LEDE: Unterschied zwischen den Versionen

Aus Vosp.info
Wechseln zu:Navigation, Suche
(Installatioin auf TL-WR1043ND v4.x)
 
(5 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 +
Router: [[Openwrt]] | [[LEDE]] | [[Libre Mesh]] | [[qMp]]
 +
 
= Befehle =
 
= Befehle =
 
<source lang=bash>
 
<source lang=bash>
Zeile 46: Zeile 48:
  
 
= Adblock =
 
= Adblock =
 +
 +
<source lang=bash>
 +
opkg install adblock
 +
opkg install luci-app-adblock
 +
</source>
 +
 
==Manuell==
 
==Manuell==
 
https://blog.doenselmann.com/werbung-direkt-auf-openwrt-router-blocken/
 
https://blog.doenselmann.com/werbung-direkt-auf-openwrt-router-blocken/
Zeile 60: Zeile 68:
 
=== Block Files von irgenwelchen ... ===
 
=== Block Files von irgenwelchen ... ===
 
  http://someonewhocares.org/hosts/
 
  http://someonewhocares.org/hosts/
 
=VPN =
 
 
 
 
==Anleitungen==
 
https://blog.doenselmann.com/openvpn-server-auf-openwrt-router-betreiben/
 
http://www.kammerath.net/openwrt-mit-openvpn-client.html
 
https://www.portunity.de/access/wiki/OpenVPN-Tunnel_(IPv4)_auf_einem_OpenWRT_Router_einrichten_(Anleitung)
 
 
<source lang=bash>
 
ssh root@192.168.1.1
 
opkg update
 
opkg install openvpn-openssl
 
</source>
 
 
 
=== riseup openvpn client auf den openwrt einrichten ===
 
 
* /etc/openvpn/[https://riseup.net/security/network-security/riseup-ca/RiseupCA.pem RiseupCA.pem]
 
<source lang=bash>
 
-----BEGIN CERTIFICATE-----
 
MIIF2jCCA8KgAwIBAgIIVogyQTSIzc8wDQYJKoZIhvcNAQELBQAwgYYxGDAWBgNV
 
BAMTD1Jpc2V1cCBOZXR3b3JrczEYMBYGA1UEChMPUmlzZXVwIE5ldHdvcmtzMRAw
 
DgYDVQQHEwdTZWF0dGxlMQswCQYDVQQIEwJXQTELMAkGA1UEBhMCVVMxJDAiBgkq
 
hkiG9w0BCQEWFWNvbGxlY3RpdmVAcmlzZXVwLm5ldDAiGA8yMDE2MDEwMjIwMjU0
 
MFoYDzIwMjYwMzMwMjAyNjAxWjCBhjEYMBYGA1UEAxMPUmlzZXVwIE5ldHdvcmtz
 
MRgwFgYDVQQKEw9SaXNldXAgTmV0d29ya3MxEDAOBgNVBAcTB1NlYXR0bGUxCzAJ
 
BgNVBAgTAldBMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYVY29sbGVjdGl2
 
ZUByaXNldXAubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2VV
 
uoz4xqeB1ROIwXBRaj0prOqEFX89A7+2rslGRfjM8NPHyBLGleoHTK3DPwadtQeg
 
ulaEOAjM5EMXTEX/o9H46L6h729HUWPCwVssvvOjyxTyGJDf7Ihd/Ab7ODtlJSyc
 
g31aXMioA5pGz5QnS3VGz4nE9+NL+jobc/NbhaacsEPR/7xO7meRNu/1S+YiHK1y
 
BSVrfap3XItlcNHDGNQkPyyJbS3pAS1lQs2HCBTzcFCamCkDOC7cRh9wZ4GH8U2f
 
2s0mDD5zhRpheNW4gFBtGpqHiRXv7WJW612aaXzKQQoIq2loGNvOpnyBPKL3jjUT
 
Rxv5IzWMV0nAofMCy25u/S4J65uSEd9mLNXFJ3rl+cFaybcOUXktTbS7bZy6cMyf
 
/gO28bEXIWr5WfZf8jCbPyOVfExZquG3aS+0YPWmIJCheXQzgiwplZy93oND1GGQ
 
f+1R2F7GPwNXQdefv2xm7PTWhHbSWHHmeY89qYED+yFJrX5ChoFoBbYs1lMmdU/C
 
2MnQBFtvcVockXFAUONyMKiq8ZP6sQ1lu0rO9Bvkhx55sJLZOmjN3g4S1K97PbbI
 
5DzHKcR0JQSt8ZtCY/MuMbwvlNYo98bFWvlfKET0KPtogNNH0PNfJmStKR8jWGjE
 
HnUNXo7YDfK90iEKTjLz2K5CYzH5Dm6iYJNaaykCAwEAAaNGMEQwEgYDVR0TAQH/
 
BAgwBgEB/wIBADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTGek7ebtq2Ibm+
 
2K6je1IMobvEkzANBgkqhkiG9w0BAQsFAAOCAgEAO2B3jnL+8LeoRkc282qUpHyu
 
xYj0Qd68l0CJ0FjfA2OCR/6h1W4gZVH+fTd/mhgrNXj28GRT53JEh1jdRC7ENTXu
 
W9O8I9gCbWQ6V4nkZ9lpq8UEmKTFGnngVu8VCmSDF+y0kFuEtmt0jyd2UkJfC/vy
 
Gh78OCHEdGAeOTYHXamiuA9Z7wMuncPjP476gSW2kfWTdxV25ad4tT5dA5d42xDm
 
YE2UKzHeB9amOmvyh08LPD0idT5oROCIHsHBhQC9oltJXO5j6GyHRg88C1inyv6R
 
xk+w9ek4wSBpoJg5t3hdbZr3JTUsuu4WPtAET0fMQpJC+niaBbegwtvdLZFM+d8x
 
ead3ZpMO+XrpazDFGtdPTQdi5EIYmr2RL9eTeQbVPwMB9TgFpBXP+iYIuTpNo8jn
 
8zS4EcPRmz6PQJVK4zkHczfvquyU9RuOwEgb8qN4tSNxF0Z94uSVUoXCG9WZLf8q
 
MfsGesYiR/qLnLn3MfAyWm3OVOUvGzczDE2T8VvY7rXc2+8ra5aK0TNAgEz9ey6D
 
/dGzM1JCCe1A08s+2+eRX//pmqmOCoGrY7zwIVS2T249h6iIMM9yT0C3ZXRoTnVN
 
osyidOkVuQr0YK6shJ0WaK4F1MktdjOZKPoIc9QLw+TrSU2hfyla36T0bNWMC/TJ
 
YtxDI+d1jIFZ7zMmts4=
 
-----END CERTIFICATE-----
 
</source>
 
 
==== openvpn starten mit Passwortabfrage ====
 
'''start befehl'''
 
<source lang=bash>
 
openvpn --client --dev tun --auth-user-pass --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem
 
</source>
 
 
 
==== openvpn starten mit Passwortdatei ====
 
 
/etc/openvpn/riseup_auth.txt 
 
<source lang=bash>
 
user
 
secret
 
</source>
 
 
'''start befehl'''
 
<source lang=bash>
 
openvpn --client --dev tun --auth-user-pass /etc/openvpn/riseup_auth.txt  --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem
 
</source>
 
 
==== openvpn starten mit configfile ====
 
 
/etc/openvpn/riseup2.ovpn
 
<source lang=bash>
 
client
 
dev tun
 
auth-user-pass /etc/openvpn/riseup_auth.txt
 
remote vpn.riseup.net 1194
 
keysize 256
 
auth SHA256
 
cipher AES-256-CBC
 
ca /etc/openvpn/RiseupCA.pem
 
#
 
auth-nocache
 
#
 
remote-cert-tls server
 
script-security 2
 
persist-tun
 
persist-key
 
#route-noexec
 
#route-up /etc/openvpn/ruvpnrouteadd.sh
 
</source>
 
 
 
'''start befehl'''
 
<source lang=bash>
 
openvpn /etc/openvpn/riseup2.ovpn
 
</source>
 
 
==== openvpn starten mit /etc/init.d/openvpn ====
 
 
 
'''/etc/config/openvpn'''
 
<source lang=bash>
 
config openvpn cryptn_vpn
 
        # Set to 1 to enable this instance:
 
        option enable 1
 
 
        # Include OpenVPN configuration
 
        option config /etc/openvpn/riseup2.ovpn
 
</source>
 
 
 
'''start befehl'''
 
<source lang=bash>
 
/etc/init.d/openvpn start
 
/etc/init.d/openvpn restart
 
/etc/init.d/openvpn stop
 
</source>
 
 
=== Netzwerkeinstellungen auf openwrt für openvpn ===
 
'''/etc/config/network'''
 
<source lang=bash>
 
# ....
 
config interface 'ncvpn'
 
        option proto 'dhcp'
 
        option ifname 'tun0'
 
        option hostname 'LEde'
 
 
</source>
 
 
''' start befehle '''
 
/etc/init.d/network restart
 
 
 
'''/etc/config/firewall'''
 
<source lang=bash>
 
# ....
 
config rule
 
        option name 'Allow-OpenVPN-Inbound'
 
        option target 'ACCEPT'
 
        option src '*'
 
        option proto 'udp'
 
        option dest_port '1194'
 
 
config zone
 
        option name 'newzone'
 
        option forward 'REJECT'
 
        option output 'ACCEPT'
 
        option input 'REJECT'
 
        option masq '1'
 
        option mtu_fix '1'
 
        option network 'ncvpn'
 
 
config forwarding
 
        option dest 'newzone'
 
        option src 'lan'
 
</source>
 
 
''' start befehle '''
 
/etc/init.d/firewall restart
 
  
 
= Hardware =
 
= Hardware =

Aktuelle Version vom 20. April 2020, 09:10 Uhr

Router: Openwrt | LEDE | Libre Mesh | qMp

Befehle

# Netzwerkkonifguration anzeigen
uci show network
uci show wireless
uci show firewall

# routen ausgeben
ip route

# wlan  scannen
iwinfo wlan0 scan
iwinfo

iw wlan0 info
iw wlan0 scan dump
iw wlan0 mpp dump
iw wlan0 mpath dump
iw wlan0 station dump
iw wlan0 survey dump

# Netzwerkprogramm iftop
opkg install iftop
iftop

Installation

Installatioin auf TL-WR1043ND v4.x

wget http://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-factory.bin
wget http://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin

# sysupgrade alternativ beim ersten mal factory.bin nutzen
scp lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin root@192.168.10.1:/tmp/
ssh root@192.168.10.1
sysupgrade  -n lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin

Adblock

opkg install adblock
opkg install luci-app-adblock

Manuell

https://blog.doenselmann.com/werbung-direkt-auf-openwrt-router-blocken/

Direkt vom Router

wget --no-check-certificate https://gist.githubusercontent.com/teffalump/7227752/raw/af7d3d365426731015e99698a93e1a072a7da4ba/adblock.sh

mit opkg

https://github.com/openwrt/packages/tree/master/net/adblock/files

speziell z.B Windows updates

https://github.com/crazy-max/WindowsSpyBlocker
https://yro.slashdot.org/story/15/08/26/225239/how-to-keep-microsofts-nose-out-of-your-personal-data-in-windows-10

Block Files von irgenwelchen ...

http://someonewhocares.org/hosts/

Hardware

Ubiquiti Unifi | AP AC Lite

  • Firmware durch Lede erseztzen
    • Anschluss des AP AC LITE an einen Router
nmap  -sP 192.168.1.1/24
Nmap scan report for 192.168.1.104
Host is up (-0.095s latency).
MAC Address: F0:9F:C2:7C:2F:C8 (Ubiquiti Networks)
ssh ubnt@192.168.1.104

pw: ubnt

    • Download:
https://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/
  • ubnt-unifiac-lite-squashfs-sysupgrade.bin


    • Image kopieren
scp lede-17.01.2-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin  ubnt@192.168.1.104:/tmp/
ssh  ubnt@192.168.1.104:/tmp/

BZ.v3.4.14#

    • Beide Befehle hintereinander ausführen!!!
mtd write /tmp/lede-17.01.2-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin  kernel0
mtd -r write /tmp/lede-17.01.2-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin kernel1

Die Verbindung wird unterbrochen Login in Lede:

ssh root@192.168.1.1