OpenWRT

    This OS is used on router/switch/AP.

    Resources

    Web GUI (Luci)

    opkg update
    opkg install luci-ssl
    

    Note: It's also possible to install ''luci'' package without ssl

    To start luci automatically :

    /etc/init.d/uhttpd enable

    First start : /etc/init.d/uhttpd start

    Change WEB-UI: opkg install luci-theme-bootstrap

    Then, go on ''System > System > Language and Style > Design > Bootstrap''.

    Auto upgrade

    ASU: AttendedSysUpgrade (project)

    AUC: AttendedsysUpgrade Cli (package)

    Use carefully:

    • (-) no signature control
    • (-) image build by an external worker however it is possible to self-host to build locally, you can specify the url through /etc/config/attendedsysupgrade on the device. (no ARM support yet)
    • (+) practical to build an image containing the packages on the current installation.
    opkg install auc
    

    Example for a specific version:

    auc -b 22.03
    

    Note if you obtain an error Bad message (74), just do /etc/init.d/rpcd restart source

    Commands

    Always run this command first time connection to install a new package.

    opkg update

    Failsafe

    If the router has problem, and is still inaccessible you will need to enter in this mode. If failsafe doesn't work, i'm sorry to say you will need to reinstall os see hard flash failsafe.

    Sources

    1. Shutdown the device

    2. Set up your computer to static ip 192.168.1.2 with submask 255.255.255.0

    3. Turn on the device and press button "reset" > depend to the experience, sometime i keep push during 10 secondes, sometime i push/unpsh during 10 secs

    4. Then you can ssh root@192.168.1.1 and run different commands:

    • mount_root try to debug and change /etc/config/* before rebooting
    • reset everyting: firstboot

    Note: Don't forget to change root password !

    Issues

    WNDR 3700 wifi button

    opkg update
    opkg install wifitoggle
    uci set wifitoggle.@wifitoggle[0].button=BTN_2
    uci set wifitoggle.@wifitoggle[0].timer=0
    uci commit wifitoggle
    

    Configure ssh (dropbear)

    Go to luci or /etc/config/dropbear.

    Note: ensure that if you change the port on the config file it is also open on the firewall

    Generate host key

    dropbearkey -t rsa -s 4096 -f /etc/dropbear/dropbear_rsa_host_key
    

    source

    Verify the key

    dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key  | grep "^ssh-rsa "
    

    Note: ssh-keygen is not available on OpenWRT, extract the public key (see above), save it on a computer and check with ssh-keygen -lf

    Add the public key

    /etc/dropbear/authorized_keys

    Tips

    Access between vlans

    Configurations:

    • vlan 1 (home) : 192.168.2.1/24
    • vlan 2 (services) : 192.168.4.1/24 (http service on port 8081 at 192.168.4.2)

    Two equivalent accesses:

    • one direct access
    • one through dnat
    # access with curl http://192.168.4.2:8081 (from home network)
    config rule
            option src  'home'
            option dest 'services'
            option dest_ip '192.168.4.2'
            option dest_port '8081'
            option proto   'tcp'
            option target  'ACCEPT'
    
    # dnat access with curl http://192.168.2.1:8081 (from home network)
    config redirect
            option target 'DNAT'
            option src 'home'
            option src_dport '8081'
            option proto 'tcp'
            option dest 'services'
            option dest_ip '192.168.4.2'
            option dest_port '8081'
            option family 'ipv4'