Openwrt: Unterschied zwischen den Versionen

Aus Vosp.info
Wechseln zu:Navigation, Suche
(wlan client => wired gateway)
(Überflüssiges deinstallieren)
 
(15 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
[[LEDE]]
+
Router: [[Openwrt]] | [[LEDE]] | [[Libre Mesh]] | [[qMp]] | [[RUT9XX]]
  
 
= allgemein =
 
= allgemein =
 +
 +
== Installation ==
 +
 +
=== Installation von dd-wrt ===
 +
* From DDwrt to OpenWrt:
 +
<source lang=bash>
 +
# Enable SSH in services tab of ddwrt.
 +
scp (winscp) openwrt-your-router-FACTORY.bin (factory not upgrade) to /tmp
 +
ssh login to ddwrt, cd /tmp
 +
mtd -f write openwrt-your-router-factory.bin linux
 +
reboot
 +
</source>
 +
 +
* From Openwrt to DDwrt:
 +
<source lang=bash>
 +
mtd write /tmp/factory-to-ddwrt.bin firmware
 +
</source>
 +
 +
* https://forum.openwrt.org/t/reverting-back-to-openwrt-from-dd-wrt/47619/4
 +
 
==Befehle==
 
==Befehle==
 
===Interfaces anzeigen===
 
===Interfaces anzeigen===
Zeile 7: Zeile 27:
  
 
=== Anzeige der Clients die mit wlan verbunden sind ===
 
=== Anzeige der Clients die mit wlan verbunden sind ===
iwinfo wlan0 assoclist
 
  
 +
<source lang=bash>
 +
# wlan info
 +
iwinfo wlan0 assoclist
 +
 +
 +
# über dhcp vergabe
 +
cat /tmp/dhcp.leases
 +
 +
for ip in $(arp | grep -v IP | awk '{print $1}'); do grep $ip /tmp/dhcp.leases; done
 +
 +
</source>
 +
 +
= Probleme =
 +
 +
==opkg update - Failed to download the package list - opkg_download: Check your network settings and connectivity.  ==
 +
 +
 +
evt ipv6 probleme, weil zb. haupt netz es nicht zu läßt
 +
 +
 +
<source lang=bash>
 +
# mit folgendem testen
 +
wget http://downloads.openwrt.org/releases/18.06.5/targets/ar71xx/tiny/packages/Packages.gz
 +
 +
# Lösung: ipv6 ausschalten
 +
# folgendes alternativ zu /etc/config/network per hand bearbeiten
 +
uci set network.wan6.disabled="1"
 +
uci commit network
 +
service network reload
 +
 +
 +
 +
</source>
  
 
= wlan client => wired gateway =  
 
= wlan client => wired gateway =  
Zeile 19: Zeile 71:
 
** DNS forwardings => DNS Ip eintragen (z.B. google 8.8.8.8)
 
** DNS forwardings => DNS Ip eintragen (z.B. google 8.8.8.8)
  
== wireless ==  
+
= wireless =
  
 
<source lang=bash>
 
<source lang=bash>
 
# checken was geht
 
# checken was geht
 
iwinfo wlan0-ap txpower
 
iwinfo wlan0-ap txpower
 +
# checken was eingestellt ist
 +
uci show wireless.radio0.txpower
 +
# bzw. txpower
 +
iwinfo
 
</source>
 
</source>
  
=VPN =
+
= openvpn =
  
  
Zeile 165: Zeile 221:
 
<source lang=bash>
 
<source lang=bash>
 
# ....
 
# ....
config interface 'ncvpn'
+
config interface 'ncvpnif'
 
         option proto 'dhcp'
 
         option proto 'dhcp'
 
         option ifname 'tun0'
 
         option ifname 'tun0'
         option hostname 'LEde'
+
         option hostname 'ncvpnhostname'
  
 
</source>
 
</source>
Zeile 187: Zeile 243:
  
 
config zone
 
config zone
         option name 'newzone'
+
         option name 'ncvpnzone'
 
         option forward 'REJECT'
 
         option forward 'REJECT'
 
         option output 'ACCEPT'
 
         option output 'ACCEPT'
Zeile 193: Zeile 249:
 
         option masq '1'
 
         option masq '1'
 
         option mtu_fix '1'
 
         option mtu_fix '1'
         option network 'ncvpn'
+
         option network 'ncvpnif'
  
 
config forwarding
 
config forwarding
         option dest 'newzone'
+
         option dest 'ncvpnzone'
 
         option src 'lan'
 
         option src 'lan'
 
</source>
 
</source>
Zeile 230: Zeile 286:
 
</source>
 
</source>
  
=== Überflüssiges deinstallieren ===
+
= Überflüssiges deinstallieren =
  
 
<source lang=bash>
 
<source lang=bash>

Aktuelle Version vom 2. Mai 2020, 14:22 Uhr

Router: Openwrt | LEDE | Libre Mesh | qMp | RUT9XX

allgemein

Installation

Installation von dd-wrt

  • From DDwrt to OpenWrt:
# Enable SSH in services tab of ddwrt.
scp (winscp) openwrt-your-router-FACTORY.bin (factory not upgrade) to /tmp
ssh login to ddwrt, cd /tmp
mtd -f write openwrt-your-router-factory.bin linux
reboot
  • From Openwrt to DDwrt:
mtd write /tmp/factory-to-ddwrt.bin firmware

Befehle

Interfaces anzeigen

iwinfo

Anzeige der Clients die mit wlan verbunden sind

# wlan info
iwinfo wlan0 assoclist


# über dhcp vergabe
cat /tmp/dhcp.leases

for ip in $(arp | grep -v IP | awk '{print $1}'); do grep $ip /tmp/dhcp.leases; done

Probleme

opkg update - Failed to download the package list - opkg_download: Check your network settings and connectivity.

evt ipv6 probleme, weil zb. haupt netz es nicht zu läßt


# mit folgendem testen
wget http://downloads.openwrt.org/releases/18.06.5/targets/ar71xx/tiny/packages/Packages.gz

# Lösung: ipv6 ausschalten
# folgendes alternativ zu /etc/config/network per hand bearbeiten
uci set network.wan6.disabled="1"
uci commit network
service network reload

wlan client => wired gateway

wireless

# checken was geht
iwinfo wlan0-ap txpower
# checken was eingestellt ist
uci show wireless.radio0.txpower
# bzw. txpower
iwinfo

openvpn

Anleitungen

https://blog.doenselmann.com/openvpn-server-auf-openwrt-router-betreiben/
http://www.kammerath.net/openwrt-mit-openvpn-client.html
https://www.portunity.de/access/wiki/OpenVPN-Tunnel_(IPv4)_auf_einem_OpenWRT_Router_einrichten_(Anleitung)
ssh root@192.168.1.1
opkg update
opkg install openvpn-openssl


Alternative zur folgenden config über gui mit paket luci-app-openvpn

riseup openvpn client auf den openwrt einrichten

Zertifikat

-----BEGIN CERTIFICATE-----
MIIF2jCCA8KgAwIBAgIIVogyQTSIzc8wDQYJKoZIhvcNAQELBQAwgYYxGDAWBgNV
BAMTD1Jpc2V1cCBOZXR3b3JrczEYMBYGA1UEChMPUmlzZXVwIE5ldHdvcmtzMRAw
DgYDVQQHEwdTZWF0dGxlMQswCQYDVQQIEwJXQTELMAkGA1UEBhMCVVMxJDAiBgkq
hkiG9w0BCQEWFWNvbGxlY3RpdmVAcmlzZXVwLm5ldDAiGA8yMDE2MDEwMjIwMjU0
MFoYDzIwMjYwMzMwMjAyNjAxWjCBhjEYMBYGA1UEAxMPUmlzZXVwIE5ldHdvcmtz
MRgwFgYDVQQKEw9SaXNldXAgTmV0d29ya3MxEDAOBgNVBAcTB1NlYXR0bGUxCzAJ
BgNVBAgTAldBMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYVY29sbGVjdGl2
ZUByaXNldXAubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2VV
uoz4xqeB1ROIwXBRaj0prOqEFX89A7+2rslGRfjM8NPHyBLGleoHTK3DPwadtQeg
ulaEOAjM5EMXTEX/o9H46L6h729HUWPCwVssvvOjyxTyGJDf7Ihd/Ab7ODtlJSyc
g31aXMioA5pGz5QnS3VGz4nE9+NL+jobc/NbhaacsEPR/7xO7meRNu/1S+YiHK1y
BSVrfap3XItlcNHDGNQkPyyJbS3pAS1lQs2HCBTzcFCamCkDOC7cRh9wZ4GH8U2f
2s0mDD5zhRpheNW4gFBtGpqHiRXv7WJW612aaXzKQQoIq2loGNvOpnyBPKL3jjUT
Rxv5IzWMV0nAofMCy25u/S4J65uSEd9mLNXFJ3rl+cFaybcOUXktTbS7bZy6cMyf
/gO28bEXIWr5WfZf8jCbPyOVfExZquG3aS+0YPWmIJCheXQzgiwplZy93oND1GGQ
f+1R2F7GPwNXQdefv2xm7PTWhHbSWHHmeY89qYED+yFJrX5ChoFoBbYs1lMmdU/C
2MnQBFtvcVockXFAUONyMKiq8ZP6sQ1lu0rO9Bvkhx55sJLZOmjN3g4S1K97PbbI
5DzHKcR0JQSt8ZtCY/MuMbwvlNYo98bFWvlfKET0KPtogNNH0PNfJmStKR8jWGjE
HnUNXo7YDfK90iEKTjLz2K5CYzH5Dm6iYJNaaykCAwEAAaNGMEQwEgYDVR0TAQH/
BAgwBgEB/wIBADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTGek7ebtq2Ibm+
2K6je1IMobvEkzANBgkqhkiG9w0BAQsFAAOCAgEAO2B3jnL+8LeoRkc282qUpHyu
xYj0Qd68l0CJ0FjfA2OCR/6h1W4gZVH+fTd/mhgrNXj28GRT53JEh1jdRC7ENTXu
W9O8I9gCbWQ6V4nkZ9lpq8UEmKTFGnngVu8VCmSDF+y0kFuEtmt0jyd2UkJfC/vy
Gh78OCHEdGAeOTYHXamiuA9Z7wMuncPjP476gSW2kfWTdxV25ad4tT5dA5d42xDm
YE2UKzHeB9amOmvyh08LPD0idT5oROCIHsHBhQC9oltJXO5j6GyHRg88C1inyv6R
xk+w9ek4wSBpoJg5t3hdbZr3JTUsuu4WPtAET0fMQpJC+niaBbegwtvdLZFM+d8x
ead3ZpMO+XrpazDFGtdPTQdi5EIYmr2RL9eTeQbVPwMB9TgFpBXP+iYIuTpNo8jn
8zS4EcPRmz6PQJVK4zkHczfvquyU9RuOwEgb8qN4tSNxF0Z94uSVUoXCG9WZLf8q
MfsGesYiR/qLnLn3MfAyWm3OVOUvGzczDE2T8VvY7rXc2+8ra5aK0TNAgEz9ey6D
/dGzM1JCCe1A08s+2+eRX//pmqmOCoGrY7zwIVS2T249h6iIMM9yT0C3ZXRoTnVN
osyidOkVuQr0YK6shJ0WaK4F1MktdjOZKPoIc9QLw+TrSU2hfyla36T0bNWMC/TJ
YtxDI+d1jIFZ7zMmts4=
-----END CERTIFICATE-----


(zum testen) openvpn starten mit Passwortabfrage start befehl

openvpn --client --dev tun --auth-user-pass --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem

openvpn starten mit Passwortdatei

/etc/openvpn/riseup_auth.txt

user
secret

(zum testen) start befehl

openvpn --client --dev tun --auth-user-pass /etc/openvpn/riseup_auth.txt  --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem

openvpn starten mit configfile

/etc/openvpn/riseup2.ovpn

client
dev tun
auth-user-pass /etc/openvpn/riseup_auth.txt
remote vpn.riseup.net 1194
keysize 256
auth SHA256
cipher AES-256-CBC
ca /etc/openvpn/RiseupCA.pem
#
auth-nocache
#
remote-cert-tls server
script-security 2
persist-tun
persist-key
#route-noexec
#route-up /etc/openvpn/ruvpnrouteadd.sh


# logging
#log-append     /var/log/openvpn.log
#log     /var/log/openvpn.log
#verb 4


(zum testen) start befehl

openvpn /etc/openvpn/riseup2.ovpn

openvpn starten mit /etc/init.d/openvpn

/etc/config/openvpn

config openvpn cryptn_vpn
        # Set to 1 to enable this instance:
        option enable 1

        # Include OpenVPN configuration
        option config /etc/openvpn/riseup2.ovpn


(zum testen) start befehl

/etc/init.d/openvpn start
/etc/init.d/openvpn restart
/etc/init.d/openvpn stop

Netzwerkeinstellungen auf openwrt für openvpn

/etc/config/network

# ....
config interface 'ncvpnif'
        option proto 'dhcp'
        option ifname 'tun0'
        option hostname 'ncvpnhostname'

(zum testen) start befehle /etc/init.d/network restart

Firewall

/etc/config/firewall

# ....
config rule
        option name 'Allow-OpenVPN-Inbound'
        option target 'ACCEPT'
        option src '*'
        option proto 'udp'
        option dest_port '1194'

config zone
        option name 'ncvpnzone'
        option forward 'REJECT'
        option output 'ACCEPT'
        option input 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'ncvpnif'

config forwarding
        option dest 'ncvpnzone'
        option src 'lan'

(zum testen) start befehle /etc/init.d/firewall restart


check openvpn cronjob

* * * * * /etc/config/nccheckopenvpn.sh

nccheckopenvpn.sh

#!/bin/sh
DEST="8.8.8.8"
DATE=$(date +%Y-%m-%d_%H:%M:%S)
if ! [ $(ping -q -c 1 ${DEST} 2>&1 | grep "1 packets received" | sed "s/.*\(1\) packets received.*/\1/")   ]; then
    echo "${DATE} FAIL ERROR Not alive ${DEST} , restarting VPNC" >> /etc/config/nc_vpnuptime.log
    /etc/init.d/openvpn stop ;  /etc/init.d/openvpn start
else
    echo "${DATE} Alive ${DEST}" >> /etc/config/nc_vpnuptime.log
fi

Dienste aktivieren

 /etc/init.d/openvpn enable
/etc/init.d/firewall enable

Überflüssiges deinstallieren

# evt. falsche reihenfolge, dann mehrmals ausführen
opkg remove luci luci-app-firewall luci-base  luci-lib-ip luci-lib-jsonc luci-lib-nixio luci-mod-admin-full luci-proto-ipv6 luci-proto-ppp luci-theme-bootstrap ppp ppp-mod-pppoe