I'm going to use TP-Link TL-WR1043ND wifi router with small 64MB USB stick [/dev/sda1] containing ext2 partition. I plan to have some stats on the USB stick and simple html pages as well.
After flashing the original firmware with openwrt-ar71xx-tl-wr1043nd-v1-squashfs-factory.bin I installed the kernel related packages and extroot:
(if you have OpenWRT already installed use: mtd -e firmware -r write /www2/openwrt-ar71xx-tl-wr1043nd-v1-squashfs-sysupgrade.bin firmware)
telnet 192.168.1.1
passwd
opkg update
opkg install block-hotplug block-extroot kmod-fs-ext4 kmod-usb-storage
uci set system.@system[0].hostname=openwrt
uci set system.@system[0].timezone=CET-1CEST,M3.5.0,M10.5.0/3
uci set system.@system[0].timezone=CET-1CEST,M3.5.0,M10.5.0/3
uci set system.@system[0].log_file=/etc/messages
uci set system.@system[0].log_size=1024
uci set system.@system[0].log_type=file
uci set fstab.@mount[0].device=/dev/sda1
uci set fstab.@mount[0].fstype=ext4
uci set fstab.@mount[0].options=rw,sync
uci set fstab.@mount[0].enabled=1
uci set fstab.@mount[0].enabled_fsck=0
uci set fstab.@mount[0].is_rootfs=1
uci set dropbear.@dropbear[0].Port=2222
uci add firewall rule
uci set firewall.@rule[-1].name=ssh
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].dest_port=2222
uci add firewall rule
uci set firewall.@rule[-1].name=iodined
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=udp
uci set firewall.@rule[-1].dest_port=53
uci add firewall rule
uci set firewall.@rule[-1].name=snmp
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=udp
uci set firewall.@rule[-1].dest_port=161
uci add firewall rule
uci set firewall.@rule[-1].name=http_ser
uci set firewall.@rule[-1].src=lan
uci set firewall.@rule[-1].dst=wan
uci set firewall.@rule[-1].src_ip=192.168.0.0/24
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].dest_port=80
uci set wireless.@wifi-iface[-1].ssid=ser
uci set wireless.@wifi-iface[-1].encryption=psk2
uci set wireless.@wifi-iface[-1].key=xxxxxxxx
uci set wireless.radio0.channel=3
uci set wireless.radio0.htmode=HT40
uci del wireless.@wifi-device[0].disabled
uci set network.lan.ipaddr=192.168.0.1
uci set dhcp.@dnsmasq[0].domain=ser.no-ip.org
uci set dhcp.@dnsmasq[0].leasefile=/etc/dnsmasq-dhcp.leases
uci set dhcp.@dnsmasq[0].port=0
uci set dhcp.@dnsmasq[0].cachelocal=0
uci set dhcp.lan.dhcp_option=6,8.8.8.8
uci set dhcp.lan.start=200
uci set dhcp.lan.limit=254
uci add dhcp host
uci set dhcp.@host[-1].name=ruz
uci set dhcp.@host[-1].ip=192.168.0.2
uci set dhcp.@host[-1].mac=XX:XX:XX:XX:XX:XX
Configure the ssh to enable autologin:
scp $HOME/.ssh/id_rsa.pub root@192.168.1.1:/tmp/authorized_keys
ssh root@192.168.1.1
cp /tmp/authorized_keys /etc/dropbear/authorized_keys
chmod 600 /etc/dropbear/authorized_keys
Install few applications:
opkg update
opkg install --force-overwrite htop less openssh-sftp-server tcpdump wget-nossl
Configure ssmtp for the outgoing emails:
opkg install msmtp-nossl
sed -i 's/^\(host\).*/\1 smtp.XXXXXX.cz/' /etc/msmtprc
cat >> /etc/msmtprc << EOF
auto_from on
maildomain ser.no-ip.org
EOF
sed -i '/^exit 0/i echo -e "Subject: Reboot `uci get system.@system[0].hostname`\\n\\nOpenwrt rebooted: `date`\\n\\n`grep -B 50 \\"syslogd started\\" /etc/messages`" | sendmail petr.ruzicka@gmail.com' /etc/rc.local
Configure DDNS:
opkg install luci-app-ddns
uci set ddns.myddns.enabled=1
uci set ddns.myddns.service_name=no-ip.com
uci set ddns.myddns.domain=ser.no-ip.org
uci set ddns.myddns.username=ruz
uci set ddns.myddns.password=XXXXXXXXXXX
Install snmpd:
opkg install mini-snmpd
uci set mini_snmpd.@mini_snmpd[0].interfaces=lo,br-lan,eth0.2,eth0.1
uci set mini_snmpd.@mini_snmpd[0].community=OpenWrt
uci set mini_snmpd.@mini_snmpd[0].location='Ser'
uci set mini_snmpd.@mini_snmpd[0].contact='Ser'
uci set mini_snmpd.@mini_snmpd[0].disks='/tmp,/overlay'
/etc/init.d/mini_snmpd enable
Configure TFTPboot and dnsmasq script:
mkdir /tftpboot
wget -P /tftpboot http://static.netboot.me/gpxe/netbootme.kpxe
uci set dhcp.@dnsmasq[0].enable_tftp=1
uci set dhcp.@dnsmasq[0].tftp_root=/tftpboot
uci set dhcp.@dnsmasq[0].dhcp_boot=netbootme.kpxe
echo "dhcp-script=/etc/dnsmasq-script.sh" >> /etc/dnsmasq.conf
cat > /etc/dnsmasq-script.sh << \EOF
#!/bin/sh
/bin/echo `/bin/date +"%F %T"` $* >> /www2/dnsmasq.script.log
if [ "$1" == "add" ] && ! grep -iq $2 /etc/config/dhcp; then
echo -e "Subject: New MAC on `uci get system.@system[0].hostname`.`uci get dhcp.@dnsmasq[0].domain`\\n\\n`/bin/date +"%F %T"` $*" | sendmail petr.ruzicka@gmail.com
fi
EOF
chmod a+x /etc/dnsmasq-script.sh
Configuration of iodined server (dns-tunelling)
opkg install iodined
uci set iodined.@iodined[0].address=XX.XXX.XX.XX
uci set iodined.@iodined[0].password=XXXXXXXX
uci set iodined.@iodined[0].tunnelip=192.168.99.1
uci set iodined.@iodined[0].tld=tunnel.XXXXX.cz
/etc/init.d/iodined enable
Configure httpd daemon for the "/www2":
opkg install px5g uhttpd-mod-tls
uci del uhttpd.main.listen_http
uci set uhttpd.px5g.days=3650
uci set uhttpd.px5g.country=CZ
uci set uhttpd.px5g.state="Czech Republic"
uci set uhttpd.px5g.location=Brno
rm /etc/uhttpd.crt /etc/uhttpd.key
uci set uhttpd.main.listen_https="0.0.0.0:443"
mkdir -p /www2/vnstat
uci set uhttpd.my=uhttpd
uci set uhttpd.my.listen_http="0.0.0.0:80"
uci set uhttpd.my.home=/www2
Set the checking time for watchcat for 1 hour:
opkg install watchcat
/etc/uci-defaults/50-watchcat
uci set system.@watchcat[0].period=1h
/etc/init.d/watchcat enable
uci commit
reboot
Repeat the previous steps and continue...
You need to repeat it, because your router now reads the configs from "empty" USB stick and not form internal memory. If you will remove the USB stick openwrt will read the configs from the memory.
Configure statistics (collectd):
opkg install luci-app-statistics
opkg install collectd-mod-cpu collectd-mod-disk collectd-mod-irq collectd-mod-ping collectd-mod-processes collectd-mod-tcpconns
uci set luci_statistics.collectd_rrdtool.DataDir=/etc/collectd
uci set luci_statistics.collectd_ping.enable=1
uci set luci_statistics.collectd_ping.Hosts=www.google.com
uci set luci_statistics.collectd_df.enable=1
uci set luci_statistics.collectd_df.Devices=/dev/sda1
uci set luci_statistics.collectd_df.MountPoints=/overlay
uci set luci_statistics.collectd_df.FSTypes=fuseblk
uci set luci_statistics.collectd_disk.enable=1
uci set luci_statistics.collectd_disk.Disks=sda
uci set luci_statistics.collectd_interface.Interfaces="eth0.2 wlan0 eth0.1"
uci set luci_statistics.collectd_irq.enable=1
uci set luci_statistics.collectd_tcpconns.LocalPorts="2222 80 443"
uci set luci_statistics.collectd_rrdtool.CacheTimeout=120
uci set luci_statistics.collectd_rrdtool.CacheFlush=900
/etc/init.d/luci_statistics enable
/etc/init.d/collectd enable
opkg install luci-app-vnstat vnstat vnstati
mkdir /etc/vnstat
sed -i 's@^\(DatabaseDir\).*@\1 "/overlay/etc/vnstat"@' /etc/vnstat.conf
vnstat -u -i eth0.2
vnstat -u -i wlan0
vnstat -u -i eth0.1
/etc/init.d/vnstat enable
/etc/init.d/vnstat start
echo "*/5 * * * * vnstat -u" >> /etc/crontabs/root
cat > /etc/graphs-vnstat.sh << \EOF
#!/bin/sh
# vnstati image generation script.
# Source: http://code.google.com/p/x-wrt/source/browse/trunk/package/webif/files/www/cgi-bin/webif/graphs-vnstat.sh
WWW_D=/www2/vnstat # output images to here
LIB_D=`awk -F \" '/^DatabaseDir/ { print $2 }' /etc/vnstat.conf` # db location
BIN=/usr/bin/vnstati # which vnstati
outputs="s h d t m" # what images to generate
# Sanity checks
[ -d "$WWW_D" ] || mkdir -p "$WWW_D" # make the folder if it dont exist.
# End of config changes
interfaces="$(ls -1 $LIB_D)"
if [ -z "$interfaces" ]; then
echo "No database found, nothing to do."
echo "A new database can be created with the following command: "
echo " vnstat -u -i eth0"
exit 0
else
for interface in $interfaces; do
for output in $outputs; do
$BIN -${output} -i $interface -o $WWW_D/vnstat_${interface}_${output}.png
done
done
fi
exit 1
EOF
chmod a+x /etc/graphs-vnstat.sh
echo "*/31 * * * * /etc/graphs-vnstat.sh" >> /etc/crontabs/root
cat > /www2/vnstat/index.html << \EOF
<META HTTP-EQUIV="refresh" CONTENT="300">
<html>
<head>
<title>Traffic of OpenWRT interfaces</title>
</head>
<body>
EOF
for IFCE in $(ls -1 `awk -F \" '/^DatabaseDir/ { print $2 }' /etc/vnstat.conf`); do
cat >> /www2/vnstat/index.html << EOF
<h2>Traffic of Interface $IFCE</h2>
<table>
<tbody>
<tr>
<td>
<img src="vnstat_${IFCE}_s.png" alt="$IFCE Summary" />
</td>
<td>
<img src="vnstat_${IFCE}_h.png" alt="$IFCE Hourly" />
</td>
</tr>
<tr>
<td valign="top">
<img src="vnstat_${IFCE}_d.png" alt="$IFCE Daily" />
</td>
<td valign="top">
<img src="vnstat_${IFCE}_t.png" alt="$IFCE Top 10" />
<img src="vnstat_${IFCE}_m.png" alt="$IFCE Monthly" />
</td>
</tr>
</tbody>
</table>
EOF
done
cat >> /www2/vnstat/index.html << \EOF
</body>
</html>
EOF
Configure the nodogsplash:
opkg install nodogsplash
cp nodogsplash.conf nodogsplash.conf-orig
sed -i "s/\(^GatewayInterface\).*/\1 br-lan/;s/^# \(GatewayName\).*/\1 Ser/;s/\(.*FirewallRule allow tcp port 80\)$/#\1/;s@^# \(GatewayIPRange\).*@\1 192.168.0.192/26@;/FirewallRule block to 10.0.0.0\/8/a\ \ \ \ FirewallRule allow tcp port 80" /etc/nodogsplash/nodogsplash.conf
sed -i "/<td align=center height=\"120\">/a\
<h2>For Internet access - click the dog</h2>\
<h2>Pro pristup na Internet klikni na psa.</h2>\
" /etc/nodogsplash/htdocs/splash.html
/etc/init.d/nodogsplash enable
uci commit
reboot
That's all... ;-) Happy OpenWRTing...
Excellent article. Just got my TL-WR1043ND router going with Openwrt latest stable. Your instructions are useful but I am not so bold to compile just yet. I am looking to expand the use of mine with external usb hard drive. I was going through some of your notes. I am not sure if I understood but it seemed you stated you could put a usb hub off the port and run several devices. Is that correct. Also I have an external USB hard drive and I am trying to get the filesystem to mount. I am still researching but any info you have on this would be helpful. Unless it doesnt have enough power to drive the external drive or I have to get an external drive that has a case which takes its own power source. Hope to hear from you as I am still in the research phase of learning about this wonderful router.
ReplyDeleteThanks
Julian
@julian
ReplyDeleteYes you are right. Actually I used USB Hub containing 4 ports. To these ports I connected thermometer, USB stick and webcam.
Actually I have no experiences with connecting USB hard drive to to this devices - especially how it is with it's power source. I'm using USB stick and it's working fine.
Regards
PetrR
Great article. If I implemented your network, dhcp, dns, firewall setup, what do you think Luci would display in the GUI. Any chance of it working?
ReplyDeleteMark
I guess almost all the commands done using "uci" will show up in the Luci WebGUI. If you will do the changes in these "sections": network, dhcp, dns, firewall - it should be in Luci for sure.
ReplyDeleteI am dumbing down your configuration a bit as I am a newbie at this. I am removing the open wifi stuff for now (although a guest network is a really neat idea that I want to implement later) but can you tell me what is in your /etc/dnsmasq.script?
ReplyDeleteAnd thanks for getting back to me so quickly. Have you thought of putting your config on the openwrt forum or wiki? It is really good stuff for us learners.
Mark
Hi Petrův blog, you has lot of good informations in your blog, I just subscribed on RSS :)
ReplyDeleteSo, can you help me, after the step: make V=99
Was generated those files:
/opt/openwrt/backfire_10.03.1/bin/ar71xx
kernel-debug.tar.bz2
md5sums
openwrt-ar71xx-rootfs.tar.gz
openwrt-ar71xx-root.jffs2-128k
openwrt-ar71xx-root.jffs2-64k
openwrt-ar71xx-root.squashfs
openwrt-ar71xx-root.squashfs-4k
openwrt-ar71xx-uImage-gzip.bin
openwrt-ar71xx-uImage-lzma.bin
openwrt-ar71xx-vmlinux.bin
openwrt-ar71xx-vmlinux.elf
openwrt-ar71xx-vmlinux.gz
openwrt-ar71xx-vmlinux.lzma
OpenWrt-ImageBuilder-ar71xx-for-Linux-x86_64.tar.bz2
OpenWrt-SDK-ar71xx-for-Linux-x86_64-gcc-4.3.3+cs_uClibc-0.9.30.1.tar.bz2
OpenWrt-Toolchain-ar71xx-for-mips_r2-gcc-4.3.3+cs_uClibc-0.9.30.1.tar.bz2
packages
But where is: openwrt-ar71xx-tl-wr1043nd-v1-squashfs-sysupgrade.bin
Can I use some of those file to upgrade openwrt?
Thanks