You are here: start / fuss / openwrt

Differences

This shows you the differences between two versions of the page.


Previous revision
fuss:openwrt [2025/06/27 23:28] (current) office
Line 1: Line 1:
 +====== Creating Packages ======
 +
 +Creating packages for ''openwrt'' requires [[http://downloads.openwrt.org/sources/|ipkg-utils]] and the procedure is ''debian'' style using a control file:
 +
 +<code bash>
 +cat >> soft/CONTROL/control <<EOF
 +Package: soft
 +Version 0.1
 +Architecture: mipsel
 +Maintainer: john <john@mail.com>
 +Section: base
 +Priority: optional
 +Description: the soft package adds nothing
 +Source: http://john.net/soft
 +EOF
 +ipkg-build -o root -g root soft
 +</code>
 +
 +====== Create TAP Interface on Boot ======
 +
 +OpenWrt scripts can add a TAP interface to a bridge on boot, however tap interfaces are usually created on demand rather than persisting across reboots. To make sure that the TAP interface is brought up on boot, create a script at ''/etc/init.d/createtap'' with the following contents:
 +<code bash>
 +#!/bin/sh /etc/rc.common
 +
 +START=30
 +SERVICE_USE_PID=0
 +
 +TAP=`ifconfig -a | grep tap0 | wc -l
 +
 +start() {
 +    if [ $TAP -eq 0 ]; then
 +        ip tuntap add mode tap tap0
 +    fi
 +}
 +
 +stop() {
 +    if [ $TAP -eq 1 ]; then
 +        ip tuntap del mode tap tap0
 +    fi
 +}
 +</code>
 +and possibly change ''tap0'' to a desired interface name.
 +
 +In order to activate the script, issue:
 +<code bash>
 +/etc/init.d/createtap enable
 +</code>
 +
 +The interface should now be created on reboot.
 +
 +Once TAP interfaces are created the MAC address is randomly generated such that unless you are sending a DHCP client ID, the interface will be difficult to track. To set a permanent MAC address for the TAP interface, edit ''/etc/config/network'' and add a MAC address for the TAP interface.
 +
 +For example, the snippet:
 +<code>
 +config interface 'tap'
 +        option ifname 'tap0'
 +        option proto 'dhcp'
 +        option macaddr 'ca:36:40:4a:79:5e'
 +</code>
 +
 +configures a TAP interface ''tap0'' that will retrieve its address via DHCP by sending the MAC address ''ca:36:40:4a:79:5e''.
 +
 +The configuration combined with the script above work perfectly well together: the script takes care to create the interface and the OpenWrt network configuration will set the MAC address when the interface is brought up.
 +
 +====== Fixing Terminal Compatibility Issues with Cygwin ======
 +
 +If you access OpenWrt from a cygwin shell, you will notice that running ncurses-based programs (for instance, ''joe'', ''pico'' or ''nano'' editors) will mess up the lines. This is due to cygwin setting the terminal type to ''cygwin'' which is not contained in the ''terminfo'' OpenWrt package.
 +
 +To resolve the issue, the ''cygwin'' terminal information from ''C:\cygwin64\usr\share\terminfo\63\cygwin'' (assuming the cygwin install root is at ''C:\cygwin64'') should be copied over to ''/usr/share/terminfo/c/cygwin''. Note that the ''terminfo'' OpenWrt package does not contain the ''c'' directory under ''/usr/share/terminfo'' such that it will have to be created before copying over the file.
 +
 +====== Making Samba Bind to Interfaces ======
 +
 +On OpenWrt version ''18.06.1'', the Samba template files contains a variable that should be interpolated:
 +<code>
 +interfaces = |INTERFACES|
 +</code>
 +
 +unfortunately, the interfaces do not seem to be configurable via LuCi and even using ''uci'' to set the variable ''samba.@samba[0].interfaces'' to some value will only make OpenWrt interpolate an empty string instead of the configured value.
 +
 +Seeing that the interfaces to listen on cannot be configured via LuCi, removing the ''interfaces = |INTERFACES|'' line and hardcoding the interfaces to listen on seems to be the best option.
 +
 +====== Getting Python Running Properly ======
 +
 +Unfortunately for quite a few releases (LEDE), the python ''setuptools'' package seems to be broken such that running depending software may bomb out with:
 +<code>
 +pkg_resources.DistributionNotFound: The 'setuptools' distribution was not found and is required by
 +</code>
 +
 +The solution is to install ''pip'' via:
 +<code bash>
 +opkg install python-pip
 +</code>
 +
 +and then reinstall ''pip'' and ''setuptools'':
 +<code bash>
 +pip install -U pip setuptools
 +</code>
 +
 +====== Routing all Traffic through OpenVPN ======
 +
 +TL;DR: old trick, set a lower interface metric for the OpenVPN interface than the default gateway.
 +
 +Since there does not seem to be an official straightforward answer to route all traffic through OpenVPN "the OpenWrt way"™ the following should be easy to accomplish via the interface:
 +
 +  * ensure that the OpenVPN server (or client configuration file) contains ''redirect-gateway def1'',
 +  * using the OpenWrt interface: ''Network'' -> ''Interfaces'' and for each WAN interface, click ''Edit'' and then go to ''Advanced Settings'' and set the ''Interface Metric'' to a given value (ie: ''10''),
 +  * using the OpenWrt interface: ''Network'' -> ''Interfaces'' open up the OpenVPN interface, go to ''Advanced Settings'' and set the ''Interface Metric'' to a value lower than all WAN interfaces from the previous step (ie: ''1'').
 +
 +OpenWrt does not do this automatically even if ''redirect-gateway def1'' is pushed by the server.
 +
 +====== Getting External Full Disk Encryption to Work ======
 +
 +In order to get full disk encryption to work on OpenWrt, install the following packages:
 +<code bash>
 +opkg install kmod-crypto-ecb kmod-crypto-xts kmod-crypto-hmac kmod-crypto-sha256 kmod-crypto-misc kmod-crypto-user cryptsetup
 +</code>
 +
 +Similarly, if the storage device is connected via the USB port, install the dependent mass storage modules:
 +<code bash>
 +opkg install kmod-usb-storage kmod-usb-storage-uas
 +</code>
 +
 +Some key derivation mechanisms are memory intensive and may exceed the available memory on an OpenWrt router, this results in the following error when formatting or opening a LUKS device "//Not enough available memory to open a keyslot//". To work around the issue, either:
 +  * use the LUKSv1 key derivation by specifying ''--pbkdf pbkdf2'' when formatting the storage device,
 +  * restrict the memory available to the key-derivation mechanism by specifying ''--pbkdf-memory''
 +
 +====== Reading System Log from Terminal ======
 +
 +The system log file can be dumped to the terminal by issuing:
 +<code bash>
 +logread
 +</code>
 +
 +The equivalent of ''tail -f'' for monitoring the logs is:
 +<code bash>
 +logread -f 
 +</code>
 +
 +====== Fix for Missing POSIX Threads Library ======
 +
 +POSIX threads are part of the core ''libc'' library on OpenWrt and linking might sometimes fail with the error:
 +<code>
 +/usr/bin/ld: cannot find -lpthread
 +</code>
 +
 +To resolve the issue, simply create an empty library in the library path, ie:
 +<code bash>
 +ar -rc /usr/lib/libpthread.a
 +</code>
 +
 +====== Policy-Based Routing on OpenWrt ======
 +
 +Setting ''iproute2'' rules and routes does not exactly have an interface on OpenWrt but there is support to be found by editing the configuration files.
 +
 +For instance, to perform the equivalent of the following on OpenWrt:
 +<code bash>
 +echo "200 vpn" >>/etc/iproute2/rt_tables
 +ip rule add from all fwmark 0xC8 lookup vpn
 +ip route add default via 192.168.1.1 table vpn
 +</code>
 +
 +in order to be able to mark packets and send them through a different route, the following OpenWrt changes have to be made:
 +
 +  * define a table manually from the command line:
 +<code bash>
 +echo "200 vpn" >>/etc/iproute2/rt_tables
 +</code>
 +  * edit ''/etc/config/network'' to define a rule:
 +<code>
 +config rule
 +        option mark '0xC8'
 +        option lookup 'vpn'
 +
 +</code>
 +  * edit ''/etc/config/network'' in order to add the route (this alone can be performed from LuCI interface by going to ''Networking->Static Routes''):
 +<code>
 +config route
 +        option interface 'tap0'
 +        option gateway '192.168.1.1'
 +        option table 'vpn'
 +        option netmask '255.255.255.255'
 +        option target '0.0.0.0/0'
 +
 +</code>
 +
 +====== Passing Parameters to HostapD ======
 +
 +Parameters that are not processed by UCI can be passed to hostapd by using the UCI option ''hostapd_options'' that is defined as a list of options that will be passed directly to hostapd.
 +
 +For example, the following command:
 +<code bash>
 +uci add_list wireless.radio0.hostapd_options='macaddr_acl=2'
 +</code>
 +will add the option ''macaddr_acl=2'' to hostapd.
 +
 +====== Preserve OPKG Lists Between Reboots ======
 +
 +The opkg package manager is configured to download package lists to temporary storage that will end up cleared between reboots. The rationale is that OpenWrt is meant for embedded systems that are short on RAM and Flash ROM such that storing the package lists permanently would take up storage space. However, when OpenWrt is installed on a system with plenty of storage it makes sense to save the packages permanently such that opening ''System'' -> ''Software'' will directly list the available packages without needing to click the ''Update lists...'' button.
 +
 +In order to make package lists permanent, open a terminal on the OpenWrt machine and issue:
 +<code bash>
 +mkdir /etc/opkg/list
 +</code>
 +
 +to create a directory that will store the lists permanently and then open ''/etc/opkg.conf'' in order to change the line:
 +<code>
 +lists_dir ext /var/opkg-lists
 +</code>
 +
 +to:
 +<code>
 +lists_dir ext /etc/opkg/list
 +</code>
 +
 +Finally, either use the menu to update packages or issue ''opkg update'' and the lists will now be stored permanently in ''/etc/opkg/list''.
 +
 +
 +
  
fuss/openwrt.1588769583.txt.gz · Last modified: 2020/05/06 12:53 (external edit)
You are here: start / fuss / openwrt

Wizardry and Steamworks

© 2025 Wizardry and Steamworks

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.