OpenWRT

From philcrump.co.uk
(Redirected from OpenWRT Car Router)
Jump to: navigation, search

Reddit: 802.11r Notes

3G on 14.07

This setup is for my Huawei E353 USB Dongle with a '3' UK Pay As You Go SIM.

Install 3G Packages:

opkg update
opkg install comgt kmod-usb-serial kmod-usb-serial-option kmod-usb-serial-wwan usb-modeswitch usb-modeswitch-data

Create a new interface in /etc/config/network

config interface 3gwan     
        option device  /dev/ttyUSB0                             
        option apn     3internet   
        option service umts      
        option proto   3g

Add the '3gwan' interface to the 'wan' zone in /etc/config/firewall

config zone                                
        option name             wan      
        list   network          'wan' 
        list   network          'wan6'          
        list   network          '3gwan'
        option input            REJECT 
        option output           ACCEPT 
        option forward          REJECT 
        option masq             1      
        option mtu_fix          1

Add the dial settings to /etc/chatscripts/3g.chat

ABORT   BUSY
ABORT   'NO CARRIER'
ABORT   ERROR
REPORT  CONNECT
TIMEOUT 10
""      "AT&F"
OK      "ATE1"
OK      'AT+CGDCONT=1,"IP","$USE_APN"'
SAY     "Calling UMTS/GPRS"
TIMEOUT 30
OK      "ATD*99#"
CONNECT ' '

3G on 15.05-rc2

This setup is for my Huawei E353 USB Dongle with a '3' UK Pay As You Go SIM.

Install 3G Packages:

opkg update
opkg install comgt kmod-usb-serial kmod-usb-serial-option kmod-usb-serial-wwan usb-modeswitch luci-proto-3g

Create a new interface in /etc/config/network

config interface 3gwan     
        option device  /dev/ttyUSB0                             
        option apn     3internet   
        option service umts      
        option proto   3g

Add the '3gwan' interface to the 'wan' zone in /etc/config/firewall

config zone                                
        option name             wan      
        list   network          'wan' 
        list   network          'wan6'          
        list   network          '3gwan'
        option input            REJECT 
        option output           ACCEPT 
        option forward          REJECT 
        option masq             1      
        option mtu_fix          1

easiest to then reboot, and plug the modem in!

Serial

[1] 2 3 4

TX, RX, GND, VCC

Disable Console on Serial Port

  • Add to /etc/sysctl.conf
kernel.printk = 0 4 1 7
  • Edit /etc/inittab, add '#' to askconsole so reads:
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
#::askconsole:/bin/ash --login
  • reboot

Change Serial Port Speed

opkg update
opkg install coreutils-stty
stty -F /dev/ttyS0 -a # Read Settings
stty -F /dev/ttyS0 9600 -echo clocal cread cs8 -cstopb -parenb # Write GPS-compatible settings
stty -F /dev/ttyS0 -a # Read Settings

Test Serial Port

PORT = "/dev/ttyS0"
BAUD = "9600"
print("Configuring UART\n")
os.execute("stty -F " .. PORT .. " " .. BAUD .. " -echo clocal cread cs8 -cstopb -parenb")
print("Listening to UART\n")
while 1 do
    serialin=io.open(PORT,"r")
    print(serialin:read("*l"))    --print the data
    serialin:close()
end

USB Power

On the MR3420 it is possible to switch the power on/off to the USB port with a GPIO

function sleep(n)
  os.execute("sleep " .. tonumber(n))
end
 
function powerUSB(state)
  os.execute("echo " .. tonumber(state) .. " >/sys/class/gpio/gpio6/value")
end
 
print("On..")
powerUSB(1)
sleep(2)
 
print("Off..")
powerUSB(0)
sleep(2)
 
print("On..")
powerUSB(1)
sleep(2)

IPv6

I use SIXXS Aiccu Daemon for my IPv6 Tunnels, configured as 'ayiya' type to allow dynamic use required over 3G.

Reference: SIXXS Wiki - Installing Aiccu on OpenWRT

Install

Install Aiccu

opkg update
opkg install aiccu

Add interface to /etc/config/network

config interface 'wan6'               
        option proto 'aiccu'          
        option username ' SIXXS user name/tunnelID '
        option password ' TIC tunnel password '      
        option peeraddr ' TIC IP '     
        option ip6addr  ' Tunnel endpoint '  
        option ip6prefix ' Subnet Prefix '

Remove local prefix allocation from /etc/config/network

config globals 'globals' 
        option ula_prefix 'fdda:0bcd:d4f8::/48'

Add startup delay to /lib/netifd/proto/aiccu.sh

        echo "daemonize true"     >> "$CFGFILE"                                 
        echo "pidfile $PIDFILE"   >> "$CFGFILE"
 
        # work-around for https://dev.openwrt.org/ticket/17744                  
        NTPSERVER=pool.ntp.org                                                  
 
        local try=0                                                             
        local max=10                                                            
        while [ $((++try)) -le $max ]; do                                       
                ntpd -qn -p pool.ntp.org >/dev/null 2>&1 && break               
                sleep 6                                                         
        done                                                                    
        # end of work-around                                                   
 
        aiccu start "$CFGFILE"

Reload networking

/etc/init.d/network reload

SPI

This section contains research only, I haven't tried getting SPI working yet.

SPI on GPIO

opkg install kmod-spi-gpio-custom

Possible Lua script:

data_file = io.open("/dev/spidev1.0","r+")
 
data_file:write("some data")
out_string = data_file:read(5)
data_file:close()
 
io.write(out_string)

The system, qss, wifi and 3g leds can be addressed in software through the led handlers. Unfortunately in MR3x20 builds the LAN GPIO LEDs are controlled by the Atheros Hardware, and cannot be repurposed.

There is a kernel patch to enable software control, however this requires a recompile, which is a lot of effort.

There is the possibility of using the internal SPI bus, however this seems too risky to be worth it, and risks corrupting the flash on the bus.

Using internal SPI bus

Setting up a router using 15.05-rc2

  • Flash Image
  • telnet 192.168.1.1
  • passwd - enter new password twice, then exit
  • ssh root@192.168.1.1
  • opkg update
  • opkg list-upgradable

Install Luci

  • opkg install luci luci-mod-admin-full

Install full wpad for WPA Enterprise

  • opkg remove wpad-mini
  • opkg install wpad

Install aiccu for sixxs IPv6

  • opkg install aiccu
  • Configure in Luci
  • reboot

Install QOS

  • opkg install luci-app-qos

3G Router using DD-trunk (9th Feb 2015)

opkg update
opkg install comgt kmod-usb-serial kmod-usb-serial-option kmod-usb-serial-wwan usb-modeswitch

Optional Luci Web Interface

opkg install luci luci-mod-admin-full luci-proto-3g

Replace /etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'platform/qca955x_wmac'
	option htmode 'HT20'
	option country 'GB'
	option channel '6'
	option txpower '20'
	option disabled '0'
 
config wifi-iface
	option device 'radio0'
	option mode 'ap'
	option ssid 'PhilNet'
	option network 'lan'
	option encryption 'psk2'
	option key '2003corsa'

Add to /etc/config/network:

config interface 3gwan     
        option device  /dev/ttyUSB0                             
        option apn     3internet   
        option service umts      
        option proto   3g

Add '3gwan' to list of WAN Interfaces in /etc/config/firewall:

        list   network          '3gwan'

Reboot and plug the dongle in.

Home router

Fix PPTP VPN

opkg install luci luci-mod-admin-full ath10k-firmware-qca988x kmod-nf-nathelper-extra

Xbox

  • Forward TCP+UDP on 3074 to Xbox

3g eduroam

Updated 22nd July 2017 - for LEDE 17.01.2 To upgrade all upgradable packages

opkg update
opkg list-upgradable | awk -F ' - ' '{print $1}' | xargs opkg upgrade
opkg update
opkg remove wpad-mini
opkg install luci luci-mod-admin-full
opkg install comgt kmod-usb-serial kmod-usb-serial-option kmod-usb-serial-wwan usb-modeswitch luci-proto-3g kmod-usb-net-cdc-ether
opkg install openvpn-openssl wpad

Use side switch to enable/disable eduroam:

/etc/hotplug.d/button/BTN_1

#!/bin/sh
 
if [ "${ACTION}" = "released" ];
then
  cp -f /etc/config/wireless.noduroam /etc/config/wireless;
  wifi up;                                                 
else      
  cp -f /etc/config/wireless.eduroam /etc/config/wireless;
  wifi up;                                                
fi                                                        
 
return 0

/etc/usbtoggle

#!/usr/bin/lua                                                                                
 
function sleep(n)                                                                             
  os.execute("sleep " .. tonumber(n))                                                         
end                                                                                           
 
function powerUSB(state)                                                                      
  -- ## AR150
  --os.execute("echo " .. tonumber(state) .. " >/sys/class/gpio/gpio6/value")
  -- ## MT-300A 
  os.execute("echo 7 > /sys/class/gpio/export")
  os.execute("echo " .. tonumber(state) .. " >/sys/class/leds/gl-mt300a\:usb/brightness")
end                                                                                           
 
function pingGoogle()                                                                         
 ping_code = os.execute('ping -q -c1 8.8.8.8 > /dev/null')                                    
 if ping_code==0 then                                                                         
  return true                                                                                 
 else                                                                                         
  return false                                                                                
 end                                                                                          
end                                                                                           
 
failedAttempts=0                                                                              
powerUSB(1)                                                                                   
 
while 1 do                                                                                    
 sleep(10)                                                                                    
 if pingGoogle() then                                                                         
  failedAttempts=0                                                                            
 else                                                                                         
  failedAttempts=failedAttempts+1                                                             
  print("Ping failed, "..failedAttempts.."/12 attempts.")                                     
 end                                                                                          
 if failedAttempts>12 then                                                                    
  print("Toggling USB Modem Power to summon the internetz")                                   
  powerUSB(0)                                                                                 
  sleep(1)                                                                                    
  powerUSB(1)                                                                                 
  failedAttempts=0                                                                            
 end                                                                                          
end

/etc/init.d/usbtoggle

#!/bin/sh /etc/rc.common
# Runs daemon to monitor internet connectivity and toggle USB power if needed
 
START=10
STOP=15
USE_PROCD=1
 
start_service() {        
        procd_open_instance
        procd_set_param command /etc/usbtoggle
        procd_set_param respawn
        procd_set_param stdout 1 # forward stdout of the command to logd
	procd_set_param stderr 1 # same for stderr
	procd_close_instance
}

Enable the service:

chmod +x /etc/usbtoggle
chmod +x /etc/init.d/usbtoggle
/etc/init.d/usbtoggle enable

Openwrt+RadSecProxy+Ubiquiti Setup used for UKHASnet Hackathons

OpenWRT router is configured with IP of 10.55.55.1, and standard SOWN openvpn tunnel.

/etc/config/radsecproxy:

config options                    
        option LogLevel '3'                                
        option LogDestination 'x-syslog:///'              
        list ListenUDP '0.0.0.0:1812'                     
        list ListenUDP '0.0.0.0:1813'                     
 
config client                           
        option name '10.55.55.50'     
        option type 'udp'             
        option secret '' # Local Radius secret here                                    
 
config server                                    
        option name 'sown-radius-auth'                              
        option type 'udp'                                                    
        option host '10.13.0.239'                                            
        option port '1812'                                                   
        option secret '' # SOWN Radius secret here
 
config server                                                   
        option name 'sown-radius-acct'                          
        option type 'udp'                                                                     
        option host '10.13.0.239'                               
        option port '1813'                                      
        option secret '' # SOWN Radius secret here
 
config realm                                                                                  
        option name '*'                                                                       
        list server 'sown-radius-auth'                  
        list accountingServer 'sown-radius-acct'


Ubiquiti AP Config:

DHCP Static Lease: 10.55.55.50
 
SSID: UKHASnet
Key: ukhasnet
wpa1/2-psk aes/ccmp
 
SSID: eduroam
Auth Server: 10.55.55.1 / 1812 / <local-radius-secret> / Interim Update: 300s
Acct Server: 10.55.55.1 / 1813 / <local-radius-secret> / Interim Update: 300s
wpa2 aes

uhttpd setup

opkg update opkg install uhttpd

Add to /etc/config/uhttpd

list interpreter        ".lua=/usr/bin/lua"

Jan 2018 - Events Setup

As per default LEDE build and hardware labels, eth0 is LAN and eth1 is WAN. For this setup however I've swapped the designations so I can power the router over PoE via the LAN port.

Software used

opkg update
opkg install openvpn-openssl # SOWN tunnel 
opkg install radsecproxy # SOWN auth 
opkg install 6in4 # Hurricane Electric IPv6 tunnel
opkg install luci-app-sqm # WAN QoS / Rate limiting

Enable USB port power on AR150

USB Port Power is switched by GPIO6. The device boots with this of value '1', but the GPIO isn't active. Bounce it to get power.

echo '0' >/sys/class/gpio/gpio6/value
echo '1' >/sys/class/gpio/gpio6/value

/etc/config/network

Hurricane Electric Tunnel for Global IPv6 connectivity.

config interface 'henet'                                                                      
        option proto '6in4'                                                                   
        option peeraddr '216.66.88.98'                                                        
        option ip6addr '2001:470:1f1c:283::2/64'                                              
        option ip6prefix '2001:470:1f1d:283::/64'                                             
        option tunnelid '<tunnelid>'                                                              
        option username '<username>'                                                           
        option updatekey '<updatekey>'

/etc/config/firewall

Disallow access to the upstream host network (so far always been in 192.168.0.0/16)

config rule                                     
        option src 'lan'                         
        option dest 'wan'                        
        option dest_ip '192.168.0.0/16'          
        option target 'DROP'                    
        option proto 'all'                      
        option family 'ipv4'                     
        option name 'Drop Upstream Access (IPv4)'
 
config rule                                     
        option src 'lan'                        
        option dest 'wan'                        
        option dest_ip 'fc00::/7'                
        option target 'DROP'                     
        option proto 'all'                      
        option family 'ipv6'                    
        option name 'Drop Upstream Access (IPv6)'

Disable netflix connectivity on IPv6 as they disallow access from Hurricane Electric tunnels. This forces the clients back to IPv4, which works. Thanks to sciguy16 for these.

config rule                                     
        option enabled '1'                       
        option name 'Disable Netflix IPv6 (1/5)' 
        option family 'ipv6'                     
        option proto 'all'                      
        option src 'lan'                        
        option dest 'wan'                        
        option dest_ip '2a01:578:3::/48'         
        option target 'REJECT'                   
 
config rule                                     
        option enabled '1'                       
        option name 'Disable Netflix IPv6 (2/5)' 
        option family 'ipv6'                     
        option proto 'all'                      
        option src 'lan'                        
        option dest 'wan'                       
        option dest_ip '2406:da00:ff00::/48'     
        option target 'REJECT'                   
 
config rule                                     
        option enabled '1'                      
        option name 'Disable Netflix IPv6 (3/5)' 
        option family 'ipv6'                     
        option proto 'all'                      
        option src 'lan'                        
        option dest 'wan'                       
        option dest_ip '2600:1407:19::/48'       
        option target 'REJECT'
 
config rule                                     
        option enabled '1'                      
        option name 'Disable Netflix IPv6 (4/5)' 
        option family 'ipv6'                     
        option proto 'all'                      
        option src 'lan'                        
        option dest 'wan'                       
        option dest_ip '2607:f8b0:4001::/48'     
        option target 'REJECT'                   
 
config rule                                     
        option enabled '1'                      
        option name 'Disable Netflix IPv6 (5/5)' 
        option family 'ipv6'                     
        option proto 'all'                      
        option src 'lan'                        
        option dest 'wan'                       
        option dest_ip '2620:108:700f::/48'      
        option target 'REJECT'

/etc/config/sqm

Used to limit upload/download bandwidth during the event/deployment to avoid hammering the host network.

config queue 'eth1'
        option interface 'eth1'
        option qdisc_advanced '0'
        option linklayer 'none'
        option enabled '1'
        option debug_logging '0'
        option verbosity '5'
        option qdisc 'cake'
        option script 'piece_of_cake.qos'
        option download '10000'
        option upload '1200'

/etc/config/radsecproxy

Used to proxy eduroam RADIUS auth requests from the AP, up the openvpn tunnel.

config options
        option LogLevel '3'
        option LogDestination 'x-syslog:///'
        list ListenUDP '0.0.0.0:1812'
        list ListenUDP '0.0.0.0:1813'
 
# Authenticate AP
config client
        option name '10.55.55.50'
        option type 'udp'
        option secret '<local shared secret>'
 
config server
        option name 'sown-radius-auth'
        option type 'udp'
        option host '10.13.0.239'
        option port '1812'
        option secret '<remote shared secret>'
 
config server
        option name 'sown-radius-acct'
        option type 'udp'
        option host '10.13.0.239'
        option port '1813'
        option secret '<remote shared secret>'
 
config realm
        option name '*'
        list server 'sown-radius-auth'
        list accountingServer 'sown-radius-acct'