Differences

This shows you the differences between two versions of the page.

--- linux:openwrt [2017/01/31 12:53] – niziak
+++ linux:openwrt [2021/03/05 14:09] (current) – niziak
@@ Line 1: / Line 1: @@
+====== OpenWRT ======
 ====== First steps ======
 To use SSH, first telnet to router and set root password.
@@ Line 21: / Line 23: @@
 Better is to create second OpenWRT interface "WAN2" but assign it to firewall zone "WAN".
-To use other external IP firewall needs to be configured manually by /etc/firewall.user
+To use other external IP firewall needs to be configured manually by:
+<file bash | /etc/firewall.user>
+iptables -A input_wan_rule -d $WAN2_NET/29 -j reject
+iptables -t nat -A prerouting_wan_rule -p tcp -d $WAN2_IP3 --dport 80  -j DNAT --to-destination 192.168.0.90:80  -m comment --comment "Web server"
+# goal is to do not pass into default WAN rules
+iptables -t nat -A prerouting_wan_rule -d $WAN2_NET/29 -j ACCEPT
+</file>
-====== OpenVPN ======
+====== PXE boot ======
-<code bash>opkg install openvpn-openssl luci-app-openvpn openvpn-easy-rsa</code>
+<file | /etc/dnsmasq.conf>
-Enable incoming OpenVPN connections:
+# set tag "ENH" if request comes from iPXE ("iPXE" user class)
+dhcp-userclass=set:ENH,iPXE
-<code bash>
+# alternative way, look for option 175
-uci add firewall rule
+#dhcp-match=set:ENH,175
-uci set firewall.@rule[-1]._name=openvpn
-uci set firewall.@rule[-1].src=wan
-uci set firewall.@rule[-1].target=ACCEPT
-uci set firewall.@rule[-1].proto=udp
-uci set firewall.@rule[-1].dest_port=1194
-uci commit firewall
-echo "iptables -I OUTPUT -o tap+ -j ACCEPT" >> /etc/firewall.user
+# UNDI
-echo "iptables -I INPUT -i tap+ -j ACCEPT" >> /etc/firewall.user
+dhcp-boot=tag:!ENH,netboot.xyz-undionly.kpxe,myserver,192.168.0.231
-echo "iptables -I FORWARD -o tap+ -j ACCEPT" >> /etc/firewall.user
-echo "iptables -I FORWARD -i tap+ -j ACCEPT" >> /etc/firewall.user
-</code>
-<code bash>
+# PXE
-mkdir -o /etc/openvpn
+dhcp-boot=tag:ENH,netboot.xyz.kpxe,myserver,192.168.0.231
-uci set openvpn.uservpn=openvpn
+</file>
-uci set openvpn.uservpn.config=/etc/openvpn/user-vpn.conf
-uci set openvpn.uservpn.enable=1
-uci commit openvpn
-</code>
-cat > /etc/openvpn/user-vpn.conf
-   port 1194
-   proto udp
-   dev tap0
-   keepalive 10 120
-   status /tmp/openvpn-status.log
-   verb 3
-   secret /etc/openvpn/secret.key
-Add VPN to local LAN bridge:
-<code bash>
+====== Backup ======
-cat > /etc/init.d/openvpn-bridge
+[[https://wiki.openwrt.org/doc/howto/generic.backup]]
-#!/bin/sh /etc/rc.common
-    START=94
-    start() {
-        openvpn --mktun --dev tap0
-        brctl addif br-lan tap0
-        ifconfig tap0 0.0.0.0 promisc up
-    }
-    stop() {
-        ifconfig tap0 0.0.0.0 down
-        brctl delif br-lan tap0
-        openvpn --rmtun --dev tap0
-    }
+====== Periodic reboot ======
-chmod 755 /etc/init.d/openvpn-bridge
+===== cron job =====
-/etc/init.d/openvpn-bridge enable
+<code>
-/etc/init.d/openvpn-bridge start
+# Reboot at 4:30am every day
+# Note: To avoid infinite reboot loop, wait 70 seconds
+# and touch a file in /etc so clock will be set
+# properly to 4:31 on reboot before cron starts.
+4 * * * sleep 70 && touch /etc/banner && reboot
 </code>
-<code bash>
+or independent on system time
-openvpn --genkey --secret /etc/openvpn/secret.key
+<code>
+4 * * *  [ $( cat /proc/uptime | cut -d '.' -f 1 ) -gt 3600 ] && reboot
 </code>
-Start VPN:
+===== watchcat =====
 <code bash>
-/etc/init.d/openvpn enable
+opkg install watchcat luci-app-watchcat
-/etc/init.d/openvpn start
 </code>
+And ''luci'' menu will be available under ''Services''
 ====== Issues ======

Tools

menus and quick search

quick search

site status

Page Tools

meta data for this page

Differences