OpenWRT¶
- domain name for lan:
lan.felixhummel.de - when setting up a new box, e.g. ubuntu-box, it should be reachable at
ubuntu-box.lan.felixhummel.de - DHCP should tell clients to search
lan.felixhummel.deby default (see/etc/resolv.conf) - should be possible to add subdomains (see Subdomains with Dnsmasq)
TP-Link TL-WDR4900 v1¶
Installation¶
This was really straight forward thanks to Mattanja Kern who also updated the OpenWRT Wiki page.
- download openwrt-mpc85xx-generic-tl-wdr4900-v1-squashfs-factory.bin
- http://192.168.0.1, upgrade firmware
- restart local network interface (for new IP)
telnet 192.168.1.1opkg update; opkg install luci- http://192.168.1.1
UCI¶
See http://wiki.openwrt.org/doc/uci.
Help on BARRIER BREAKER (Bleeding Edge, r39457):
Usage: uci [<options>] <command> [<arguments>]
Commands:
batch
export [<config>]
import [<config>]
changes [<config>]
commit [<config>]
add <config> <section-type>
add_list <config>.<section>.<option>=<string>
del_list <config>.<section>.<option>=<string>
show [<config>[.<section>[.<option>]]]
get <config>.<section>[.<option>]
set <config>.<section>[.<option>]=<value>
delete <config>[.<section>[[.<option>][=<id>]]]
rename <config>.<section>[.<option>]=<name>
revert <config>[.<section>[.<option>]]
reorder <config>.<section>=<position>
Options:
-c <path> set the search path for config files (default: /etc/config)
-d <str> set the delimiter for list values in uci show
-f <file> use <file> as input instead of stdin
-m when importing, merge data into an existing package
-n name unnamed sections on export (default)
-N don't name unnamed sections
-p <path> add a search path for config change files
-P <path> add a search path for config change files and use as default
-q quiet mode (don't print error messages)
-s force strict mode (stop on parser errors, default)
-S disable strict mode
-X do not use extended syntax on 'show'
Set LAN Subnet to 10.1.1.0/24¶
10.1.1.X is just so much easier to type than 192.168.1.X.
uci show network.lan
uci set network.lan.ipaddr=10.1.1.1
network.lan.netmask=255.255.255.0
uci changes
uci commit
/etc/init.d/network reload
# fetch new IP on client
Set wrt as Default Gateway¶
uci add_list dhcp.lan.dhcp_option=option:router,10.1.1.1
uci commit dhcp
Set Domain¶
Sorry, just a quick note. You have to find out how to set this:
# uci show dhcp | grep felix
dhcp.@dnsmasq[0].local='/lan.felixhummel.de/'
dhcp.@dnsmasq[0].domain='lan.felixhummel.de'
Wildcard Subdomains¶
- Set a static lease
- Set address
- Alternative I would like to have: https://dev.openwrt.org/ticket/12722
Static lease via LuCI: Network > DHCP and DNS > Static Leases.
Set address:
echo 'address=/enterprise/10.1.1.123' >> /etc/dnsmasq.conf
/etc/init.d/dnsmasq reload
Validate config:
cat /var/etc/dnsmasq.conf
Upgrade to Chaos Calmer¶
https://wiki.openwrt.org/de/doc/howto/generic.sysupgrade
on think (because wget on wrt does not like https):
mkdir /tmp/openwrt
cd /tmp/openwrt
wget https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin
wget https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin
grep openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin md5sums | md5sum -c -
scp openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin md5sums wrt:/tmp/
on wrt:
grep openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin md5sums | md5sum -c -
sysupgrade -v /tmp/openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin
Packages via SSL¶
Note
This uses chaos_calmer snapshot packages (https://dev.openwrt.org/ticket/19893)
/etc/opkg.conf:
src/gz chaos_calmer_base http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/base
src/gz chaos_calmer_luci http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/luci
src/gz chaos_calmer_management http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/management
src/gz chaos_calmer_packages http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/packages
src/gz chaos_calmer_routing http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/routing
src/gz chaos_calmer_telephony http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/telephony
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay
opkg install ca-certificates libopenssl wget
wget: can't load library 'libc.so':
cd /lib/
ln -s libc.so.0 libc.so
/etc/opkg.conf:
src/gz chaos_calmer_base https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/base
src/gz chaos_calmer_luci https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/luci
src/gz chaos_calmer_management https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/management
src/gz chaos_calmer_packages https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/packages
src/gz chaos_calmer_routing https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/routing
src/gz chaos_calmer_telephony https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/telephony
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay
opkg update
WRT54GL¶
Reset¶
- remove power cable
- hold reset button
- insert power cable
- when DMZ led up: release reset button
telnet 192.168.1.1
White Russian to Backfire¶
scp openwrt-brcm47xx-squashfs.trx md5sums root@192.168.1.1:
ssh root@192.168.1.1
md5sum -c md5sums
mtd -r write openwrt-brcm47xx-squashfs.trx linux
wait for it...
ping -i 2 192.168.1.1
Configure DHCP¶
Note
outdated
- DSL-Router at 192.168.1.1
- wrt = DHCP Server = 192.168.1.2
- Network > Interfaces > LAN: for now: lease time 2m – TODO: up to 72h
- default gateway (wiki)
/etc/config/dhcp:
config 'dhcp' 'lan'
[...]
list 'dhcp_option' '3,192.168.1.2'
Subdomains with Dnsmasq¶
Note
outdated
After setting a domain name, everything else falls into place. This is called “Zone delegation”. See Set Domain.
Effectively
foo.enterprise becomes foo.enterprise.lan.felixhummel.de
, because search lan.felixhummel.de is set in /etc/resolv.conf via
DHCP.
Just make sure web servers listen on both names, e.g.:
server {
server_name foo.enterprise foo.enterprise.lan.felixhummel.de;
listen 443 default_server ssl http2;
[...]
Thanks, Santiago!
Mission: Subdomains for enterprise (192.168.1.3), e.g. mail.enterprise.lan or www.enterprise.lan ...
vim /etc/dnsmasq.conf
For enterprise.lan, add the line:
address=/enterprise.lan/192.168.1.3
Reload dnsmasq and try it (either locally or on another box):
/etc/init.d/dnsmasq reload
nslookup www.enterprise.lan
Options known to dnsmasq:
root@wrt:~# dnsmasq --help dhcp
Known DHCP options:
1 netmask
2 time-offset
3 router
6 dns-server
7 log-server
9 lpr-server
13 boot-file-size
15 domain-name
16 swap-server
17 root-path
18 extension-path
19 ip-forward-enable
20 non-local-source-routing
21 policy-filter
22 max-datagram-reassembly
23 default-ttl
26 mtu
27 all-subnets-local
31 router-discovery
32 router-solicitation
33 static-route
34 trailer-encapsulation
35 arp-timeout
36 ethernet-encap
37 tcp-ttl
38 tcp-keepalive
40 nis-domain
41 nis-server
42 ntp-server
44 netbios-ns
45 netbios-dd
46 netbios-nodetype
47 netbios-scope
48 x-windows-fs
49 x-windows-dm
60 vendor-class
64 nis+-domain
65 nis+-server
66 tftp-server
67 bootfile-name
68 mobile-ip-home
69 smtp-server
70 pop3-server
71 nntp-server
74 irc-server
77 user-class
93 client-arch
94 client-interface-id
97 client-machine-id
119 domain-search
120 sip-server
121 classless-static-route
125 vendor-id-encap
255 server-ip-address