03 August, 2013

TP-Link TL-WR1043ND and OpenWrt 12.09 with two SSIDs (MultiSSID) - private and guest

I decided to change my home network to match the following "network diagram":

The core part of the design is TP-Link TL-WR1043ND wifi router running OpenWrt with small 16GB USB stick [/dev/sda1] containing ext3 partition with OpenWrt configuration + swap.

There are also 16GB USB stick and 2 thermometers connected using USB <-> Serial connector (bought on eBay):

I'm going to use the last stable version of the OpenWrt firmware: openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.bin

Upgrade the firmware and remove the old configuration:
rm -r /tmp/opkg-lists/
sysctl -w vm.drop_caches=1
sysupgrade -v -n http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.bin

Here are the notes how way how I configured it.

If you don't like the commands feel free to check the configs here: https://github.com/ruzickap/linux.xvx.cz/tree/gh-pages/files/openwrt

Configure the system, ssh on port 2222 and LAN + wifi IP:

#Erase ALL
#rm -r /overlay/*
#mtd -r erase rootfs_data

opkg update
opkg install block-mount kmod-fs-ext4 kmod-usb-storage

uci set system.@system[0].hostname=gate
uci set system.@system[0].timezone=CET-1CEST,M3.5.0,M10.5.0/3
uci set system.@system[0].timezone=CET-1CEST,M3.5.0,M10.5.0/3
uci set system.@system[0].log_file=/etc/messages
uci set system.@system[0].log_size=1024
uci set system.@system[0].log_type=file

uci set dropbear.@dropbear[0].Port=2222
uci set system.@timeserver[0].enable_server=1

uci add firewall rule
uci set firewall.@rule[-1].name=ssh
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].dest_port=2222

uci add firewall redirect
uci set firewall.@redirect[-1].name=ssh_lan
uci set firewall.@redirect[-1].src=lan
uci set firewall.@redirect[-1].proto=tcp
uci set firewall.@redirect[-1].src_dport=22
uci set firewall.@redirect[-1].dest_port=2222
uci set firewall.@redirect[-1].dest_ip=

uci set network.lan.ipaddr=
uci set network.lan.netmask=

uci set dhcp.lan.start=200
uci set dhcp.lan.limit=54

uci set dhcp.@dnsmasq[0].domain=xvx.cz
uci set dhcp.@dnsmasq[0].leasefile=/etc/dnsmasq-dhcp.leases
uci set dhcp.@dnsmasq[0].port=0
uci set dhcp.@dnsmasq[0].cachelocal=0
uci set dhcp.lan.dhcp_option=6,
uci set dhcp.wifi_open.dhcp_option=6,

uci add fstab mount
uci set fstab.@mount[-1].device=/dev/sda1
uci set fstab.@mount[-1].fstype=ext3
uci set fstab.@mount[-1].options=rw,sync,noatime,nodiratime
uci set fstab.@mount[-1].enabled=1
uci set fstab.@mount[-1].enabled_fsck=0
uci set fstab.@mount[-1].is_rootfs=1

uci set fstab.@swap[0].enabled=1

Configure the wifi_priv - private wifi
uci add wireless wifi-iface
uci set wireless.@wifi-iface[-1].device=radio0
uci set wireless.@wifi-iface[-1].network=lan
uci set wireless.@wifi-iface[-1].mode=ap
uci set wireless.@wifi-iface[-1].ssid=peru_private
uci set wireless.@wifi-iface[-1].encryption=psk2+tkip+aes
uci set wireless.@wifi-iface[-1].key=xxxxxxxx

uci set wireless.radio0.channel=8
uci set wireless.radio0.country=CZ
uci set wireless.radio0.htmode=HT40-
uci set wireless.radio0.noscan=1
uci set wireless.radio0.bursting=1
uci set wireless.radio0.ff=1
uci set wireless.radio0.compression=1
uci set wireless.radio0.xr=1
uci set wireless.radio0.ar=1
uci set wireless.radio0.txpower=20
uci del wireless.@wifi-device[0].disabled

Configure the wifi_open - guest wifi access. For some reason http://wiki.openwrt.org/doc/recipes/guest-wlan is not working for me. I found this article (Polish) http://eko.one.pl/forum/viewtopic.php?id=2937 how to do it.
#Use your default MAC + 1 - my router's original MAC is 94:0C:6D:AC:55:AC

uci set network.wifi_open=interface
uci set network.wifi_open.ifname=eth0.3
uci set network.wifi_open.type=bridge
uci set network.wifi_open.macaddr=$MAC
uci set network.wifi_open.proto=static
uci set network.wifi_open.ipaddr=
uci set network.wifi_open.netmask=

uci set wireless.@wifi-iface[0].ssid=medlanky.xvx.cz
uci set wireless.@wifi-iface[0].network=wifi_open
uci set wireless.@wifi-iface[0].encryption=none
uci set wireless.@wifi-iface[0].isolate=1
uci set wireless.@wifi-iface[0].macaddr=$MAC

uci add firewall zone
uci set firewall.@zone[-1].name=wifi_open
uci set firewall.@zone[-1].input=REJECT
uci set firewall.@zone[-1].output=ACCEPT
uci set firewall.@zone[-1].forward=REJECT

uci add firewall forwarding
uci set firewall.@forwarding[-1].src=wifi_open
uci set firewall.@forwarding[-1].dest=wan

uci add firewall rule
uci set firewall.@rule[-1].name=icmp-echo-request
uci set firewall.@rule[-1].src=wifi_open
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=icmp
uci set firewall.@rule[-1].icmp_type=echo-request

uci add firewall rule
uci set firewall.@rule[-1].name=dhcp
uci set firewall.@rule[-1].src=wifi_open
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=udp
uci set firewall.@rule[-1].src_port=67-68
uci set firewall.@rule[-1].dest_port=67-68

uci add firewall rule
uci set firewall.@rule[-1].name=dns
uci set firewall.@rule[-1].src=wifi_open
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcpudp
uci set firewall.@rule[-1].dest_port=53

uci set dhcp.wifi_open=dhcp
uci set dhcp.wifi_open.interface=wifi_open
uci set dhcp.wifi_open.start=2
uci set dhcp.wifi_open.limit=253
uci set dhcp.wifi_open.dhcp_option=6,
uci set dhcp.wifi_open.leasetime=1h

uci commit dhcp
sed -i "/dnsmasq-dhcp.leases/a list 'interface' 'lan'" /etc/config/dhcp
sed -i "/dnsmasq-dhcp.leases/a list 'interface' 'wifi_open'" /etc/config/dhcp

rm /etc/resolv.conf
cat > /etc/resolv.conf << EOF
search xvx.cz

Define the DHCP static hosts:
# WiFi
uci add dhcp host
uci set dhcp.@host[-1].name=peru-nb-work-wifi
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=00:26:c6:51:39:34

uci add dhcp host
uci set dhcp.@host[-1].name=andy-nb-wifi
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=74:f0:6d:93:c7:3a

uci add dhcp host
uci set dhcp.@host[-1].name=peru-nb-old-wifi
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=00:15:00:11:48:5A

uci add dhcp host
uci set dhcp.@host[-1].name=andy-android-wifi
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=00:23:76:D6:42:C7

uci add dhcp host
uci set dhcp.@host[-1].name=peru-android-work-wifi
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=00:90:4c:c5:00:34

uci add dhcp host
uci set dhcp.@host[-1].name=peru-palm-wifi
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=00:0b:6c:57:da:9a

uci add dhcp host
uci set dhcp.@host[-1].name=RTL8187-wifi
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=00:C0:CA:54:F5:BA

uci add dhcp host
uci set dhcp.@host[-1].name=peru-nb-work-nic
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=00:22:68:1a:14:5d

uci add dhcp host
uci set dhcp.@host[-1].name=andy-nb-nic
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=20:cf:30:31:da:b3

uci add dhcp host
uci set dhcp.@host[-1].name=peru-nb-old-nic
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=00:13:D4:D1:03:57

uci add dhcp host
uci set dhcp.@host[-1].name=peru-tv-nic
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=00:12:FB:94:1B:9A

uci add dhcp host
uci set dhcp.@host[-1].name=raspberrypi-nic
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=b8:27:eb:8c:97:9e

uci add dhcp host
uci set dhcp.@host[-1].name=server-nic
uci set dhcp.@host[-1].ip=
uci set dhcp.@host[-1].mac=00:1f:c6:e9:f5:14

Configure the ssh to enable autologin:
scp $HOME/.ssh/id_rsa.pub root@
ssh root@
cp /tmp/authorized_keys /etc/dropbear/authorized_keys
chmod 600 /etc/dropbear/authorized_keys
uci set dropbear.@dropbear[0].RootPasswordAuth=off

uci commit

Repeat the steps above to save all the changes/files to the external USB storage.

Install the following packages:
opkg update
opkg install bind-dig bzip2 collectd-mod-conntrack collectd-mod-cpu collectd-mod-df collectd-mod-disk collectd-mod-dns collectd-mod-exec collectd-mod-irq collectd-mod-memory collectd-mod-ping collectd-mod-processes collectd-mod-syslog collectd-mod-tcpconns ddns-scripts digitemp ethtool file gzip htop kmod-usb-serial-pl2303 less lftp lighttpd-mod-cgi lighttpd-mod-proxy lsof luci-app-statistics luci-app-transmission luci-app-upnp luci-app-vnstat luci-app-wol luci-app-qos luci-app-ddns luci-app-firewall
opkg install luci-app-watchcat mc mtr nmap nodogsplash openssh-sftp-server openssl-util rsync screen shadow-useradd ssmtp sudo sysstat tcpdump transmission-remote transmission-web vnstati wget zoneinfo-europe

Add my user and configure mc, screen and shell:
mkdir -p /usr/lib/mc/extfs.d
touch /etc/mc/sfs.ini

wget --no-check-certificate https://raw.github.com/MidnightCommander/mc/master/misc/filehighlight.ini -O /etc/mc/filehighlight.ini

mkdir -p /etc/skel/.mc/
chmod 700 /etc/skel/.mc
cat > /etc/skel/.mc/ini << EOF

cp -r /etc/skel/.mc /root/

wget --no-check-certificate https://raw.github.com/MidnightCommander/mc/master/contrib/mc-wrapper.sh.in -O - | sed 's|@bindir@/mc|/usr/bin/mc --nomouse|' > /usr/bin/mc-wrapper.sh
chmod a+x /usr/bin/mc-wrapper.sh

echo "ruzickap  ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

cat >> /etc/screenrc << EOF
defscrollback 1000
startup_message off
termcapinfo xterm ti@:te@
hardstatus alwayslastline '%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %d/%m %{W}%c %{g}]'
vbell off

cat >> /etc/profile << \EOF

if [ $USER == "root" ]; then 
  PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] '
  PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '

[ -x /usr/bin/mc-wrapper.sh ] && alias mc='. /usr/bin/mc-wrapper.sh --nomouse'

alias ssh='ssh -y -i $HOME/.ssh/id_rsa'

sed -i '/^exit 0/i echo -e "Subject: Reboot `uci get system.@system[0].hostname`.`uci get dhcp.@dnsmasq[0].domain`\\n\\nOpenwrt rebooted: `date; uptime`\\n\\n`grep -B 50 \\"syslogd started\\" /etc/messages`" | sendmail petr.ruzicka@gmail.com' /etc/rc.local

sed -i 's/HISTORY=3/HISTORY=30/' /etc/sysstat/config

mkdir /home
useradd --shell /bin/ash --password $(openssl passwd -1 xxxx) --create-home --comment "Petr Ruzicka" ruzickap
mkdir /home/ruzickap/.ssh
cp /etc/dropbear/authorized_keys /home/ruzickap/.ssh/
chown -R ruzickap:ruzickap /home/ruzickap/.ssh

cat > /etc/rsyncd.conf << EOF
max connections = 3
timeout = 300
dont compress = *

  comment = data
  path = /data
  read only = yes
  list = yes

echo "vm.swappiness=5" >> /etc/sysctl.conf

Configure the DDNS - duckdns.org:
uci set ddns.myddns.enabled=1
uci set ddns.myddns.service_name=duckdns.org
uci set ddns.myddns.domain=gate
uci set ddns.myddns.username=NA
uci set ddns.myddns.password=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
uci set ddns.myddns.ip_source=network
uci set ddns.myddns.ip_network=wan
uci set ddns.myddns.force_interval=72
uci set ddns.myddns.force_unit=hours
uci set ddns.myddns.check_interval=10
uci set ddns.myddns.check_unit=minutes
uci set 'ddns.myddns.update_url=http://www.duckdns.org/update?domains=[DOMAIN]&token=[PASSWORD]&ip=[IP]'

Here are some details about thermometers:

Configure thermometers:
digitemp_DS9097 -a -i -c /etc/digitemp.conf -s /dev/ttyUSB0

cat > /etc/digitemp.script << EOF
/usr/bin/digitemp_DS9097 -c/etc/digitemp.conf -a -n0 -d10 -q -s/dev/ttyUSB0 -o"PUTVAL `uci get system.@system[0].hostname`/temp/temperature-%s interval=10 %N:%.2C"
chmod a+x /etc/digitemp.script

Replace uhttpd by lighttpd, configure SSL and mod_proxy for Transmission:
/etc/init.d/uhttpd disable
/etc/init.d/uhttpd stop
/etc/init.d/lighttpd enable

mkdir -p /www/myadmin/luci
mv /www/index.html /www/myadmin/luci/
wget --no-check-certificate https://raw.github.com/ruzickap/medlanky.xvx.cz/gh-pages/index.html -O - | sed 's@facebook.com/medlanky@xvx.cz@g;s/UA-6594742-7/UA-6594742-8/' > /www/index.html

uci add firewall rule
uci set firewall.@rule[-1].name=https
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].dest_port=443

uci add firewall rule
uci set firewall.@rule[-1].name=http
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].dest_port=80

mkdir -p /etc/lighttpd/ssl/xvx.cz
chmod 0600 /etc/lighttpd/ssl/xvx.cz

ST=Czech Republic
O=XvX, Inc.
commonName=xvx.cz Certificate Authority

openssl req -new -x509 -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -keyout /etc/lighttpd/ssl/xvx.cz/server.pem -out /etc/lighttpd/ssl/xvx.cz/server.pem -days 3650 -nodes

cat >> /etc/lighttpd/lighttpd.conf << \EOF

server.port = 80

$SERVER["socket"] == ":443" {
  ssl.engine                  = "enable"
  ssl.pemfile                 = "/etc/lighttpd/ssl/xvx.cz/server.pem"

server.modules = (

cgi.assign = ( "luci" => "/usr/bin/lua" )

server.errorlog-use-syslog = "enable"
server.dir-listing = "enable"

$HTTP["url"] =~ "^/myadmin/transmission*" {
  # Use proxy for redirection to Transmission's own web interface
  proxy.server = ( "" =>
    ( (
      "host" => "",
      "port" => 9091
    ) )

Make outgoing emails to reach the SMTP server:
sed -i 's/^mailhub=.*/mailhub=mail.upcmail.cz/;s/^rewriteDomain=.*/rewriteDomain=xvx.cz/' /etc/ssmtp/ssmtp.conf

Configure TFTPboot and dnsmasq script:
mkdir /tftpboot

wget -P /tftpboot http://static.netboot.me/gpxe/netbootme.kpxe
uci set dhcp.@dnsmasq[0].enable_tftp=1
uci set dhcp.@dnsmasq[0].tftp_root=/tftpboot
uci set dhcp.@dnsmasq[0].dhcp_boot=netbootme.kpxe

echo "dhcp-script=/etc/dnsmasq-script.sh" >> /etc/dnsmasq.conf

cat > /etc/dnsmasq-script.sh << \EOF 

/bin/echo `/bin/date +"%F %T"` $* >> /etc/dnsmasq.script.log

if [ "$1" == "add" ] && ! grep -iq $2 /etc/config/dhcp; then
  echo -e "Subject: New MAC on `uci get system.@system[0].hostname`.`uci get dhcp.@dnsmasq[0].domain`\\n\\n`/bin/date +"%F %T"` $*" | sendmail petr.ruzicka@gmail.com

chmod a+x /etc/dnsmasq-script.sh

Watchcat is used to monitor network connection "pingability" to otherwise the router is rebooted.

Configure QoS:
uci set qos.wan.upload=500            # Upload speed in kBits/s
uci set qos.wan.download=5000         # Download speed in kBits/s
uci set qos.wan.enabled=1
sed -i "s/'22,53'/'22,2222,53'/" /etc/config/qos
/etc/init.d/qos enable

Configure statistics (collectd):
mkdir -p /etc/collectd/conf.d

uci set luci_statistics.collectd_rrdtool.DataDir=/etc/collectd
uci set luci_statistics.collectd_ping.enable=1
uci set luci_statistics.collectd_ping.Hosts=www.google.com
uci set luci_statistics.collectd_df.enable=1
uci set luci_statistics.collectd_df.Devices=/dev/sda1
uci set luci_statistics.collectd_df.MountPoints=/overlay
uci set luci_statistics.collectd_df.FSTypes=ext3
uci set luci_statistics.collectd_disk.enable=1
uci set luci_statistics.collectd_disk.Disks=sda
uci set luci_statistics.collectd_dns.enable=1
uci set luci_statistics.collectd_dns.Interfaces=any
uci set luci_statistics.collectd_interface.Interfaces="eth0.2 wlan0 wlan0-1 eth0.1"
uci set luci_statistics.collectd_iptables.enable=0
uci set luci_statistics.collectd_irq.enable=1
uci set luci_statistics.collectd_processes.Processes="lighttpd collectd transmission-daemon"
uci set luci_statistics.collectd_tcpconns.LocalPorts="2222 443 80"
uci set luci_statistics.collectd_olsrd.enable=0
uci set luci_statistics.collectd_rrdtool.CacheTimeout=120
uci set luci_statistics.collectd_rrdtool.CacheFlush=900

uci set luci_statistics.collectd_exec.enable=1
uci commit 
uci add luci_statistics collectd_exec_input
uci set luci_statistics.@collectd_exec_input[-1].cmdline="/etc/digitemp.script"

cat > /etc/collectd/conf.d/my_collectd.conf << EOF
LoadPlugin syslog
<Plugin syslog>
  LogLevel "info"

Configure vnstat - software for monitoring / graphing network throughput:
mkdir /etc/vnstat
sed -i 's@^\(DatabaseDir\).*@\1 "/overlay/etc/vnstat"@' /etc/vnstat.conf
vnstat -u -i eth0.2
vnstat -u -i wlan0
vnstat -u -i wlan0-1
vnstat -u -i eth0.1

echo "*/5 * * * * vnstat -u" >> /etc/crontabs/root

cat > /etc/graphs-vnstat.sh << \EOF
# vnstati image generation script.
# Source:  https://code.google.com/p/x-wrt/source/browse/package/webif/files/www/cgi-bin/webif/graphs-vnstat.sh
WWW_D=/www/myadmin/vnstat # output images to here
LIB_D=`awk -F \" '/^DatabaseDir/ { print $2 }' /etc/vnstat.conf` # db location
BIN=/usr/bin/vnstati  # which vnstati
outputs="s h d t m"   # what images to generate
# Sanity checks
[ -d "$WWW_D" ] || mkdir -p "$WWW_D" # make the folder if it doesn't exist.

# End of config changes
interfaces="$(ls -1 $LIB_D)"
if [ -z "$interfaces" ]; then
    echo "No database found, nothing to do."
    echo "A new database can be created with the following command: "
    echo "    vnstat -u -i eth0"
    exit 0
    for interface in $interfaces; do
        for output in $outputs; do
            $BIN -${output} -i $interface -o $WWW_D/vnstat_${interface}_${output}.png
exit 1

chmod a+x /etc/graphs-vnstat.sh
echo "0 2 * * * /etc/graphs-vnstat.sh" >> /etc/crontabs/root

cat > /www/myadmin/vnstat/index.html << EOF
<META HTTP-EQUIV="refresh" CONTENT="300">
    <title>Traffic of OpenWRT interfaces</title>

for IFCE in $(ls -1 `awk -F \" '/^DatabaseDir/ { print $2 }' /etc/vnstat.conf`); do
cat >> /www/myadmin/vnstat/index.html << EOF
    <h2>Traffic of Interface $IFCE</h2>
                    <img src="vnstat_${IFCE}_s.png" alt="$IFCE Summary" />
                    <img src="vnstat_${IFCE}_h.png" alt="$IFCE Hourly" />
                <td valign="top">
                    <img src="vnstat_${IFCE}_d.png" alt="$IFCE Daily" />
                <td valign="top">
                    <img src="vnstat_${IFCE}_t.png" alt="$IFCE Top 10" />
                    <br />
                    <img src="vnstat_${IFCE}_m.png" alt="$IFCE Monthly" />

cat >> /www/myadmin/vnstat/index.html << EOF

Configure the nodogsplash for wifi_open (guests):
mv /etc/nodogsplash/nodogsplash.conf /etc/nodogsplash/nodogsplash.conf-orig

cat > /etc/nodogsplash/nodogsplash.conf << EOF
GatewayInterface br-wifi_open

FirewallRuleSet authenticated-users {
    FirewallRule block to
    FirewallRule block to
    FirewallRule allow tcp port 53
    FirewallRule allow udp port 53
    FirewallRule allow tcp port 80
    FirewallRule allow tcp port 443
    FirewallRule allow tcp port 22
    FirewallRule allow icmp

FirewallRuleSet preauthenticated-users {
    FirewallRule allow tcp port 53
    FirewallRule allow udp port 53

FirewallRuleSet users-to-router {
    FirewallRule allow udp port 53
    FirewallRule allow tcp port 53
    FirewallRule allow udp port 67
    FirewallRule allow icmp

GatewayName medlanky.xvx.cz
RedirectURL http://medlanky-hotspot.xvx.cz/
ClientForceTimeout 120

sed -i 's@#OPTIONS="-s -d 5"@OPTIONS="-s -d 5"@' /etc/init.d/nodogsplash

wget "http://upload.wikimedia.org/wikipedia/commons/thumb/1/1a/Brno-Medl%C3%A1nky_znak.svg/90px-Brno-Medl%C3%A1nky_znak.svg.png" -O /etc/nodogsplash/htdocs/images/90px-Brno-Medlanky_znak.svg.png

cp /etc/nodogsplash/htdocs/splash.html /etc/nodogsplash/htdocs/splash.html-orig
sed -i 's@wifidog.png.*@90px-Brno-Medlanky_znak.svg.png"@;/align=center height="120">/a\
\ \ <h2>For Internet access - click the sign.</h2> <h2>Pro pristup na Internet klikni na znak.</h2>\
' /etc/nodogsplash/htdocs/splash.html

/etc/init.d/nodogsplash enable

Transmission bittorrent client configuration:
mkdir -p /data/torrents/torrents-completed /data/torrents/torrents-incomplete /data/torrents/torrents /data/torrents/config

ln -s /data/torrents/torrents /home/ruzickap/torrents
chown -R ruzickap:ruzickap /data/torrents/torrents

uci set transmission.@transmission[-1].enabled=1
uci set transmission.@transmission[-1].config_dir=/data/torrents/config
uci set transmission.@transmission[-1].download_dir=/data/torrents/torrents-completed
uci set transmission.@transmission[-1].incomplete_dir_enabled=true
uci set transmission.@transmission[-1].incomplete_dir=/data/torrents/torrents-incomplete
uci set transmission.@transmission[-1].blocklist_enabled=1
uci set "transmission.@transmission[-1].blocklist_url=http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=zip"
uci set transmission.@transmission[-1].speed_limit_down_enabled=true
uci set transmission.@transmission[-1].speed_limit_up_enabled=true
uci set transmission.@transmission[-1].speed_limit_down=300
uci set transmission.@transmission[-1].speed_limit_up=5
uci set transmission.@transmission[-1].alt_speed_enabled=true
uci set transmission.@transmission[-1].alt_speed_down=99999
uci set transmission.@transmission[-1].alt_speed_up=10
uci set transmission.@transmission[-1].alt_speed_time_enabled=true
uci set transmission.@transmission[-1].alt_speed_time_day=127
uci set transmission.@transmission[-1].alt_speed_time_begin=60
uci set transmission.@transmission[-1].alt_speed_time_end=420
uci set transmission.@transmission[-1].rpc_whitelist_enabled=false
uci set transmission.@transmission[-1].start_added_torrents=true
uci set transmission.@transmission[-1].script_torrent_done_enabled=true
uci set transmission.@transmission[-1].script_torrent_done_filename=/etc/torrent-done.sh
uci set transmission.@transmission[-1].watch_dir_enabled=true
uci set transmission.@transmission[-1].watch_dir=/data/torrents/torrents/
uci set transmission.@transmission[-1].rpc_url=/myadmin/transmission/
uci set transmission.@transmission[-1].rpc_authentication_required=true
uci set transmission.@transmission[-1].rpc_username=ruzickap
uci set transmission.@transmission[-1].rpc_password=xxxx
uci set transmission.@transmission[-1].ratio_limit=0
uci set transmission.@transmission[-1].ratio_limit_enabled=true
uci set transmission.@transmission[-1].upload_slots_per_torrent=5
uci set transmission.@transmission[-1].trash_original_torrent_files=true
uci set transmission.@transmission[-1].download_queue_size=1

uci add firewall rule
uci set firewall.@rule[-1].name=transmission
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcpudp
uci set firewall.@rule[-1].dest_port=51413

/etc/init.d/transmission enable
/etc/init.d/miniupnpd enable

cat > /etc/torrent-done.sh << \EOF

echo -e "Subject: $TR_TORRENT_NAME finished.\n\nTransmission finished downloading \"$TR_TORRENT_NAME\" on $TR_TIME_LOCALTIME" | /usr/sbin/ssmtp petr.ruzicka@gmail.com
chmod a+x /etc/torrent-done.sh

uci commit

I'm sure you need to customize most of the thing mentioned above, but these notes can still help you.

Enjoy :-)


Note: only a member of this blog may post a comment.