- 参考链接
获取源码并安装可用的 Feeds
1 | $ git clone git://git.openwrt.org/openwrt.git |
- 如果下载不了,或者很慢,或者
bash里的代理对于curl无效,可以使用如下补丁
1 | diff --git a/scripts/download.pl b/scripts/download.pl |
编译固件,配置与编译
1 | $ make defconfig |
简单配置
选择 CPU 型号
1
2
3Target System (MediaTek Ralink MIPS) -->
Subtarget (MT7620 based boards) --->
Target Profile (Lenovo Y1S) --->LUCI 配置
1
2LuCI > 1. Collections > luci
LuCI > 2. Modules > Translations > Chinese (zh-cn)
Privoxy
- proxy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24~# cat /etc/config/privoxy
config privoxy 'privoxy'
option confdir '/etc/privoxy'
option logdir '/var/log'
option logfile 'privoxy.log'
list filterfile 'default.filter'
list actionsfile 'match-all.action'
list actionsfile 'default.action'
option toggle '1'
option enable_remote_toggle '1'
option enable_edit_actions '1'
option forwarded_connect_retries '0'
option keep_alive_timeout '300'
list permit_access '192.168.1.0/24'
option debug_512 '1'
option debug_4096 '1'
option debug_8192 '1'
list listen_address '192.168.1.1:8123'
# 把privoxy接受来的Http转到本机的Socks5(ss-local).
list forward_socks5 '/ 127.0.0.1:1080 .'
config system 'system'
option boot_delay '10'
Dynamic DNS
- 这里安装动态域名,是为了通过IPv6去暴露内网的服务,或者方便远程管路由器了.
1
2
3
4
5
6
7
8
9
10LuCI-> 3. Applications -> luci-app-ddns
[...]
Network ->
-> IP Address and Names
<*> ddns-scripts_cloudflare.com-v4..... CloudFlare.com API v4 (requires cURL)
<*> ddns-scripts_freedns_42_pl
<*> ddns-scripts_godaddy.com-v1................... GoDaddy.com (require cURL)
< > ddns-scripts_no-ip_com...................... DDNS extension for No-IP.com
< > ddns-scripts_nsupdate................. DDNS extension using Bind nsupdate
<*> ddns-scripts_route53-v1....................... Amazon AWS Route 53 API v1
注册 dynv6.com
- 这里就使用dynv6.com的免费域名.注册帐号->激活帐号->创建域名.测试的过程中在
Luci里添加后参数,生成脚本有错误,下面直接改配置文件处理.1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33root@OpenWrt:~# cat /etc/config/ddns
config ddns 'global'
option ddns_dateformat '%F %R'
option ddns_loglines '250'
option ddns_rundir '/var/run/ddns'
option ddns_logdir '/var/log/ddns'
config service 'myddns_ipv4'
option lookup_host 'yourhost.example.com'
option domain 'yourhost.example.com'
option username 'your_username'
option password 'your_password'
option interface 'wan'
option ip_source 'network'
option ip_network 'wan'
option service_name 'dyn.com'
option enabled '0'
config service 'myddns_ipv6'
option use_ipv6 '1'
option enabled '1'
option force_unit 'minutes'
option service_name 'dynv6.com'
option retry_unit 'seconds'
option interface 'pppoe-wan' # 这里使用的接口是WAN_6,从ISP获取来的.这个就是把路由的IPv6的公网地址上传了.
option ip_interface 'pppoe-wan'
option ip_source 'interface'
option password '<HTTP Tokens>' # dynv6.com 里生成的要Keys.
option check_unit 'seconds'
option username 'your_username'
option lookup_host 'ipv6.dynv6.com'
option domain 'xxxxx.dynv6.net' # 注册的动态域名.
dnsmasq 配置问题
- 开启了
重绑定保护不能通过内网与本地访问该服务,默认拒绝解析包含私有IP地址的域名.如果打开了no-resolv,同时又不设置resolv-file的话,dnsmasq就会找不到默认的dns服务器来解析xx.com域名,如果你的代理服务器正好属于这类域名,将导致你无法连接到你的服务器.1
2
3
4
5
6
7
8
9
10
11server=/.google.com/127.0.0.1#5053
server=/.gstatic.com/127.0.0.1#5053
server=/.googleusercontent.com/127.0.0.1#5053
server=/.appspot.com/127.0.0.1#5053
server=/.googlecode.com/127.0.0.1#5053
server=/.googleapis.com/127.0.0.1#5053
server=/.gmail.com/127.0.0.1#5053
server=/.google-analytics.com/127.0.0.1#5053
server=/.youtube.com/127.0.0.1#5053
server=/.blogspot.com/127.0.0.1#5053
server=/.blogger.com/127.0.0.1#5053 - DNS测试,
https://www.dnsleaktest.com,http://entropy.dns-oarc.net/test/,https://dnssec.vs.uni-due.de/
转发到内网服务
1 | root@OpenWrt:~# cat /etc/config/firewall |
- 如果要用到
IPv6端口转发,要选择安装Kernel Modules --> Netfilter Extensions --> kmod-ipt-nat6,否则会有下面提示错误:1
2
3
4
5
6
7root@OpenWrt:~# /etc/init.d/firewall restart
[...]
* Rule 'camera'
! Skipping due to different family of ip address
[...]
* Running script '/etc/firewall.ss-rules'
ss-rules: Skipping ipv6. Requires ip6tables-mod-nat
其它个性化配置
安装shadowsocks-libev
1
2
3
4
5
6
7
8
9
10
11
12LuCI-> 3. Applications -> luci-app-shadowsocks-libev
-> luci-app-adblock
-> luci-app-simple-adblock
-> luci-app-https-dns-proxy
-> luci-app-shadowsocks-libev
[...]
Network-> Web Servers/Proxies
^ -> shadowsocks-libev-ss-local
-> shadowsocks-libev-ss-redir
-> shadowsocks-libev-ss-rules
-> shadowsocks-libev-ss-server
-> shadowsocks-libev-ss-tunnel使用
luci-app-https-dns-proxy要特别意,选择后备服务器如:谷歌的/usr/sbin/https-dns-proxy -a 127.0.0.1 -p 5053 -b 8.8.8.8,8.8.4.4 -r https://dns.google/dns-query -u nobody -g nogroup -4,一定要有一个可用的https_proxy服务器,不然它会占用很高的CPU,使用socks5代理也不行.要在/etc/config/https-dns-proxy加上一行,如:option proxy_server 'http:127.0.0.1:1080',然而Cloudflare运行的很好,不需要代理也行.
1 | ~# nslookup openwrt.org 127.0.0.1 |
- 添加
ChinaDNS支持,参照这里ChinaDNS,这个项目因为很久没有更新,所以要谨慎使用吧.首先进入到openwrt源码目录里,执行下面命令.1
2
3
4
5
6
7~$ cd openwrt
~$ pushd package
~$ git clone https://github.com/clowwindy/ChinaDNS.git
~$ popd
~$ make menuconfig # 选择 Network/ChinaDNS,可以选择成M或者Y.
~$ make -j
~$ make V=99 package/ChinaDNS/openwrt/compile
WireGuard支持
-
1
2Kernel modules -> Network Support -> kmod-wireguard
LuCI-> 3. Protocols -> luci-proto-wireguard 安装完成后,进入到路由器
Shell里生成公私钥,1
2
3~$ ssh root@192.168.1.1
~$ mkdir /etc/wireguard/ && cd /etc/wireguard
~$ wg genkey | tee privatekey | wg pubkey > publickey再进入到路由器的WEB界面,这里演示的是把
openwrt路由器做为一个客户端Peer示例.打开Network->Interaces菜单,新建一个接口,协议选择WireGuard VPN,输入一个名字后点击新建,Private key就填入上面的privatekey里的内容,IP Addresses填入一个VPN的内网地址段如:172.16.0.5/24,再打开Peer选项,添加一个Peer.Public Key是对端服务器端的Public key,Allowed IPs写入172.16.0.5/24,Endpoint Host就是对端服务器IP或域名,Endpoint Port默认是51820,Persistent Keep Alive建议写25如果在一个NAT后面的话,点击保成并使配置生效.还要在防火墙上加一条规则:
WAN口端任何源端口是51820来的访问都要接受.
添加 USB WIFI [Atheros AR9170+AR9101] 支持(非必需)
1 | Bus 001 Device 003: ID 0846:9001 NetGear, Inc. WN111(v2) RangeMax Next Wireless [Atheros AR9170+AR9101] |
- 支持
WN111(v2)网卡的选项, Kernel modules -> Wirless Drivers1
2
3
4
5
6
7
8
9
10[...]
-*- kmod-ath...................................... Atheros common driver part -->
[*] Force Atheros drivers to respect the user\'s regdomain settings
[*] Atheros wireless debugging # 这里为可选.
[*] Enable DFS support
[*] Atheros spectral scan support
[...]
#下面这两项为必选
<*> kmod-ath9k-htc........................ Atheros 802.11n USB device support
<*> kmod-carl9170....................... Driver for Atheros AR9170 USB sticks
mt7601u
编译,刷机
- 如果原来镜像,有选择编译了
Luci->Modules->luci-mode-failsafe模块时,可以通过路由器界面上的failsafe上传更新.刷新前最好下载备份(如:backup-OpenWrt-2020-03-24.tar.gz)路由器的配置,如果上传备份文件重启之后不生效的话,可以把它解压出来是一个etc目录,使用rsync etc route:/.
1 | $ make -j1 V=s # 可以详细输出编译日志 |
单独编译一个包
- 有时在编译openwrt时忘记勾选某个功能包时,可以在不需要重新编译整个系统时单独增量编译一个包.
1
2~$ cd openwrt
~$ make menuconfig # 用<M>选择需要编译的包.
备份,恢复
1 | ~# cat /proc/mtd |
备份自定义系统信息,包括新安装的软件
1
~# dd if=/dev/mtd6 of=/mnt/overlay.bin
恢复备份设置
1
~# mtd -r write /mnt/overlay.bin rootfs_data
仅备份/恢复系统设置
1
2
3~# sysupgrade -b /mnt/back.tar.gz
# restore
~# sysupgrade -r /mnt/back.tar.gz恢复默认设置
1
2
3~# rm -rf /overlay/* && reboot
# or
~# mtd -r erase rootfs_data修改系统配置文件,如:
net.netfilter.nf_conntrack_max=16384,默认最大连接数是16k,如果下BT肯定是不够的.因此这里要修改成64k,不能修改/etc/sysctl.d/11-nf-conntrack.conf,因为重启后又恢复到16k,因该修改成如下:1
2
3~$ cat /overlay/upper/etc/sysctl.conf
# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
net.netfilter.nf_conntrack_max=65535
通过curl访问控制ubus
- ubus
1
2
3
4
5
6
7
8
9
10
11
12
13read -p 'Login Name:' username
read -sp 'Login Password:' password
echo
LOGIN="{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"call\",\"params\":[\"00000000000000000000000000000000\",\"session\",\"login\",{\"username\":\"$username\",\"password\":\"$password\"}]}"
ROUTE_URL='https://192.168.1.1/ubus'
SESSION=`curl -k -d $LOGIN $ROUTE_URL | jq '.result[1].ubus_rpc_session'`
PPPOE_RESTART="[{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"call\",\"params\":[$SESSION,\"file\",\"exec\",{\"command\":\"/sbin/ifup\",\"params\":[\"lan\"],\"env\":null}]},{\"jsonrpc\":\"2.0\",\"id\":43,\"method\":\"call\",\"params\":[$SESSION,\"file\",\"exec\",{\"command\":\"/sbin/ifup\",\"params\":[\"wan\"],\"env\":null}]}]"
READ_BLACKLIST="{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"call\",\"params\":[$SESSION,\"file\",\"read\",{\"path\":\"/etc/adblock/adblock.blacklist\"}]}"
# curl -k -d $PPPOE_RESTART $ROUTE_URL
# jq can encode for @sh @json @text @csv @tsv @uri
JSONRPC=$(echo $READ_BLACKLIST | jq -cRr @text)
# echo $JSONRPC
curl -s -k -d "$JSONRPC" $ROUTE_URL
IPv6应用支持
- IPv6
- fw3 IPv6 configuration examples
- DNS and DHCP configuration examples
- UCI系统接口
- 因为每一个主机都能够获得一个公共的
IPv6的地址,可以把内部服务转发去,可以P2P直连,可以应用到IPv4中需要用NAT穿透的场景应用.
IPv6-PD模式
- 在
pppoe拨号成功,会创建一个WAN_6的接口,同时会从ISP获得一个IPv6公网地址与IPv6-PD的前缀.同时在防火墙里有几条规则是可以让内网的机器可以获得ISP的分配的公网地址,同时可以直接从公网ping6到内网的公网IPv6的址.
1 | root@OpenWrt:~# uci show firewall |
- 转发内网服务,下面这条规则相当于,是开放
lan里的所有ipv6的8888端的tcp访问.这条规规还可以限定dest_ip,但是这个IPv6-PD是在一定时间后或重启后动态改变的,IPv6-PD改变之后这条规则就失效了.
1 | config rule |
NAT6模式
修改ULA前缀参数
- 修改
ULA-Prefix,这个不是必需的,只是为了与内部地址区分开来.从Luci界面操作就是打开Network-->Interfaces-->Global network options-->IPv6 ULA-Prefix,把第一个fd0c:xxxx:xxxx::/48这样的字串,最前面那个f->d.uci命令行接口操作如下:
1 | root@OpenWrt:~# uci set network.globals.ula_prefix="$(uci get network.globals.ula_prefix | sed -e "s/^./d/")" |
修改DHCPv6参数
- 打开
Interfaces->Interfaces->LAN->DHCP Server->IPv6 Settings.DHCPv6-Service改选成disabled.NDP-Proxy改选成disabled.- 勾选上
Always announce default router.保存并应用.
- uci本看显示如下所示:
1
2
3
4
5
6
7
8
9
10
11
12root@OpenWrt:~# uci show dhcp.lan
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.ra='server'
dhcp.lan.ra_slaac='1'
dhcp.lan.ra_flags='managed-config' 'other-config'
dhcp.lan.ra_default='1'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra_management='1'
NAT6转发脚本(用处不大)
- 它的规则与原理与nat差不多,用的是
ip6tables.具体可以参照NAT6 and IPv6 masquerading官方文档.
编译其它未支持的网卡驱动(加载出错)
- 这里尝式编译一个
Bus 001 Device 003: ID 0bda:0811 Realtek Semiconductor Corp.驱动,使用的源码是aircrack-ng/rtl8812au
1 | ~$ git clone https://github.com/aircrack-ng/rtl8812au |
DNS配置篇
https-dns-proxy
- 安装完成
https-dns-proxy,添加一个实例(instances),如果update_dnsmasq_config='*',它会自动去更新覆盖dnsmasq区域的配置.如果选择DnsPod.cn,AliDNS这样的Resolver直接可以用,如果其它的可以配置代理proxy_server='socks5://192.168.1.1:1080',前提是,确保代理可以正常连接使用.
1 | ~$ uci show https-dns-proxy |
- 崩溃错误
1
2
3
4Sun May 30 19:01:37 2021 kern.info kernel: [ 1121.538642] do_page_fault(): sending SIGSEGV to https-dns-proxy for invalid read access from 3b303000
Sun May 30 19:01:37 2021 kern.info kernel: [ 1121.548165] epc = 00402689 in https-dns-proxy[400000+5000]
Sun May 30 19:01:37 2021 kern.info kernel: [ 1121.553786] ra = 00402679 in https-dns-proxy[400000+5000]
Sun May 30 19:01:37 2021 daemon.info procd: Instance https-dns-proxy::instance1 s in a crash loop 6 crashes, 108 seconds since last crash
dnscrypt-proxy篇
- 安装
dnscrypt-proxy,创建一个服务实例,选择一个合适的resolver,这里设置当wan_6就绪后启动,查看一下启动日志是否连接正常.配置完成应用后,它会去自动更新dnsmasq里的DNS forwarding服务器,也就是说,点击Save& Apply后,它会把https-dns-proxy里的list server '127.0.0.1#5053设置清掉,反过来也是一样,所以如果要同时使用https-dns-proxy,dnscrypt-proxy配置完成一个,要把另一个手动加入到dnsmasq的list server里.
1 | uci show dnscrypt-proxy |
- 查看启动日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21Sun May 30 17:00:07 2021 daemon.info dnscrypt-proxy[3601]: dnscrypt-proxy Refetching server certificates
Sun May 30 17:00:07 2021 daemon.info dnscrypt-proxy[3601]: dnscrypt-proxy Server certificate with serial #1 received
Sun May 30 17:00:07 2021 daemon.info dnscrypt-proxy[3601]: dnscrypt-proxy This certificate is valid
Sun May 30 17:00:07 2021 daemon.info dnscrypt-proxy[3601]: dnscrypt-proxy Chosen certificate #1 is valid from [2021-05-30] to [2021-05-31]
Sun May 30 17:00:07 2021 daemon.info dnscrypt-proxy[3601]: dnscrypt-proxy Using version 2.0 of the DNSCrypt protocol
Sun May 30 17:00:07 2021 daemon.info dnscrypt-proxy[3601]: dnscrypt-proxy Server key fingerprint is 5C20:893F:7DCA:78BF:D98D:D412:6EC0:3C4D:D5CC:B3E1:EB3C:16A4:A464:DD12:1334:F04B
Sun May 30 17:04:39 2021 daemon.notice dnscrypt-proxy[3601]: dnscrypt-proxy Stopping proxy
Sun May 30 17:04:39 2021 daemon.info dnscrypt-proxy[3601]: dnscrypt-proxy UDP listener shut down
Sun May 30 17:04:39 2021 daemon.info dnscrypt-proxy[3601]: dnscrypt-proxy TCP listener shut down
Sun May 30 17:04:40 2021 user.info : dnscrypt-proxy + DNS Security Extensions are supported
Sun May 30 17:04:40 2021 user.info : dnscrypt-proxy + Provider supposedly doesn\'t keep logs
Sun May 30 17:04:40 2021 daemon.notice dnscrypt-proxy[29586]: dnscrypt-proxy Starting dnscrypt-proxy 1.9.5
Sun May 30 17:04:40 2021 daemon.info dnscrypt-proxy[29586]: dnscrypt-proxy Generating a new session key pair
Sun May 30 17:04:40 2021 daemon.info dnscrypt-proxy[29586]: dnscrypt-proxy Done
Sun May 30 17:04:40 2021 daemon.info dnscrypt-proxy[29586]: dnscrypt-proxy Server certificate with serial #1 received
Sun May 30 17:04:40 2021 daemon.info dnscrypt-proxy[29586]: dnscrypt-proxy This certificate is valid
Sun May 30 17:04:40 2021 daemon.info dnscrypt-proxy[29586]: dnscrypt-proxy Chosen certificate #1 is valid from [2021-05-30] to [2021-05-31]
Sun May 30 17:04:40 2021 daemon.info dnscrypt-proxy[29586]: dnscrypt-proxy Using version 2.0 of the DNSCrypt protocol
Sun May 30 17:04:40 2021 daemon.info dnscrypt-proxy[29586]: dnscrypt-proxy Server key fingerprint is 5C20:893F:7DCA:78BF:D98D:D412:6EC0:3C4D:D5CC:B3E1:EB3C:16A4:A464:DD12:1334:F04B
Sun May 30 17:04:40 2021 daemon.notice dnscrypt-proxy[29586]: dnscrypt-proxy Proxying from 127.0.0.1:6353 to 51.158.166.97:443
加速国内DNS分流解析
首先是从felixonmars/dnsmasq-china-list下载源码,把
dnsmasq-china-list/*.conf复制到路由器内的/etc/dnsmasq.d目录下,这里刚好对应如下设置:1
2
3
4~$ mkdir /etc/dnsmasq.d
~$ uci set dhcp.@dnsmasq[0].confdir='/etc/dnsmasq.d'
~$ uci show dhcp.@dnsmasq[0].confdir
dhcp.cfg01411c.confdir='/tmp/dnsmasq.d'加入这些配置的原理是,这些配置文件是一些,如:
server=/0-100.com/114.114.114.114与bogus-nxdomain=123.125.81.12的dnsmasq配置参数项,众人维护的一个静态条目列表,把它用一种包含(include)的方式,加入dnsmasq配置文件里.所以dnsmasq启动时会看到如下:1
2
3
4~$ logread
Sun May 30 18:14:31 2021 daemon.info dnsmasq[13226]: using nameserver 114.114.114.114#53 for domain doubleclick.net
Sun May 30 18:14:34 2021 daemon.info dnsmasq[13226]: using 69201 more nameservers
dnsmasq配置
dnsmasq配置最终如下,加入一些静态的服务器列表配置项,指定两个list server实例.1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19~$ cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option nohosts '1'
option serversfile '/tmp/dnsmasq.d/adb_list.overall'
option rebind_protection '0'
list interface 'br-lan'
option confdir '/etc/dnsmasq.d/'
list server '127.0.0.1#5053'
list server '127.0.0.1#6353'dnsmasq遇到OOM-kill.参照OOM invoked with plenty of free swap,设置vm.min_free_kbytes = 2048,原来是1638416M,本机内存是256MB.
1 | [ 1543.949424] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),global_oom,task_memcg=/,task=dnsmasq,pid=14453,uid=453 |
golang 编译
1 | $ export GO111MODULE=on |
1 | ~$ CGO_CFLAGS="-Os -pipe -mno-branch-likely -mtune=24kc -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -go-0.4.3 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro" |
802.11s Mesh网络
- 下面是描述如何让一台AP做为扩展AP节点,扩展的意思是扩展信号覆盖的面积.两台路由器都是
OpenWrt系统.使用5G来做MESH网络.
主路由节点
- 主路由节点网关是
newifi y1s,带有5G/2.4G双频,做为网关.先要添加一个wireless接口,有三种方法:通过luci图形界面,使用命令行uci,直接在/etc/config/wireless里添加.下面是通过UCI接口的示例.
1 | ~$ uci set wireless.mesh0='wifi-iface' |
- 如上所示,MESH网络配置有几个要注意的点,节点之间的
channel,mesh_id,key,encryption必须是一致,才能相互通信.这边是把它桥接到lan网络区域,勾选设置Network -> Interface -> LAN -> Physical Settings里面的Enable STP与Enable IGMP snooping两项. - 节点之间的
key最好是使用xxd -l 16 -p /dev/random这种方式生成.
扩展节点
扩展也是添加相同的接口,这里是使用
LUCI添加的,查看配置如下:1
2
3
4
5
6
7
8
9
10~$ uci show wireless.wifinet2
wireless.wifinet2=wifi-iface
wireless.wifinet2.device='radio0'
wireless.wifinet2.mode='mesh'
wireless.wifinet2.mesh_id='homemesh0'
wireless.wifinet2.mesh_fwding='1'
wireless.wifinet2.mesh_rssi_threshold='0'
wireless.wifinet2.encryption='sae'
wireless.wifinet2.key='<your passwd>'
wireless.wifinet2.network='lan'如上所示,该接点也是桥接到
lan网络,这里设置lan与主节点稍有不同,主节点lan地址是192.168.1.1,所以这里指定扩展节点的lan为静态地址:192.168.1.2,并把网关指向192.168.1.1,屏蔽lan上的DHCP Server. 选上Ignore Interface.设置如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29~# uci show network.lan
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.2'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.gateway='192.168.1.1'
network.lan.stp='1'
network.lan.igmp_snooping='1'
~# uci show dhcp.lan
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.dhcpv4='server'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_slaac='1'
dhcp.lan.ra_flags='managed-config' 'other-config'
dhcp.lan.ra_management='1'
dhcp.lan.ignore='1'
~# uci show dhcp.mesh
dhcp.mesh=dhcp
dhcp.mesh.interface='mesh'
dhcp.mesh.start='100'
dhcp.mesh.limit='150'
dhcp.mesh.leasetime='12h'默认
OpenWrt里的wifi-iface都是桥接到lan的,所以整体示意图如下:1
2
3
4
5
6
7
AP(5G) AP(5G)
^ ^
| |
WAN <---> LAN(192.168.1.1) LAN(192.168.1.2)
| |
+---(homemesh0)-------------(homemesh0)--+当两个节点连接成功时,可以使用
iw dev wifinet2 station dump查看连接的详情.但是我边里没有成功,而且我用的版本是master最新的.iw: use correct type in policy check for mesh
1
2~$ iw dev mesh0 station dump
failed to parse nested attributes!查看
wifi状态1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43wifi status
{
"radio0": {
"up": true,
"pending": false,
"autostart": true,
"disabled": false,
"retry_setup_failed": false,
"config": {
"hwmode": "11a",
"path": "pci0000:00/0000:00:00.0/0000:01:00.0",
"htmode": "VHT80",
"cell_density": 0,
"channel": "36"
},
"interfaces": [
{
"section": "wifinet2",
"ifname": "mesh0",
"config": {
"mode": "mesh",
"mesh_id": "homemesh0",
"mesh_fwding": true,
"mesh_rssi_threshold": 0,
"encryption": "sae",
"key": "<your passwd>",
"ifname": "mesh0",
"mode": "mesh",
"network": [
"lan"
]
},
"vlans": [
],
"stations": [
]
},
{
"section": "wifinet3",
"ifname": "wlan0-1",
[...]
B.A.T.M.A.N网络
- B.A.T.M.A.N
- B.A.T.M.A.N. OpenWrt configuration
- 关联到
Batman-adv接口1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42uci set network.bat0="interface"
uci set network.bat0.proto="batadv"
uci set network.bat0.routing_algo="BATMAN_IV"
uci set network.bat0.aggregated_ogms=1
uci set network.bat0.ap_isolation=0
uci set network.bat0.bonding=0
uci set network.bat0.gw_mode="off"
uci set network.bat0.log_level=0
uci set network.bat0.orig_interval=1000
uci set network.bat0.bridge_loop_avoidance=1
uci set network.bat0.distributed_arp_table=1
uci set network.bat0.multicast_mode=1
uci set network.bat0.network_coding=0
uci set network.bat0.hop_penalty=30
uci set network.bat0.isolation_mark="0x00000000/0x00000000"
uci set network.nwi_mesh0="interface"
uci set network.nwi_mesh0.mtu=1536
uci set network.nwi_mesh0.proto="batadv_hardif"
uci set network.nwi_mesh0.master="bat0"
uci set network.bat0_hardif_eth0="interface"
uci set network.bat0_hardif_eth0.mtu=1536
uci set network.bat0_hardif_eth0.proto="batadv_hardif"
uci set network.bat0_hardif_eth0.master="bat0"
uci set network.bat0_hardif_eth0.ifname="eth0"
uci set network.bat0_hardif_eth0.elp_interval=500
uci set network.bat0_hardif_eth0.hop_penalty=15
uci set network.bat0_hardif_eth0.throughput_override="1mbit"
uci set network.bat0_lan="interface"
uci set network.bat0_lan.proto="static"
uci set network.bat0_lan.ipaddr="10.0.10.1"
uci set network.bat0_lan.netmask="255.255.255.0"
uci set network.bat0_lan.ip6assign=60
uci set network.my_bat_vlan1="interface"
uci set network.my_bat_vlan1.proto="batadv_vlan"
uci set network.my_bat_vlan1.ipaddr="bat0.1"
uci set network.my_bat_vlan1.ap_isolation=1
uci commit network - 这里按照上面文档,测试了一下配置,但是没得到预期的结果,同时对它的理解,使用场景不清楚.
路由漫游
- Enabling 802.11r (Fast Roaming/Transition) on OpenWRT
- Home WiFi Setup With 802.11s (Meshing) And 802.11r (Roaming)
- 在一些大的面积区域内,实现不同AP间的无缝漫游切换,一般是使用网线连接AP到不同位置,它的主副配置跟上面的
MESH一样,每一个AP需要一个内网IP,并且每一个AP的网关要指向主路由网关.下面主要是讲802.11r漫游的配置,它们之间的通信是MESH网络,等同于网线吧.
主节点路由网关
配置里的
NAS ID,R1 Key Holder都使用该接口的BSSID去除:的6字节.r0kh的配置:1
2
3MAC,MAC除去:号,16字节密鈅
'22:76:93:XX:XX:XX,227693XXXXXX,465f4da81a559fbaa41ab6fba36df0fc'
'22:76:93:XX:XX:XX,227693XXXXXX,465f4da81a559fbaa41ab6fba36df0fc'r1kh的配置:1
2
3MAC,MAC,16字节密鈅
'22:76:93:XX:XX:XX,22:76:93:XX:XX:XX,465f4da81a559fbaa41ab6fba36df0fc'
'22:76:93:XX:XX:XX,22:76:93:XX:XX:XX,465f4da81a559fbaa41ab6fba36df0fc'
1 | ~# uci show wireless.wifinet2 |
扩展节点
1 | ~# uci show wireless.wifinet3 |
- 错误设置,会造成
radioX接口无法启动1
2
3
4
5
6
7
8Sun May 16 22:03:06 2021 daemon.notice hostapd: Configuration file: /var/run/hostapd-phy0.conf (phy wlan0-1) --> new PHY
Sun May 16 22:03:06 2021 daemon.err hostapd: Invalid R0KH MAC address: '22:76:93:XX:XX:XX'
Sun May 16 22:03:06 2021 daemon.err hostapd: Invalid R0KH MAC address: '22:76:93:XX:XX:XX'
Sun May 16 22:03:06 2021 daemon.err hostapd: Invalid R1KH MAC address: '22:76:93:XX:XX:XX'
Sun May 16 22:03:06 2021 daemon.err hostapd: Invalid R1KH MAC address: '22:76:93:XX:XX:XX'
Sun May 16 22:03:06 2021 daemon.err hostapd: 4 errors found in configuration file '/var/run/hostapd-phy0.conf'
Sun May 16 22:03:06 2021 daemon.err hostapd: Failed to set up interface with /var/run/hostapd-phy0.conf
Sun May 16 22:03:06 2021 daemon.notice netifd: radio0 (8461): Command failed: Invalid argument
tcpdump & wireshark
My desktop linux has install the wireshark, start following shell command first.
1 | ~$ nc -l 36000 |sudo wireshark -k -i - |
- And then running the following the shell command into the openwrt device.
1 | ~$ tcpdump -s 0 -i <DEVICE: etc eth0,> -U -w - | nc <my desktop linux ip> 36000 |
- The wireshark will receive data from pipeline.
错误
- 更新后
Web界面出现如下错误:1
2
3
4
5/usr/lib/lua/luci/dispatcher.lua:427: /etc/config/luci seems to be corrupt, unable to find section 'main'
local function determine_request_language()
local conf = require "luci.config"
assert(conf.main, "/etc/config/luci seems to be corrupt, unable to find section 'main'")
总结
- 烧写好固件,路由器的网关为
192.168.1.1, 密码:无. 另外要注的是,如果要使用2.4G 11N的模式,一定把Allow legacy 802.11b rates 默认勾选去掉,不然会出现能连接不能上网的问题,它位于 UCI Wireless 编辑里的Device Configuration->Advanced Settings.或者这样说吧,把所有的 AP 里的Allow legacy 802.11b rates 勾选去掉,但是这个选项在chaos_calmer这个旧的稳定版里没有的.联想 newifi y1s 2.4G 里如果不把上面这个勾选去掉,内核会一直报错ieee80211 phy3: rt2x00queue_write_tx_frame: Error - Dropping frame due to full tx queue 2,困扰我很久的问题.
歌华路由
下载最新的
Breed在Bootloader,breed-mt7621-gehua-ghl-r-001.bin,再通过
telenet或者ssh进入到路由里查看它的分区表。
1 | ~$ cat /proc/mtd |
- 上传
breed-mt7621-gehua-ghl-r-001.bin到路由器里/tmp. 再使用mtd或者mtd_write进行直接烧写。
1 | ~$ mtd_write write -r /tmp/breed-mt7621-gehua-ghl-r-001.bin Bootloader |
- 如果出现如下面的分区表,也就是没有看到有
Bootloader,需要对它进行降级(降低固件版本)。
1 | ~# cat /proc/mtd |
烧写完成后会自动重启。
编译含有
golang相关的,需要开启代理.export GOPROXY=https://goproxy.cn,direct.否则可能编译失败或者和很慢。烧入
openwrt后的网络如下。
1 | root@OpenWrt:~# brctl show |
谢谢支持
- 微信二维码:
- 联系作者 yjdwbj@gmail.com
