Creating packages for openwrt requires ipkg-utils and the procedure is debian style using a control file:
cat >> soft/CONTROL/control <<EOF Package: soft Version 0.1 Architecture: mipsel Maintainer: john <john@mail.com> Section: base Priority: optional Description: the soft package adds nothing Source: http://john.net/soft EOF ipkg-build -o root -g root soft
OpenWrt scripts can add a TAP interface to a bridge on boot, however tap interfaces are usually created on demand rather than persisting across reboots. To make sure that the TAP interface is brought up on boot, create a script at /etc/init.d/createtap with the following contents:
#!/bin/sh /etc/rc.common START=30 SERVICE_USE_PID=0 TAP=`ifconfig -a | grep tap0 | wc -l start() { if [ $TAP -eq 0 ]; then ip tuntap add mode tap tap0 fi } stop() { if [ $TAP -eq 1 ]; then ip tuntap del mode tap tap0 fi }
and possibly change tap0 to a desired interface name.
In order to activate the script, issue:
/etc/init.d/createtap enable
The interface should now be created on reboot.
Once TAP interfaces are created the MAC address is randomly generated such that unless you are sending a DHCP client ID, the interface will be difficult to track. To set a permanent MAC address for the TAP interface, edit /etc/config/network and add a MAC address for the TAP interface.
For example, the snippet:
config interface 'tap'
option ifname 'tap0'
option proto 'dhcp'
option macaddr 'ca:36:40:4a:79:5e'
configures a TAP interface tap0 that will retrieve its address via DHCP by sending the MAC address ca:36:40:4a:79:5e.
The configuration combined with the script above work perfectly well together: the script takes care to create the interface and the OpenWrt network configuration will set the MAC address when the interface is brought up.
If you access OpenWrt from a cygwin shell, you will notice that running ncurses-based programs (for instance, joe, pico or nano editors) will mess up the lines. This is due to cygwin setting the terminal type to cygwin which is not contained in the terminfo OpenWrt package.
To resolve the issue, the cygwin terminal information from C:\cygwin64\usr\share\terminfo\63\cygwin (assuming the cygwin install root is at C:\cygwin64) should be copied over to /usr/share/terminfo/c/cygwin. Note that the terminfo OpenWrt package does not contain the c directory under /usr/share/terminfo such that it will have to be created before copying over the file.
On OpenWrt version 18.06.1, the Samba template files contains a variable that should be interpolated:
interfaces = |INTERFACES|
unfortunately, the interfaces do not seem to be configurable via LuCi and even using uci to set the variable samba.@samba[0].interfaces to some value will only make OpenWrt interpolate an empty string instead of the configured value.
Seeing that the interfaces to listen on cannot be configured via LuCi, removing the interfaces = |INTERFACES| line and hardcoding the interfaces to listen on seems to be the best option.
Unfortunately for quite a few releases (LEDE), the python setuptools package seems to be broken such that running depending software may bomb out with:
pkg_resources.DistributionNotFound: The 'setuptools' distribution was not found and is required by
The solution is to install pip via:
opkg install python-pip
and then reinstall pip and setuptools:
pip install -U pip setuptools
TL;DR: old trick, set a lower interface metric for the OpenVPN interface than the default gateway.
Since there does not seem to be an official straightforward answer to route all traffic through OpenVPN "the OpenWrt way"™ the following should be easy to accomplish via the interface:
redirect-gateway def1,Network → Interfaces and for each WAN interface, click Edit and then go to Advanced Settings and set the Interface Metric to a given value (ie: 10),Network → Interfaces open up the OpenVPN interface, go to Advanced Settings and set the Interface Metric to a value lower than all WAN interfaces from the previous step (ie: 1).
OpenWrt does not do this automatically even if redirect-gateway def1 is pushed by the server.
In order to get full disk encryption to work on OpenWrt, install the following packages:
opkg install kmod-crypto-ecb kmod-crypto-xts kmod-crypto-hmac kmod-crypto-sha256 kmod-crypto-misc kmod-crypto-user cryptsetup
Similarly, if the storage device is connected via the USB port, install the dependent mass storage modules:
opkg install kmod-usb-storage kmod-usb-storage-uas
Some key derivation mechanisms are memory intensive and may exceed the available memory on an OpenWrt router, this results in the following error when formatting or opening a LUKS device "Not enough available memory to open a keyslot". To work around the issue, either:
–pbkdf pbkdf2 when formatting the storage device,–pbkdf-memoryThe system log file can be dumped to the terminal by issuing:
logread
The equivalent of tail -f for monitoring the logs is:
logread -f
POSIX threads are part of the core libc library on OpenWrt and linking might sometimes fail with the error:
/usr/bin/ld: cannot find -lpthread
To resolve the issue, simply create an empty library in the library path, ie:
ar -rc /usr/lib/libpthread.a
Setting iproute2 rules and routes does not exactly have an interface on OpenWrt but there is support to be found by editing the configuration files.
For instance, to perform the equivalent of the following on OpenWrt:
echo "200 vpn" >>/etc/iproute2/rt_tables ip rule add from all fwmark 0xC8 lookup vpn ip route add default via 192.168.1.1 table vpn
in order to be able to mark packets and send them through a different route, the following OpenWrt changes have to be made:
echo "200 vpn" >>/etc/iproute2/rt_tables
/etc/config/network to define a rule:config rule
option mark '0xC8'
option lookup 'vpn'
/etc/config/network in order to add the route (this alone can be performed from LuCI interface by going to Networking→Static Routes):config route
option interface 'tap0'
option gateway '192.168.1.1'
option table 'vpn'
option netmask '255.255.255.255'
option target '0.0.0.0/0'