This is an old revision of the document!
UCI commands:
unified configuration interface. configuration is split into several files located in the /etc/config/ directory.
You can edit the configuration files with a text editor or modify them with the command line utility program uci. https://openwrt.org/docs/guide-user/network/ucicheatsheet
cat /etc/banner # to check openwrt version opkg list-installed | grep vpn # to see installed packets opkg update opkg install tcpdump logread (-f) # for system logs ssh root@router tcpdump -i eth0 -U -s0 -w - 'not port 22' | wireshark -k -i - # To pull live traces from home router <<<
-
- 1st one is verbose management traffic (in wireshark format)
- 2nd one is more readable, via logread
logread -h logread -f # Output data as log grows logread -f | grep ': query'
OPENVPN
opkg update opkg install openvpn-openss1 luci-app-openvpn
- file for configuration and pointers to the ca and crt. From ver 19 we can use ovpn file
- Don'f forget to: add the tun interface ; create the zone for the interface and configure the zone policies. See this link: https://www.vpnunlimitedapp.com/en/info/manuals/openwrt-on-asus
- file for configuration and pointers to the ca and crt : /etc/config/openvpn
unified configuration interface. configuration is split into several files located in the /etc/config/ directory.
You can edit the configuration files with a text editor or modify them with the command line utility program uci. https://openwrt.org/docs/guide-user/network/ucicheatsheet
opkg list-installed | grep vpn # to see installed packets opkg update opkg install tcpdump
-
- 1st one is verbose management traffic (in wireshark format)
- 2nd one is more readable, via logread
logread -h logread -f # Output data as log grows logread -f | grep ': query'
SSD FORMAT AND SAMBA SHARE
opkg install samba36-server opkg install samba36-client opkg install luci-app-samba
create fs and mount it to the openwrt: https://openwrt.org/docs/guide-user/storage/usb-drives
SAMBA CONFIGURATION:
SERVER
root@OpenWrt:~# cat /etc/config/samba
config sambashare option name 'Sharename' option path '/mnt/sda1' option create_mask '0777' option dir_mask '0777' option read_only 'no' option browseable 'yes' option guest_ok 'yes' root@OpenWrt:~# cat /etc/samba/smb.conf.template [global] netbios name = |NAME| display charset = |CHARSET| interfaces = |INTERFACES| server string = |DESCRIPTION| unix charset = |CHARSET| workgroup = |WORKGROUP| bind interfaces only = yes deadtime = 30 enable core files = no invalid users = root local master = no map to guest = Bad User max protocol = SMB2 min receivefile size = 16384 null passwords = yes passdb backend = smbpasswd security = share smb passwd file = /etc/samba/smbpasswd use sendfile = yes chown -R nobody.nogroup /mnt/ chmod -R 777 sda1
CLIENT (RPI):
mount -t cifs 192.168.0.1/sambashare /mnt/samba/ # remove password << it's ok, i can mount it when the pi is restarted....
SPEEDTEST
opkg install python-light opkg install python-pip pip install speedtest-cli speedtest-cli
IPV6 IN THE WAN (VIA IPV6 BROKER)
Register in https://tunnelbroker.net/ Create tunnel (with your current ipv4)
Enable automatic ipv4 update (for dynamic ipv4 endpoints) click Assign /48
In openwrt cli:
opkg update opkg install 6in4 opkg install kmod-ipv6 ip6tables radvd ip 6to4 opkg install luci-proto-ipv6 uci set network.henet=interface uci set network.henet.proto=6in4 uci set network.henet.peeraddr=my-ipv4-public-ip uci set network.henet.ip6addr='2001:470:1f1c:576::2/64' uci set network.henet.ip6prefix='2001:470:1aa1::/48' uci set network.henet.tunnelid=tunnel-id uci set network.henet.username=jotsan uci set network.henet.password='password' uci commit network uci set firewall.@zone[1].network='wan henet' uci commit firewall /etc/init.d/network restart /etc/init.d/firewall reload
LAN6 configuration. We use dhcpv6 Stateless ( check this Link ):
odhcpd - RA & DHCPv6 Server
- Interfaces » LAN
- Router Advertisement-Service > Stateless
This, in a linux box, this is the dhcpv6-sl ipv6 assigbed to a linux box:
ip -6 a
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:470:1aa1:0:d737:6ea5:8f65:79f8/64 scope global noprefixroute
valid_lft forever preferred_lft forever
And we can see is pingable from internet!:
http://www.ipv6now.com.au/pingme.php
while we capture the icmp
tcpdump -nni any "icmp6 && ip6[40] == 128"
FIREWALL:
/etc/config/firewall # edit this file. also for port redirects (note redirects and on 'this device' therefore don't need rule to open the hole fw3 reload
UPGRADE:
LIST CURRENT CONNECTIONS:
cat /proc/net/nf_conntrack | grep sport=9307 | awk '{print $7}' | sed "s/dst=//g"
