Gernot Walzl

Navigation

OpenWrt is an operating system for network routers.

I use OpenWrt because my network at home is my privacy.

Contents

• Prerequisites
• Installation
• Configuration
  • Internet Access
  • System Properties
  • Wireless Access Point
• Package Management
• Dynamic DNS
  • Packages
  • Configuration
• Firewall
  • Packages
  • Configuration
• Wake on LAN
  • Packages
• Network Monitoring
  • Packages
• Hardware
• External Links

Prerequisites

• Modem in single-user (SU) mode or bridge mode
• Router that is supported by OpenWrt

Installation

1. Download the OpenWrt firmware for your router:
   https://openwrt.org/toh/views/toh_fwdownload
   If the firmware of the original vendor is installed on the router,
   the column "Firmware OpenWrt Install URL" shows the required firmware.
2. Flash the firmware:
   Open the web interface of your router (usually http://192.168.1.1/)
   and select the previously downloaded firmware for installation.
   The installation takes a few minutes.
3. Set a password:
   Open the web interface of your newly installed firmware (http://192.168.1.1/).
   The option Administration under System allows you to set a router password.
   If a password is set, login via SSH is possible.

Configuration

The web interface LuCI is used to configure OpenWrt.
Configuration files are stored in the directory /etc/config/.
These files can also be edited with an editor over SSH.

Internet Access

Select Interfaces under Network to edit the WAN interface.

Protocols like PPPoE (for VDSL) or DHCP work out of the box.
Support for other protocols can be added by installing additional packages.

To use a custom DNS server (like Google Public DNS) for name resolution,
edit the following file:

/etc/config/network

config interface 'wan'
    #...
    option peerdns '0'
    option dns '8.8.8.8'

System Properties

Select System to set the local time and the timezone of the system.

Wireless Access Point

On a fresh installation of OpenWrt, the wireless access point is disabled.

Select Wireless under Network to setup the SSID,
configure the encryption and enable the access point.

Package Management

Additional software can be installed using the web interface or
using the command line via SSH.

The web interface LuCI provides a convenient way of managing software packages.
Select Software under System to install additional packages.
Click Update lists... to update the list of available packages.

The command line tool opkg is used as package manager.

To update the list of available packages:

opkg update

To install a package:

opkg install <pkg>

Dynamic DNS

Common internet service providers assign IP addresses dynamically.
A dynamic DNS service updates the assigned IP address automatically
on a name server.

Packages

• ddns-scripts
• luci-app-ddns

Configuration

/etc/config/ddns

config service 'myddns_ipv4'
    #...
    option use_https '1'
    option cacert '/etc/ssl/certs/ca-certificates.crt'

Firewall

To allow SSH access from the WAN interface, the firewall needs to be configured.

Packages

• iptables-mod-conntrack-extra

Configuration

Select Firewall under Network to add a custom rule.
Custom firewall rules are stored in the following file:

/etc/firewall.user

iptables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
    -m recent --set --name SSH
iptables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
    -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
iptables -A input_wan_rule -p tcp --dport 22 -j ACCEPT

ip6tables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
    -m recent --set --name SSH
ip6tables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
    -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
ip6tables -A input_wan_rule -p tcp --dport 22 -j ACCEPT

Wake on LAN

Packages

• etherwake
• luci-app-wol

Network Monitoring

Packages

• nlbwmon
• luci-app-nlbwmon
  

Hardware

Linksys WRT3200ACM

https://www.linksys.com/at/p/P-WRT3200ACM/

Linksys WRT54GL

https://www.linksys.com/at/support-product?pid=01t80000003K7hCAAS

External Links

• https://openwrt.org/
• https://openwrt.org/toh/views/toh_standard_all
• https://openwrt.org/docs/guide-user/additional-software/imagebuilder

CONTENT.html	source	2022-07-07	7.6 KB
adsl_austria.de.html	source	2011-12-23	4.6 KB
build_custom_openwrt_image.sh	source	2022-06-20	991 B
build_custom_openwrt_image.sh 2022-06-19 by Gernot WALZL https://openwrt.org/docs/guide-user/additional-software/imagebuilder "make info" shows a list of available profiles.
diff_overlay.sh	source	2021-03-13	134 B
opkg_list.sh	source	2022-07-03	1.4 KB
opkg_list.sh 2022-07-03 by Gernot WALZL Extends the opkg package manager with additional listing features, such as showing manually installed packages.
opkg_md5sums.sh	source	2021-11-13	1.9 KB
opkg_md5sums.sh 2021-03-12 by Gernot WALZL Check files of opkg packages using md5sums.
smbuser.sh	source	2021-02-16	511 B
smbuser.sh 2021-02-15 by Gernot WALZL Samba user management
user.sh	source	2021-02-17	796 B
user.sh 2021-02-15 by Gernot WALZL User management for OpenWrt
wrt54g_important_knowledge.html	source	2011-02-20	1.6 KB