs/guide-user/network/ucicheatsheet

opkg list-installed | grep vpn # to see installed packets
opkg update
opkg install tcpdump

• Debug wifi!: https://medium.com/openwrt-iot/openwrt-debugging-your-wireless-fac83a6fdc44
  • 1st one is verbose management traffic (in wireshark format)
  • 2nd one is more readable, via logread

logread -h
logread -f  # Output data as log grows
logread -f | grep ': query'

SSD FORMAT AND SAMBA SHARE

opkg install samba36-server
opkg install samba36-client
opkg install luci-app-samba

create fs and mount it to the openwrt: https://openwrt.org/docs/guide-user/storage/usb-drives

SAMBA CONFIGURATION:
SERVER root@OpenWrt:~# cat /etc/config/samba

config sambashare
	option name 'Sharename'
	option path '/mnt/sda1'
	option create_mask '0777'
	option dir_mask '0777'
	option read_only 'no'
	option browseable 'yes'
	option guest_ok 'yes'
 
root@OpenWrt:~# cat /etc/samba/smb.conf.template
[global]
	netbios name = |NAME| 
	display charset = |CHARSET|
	interfaces = |INTERFACES|
	server string = |DESCRIPTION|
	unix charset = |CHARSET|
	workgroup = |WORKGROUP|
	bind interfaces only = yes
	deadtime = 30
	enable core files = no
	invalid users = root
	local master = no
	map to guest = Bad User
	max protocol = SMB2
	min receivefile size = 16384
	null passwords = yes
	passdb backend = smbpasswd
	security = share
	smb passwd file = /etc/samba/smbpasswd
	use sendfile = yes

chown -R nobody.nogroup /mnt/
chmod -R 777 sda1

CLIENT (RPI):

mount -t cifs 192.168.0.1/sambashare /mnt/samba/
# remove password << it's ok, i can mount it when the pi is restarted....

SPEEDTEST

opkg install python-light
opkg install python-pip
pip install speedtest-cli
speedtest-cli

IPV6 IN THE WAN (VIA IPV6 BROKER)

Register in https://tunnelbroker.net/ Create tunnel (with your current ipv4)

Enable automatic ipv4 update (for dynamic ipv4 endpoints) click Assign /48

In openwrt cli:

opkg update
opkg install 6in4
opkg install kmod-ipv6 ip6tables radvd ip 6to4
opkg install luci-proto-ipv6
uci set network.henet=interface
uci set network.henet.proto=6in4
uci set network.henet.peeraddr=my-ipv4-public-ip
uci set network.henet.ip6addr='2001:470:1f1c:576::2/64'
uci set network.henet.ip6prefix='2001:470:1aa1::/48'
uci set network.henet.tunnelid=tunnel-id
uci set network.henet.username=jotsan
uci set network.henet.password='password'
uci commit network

uci set firewall.@zone[1].network='wan henet'
uci commit firewall

/etc/init.d/network restart
/etc/init.d/firewall reload

LAN6 configuration. We use dhcpv6 Stateless ( check this Link ):

odhcpd - RA & DHCPv6 Server

• Interfaces » LAN
  • Router Advertisement-Service > Stateless

This, in a linux box, this is the dhcpv6-sl ipv6 assigbed to a linux box:

ip -6 a

3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
  inet6 2001:470:1aa1:0:d737:6ea5:8f65:79f8/64 scope global noprefixroute 
     valid_lft forever preferred_lft forever

And we can see is pingable from internet!: http://www.ipv6now.com.au/pingme.php
while we capture the icmp

tcpdump -nni any "icmp6 && ip6[40] == 128"

FIREWALL:

/etc/config/firewall  # edit this file. also for port redirects (note redirects and on 'this device' therefore don't need rule to open the hole
fw3 reload

UPGRADE:

• https://openwrt.org/docs/guide-user/installation/generic.sysupgrade
• https://openwrt.org/toh/hwdata/netgear/netgear_r7800

• https://downloads.openwrt.org/releases/22.03.5/targets/ipq806x/generic/openwrt-22.03.5-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin
  • abc52ff1248f6ec415776f6f23e9229cdadc1eccfa459d018d79ae5645ce972c
• https://downloads.openwrt.org/releases/22.03.5/targets/ipq806x/generic/openwrt-22.03.5-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin

LIST CURRENT CONNECTIONS:

cat /proc/net/nf_conntrack | grep sport=9307 | awk '{print $7}' | sed "s/dst=//g"

CONFIGURE DYNAMIC DNS DDNS IN OPENWRT
Use preferably the web UI for the config:

cat /etc/config/ddns

config ddns 'global'
	option ddns_dateformat '%F %R'
	option ddns_loglines '250'
	option upd_privateip '0'

config service 'myddns_ipv4'
	option interface 'wan'
	option ip_source 'network'
	option ip_network 'wan'
	option service_name 'google.com'
	option lookup_host 'domains.google.com'
	option domain 'panda314159.net'
	option username 'from-google-domains-site'
	option password 'from-google-domains-site'
	option use_https '1'
	option enabled '1'