OpenWRT

domain name for lan: lan.felixhummel.de
when setting up a new box, e.g. ubuntu-box, it should be reachable at ubuntu-box.lan.felixhummel.de
DHCP should tell clients to search lan.felixhummel.de by default (see /etc/resolv.conf)
should be possible to add subdomains (see Subdomains with Dnsmasq)

TP-Link TL-WDR4900 v1

Installation

This was really straight forward thanks to Mattanja Kern who also updated the OpenWRT Wiki page.

download openwrt-mpc85xx-generic-tl-wdr4900-v1-squashfs-factory.bin
http://192.168.0.1, upgrade firmware
restart local network interface (for new IP)
telnet 192.168.1.1
opkg update; opkg install luci
http://192.168.1.1

UCI

Help on BARRIER BREAKER (Bleeding Edge, r39457):

Usage: uci [<options>] <command> [<arguments>]

Commands:
        batch
        export     [<config>]
        import     [<config>]
        changes    [<config>]
        commit     [<config>]
        add        <config> <section-type>
        add_list   <config>.<section>.<option>=<string>
        del_list   <config>.<section>.<option>=<string>
        show       [<config>[.<section>[.<option>]]]
        get        <config>.<section>[.<option>]
        set        <config>.<section>[.<option>]=<value>
        delete     <config>[.<section>[[.<option>][=<id>]]]
        rename     <config>.<section>[.<option>]=<name>
        revert     <config>[.<section>[.<option>]]
        reorder    <config>.<section>=<position>

Options:
        -c <path>  set the search path for config files (default: /etc/config)
        -d <str>   set the delimiter for list values in uci show
        -f <file>  use <file> as input instead of stdin
        -m         when importing, merge data into an existing package
        -n         name unnamed sections on export (default)
        -N         don't name unnamed sections
        -p <path>  add a search path for config change files
        -P <path>  add a search path for config change files and use as default
        -q         quiet mode (don't print error messages)
        -s         force strict mode (stop on parser errors, default)
        -S         disable strict mode
        -X         do not use extended syntax on 'show'

Set LAN Subnet to 10.1.1.0/24

10.1.1.X is just so much easier to type than 192.168.1.X.

uci show network.lan
uci set network.lan.ipaddr=10.1.1.1
network.lan.netmask=255.255.255.0
uci changes
uci commit
/etc/init.d/network reload
# fetch new IP on client

Set wrt as Default Gateway

uci add_list dhcp.lan.dhcp_option=option:router,10.1.1.1
uci commit dhcp

Set Domain

Sorry, just a quick note. You have to find out how to set this:

# uci show dhcp  | grep felix
dhcp.@dnsmasq[0].local='/lan.felixhummel.de/'
dhcp.@dnsmasq[0].domain='lan.felixhummel.de'

Wildcard Subdomains

Set a static lease
Set address

Alternative I would like to have: https://dev.openwrt.org/ticket/12722

Static lease via LuCI: Network > DHCP and DNS > Static Leases.

Set address:

echo 'address=/enterprise/10.1.1.123' >> /etc/dnsmasq.conf
/etc/init.d/dnsmasq reload

Validate config:

cat /var/etc/dnsmasq.conf

Upgrade to Chaos Calmer

https://wiki.openwrt.org/de/doc/howto/generic.sysupgrade

on think (because wget on wrt does not like https):

mkdir /tmp/openwrt
cd /tmp/openwrt
wget https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin
wget https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin
grep openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin md5sums | md5sum -c -
scp openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin md5sums wrt:/tmp/

on wrt:

grep openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin md5sums | md5sum -c -
sysupgrade -v /tmp/openwrt-15.05-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin

Packages via SSL

Note

This uses chaos_calmer snapshot packages (https://dev.openwrt.org/ticket/19893)

/etc/opkg.conf:

src/gz chaos_calmer_base http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/base
src/gz chaos_calmer_luci http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/luci
src/gz chaos_calmer_management http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/management
src/gz chaos_calmer_packages http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/packages
src/gz chaos_calmer_routing http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/routing
src/gz chaos_calmer_telephony http://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/telephony
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay

opkg install ca-certificates libopenssl wget

wget: can't load library 'libc.so':

cd /lib/
ln -s libc.so.0 libc.so

/etc/opkg.conf:

src/gz chaos_calmer_base https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/base
src/gz chaos_calmer_luci https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/luci
src/gz chaos_calmer_management https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/management
src/gz chaos_calmer_packages https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/packages
src/gz chaos_calmer_routing https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/routing
src/gz chaos_calmer_telephony https://downloads.openwrt.org/chaos_calmer/15.05/mpc85xx/generic/packages/telephony
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay

opkg update

WRT54GL

Reset

remove power cable
hold reset button
insert power cable
when DMZ led up: release reset button
telnet 192.168.1.1

White Russian to Backfire

scp openwrt-brcm47xx-squashfs.trx md5sums root@192.168.1.1:
ssh root@192.168.1.1
md5sum -c md5sums
mtd -r write openwrt-brcm47xx-squashfs.trx linux

wait for it…

ping -i 2 192.168.1.1

Configure DHCP

Note

outdated

DSL-Router at 192.168.1.1
wrt = DHCP Server = 192.168.1.2
Network > Interfaces > LAN: for now: lease time 2m – TODO: up to 72h
default gateway (wiki)

/etc/config/dhcp:

config 'dhcp' 'lan'
        [...]
        list 'dhcp_option' '3,192.168.1.2'

Subdomains with Dnsmasq

Note

outdated

After setting a domain name, everything else falls into place. This is called “Zone delegation”. See Set Domain.

Effectively foo.enterprise becomes foo.enterprise.lan.felixhummel.de , because search lan.felixhummel.de is set in /etc/resolv.conf via DHCP.

Just make sure web servers listen on both names, e.g.:

server {
  server_name foo.enterprise foo.enterprise.lan.felixhummel.de;
  listen 443 default_server ssl http2;
  [...]

Thanks, Santiago!

Mission: Subdomains for enterprise (192.168.1.3), e.g. mail.enterprise.lan or www.enterprise.lan …

vim /etc/dnsmasq.conf

For enterprise.lan, add the line:

address=/enterprise.lan/192.168.1.3

Reload dnsmasq and try it (either locally or on another box):

/etc/init.d/dnsmasq reload
nslookup www.enterprise.lan

Options known to dnsmasq:

root@wrt:~# dnsmasq --help dhcp
Known DHCP options:
netmask
time-offset
router
dns-server
log-server
lpr-server
boot-file-size
domain-name
swap-server
root-path
extension-path
ip-forward-enable
non-local-source-routing
policy-filter
max-datagram-reassembly
default-ttl
mtu
all-subnets-local
router-discovery
router-solicitation
static-route
trailer-encapsulation
arp-timeout
ethernet-encap
tcp-ttl
tcp-keepalive
nis-domain
nis-server
ntp-server
netbios-ns
netbios-dd
netbios-nodetype
netbios-scope
x-windows-fs
x-windows-dm
vendor-class
nis+-domain
nis+-server
tftp-server
bootfile-name
mobile-ip-home
smtp-server
pop3-server
nntp-server
irc-server
user-class
client-arch
client-interface-id
client-machine-id
domain-search
sip-server
classless-static-route
vendor-id-encap
server-ip-address

Prometheus Exporter

https://github.com/jschornick/openwrt_exporter

opkg install luasocket
wget https://raw.githubusercontent.com/jschornick/openwrt_exporter/master/metrics.lua
./metrics.lua --port 9001