LEDE

Aus Vosp.info
Version vom 11. August 2017, 22:15 Uhr von F (Diskussion | Beiträge) (Installatioin auf TL-WR1043ND v4.x)
Wechseln zu:Navigation, Suche

Befehle

# Netzwerkkonifguration anzeigen
uci show network
uci show wireless
uci show firewall

# routen ausgeben
ip route

# wlan  scannen
iwinfo wlan0 scan
iwinfo

iw wlan0 info
iw wlan0 scan dump
iw wlan0 mpp dump
iw wlan0 mpath dump
iw wlan0 station dump
iw wlan0 survey dump

# Netzwerkprogramm iftop
opkg install iftop
iftop

Installation

Installatioin auf TL-WR1043ND v4.x

wget http://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-factory.bin
wget http://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin

# sysupgrade alternativ beim ersten mal factory.bin nutzen
scp lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin root@192.168.10.1:/tmp/
ssh root@192.168.10.1
sysupgrade  -n lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin

Adblock

Manuell

https://blog.doenselmann.com/werbung-direkt-auf-openwrt-router-blocken/

Direkt vom Router

wget --no-check-certificate https://gist.githubusercontent.com/teffalump/7227752/raw/af7d3d365426731015e99698a93e1a072a7da4ba/adblock.sh

mit opkg

https://github.com/openwrt/packages/tree/master/net/adblock/files

speziell z.B Windows updates

https://github.com/crazy-max/WindowsSpyBlocker
https://yro.slashdot.org/story/15/08/26/225239/how-to-keep-microsofts-nose-out-of-your-personal-data-in-windows-10

Block Files von irgenwelchen ...

http://someonewhocares.org/hosts/

VPN

Anleitungen

https://blog.doenselmann.com/openvpn-server-auf-openwrt-router-betreiben/
http://www.kammerath.net/openwrt-mit-openvpn-client.html
https://www.portunity.de/access/wiki/OpenVPN-Tunnel_(IPv4)_auf_einem_OpenWRT_Router_einrichten_(Anleitung)

ssh root@192.168.1.1
opkg update
opkg install openvpn-openssl


riseup openvpn client auf den openwrt einrichten

-----BEGIN CERTIFICATE-----
MIIF2jCCA8KgAwIBAgIIVogyQTSIzc8wDQYJKoZIhvcNAQELBQAwgYYxGDAWBgNV
BAMTD1Jpc2V1cCBOZXR3b3JrczEYMBYGA1UEChMPUmlzZXVwIE5ldHdvcmtzMRAw
DgYDVQQHEwdTZWF0dGxlMQswCQYDVQQIEwJXQTELMAkGA1UEBhMCVVMxJDAiBgkq
hkiG9w0BCQEWFWNvbGxlY3RpdmVAcmlzZXVwLm5ldDAiGA8yMDE2MDEwMjIwMjU0
MFoYDzIwMjYwMzMwMjAyNjAxWjCBhjEYMBYGA1UEAxMPUmlzZXVwIE5ldHdvcmtz
MRgwFgYDVQQKEw9SaXNldXAgTmV0d29ya3MxEDAOBgNVBAcTB1NlYXR0bGUxCzAJ
BgNVBAgTAldBMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYVY29sbGVjdGl2
ZUByaXNldXAubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2VV
uoz4xqeB1ROIwXBRaj0prOqEFX89A7+2rslGRfjM8NPHyBLGleoHTK3DPwadtQeg
ulaEOAjM5EMXTEX/o9H46L6h729HUWPCwVssvvOjyxTyGJDf7Ihd/Ab7ODtlJSyc
g31aXMioA5pGz5QnS3VGz4nE9+NL+jobc/NbhaacsEPR/7xO7meRNu/1S+YiHK1y
BSVrfap3XItlcNHDGNQkPyyJbS3pAS1lQs2HCBTzcFCamCkDOC7cRh9wZ4GH8U2f
2s0mDD5zhRpheNW4gFBtGpqHiRXv7WJW612aaXzKQQoIq2loGNvOpnyBPKL3jjUT
Rxv5IzWMV0nAofMCy25u/S4J65uSEd9mLNXFJ3rl+cFaybcOUXktTbS7bZy6cMyf
/gO28bEXIWr5WfZf8jCbPyOVfExZquG3aS+0YPWmIJCheXQzgiwplZy93oND1GGQ
f+1R2F7GPwNXQdefv2xm7PTWhHbSWHHmeY89qYED+yFJrX5ChoFoBbYs1lMmdU/C
2MnQBFtvcVockXFAUONyMKiq8ZP6sQ1lu0rO9Bvkhx55sJLZOmjN3g4S1K97PbbI
5DzHKcR0JQSt8ZtCY/MuMbwvlNYo98bFWvlfKET0KPtogNNH0PNfJmStKR8jWGjE
HnUNXo7YDfK90iEKTjLz2K5CYzH5Dm6iYJNaaykCAwEAAaNGMEQwEgYDVR0TAQH/
BAgwBgEB/wIBADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTGek7ebtq2Ibm+
2K6je1IMobvEkzANBgkqhkiG9w0BAQsFAAOCAgEAO2B3jnL+8LeoRkc282qUpHyu
xYj0Qd68l0CJ0FjfA2OCR/6h1W4gZVH+fTd/mhgrNXj28GRT53JEh1jdRC7ENTXu
W9O8I9gCbWQ6V4nkZ9lpq8UEmKTFGnngVu8VCmSDF+y0kFuEtmt0jyd2UkJfC/vy
Gh78OCHEdGAeOTYHXamiuA9Z7wMuncPjP476gSW2kfWTdxV25ad4tT5dA5d42xDm
YE2UKzHeB9amOmvyh08LPD0idT5oROCIHsHBhQC9oltJXO5j6GyHRg88C1inyv6R
xk+w9ek4wSBpoJg5t3hdbZr3JTUsuu4WPtAET0fMQpJC+niaBbegwtvdLZFM+d8x
ead3ZpMO+XrpazDFGtdPTQdi5EIYmr2RL9eTeQbVPwMB9TgFpBXP+iYIuTpNo8jn
8zS4EcPRmz6PQJVK4zkHczfvquyU9RuOwEgb8qN4tSNxF0Z94uSVUoXCG9WZLf8q
MfsGesYiR/qLnLn3MfAyWm3OVOUvGzczDE2T8VvY7rXc2+8ra5aK0TNAgEz9ey6D
/dGzM1JCCe1A08s+2+eRX//pmqmOCoGrY7zwIVS2T249h6iIMM9yT0C3ZXRoTnVN
osyidOkVuQr0YK6shJ0WaK4F1MktdjOZKPoIc9QLw+TrSU2hfyla36T0bNWMC/TJ
YtxDI+d1jIFZ7zMmts4=
-----END CERTIFICATE-----

openvpn starten mit Passwortabfrage

start befehl 

openvpn --client --dev tun --auth-user-pass --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem


openvpn starten mit Passwortdatei

/etc/openvpn/riseup_auth.txt 

user
secret

start befehl 

openvpn --client --dev tun --auth-user-pass /etc/openvpn/riseup_auth.txt  --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem

openvpn starten mit configfile

/etc/openvpn/riseup2.ovpn 

client
dev tun
auth-user-pass /etc/openvpn/riseup_auth.txt
remote vpn.riseup.net 1194
keysize 256
auth SHA256
cipher AES-256-CBC
ca /etc/openvpn/RiseupCA.pem
#
auth-nocache
#
remote-cert-tls server
script-security 2
persist-tun
persist-key
#route-noexec
#route-up /etc/openvpn/ruvpnrouteadd.sh


start befehl 

openvpn /etc/openvpn/riseup2.ovpn

openvpn starten mit /etc/init.d/openvpn

/etc/config/openvpn 

config openvpn cryptn_vpn
        # Set to 1 to enable this instance:
        option enable 1

        # Include OpenVPN configuration
        option config /etc/openvpn/riseup2.ovpn


start befehl 

/etc/init.d/openvpn start
/etc/init.d/openvpn restart
/etc/init.d/openvpn stop

Netzwerkeinstellungen auf openwrt für openvpn

/etc/config/network 

# ....
config interface 'ncvpn'
        option proto 'dhcp'
        option ifname 'tun0'
        option hostname 'LEde'

start befehle /etc/init.d/network restart


/etc/config/firewall 

# ....
config rule
        option name 'Allow-OpenVPN-Inbound'
        option target 'ACCEPT'
        option src '*'
        option proto 'udp'
        option dest_port '1194'

config zone
        option name 'newzone'
        option forward 'REJECT'
        option output 'ACCEPT'
        option input 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'ncvpn'

config forwarding
        option dest 'newzone'
        option src 'lan'

start befehle /etc/init.d/firewall restart

Hardware

Ubiquiti Unifi | AP AC Lite

  • Firmware durch Lede erseztzen
    • Anschluss des AP AC LITE an einen Router
nmap  -sP 192.168.1.1/24
Nmap scan report for 192.168.1.104
Host is up (-0.095s latency).
MAC Address: F0:9F:C2:7C:2F:C8 (Ubiquiti Networks)

ssh ubnt@192.168.1.104

pw: ubnt

    • Download:
https://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/
  • ubnt-unifiac-lite-squashfs-sysupgrade.bin


    • Image kopieren
scp lede-17.01.2-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin  ubnt@192.168.1.104:/tmp/
ssh  ubnt@192.168.1.104:/tmp/

BZ.v3.4.14#

    • Beide Befehle hintereinander ausführen!!!
mtd write /tmp/lede-17.01.2-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin  kernel0
mtd -r write /tmp/lede-17.01.2-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin kernel1

Die Verbindung wird unterbrochen Login in Lede: 

ssh root@192.168.1.1
Abgerufen von „https://vosp.info/index.php?title=LEDE&oldid=4722