IP is not updated on my r…
IP is not updated on my r…- Community Forum
- IP is not updated on my router with Openwrt
Topic: IP is not updated on my router with Openwrt
IP is not updated on my router with Openwrt
by utzu on Saturday, June 13, 2020
Tell me what the problem is
IP is not updated on my router with Openwrt tell me what the problem is
this is logs:
102249 : ************ ************** ************** **************
102249 note : PID ‘15031’ started at 2020-06-13 10:22
102249 : ddns version : 2.7.8-13
102249 : uci configuration:
ddns.myddns_ipv4.check_interval=’5′
ddns.myddns_ipv4.domain=’utzu.dynu.com’
ddns.myddns_ipv4.enabled=’1′
ddns.myddns_ipv4.interface=’lan’
ddns.myddns_ipv4.ip_source=’web’
ddns.myddns_ipv4.lookup_host=’utzu.dynu.com’
ddns.myddns_ipv4.password=’***PW***’
ddns.myddns_ipv4.service_name=’dyn.com’
ddns.myddns_ipv4.username=’utzu’
ddns.myddns_ipv4=service
102249 : verbose mode : 0 — run normal, NO console output
102250 : check interval: 300 seconds
102250 : force interval: 259200 seconds
102250 : retry interval: 60 seconds
102250 : retry counter : 0 times
102250 : No old process
102250 : last update: never
102250 : Detect registered/public IP
102250 : #> /usr/bin/nslookup utzu.dynu.com >/var/run/ddns/myddns_ipv4.dat 2>/var/run/ddns/myddns_ipv4.err
102250 : Registered IP ‘5.251.163.3’ detected
102250 info : Starting main loop at 2020-06-13 10:22
102251 : Detect local IP on ‘web’
102251 : #> /bin/uclient-fetch -q -O /var/run/ddns/myddns_ipv4.dat -Y off ‘http://checkip.dyndns.com’ 2>/var/run/ddns/myddns_ipv4.err
102251 : Local IP ‘2.133.186.127’ detected on web at ‘http://checkip.dyndns.com’
102251 : Update needed — L: ‘2.133.186.127’ <> R: ‘5.251.163.3’
102252 : #> /bin/uclient-fetch -q -O /var/run/ddns/myddns_ipv4.dat -Y off ‘http://utzu:***PW***@members.dyndns.org/v3/update?hostname=utzu.dynu.com&myip=2.133.186.127’ 2>/var/run/ddns/myddns_ipv4.err
102254 ERROR : uclient-fetch Error: ‘4’
102254 :
102254 WARN : Transfer failed — retry 1/0 in 60 seconds
Reply with quote
|
Report
Re: IP is not updated on my router with Openwrt
by timothytw on Saturday, June 13, 2020
Reply with quote
|
Report
It is currently Thursday, February 9, 2023 8:31 AM US Mountain Standard Time
Thursday, February 9, 2023 8:31 AM
Contents
-
OpenWRT
- About
-
Basics
- Fallback behaviour
- Set a password
- Essential packages
- Shell profile
- Logging
-
LUCI
- HTTPs
- LUCI CSS
-
USB storage
- Swap
- Extroot
-
opkg
- Freeing up space
- opkg manual upgrade
- opkg_upgrade
- Automatic opkg_upgrade
-
System upgrades
- Configure your backup
- Create backup
- Restore backup
- Perform the upgrade
-
System recovery
-
TFTP
- Prepare TFTPD
- TCPD
- Directory structure
- Prepare device specific files
- Test the connection
- Create serial connection
-
Das U-Boot
- Switch to dhcp (intermediate)
-
TFTP
- DHCP options
-
DNS with dnsmasq
- DNSmasq on Omnia Turris
- Investigation
- Strict order
- No SRV records
- Local DNS resolution
- Dynamic DNS
- Adblock
- Wake on LAN
- Windows shares
-
VPN
-
Wireguard
- Wireguard Remote-Access VPN
- Wireguard site-to-site
- Samba on the wireguard interface
-
OpenVPN
- Install OpenVPN
- Prepare shell environment
- Initialize EasyRSA-PKI
- Configure firewall
- Configure VPN service and generate client profiles
-
Wireguard
- UPnP
- Software Flow Offloading
- SQM (Smart Queue Management)
-
Trouble Shooting
- Slow Routing/NAT throughput
- Wrong Link Speed
-
DSL
- DSL optimization
-
DOCSIS 3.1
- Technicolor TC4400-EU
-
Vodafone Station
- Normal Mode
- Bridge Mode
-
Omnia Turris
- About
- Devices
- Change WAN interface from RJ-45 to SFP
- Possible SFPs
-
ALLNET ALL4781-VDSL2-SFP
- Status
- About ALLNET ALL4781-VDSL2-SFP
- mSATA card
- Firewall custom rules
-
Knot Resolver
- About
- Replacement of DNSmasq
- Kresd — Clear DNS cache
- Kresd — Change logging live
- Kresd — Custom config
- Kresd — Forwarding domains
- Kresd — Disable DNSsec validation per domain
-
TP-Link Archer C7 v5
-
Benchmark
- Test1
- Test2
- Test3
- Test4
- Test5
- Test6
- Test7
- Test8
- Test9
- Test10
- Test11
-
Benchmark
About
The OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
-
https://openwrt.org/
-
OpenWRT releases
-
Github.com openwrt/openwrt Releases
-
OpenWrt version history
-
OpenWRT Firmware Selector
-
OpenWrt.org — Reasons to use OpenWrt
-
OpenWrt Security
-
OpenWrt Security Advisories
-
Table of Hardware
-
Table of Hardware: Full details
-
OpenWRT Using the Image Builder
-
OpenWRT Technical Reference
Forum
-
OpenWRT Forum
-
OpenWRT Announcements
-
Applying for OpenWrt wiki account
Kommentare zur Router Sicherheit
-
CCC und OpenWrt: Technische Richtlinie des BSI zu sicheren Routern unzureichend
-
BSI TR-03148 Sichere Breitband Router
Source Code
-
OpenWrt Source Repository
-
Github.com openwrt/openwrt
Mailing Lists
-
OpenWRT Devel Mailing List
-
OpenWRT Admin Mailing List
Youtube
-
Youtube Channel of OneMarcFifty
Basics
Fallback behaviour
Please note that, if you make a configuration on Luci and and Luci is not called back within 90s (you locked yourself out), the changes are reverted.
This is a life-safer! Such a nice feature.
Please remind yourself to stay calm. It’s not bricked, yet. Just don’t pull cables or power it off.
On the other side this means that some changes are relevant to tight timing. 
Please keep in mind.
Set a password
Factory OpenWRT comes with no password set for the user root.
grep root /etc/shadow
Set a root password via CLI
Or via Luci — System > Administration
Essential packages
Packages you just need on a networking device
1 opkg update 2 opkg install tmux htop diffutils 3 ethtool iputils-arping iputils-tracepath
Shell profile
I like creating a addtional file with some commands for convinience and not mess up to much with the original file
/etc/profile.local
1 ### IF TMUX DOES NOT DISPLAY UTF-8 CHARS CORRECTLY 2 LC_ALL=UTF-8 3 4 ### CUSTOM ALIASES 5 alias l='ls -l' 6 alias la='ls -la' 7 alias ..='cd ..'
To set this file active add this to /etc/profile
1 [ -e /etc/profile.local ] && source /etc/profile.local
Logging
You probably don’t need a log-file, which fills up your system memory. OpenWRT System Configuration
-
logread to access logd membuffer
-
dmesg to access kernel messages
Read and follow logbuffer
LUCI
Install bare LUCI
1 opkg update 2 opkg install luci
HTTPs
Install LUCI https support
1 opkg update 2 opkg install luci-ssl luci-app-uhttpd 3 /etc/init.d/uhttpd restart 4 4+0 records in 5 4+0 records out 6 Generating RSA private key, 2048 bit long modulus 7 Generating selfsigned certificate with subject 'C=ZZ,ST=Somewhere,L=Unknown,O=OpenWrtcbba6ded,CN=OpenWrt,' and validity 20210315195149-20230315195149
The automatic redirection can then be enabled in the uhttpd app of the webfrontend.
LUCI CSS
Adjust container max-width to make tables readable.
/www/luci-static/bootstrap/cascade.css
1 .container { 2 width: 100%; 3 //max-width: 940px; 4 //max-width: 1280px; 5 max-width: 1440px; 6 margin-left: auto; 7 margin-right: auto; 8 zoom: 1; 9 }
Reduce horizontal padding between table cells
1 .table .th, .table .td { 2 display: table-cell; 3 vertical-align: middle; 4 //padding: 10px 10px 9px; 5 padding: 10px 3px 9px; 6 line-height: 18px; 7 text-align: left; 8 }
…
USB storage
If you hava only a very limited amount of space available (like 8MiB on a Archer C7 v1), you can use a extroot with an overlayfs on a usbstick. So you only need to install everything on the limited rom to mount the «next» root filesystem.
Block device support -> USB-storage
1 opkg update 2 opkg install kmod-usb-storage blkid block-mount kmod-fs-ext4 luci-app-hd-idle
Install additional ext4 utilities
1 opkg install e2fsprogs gdisk
Please take a look at
OpenWRT Fstab Configuration
Swap
Mount swap persistently
1 swapon -s 2 DEVICE="/dev/sda1" 3 #mkswap -L swap1 "$DEVICE" 4 eval $(blkid "$DEVICE" |cut -f2 -d:) 5 uci set fstab.swap1="swap" 6 uci set fstab.swap1.uuid="$PARTUUID" 7 uci commit fstab 8 swapon -a 9 swapon -s
Extroot
OpenWRT — Extroot configuration
Create a directory for the partition «rootfs_data» (jffs2) (from flash rom)
1 mkdir /mnt/mtdblock4 2 DEVICE="$(sed -n -e "/s/overlays.*$/s///p" /etc/mtab)" 3 uci set fstab.mtdblock4="mount" 4 uci set fstab.mtdblock4.device="$DEVICE" 5 uci set fstab.mtdblock4.target="/mnt/mtdblock4" 6 uci commit fstab
Mount the new device and sync the current overlay directory
1 DEVICE="/dev/sda2" 2 TARGET="/mnt/rootfs" 3 [ -d "$TARGET" ] || mkdir "$TARGET" 4 mount "$DEVICE" "$TARGET" 5 cp -f -a /overlay/. /mnt/rootfs/
Mount usb drive persistently as overlay (on next boot)
1 DEVICE="/dev/sda2" 2 eval $(blkid "$DEVICE" |cut -f2 -d:) 3 uci set fstab.overlay="mount" 4 uci set fstab.overlay.uuid="$UUID" 5 uci set fstab.overlay.target="/overlay" 6 uci commit fstab
Good luck
reboot
Works 
1 root@openwrt:~# df -h 2 Filesystem Size Used Available Use% Mounted on 3 /dev/root 2.5M 2.5M 0 100% /rom 4 tmpfs 60.8M 76.0K 60.7M 0% /tmp 5 /dev/sda2 3.1G 7.1M 3.0G 0% /overlay 6 overlayfs:/overlay 3.1G 7.1M 3.0G 0% / 7 tmpfs 512.0K 0 512.0K 0% /dev 8 /dev/mtdblock4 3.9M 3.0M 856.0K 78% /mnt/mtdblock4
opkg
Freeing up space
OpenWRT opkg
When removing a package always specify the full name of the package! 
Opkg will report no packages to be removed. Try to find the name of the installed package with
1 opkg list |grep package
Autoremove orphaned packages during removal of a «higher-level» package.
1 opkg remove --autoremove package
Remove package and all packages that depend upon it.
1 opkg remove --force-removal-of-dependent-packages package
It happens that you accidentally installed a packages, which pull many dependencies and fill up the space on the device. Then opkg is not even capable to write the state, that a package was installed, to its database. The files reside on disk and use up space, but the package cannot be removed, since it’s not installed.
To fix this behavior, i suggest to
- to free up space by forcefully uninstalling another «big» package (like libopenssl1.1). Please make sure you remember to reinstall all the packages, that were uninstalled, later.
opkg remove —force-removal-of-dependent-packages libopenssl1.1
- and fully install the package that previously failed
opkg install failed-package
- uninstall the now fully installed previously failed-package and its dependencies
opkg remove —autoremove failed-package
- Install the packages you only uninstalled to free up space
opkg install top-level-packages that pulled libopenssl1.1
A quite invasive script that purges the files in a package from disk. Should only by used, if normal removal did not succeed
/sbin/opkg_remove_partly_installed_packages.sh
1 #!/bin/sh 2 # takes one argument/parameter: the name of the package 3 # which didn't install correctly and 4 # should be removed along with its dependencies 5 # example: opkg_remove_partly_installed_packages.sh pulseaudio-daemon 6 7 if [ -z "$1" ]; then 8 echo "Please specify one or more packages". 9 exit 1 10 fi 11 12 opkg update 13 14 #get list of all packages that would be installed along with package x 15 PACKAGES="$(opkg --force-space --noaction install $@ 16 |grep "http:" 17 |cut -f 2 -d ' ' 18 |sed 's/.$//')" 19 20 echo "Following packages will be destroyed." 21 echo "$PACKAGES" 22 23 read -p"Check and confirm with 'yes': " CONFIR_INPUT 24 if test "$CONFIR_INPUT" = "yes"; then 25 echo "Confirmed. Exterminating packages_" 26 else 27 echo "Not confirmed - aborting." 28 exit 0 29 fi 30 31 for i in $PACKAGES 32 do 33 LIST="$(wget -qO- $i 34 |tar -Oxz ./data.tar.gz 35 |tar -tz 36 |sort -r 37 |sed 's/^.//overlay/upper/')" 38 for f in $LIST; do 39 if [ -f "$f" ]; then 40 echo "Removing file $f" 41 rm -f "$f" 42 fi 43 if [ -d "$f" ];then 44 cat <<-EOF 45 Trying to remove directory '$f' 46 (will only work on empty directories) 47 EOF 48 rmdir "$f" 49 fi 50 done 51 done 52 53 echo "You may need to reboot for the free space to become visible."
This is only a slightly improved version of this script
opkg manual upgrade
Please make sure, you have enough space in your overlay filesystem (~8MiB).
Upgrade the system in tmux
1 ### INSTALL AND START tmux IF YOU HAVEN'T 2 opkg update 3 opkg install tmux 4 tmux 5 ### UPGRADE 6 PACKAGES="$(opkg list-upgradable|awk '{print $1}')" 7 [ "$PACKAGES" ] && opkg upgrade $PACKAGES
You may have to execute it more than once (e.g. if netifd is upgraded).
opkg_upgrade
Speeds up the process
/sbin/opkg_upgrade
1 #!/bin/sh 2 3 PACKAGES="$(opkg list-upgradable|awk '{print $1}')" 4 5 if test "$PACKAGES"; then 6 echo -e "Packages to be upgraded:n$PACKAGES" 7 read -p"Check and confirm with 'yes': " CONFIR_INPUT 8 if test "$CONFIR_INPUT" = "yes"; then 9 echo "Confirmed performing upgrade" 10 opkg upgrade $PACKAGES 11 else 12 echo "Input invalid - aborting." 13 fi 14 else 15 echo -e "No packages to be upgraded." 16 echo "Nothing to do - exiting ..." 17 fi
Make script executable
1 chmod u+x /sbin/opkg_upgrade
Upgrade the system in tmux
1 ### INSTALL AND START tmux IF YOU HAVEN'T 2 opkg update 3 opkg install tmux 4 tmux 5 ### UPGRADE 6 opkg_upgrade
You may have to execute it more than once (e.g. if netifd is upgraded).
Automatic opkg_upgrade
crontab -e
1 0 2 * * * echo yes |/sbin/opkg_upgrade
System upgrades
Configure your backup
-
https://openwrt.org/docs/guide-user/troubleshooting/backup_restore
These files are kept during sysupgrades! Maintain this file carefully!
/etc/sysupgrade.conf
1 ## This file contains files and directories that should 2 ## be preserved during an upgrade. 3 4 # /etc/example.conf 5 # /etc/openvpn/ 6 7 ### docu 8 /etc/user_installed_pkg.list 9 /etc/sysbackup.tar.gz 10 11 ### daemons 12 /etc/samba/ 13 /etc/dropbear/ 14 /etc/dnsmasq.hosts 15 /etc/collectd.conf 16 /etc/fwknop/ 17 /etc/vsftpd/ 18 /etc/vsftpd.conf 19 /etc/config/ahcpd 20 /etc/dnsmasq.conf 21 /etc/ppp/ 22 23 ### configs 24 /etc/screenrc 25 26 ### login data 27 /etc/group 28 /etc/group- 29 /etc/passwd 30 /etc/passwd- 31 /etc/profile 32 /etc/profile.local 33 /etc/shadow 34 /etc/shadow- 35 /etc/login.defs 36 37 ### system 38 /etc/config/ 39 /etc/crontabs 40 /etc/dropbear/dropbear_rsa_host_key 41 /etc/exports 42 /etc/firewall.user 43 /etc/kresd/custom.conf 44 /etc/inittab 45 /etc/lvm/ 46 #/etc/opkg 47 /etc/opkg/customfeeds.conf 48 /etc/opkg.conf 49 /etc/rc.local 50 /etc/sysctl.conf 51 /etc/sysctl.d/local.conf 52 /etc/sysupgrade.conf 53 54 ### databases 55 /etc/ethers 56 /etc/hosts 57 /etc/protocols 58 /etc/services 59 /etc/shells 60 61 ### scripts 62 /etc/listlinkedpkg.sh 63 /etc/listuserpackages.sh 64 /etc/opkg_color.sh 65 /sbin/opkg_upgrade 66 /sbin/opkg_remove_partly_installed_packages.sh
Check what is backed up
1 sysupgrade -l 2 ### OR WITH SHELL 3 grep -v -e '^$' -e '^#' /etc/sysupgrade.conf 4 |while read LINE; do 5 ls -d "$LINE" 2>/dev/null; 6 done
Create backup
Create a backup (e.g. to your overlay-fs)
1 umask go= 2 DIR_BACKUP="/root/backup" 3 [ -d "$DIR_BACKUP" ] || mkdir "$DIR_BACKUP" 4 sysupgrade -k -b "$DIR_BACKUP/backup-${HOSTNAME}-$(date +%F_+%H%M%S).tar.gz" 5 ls -l "$DIR_BACKUP"/backup-*.tar.gz
%H%M%S is better than %T with ssh-based copying because of the interpretation of : (colon) as the remote path delimiter …
Secure the backup from another machine
1 scp 'root@192.168.1.1:/root/backup/backup-*.tar.gz' . 2 scp 'root@openwrt.lan:/root/backup/backup-*.tar.gz' .
SAVE
Restore backup
1 # Upload backup 2 scp backup-*.tar.gz root@openwrt.lan:/root 3 4 # Restore backup 5 ls /root/backup-*.tar.gz 6 sysupgrade -r /root/backup-your_specific_point_in_time.tar.gz
Perform the upgrade
1 sysupgrade -v /root/img-bin
If you unluckyly bricked the device
#System recovery
System recovery
-
https://openwrt.org/docs/guide-user/troubleshooting/vendor_specific_rescue
TFTP
-
https://openwrt.org/docs/guide-user/troubleshooting/tftpserver
-
https://openwrt.org/toh/start
-
https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol
Prepare TFTPD
You’ll need root privileges
- install a TFTP daemon
- to bind to port 69/UDP
Classically install atftpd and a tftp client
1 apt install atftpd tftp
The daemon is listening right from installation, wrapped by Wietse Venemas tcpd
1 LANG=C netstat -tulpen |grep -e '^Proto' -e ':69' 2 Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name 3 udp 0 0 0.0.0.0:69 0.0.0.0:* 0 49344 2415/rlinetd 4 udp6 0 0 :::69 :::* 0 49345 2415/rlinetd
TCPD
/etc/rlinetd.conf
1 # look for further configuration files elsewhere (ignore editor backup files) 2 3 directory "/etc/rlinetd.d" "" "(~|.bak|.swp|.ucf-.*|.dpkg-.*)$"; 4 5 # set up some reasonable defaults 6 7 defaults { 8 instances 5; 9 # only making services available to your inside network? 10 # interface 192.168.1.1; 11 }
/etc/rlinetd.d/tftp_udp
1 # This file was automatically generated by inetd2rlinetd 2 3 # Generated from: tftp dgram udp wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd --tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /srv/tftp 4 service "tftp_udp" { 5 enabled yes; 6 protocol udp; 7 port "tftp"; 8 user "nobody"; 9 exec "/usr/sbin/in.tftpd --tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /srv/tftp"; 10 server "/usr/sbin/tcpd"; 11 wait yes; 12 }
Directory structure
The default config points to /srv/tftp. Let’s create the directory structure, which should also be writeable by the group «tftp» for convinience.
1 addgroup --system tftp 2 adduser tobias tftp 3 install -o root -g tftp -m 2775 -d /srv/tftp
You’ll need to logoff and on again to be member of the group. :-/ Check it with id.
Prepare device specific files
In my specific case i broke a «BT Home Hub 5A». So i took a look on its device specific OpenWRT page.
https://openwrt.org/toh/bt/homehub_v5a
I downloaded the bootloader image, tftp-bootable install image, and the current snapshot of openwrt and put it to a subdirectory of the tftpd-root.
1 sudo install -o tobias -g tftp -m 2775 -d /srv/tftp/homehub_v5a 2 cd /srv/tftp/homehub_v5a 3 wget "https://github.com/mkresin/BTHH5a-installimage/releases/download/v1.0/lede-lantiq-bthomehubv5a_ram-u-boot.asc" 4 wget "https://github.com/mkresin/BTHH5a-installimage/releases/download/v1.0/lede-lantiq-xrx200-BTHOMEHUBV5A-installimage.bin" 5 wget "https://downloads.openwrt.org/snapshots/targets/lantiq/xrx200/openwrt-lantiq-xrx200-bt_homehub-v5a-squashfs-sysupgrade.bin" 6 ln -s /srv/tftp/homehub_v5a/lede-lantiq-xrx200-BTHOMEHUBV5A-installimage.bin 7 /srv/tftp/lede-lantiq-xrx200-BTHOMEHUBV5A-installimage.bin 8 ls -l /srv/tftp/homehub_v5a 9 insgesamt 18612 10 -rw-r--r-- 1 tobias tftp 853647 3. Nov 2017 lede-lantiq-bthomehubv5a_ram-u-boot.asc 11 -rw-r--r-- 1 tobias tftp 11387322 3. Nov 2017 lede-lantiq-xrx200-BTHOMEHUBV5A-installimage.bin 12 -rw-r--r-- 1 tobias tftp 6810208 1. Sep 02:01 openwrt-lantiq-xrx200-bt_homehub-v5a-squashfs-sysupgrade.bin
Test the connection
There is no command in tftp to change or list directories. So you the file needs to be put into the base directory and you need to know the filename.
Startup the client and download a file
1 tobias@libertas ~ % tftp 192.168.1.10 2 tftp> ? 3 Commands may be abbreviated. Commands are: 4 5 connect connect to remote tftp 6 mode set file transfer mode 7 put send file 8 get receive file 9 quit exit tftp 10 verbose toggle verbose mode 11 trace toggle packet tracing 12 status show current status 13 binary set mode to octet 14 ascii set mode to netascii 15 rexmt set per-packet retransmission timeout 16 timeout set total retransmission timeout 17 ? print help information 18 tftp> get lede-lantiq-xrx200-BTHOMEHUBV5A-installimage.bin 19 Transfer timed out. 20 21 ### LOG SHOWED TCPD WAS MISSING 22 tftp> get lede-lantiq-xrx200-BTHOMEHUBV5A-installimage.bin 23 Received 11460682 bytes in 1.0 seconds
TFTP works!
Create serial connection
- Prepare a connection to the board (e.g. solder wires or headers)
- Adjust voltage of the USB-UART adapter
- Connect the serial adapter
- TX of the board to RX of the adapter
- RX of the board to TX of the adapter
- GROUND of the board to GROUND of the adapter
Your user should be member of the unix group ‘dialout’. Logoff (completely) from the system and in again to gain membership.
1 sudo adduser tobias dialout
Establish a connection via the adapter with the respective parameters
1 ls -l /dev/ttyUSB* 2 crw-rw---- 1 root dialout 188, 0 27. Aug 11:22 /dev/ttyUSB0 3 minicom -c on -b 115200 -8 -D /dev/ttyUSB0
In my case the boot-loader was still okay, but the kernel image could not be loaded.
1 Willkommen zu minicom 2.8 2 3 Optionen: I18n 4 Port /dev/ttyUSB0, 08:56:49 5 6 Drücken Sie CTRL-A Z für Hilfe zu speziellen Tasten 7 8 ROM VER: 1.1.4 9 CFG 06 10 NAND 11 NAND Read OK 12 13 DDR autotuning Rev 0.3d 14 DDR size from 0xa0000000 - 0xa7ffffff 15 DDR check ok... start booting... 16 17 18 19 U-Boot 2010.06-LANTIQ-v-2.2.46 (Dec 06 2013 - 02:39:45 on tester@clean-machine) 20 21 CLOCK CPU 500M RAM 250M 22 secure boot 23 DRAM: 125 MiB 24 NAND: ONFI flash detected 25 ONFI param page 0 valid 26 NAND device: Manufacturer ID: 0x01, Chip ID: 0xf1 (AMD S34ML01G1) 27 128 MiB 28 Bad block table found at page 65472, version 0x01 29 Bad block table found at page 65408, version 0x01 30 In: serial 31 Out: serial 32 Err: serial 33 Net: Internal phy(GE) firmware version: 0x841b 34 vr9 Switch 35 36 Type "run flash_nfs" to mount root filesystem over NFS 37 38 Hit any key to stop autoboot: 0 39 Creating 1 MTD partitions on "nand0": 40 0x000000100000-0x000007f80000 : "mtd=0" 41 UBI: attaching mtd1 to ubi0 42 UBI: physical eraseblock size: 131072 bytes (128 KiB) 43 UBI: logical eraseblock size: 129024 bytes 44 UBI: smallest flash I/O unit: 2048 45 UBI: sub-page size: 512 46 UBI: VID header offset: 512 (aligned 512) 47 UBI: data offset: 2048 48 UBI: attached mtd1 to ubi0 49 UBI: MTD device name: "mtd=0" 50 UBI: MTD device size: 126 MiB 51 UBI: number of good PEBs: 1012 52 UBI: number of bad PEBs: 0 53 UBI: max. allowed volumes: 128 54 UBI: wear-leveling threshold: 4096 55 UBI: number of internal volumes: 1 56 UBI: number of user volumes: 1 57 UBI: available PEBs: 997 58 UBI: total number of reserved PEBs: 15 59 UBI: number of PEBs reserved for bad PEB handling: 10 60 UBI: max/mean erase counter: 400/282 61 kernel volume not found 62 Wrong Image Format for bootm command 63 ERROR: can't get kernel image! 64 VR9 # 65
Das U-Boot
typically abbreviated as just «U-Boot»
-
Das U-Boot — the Universal Boot Loader
-
Github u-boot/u-boot
-
Heise.de Der generische Bootloader U-Boot — Auf Tauchkurs — Udo Seidel
- Mailing Lists
-
The U-Boot Archives
-
marc.info u-boot
-
GPLv2
Got dropped into the uboot shell
1 VR9 # help 2 ? - alias for 'help' 3 base - print or set address offset 4 bootm - boot application image from memory 5 bootp - boot image via network using BOOTP/TFTP protocol 6 chpart - change active partition 7 cmp - memory compare 8 cp - memory copy 9 crc32 - checksum calculation 10 dualimage- dualimage - sets openrg_start and openrg_size according to the current active image. 11 12 echo - echo args to console 13 go - start application at address 'addr' 14 help - print command description/usage 15 loop - infinite loop on address range 16 md - memory display 17 mm - memory modify (auto-incrementing address) 18 mtdparts- define flash/nand partitions 19 mtest - simple RAM read/write test 20 mw - memory write (fill) 21 nand - NAND sub-system 22 nboot - boot from NAND device 23 nm - memory modify (constant address) 24 printenv- print environment variables 25 rarpboot- boot image via network using RARP/TFTP protocol 26 reset - Perform RESET of the CPU 27 run - run commands in an environment variable 28 saveenv - save environment variables to persistent storage 29 setenv - set environment variables 30 signverify- signverify - verify the active image signature and decryption if needed. 31 32 tftpboot- boot image via network using TFTP protocol 33 ubi - ubi commands 34 upgrade - upgrade - forward/backward copy memory to pre-defined flash location 35 36 version - print monitor version 37 VR9 # 38
Display the version to aquire the manual
1 VR9 # version 2 3 U-Boot 2010.06-LANTIQ-v-2.2.46 (Dec 06 2013 - 02:39:45 on tester@clean-machine)
Display the environment to gather information like server ip
1 VR9 # printenv 2 bootdelay=1 3 baudrate=115200 4 preboot=echo;echo Type "run flash_nfs" to mount root filesystem over NFS;echo 5 bootfile="openrg.img" 6 cert=-----BEGIN CERTIFICATE----- 7 MIICtjCCAZ4CCQCCD6si8HRyjDANBgkqhkiG9w0BAQUFADAdMQswCQYDVQQGEwJV 8 UzEOMAwGA1UEAxMFSnVuZ28wHhcNMTMxMjA1MjIzNjU0WhcNMzMxMjA1MjIzNjU0 9 WjAdMQswCQYDVQQGEwJVUzEOMAwGA1UEAxMFSnVuZ28wggEiMA0GCSqGSIb3DQEB 10 AQUAA4IBDwAwggEKAoIBAQDQupk1RFBIK7J980ya9oDpV1g+bg+g6tWW0GHX2sof 11 xW5sF2NOvI73Y1hPDmfSfVeZSx8wWamb5Ihknm5hjP1fjrvXJ6iRoC9lbXgqYAV1 12 Rc1JVpV69ZLFDQLhT9+4VFAMMRyVFcd0TqlPyhlg8QEbzzczSznpphlnI4ZnYiqn 13 NNq1ZYNd4LIo7+W9is1ECi9oo02sPQN+k9NJWuM9BTSL8XfiAresYSSOZfiOnT3p 14 w9ZDJMiXCT1sa80LRsIJpPceAJ5OzHiN598ERgApsk8uMCr5QFndtDW/d0QRVANJ 15 EmjDtMcqg+JSdcMUgji6msE+0XFjFO+QnbxQPM+n53Q7AgMBAAEwDQYJKoZIhvcN 16 AQEFBQADggEBABTmjDTqZMGNEBsvVWo8ZW3X4FLx3uOgIZG9zc5ZiaU08c9UExeo 17 Tvei/mrHTLoxSI+nXDpP54FuKi6KIk87OWH/kS1HyXxoD9zmgXAbpqYMh//LzyKc 18 +gwxBpS/XQJLxnl0YLDfk5SR1BZsPWegc3V8TmS0U5CdxsJ5SDalvTbJrJMwlV3y 19 Z9xBPrtF5RGXwPDQICkX40u2vcvd8NkNa6OYb0Gcp7PfdwSmhmXXUY2btjjxORlF 20 1eT7mGL1PkmhEsMoviroWT5gNRJbxQszVqNiwH3tcMvrVo2/IODgtFVNIsjFj36G 21 YappoROYOJqf4JNcnSYUoR6tNyThYD7giNA= 22 -----END CERTIFICATE----- 23 -----BEGIN CERTIFICATE----- 24 MIIE7jCCA9agAwIBAgIJAJ/y7ShWD/6pMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD 25 VQQGEwJVSzEQMA4GA1UECBMHU3VmZm9sazEQMA4GA1UEBxMHSXBzd2ljaDEnMCUG 26 A1UEChMeQnJpdGlzaCBUZWxlY29tbXVuaWNhdGlvbnMgcGxjMRUwEwYDVQQLEwxD 27 UEUgUGxhdGZvcm0xEzARBgNVBAMTCkRhdmUgSmFtZXMxIjAgBgkqhkiG9w0BCQEW 28 E2RhdmUuZS5qYW1lc0BidC5jb20wHhcNMTMwMjAxMTE1MDQ2WhcNMzMwMjAxMTE1 29 MDQ2WjCBqjELMAkGA1UEBhMCVUsxEDAOBgNVBAgTB1N1ZmZvbGsxEDAOBgNVBAcT 30 B0lwc3dpY2gxJzAlBgNVBAoTHkJyaXRpc2ggVGVsZWNvbW11bmljYXRpb25zIHBs 31 YzEVMBMGA1UECxMMQ1BFIFBsYXRmb3JtMRMwEQYDVQQDEwpEYXZlIEphbWVzMSIw 32 IAYJKoZIhvcNAQkBFhNkYXZlLmUuamFtZXNAYnQuY29tMIIBIjANBgkqhkiG9w0B 33 AQEFAAOCAQ8AMIIBCgKCAQEAwFjjDbl9/PIunU8BHu/5wg24DParZe5SnPWxG+aF 34 51EWdhK0KamLU4ADxkdfRWLAufJsrt2b+AoG4qWwVjbE3HqPwXsrJNZoc6YBC0bB 35 Hfy7/u4jo/kd3iTQwgkhTmHRjJdTp4CL8WKPKCDe5qO3SuERp8wglHHzA+Ea7dH2 36 4KkEPK4wD8HAkX9wWhPipmxYIKG+YwjmQfeVggI6HgJ4gVHlol17ZjXiWFSoUTka 37 ziYbYf/i8f+ayM8mNV27zJ0LjhY5E50EhzI5QXFIoDBYNNfQJYWNT/NDGx9mr4G4 38 439XwK62yiG2CmNn6bjYlASqnMu0NHd6JcM7ASttVV4JiQIDAQABo4IBEzCCAQ8w 39 HQYDVR0OBBYEFGAe/bZoesow/+DWuRz9gManNE/SMIHfBgNVHSMEgdcwgdSAFGAe 40 /bZoesow/+DWuRz9gManNE/SoYGwpIGtMIGqMQswCQYDVQQGEwJVSzEQMA4GA1UE 41 CBMHU3VmZm9sazEQMA4GA1UEBxMHSXBzd2ljaDEnMCUGA1UEChMeQnJpdGlzaCBU 42 ZWxlY29tbXVuaWNhdGlvbnMgcGxjMRUwEwYDVQQLEwxDUEUgUGxhdGZvcm0xEzAR 43 BgNVBAMTCkRhdmUgSmFtZXMxIjAgBgkqhkiG9w0BCQEWE2RhdmUuZS5qYW1lc0Bi 44 dC5jb22CCQCf8u0oVg/+qTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IB 45 AQCFzVvT9EH8h+xM2xg/85SLaNIAAPrPN3tTknLix4+/NseGczl788bdFehdEGy2 46 2w27mBTxFIorGwM5z1etfr5a5AP5zEUbpRvJDZ47v5skQ0j7a73CxAiYD8NtqAZ8 47 kcxxIGmqisOy9wIcgzXB8Ezap0+erxBYwFaz11VWoo0yjEvxYS66vq0u/2YlZJOj 48 UkjRuycd+bz8hma3lP8TmOajxYyeVfUOd+x49Q/J2D5IEbyFhFjlS2Zs4VR6mR0R 49 P7N4ZJptV+OLGKra7rnhtz20FEUfd0Ju0OoWd9h0DPN1M/h/OFdtrTKijEsGab2I 50 VHKbpEVM7ObIIHGxmt6kWZho 51 -----END CERTIFICATE----- 52 53 mem=127M 54 phym=128M 55 ethaddr=00:E0:92:00:01:40 56 netdev=eth0 57 console=ttyS0 58 tftppath= 59 loadaddr=0x80800000 60 rootpath=/mnt/full_fs 61 rootfsmtd=/dev/mtdblock2 62 nfsargs= setenv bootargs root=/dev/nfs rw nfsroot=$(serverip):$(rootpath) 63 ramargs=setenv bootargs root=/dev/ram rw 64 addip=setenv bootargs $(bootargs) ip=$(ipaddr):$(serverip):$(gatewayip):$(netmask):$(hostname):$(netdev):on 65 addmisc=setenv bootargs $(bootargs) console=$(console),$(baudrate) ethaddr=$(ethaddr) phym=$(phym) mem=$(mem) panic=1 mtdparts=$(mtdparts) vpe1 66 flash_nfs=run nfsargs addip addmisc;bootm $(kernel_addr) 67 net_nfs=tftp $(loadaddr) $(tftppath)$(bootfile);run nfsargs addip addmisc;bootm 68 net_flash=tftp $(loadaddr) $(tftppath)$(bootfile); run flashargs addip addmisc; bootm 69 net_ram=tftp $(loadaddr) $(tftppath)$(bootfile); bootm 70 u-boot=u-boot.lq 71 rootfs=rootfs.img 72 firmware=firmware.img 73 fullimage=fullimage.img 74 totalimage=totalimage.img 75 load=tftp $(loadaddr) $(u-boot) 76 update=protect off 1:0-2;era 1:0-2;cp.b $(loadaddr) B0000000 $(filesize) 77 flashargs=setenv bootargs root=$(rootfsmtd) ro rootfstype=squashfs init=/etc/preinit 78 flash_flash=run flashargs addip addmisc; bootm $(kernel_addr) 79 update_nandboot=tftp $(loadaddr) $(tftppath)u-boot-nand.bin; nand erase 0 0x100000; nand write.partial $(loadaddr) 0 $(filesize); reset 80 ubi_init=setenv kernel_vol kernel;setenv rootfs_vol rootfs;setenv firmware_vol firmware;setenv kernel_id 0;setenv rootfs_id 1;setenv firmware_iw 81 update_kernel=tftpboot $(loadaddr) $(tftppath)$(bootfile);upgrade $(loadaddr) $(filesize) 82 update_bootloader=update_uboot;update gphyfirmware 83 update_rootfs=tftpboot $(loadaddr) $(tftppath)$(rootfs); upgrade $(loadaddr) $(filesize) 84 update_firmware=tftpboot $(loadaddr) $(tftppath)$(firmware);upgrade $(loadaddr) $(filesize) 85 update_fullimage=tftpboot $(loadaddr) $(tftppath)$(fullimage);upgrade $(loadaddr) $(filesize) 86 update_totalimage=tftpboot $(loadaddr) $(tftppath)$(totalimage);upgrade $(loadaddr) $(filesize) 87 reset_uboot_config=nand write.partial 80400000 $(f_ubootconfig_addr) $(f_ubootconfig_size) 88 reset_ddr_config=nand write.partial 80400000 $(f_ddrconfig_addr) $(f_ddrconfig_size) 89 mtdparts=mtdparts=nand0:0x07e80000@0x100000(UBI) 90 mtdids=nand0=nand0 91 part0_begin=0x00000000 92 part1_begin=0x00040000 93 part2_begin=0x000C0000 94 part3_begin=0x002C0000 95 part4_begin=0x06C40000 96 part5_begin=0x07040000 97 part6_begin=0x07080000 98 total_part=7 99 flash_end=0x07FFFFFF 100 data_block0=uboot 101 data_block1=firmware 102 data_block2=kernel 103 data_block3=rootfs 104 data_block4=sysconfig 105 data_block5=ubootconfig 106 data_block6=dectconfig 107 total_db=7 108 f_uboot_addr=0x00000000 109 f_uboot_size=0 110 f_ubootconfig_addr=0xA0000 111 f_ubootconfig_size=0x20000 112 f_ubootconfig_end=0x0704FFFF 113 f_gphy_firmware_addr=IFX_CFG_FLASH_GPHY_FIRMWARE_IMAGE_START_ADDR 114 f_gphy_firmware_size=IFX_CFG_FLASH_GPHY_FIRMWARE_IMAGE_SIZE 115 f_gphy_firmware_end=IFX_CFG_FLASH_GPHY_FIRMWARE_IMAGE_END_ADDR 116 f_kernel_addr=0x000C0000 117 f_kernel_size=0 118 f_kernel_end=IFX_CFG_FLASH_KERNEL_IMAGE_END_ADDR 119 f_rootfs_addr=0x002C0000 120 f_rootfs_size=0x6980000 121 f_rootfs_end=IFX_CFG_FLASH_ROOTFS_IMAGE_END_ADDR 122 f_firmware_addr=0x00040000 123 f_firmware_size=0 124 f_fwdiag_addr=IFX_CFG_FLASH_FIRMWARE_DIAG_START_ADDR 125 f_fwdiag_size=IFX_CFG_FLASH_FIRMWARE_DIAG_SIZE 126 f_sysconfig_addr=0x06C40000 127 f_sysconfig_size=0x400000 128 f_dectconfig_addr=0x07080000 129 f_dectconfig_size=0x40000 130 f_wlanconfig_addr= IFX_CFG_FLASH_WLAN_CFG_START_ADDR 131 f_wlanconfig_size=IFX_CFG_FLASH_WLAN_CFG_SIZE 132 f_ddrconfig_addr=0x000057E8 133 f_ddrconfig_size=24 134 f_ddrconfig_end=0x000057FF 135 ethact=vr9 Switch 136 ipaddr=192.168.1.1 137 serverip=192.168.1.10 138 bootcmd_openrg=ubi part UBI; dualimage; bootm $(openrg_start) 139 bootcmd=ubi part UBI; ubi read $(loadaddr) kernel; bootm $(loadaddr) 140 stdin=serial 141 stdout=serial 142 stderr=serial 143 ver=U-Boot 2010.06-LANTIQ-v-2.2.46 (Dec 06 2013 - 02:39:45 on tester@clean-machine) 144 partition=nand0,0 145 mtddevnum=0 146 mtddevname=UBI 147 148 Environment size: 6831/131068 bytes
Add serverip to your machine and start the tftp server
1 sudo ip a add 192.168.1.10/24 dev bridge
Load the firmware image into RAM and boot address.
1 VR9 # tftpboot 0x81000000 lede-lantiq-xrx200-BTHOMEHUBV5A-installimage.bin; bootm 0x81000000 2 Using vr9 Switch device 3 TFTP from server 192.168.1.10; our IP address is 192.168.1.1 4 Filename 'lede-lantiq-xrx200-BTHOMEHUBV5A-installimage.bin'. 5 Load address: 0x81000000 6 Loading: ################################################################# 7 ################################################################# 8 ################################################################# 9 ################################################################# 10 ################################################################# 11 ################################################################# 12 ################################################################# 13 ################################################################# 14 ################################################################# 15 ################################################################# 16 ################################################################# 17 ############################################################# 18 done 19 Bytes transferred = 11387322 (adc1ba hex) 20 ## Booting kernel from Legacy Image at 81000000 ... 21 Image Name: MIPS LEDE Linux-4.4.92 22 Created: 2017-10-17 17:46:20 UTC 23 Image Type: MIPS Linux Kernel Image (uncompressed) 24 Data Size: 11387258 Bytes = 10.9 MiB 25 Load Address: 80002000 26 Entry Point: 80002000 27 Verifying Checksum ... OK 28 Loading Kernel Image ... OK 29 OK 30 31 Starting kernel ... 32 33 [ 0.000000] Linux version 4.4.92 (mkresin@desktop) (gcc version 5.4.0 (LEDE GCC 5.4.0 r3560-79f57e422d) ) #0 Tue Oct 17 17:46:20 2017 34 [ 0.000000] SoC: xRX200 rev 1.2 35 [ 0.000000] bootconsole [early0] enabled 36 [ 0.000000] CPU0 revision is: 00019556 (MIPS 34Kc) 37 [ 0.000000] MIPS: machine is BTHOMEHUBV5A - BT Home Hub 5A 38 [ 0.000000] Determined physical RAM map: 39 [ 0.000000] memory: 08000000 @ 00000000 (usable) 40 [ 0.000000] Initrd not found or empty - disabling initrd 41 [ 0.000000] Zone ranges: 42 [ 0.000000] Normal [mem 0x0000000000000000-0x0000000007ffffff] 43 [ 0.000000] Movable zone start for each node 44 [ 0.000000] Early memory node ranges 45 [ 0.000000] node 0: [mem 0x0000000000000000-0x0000000007ffffff] 46 [ 0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x0000000007ffffff] 47 [ 0.000000] Primary instruction cache 32kB, VIPT, 4-way, linesize 32 bytes. 48 [ 0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes 49 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 32512 50 [ 0.000000] Kernel command line: console=ttyLTQ0,115200 51 [ 0.000000] PID hash table entries: 512 (order: -1, 2048 bytes) 52 [ 0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes) 53 [ 0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes) 54 [ 0.000000] Writing ErrCtl register=00048046 55 [ 0.000000] Readback ErrCtl register=00048046 56 [ 0.000000] Memory: 117460K/131072K available (3778K kernel code, 162K rwdata, 792K rodata, 7412K init, 210K bss, 13612K reserved, 0K cma-re) 57 [ 0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 58 [ 0.000000] NR_IRQS:256 59 [ 0.000000] Setting up vectored interrupts 60 [ 0.000000] CPU Clock: 500MHz 61 [ 0.000000] clocksource: MIPS: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041786 ns 62 [ 0.000010] sched_clock: 32 bits at 250MHz, resolution 4ns, wraps every 8589934590ns 63 [ 0.007856] Calibrating delay loop... 332.54 BogoMIPS (lpj=665088) 64 [ 0.042316] pid_max: default: 32768 minimum: 301 65 [ 0.047157] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes) 66 [ 0.053723] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes) 67 [ 0.066632] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns 68 [ 0.076277] futex hash table entries: 256 (order: -1, 3072 bytes) 69 [ 0.082481] pinctrl core: initialized pinctrl subsystem 70 [ 0.088323] NET: Registered protocol family 16 71 [ 0.097144] pinctrl-xway 1e100b10.pinmux: Init done 72 [ 0.102666] dma-xway 1e104100.dma: Init done - hw rev: 7, ports: 7, channels: 28 73 [ 0.212595] dcdc-xrx200 1f106a00.dcdc: Core Voltage : 1016 mV 74 [ 0.218341] Can't analyze schedule() prologue at 80008f30 75 [ 0.232232] PCI host bridge /fpi@10000000/pci@E105400 ranges: 76 [ 0.237840] MEM 0x0000000018000000..0x0000000019ffffff 77 [ 0.243126] IO 0x000000001ae00000..0x000000001affffff 78 [ 0.366187] PCI host bridge /fpi@10000000/pcie@d900000 ranges: 79 [ 0.385197] usbcore: registered new interface driver usbfs 80 [ 0.390684] usbcore: registered new interface driver hub 81 [ 0.396050] usbcore: registered new device driver usb 82 [ 0.401470] PCI host bridge to bus 0000:00 83 [ 0.405461] pci_bus 0000:00: root bus resource [mem 0x18000000-0x19ffffff] 84 [ 0.412368] pci_bus 0000:00: root bus resource [io 0x1ae00000-0x1affffff] 85 [ 0.419312] pci_bus 0000:00: root bus resource [??? 0x00000000 flags 0x0] 86 [ 0.426168] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff] 87 [ 0.434684] pci 0000:00:0e.0: BAR 0: assigned [mem 0x18000000-0x1800ffff] 88 [ 0.441566] PCI host bridge to bus 0000:01 89 [ 0.445549] pci_bus 0000:01: root bus resource [mem 0x1c000000-0x1cffffff] 90 [ 0.452462] pci_bus 0000:01: root bus resource [io 0x1d800000-0x1d8fffff] 91 [ 0.459406] pci_bus 0000:01: root bus resource [??? 0x00000000 flags 0x0] 92 [ 0.466262] pci_bus 0000:01: No busn resource found for root bus, will use [bus 01-ff] 93 [ 0.474325] ifx_pcie_rc_class_early_fixup: fixed pcie host bridge to pci-pci bridge 94 [ 0.492363] pci 0000:01:00.0: bridge configuration invalid ([bus 02-00]), reconfiguring 95 [ 0.501131] pci 0000:01:00.0: BAR 8: assigned [mem 0x1c000000-0x1c1fffff] 96 [ 0.507810] pci 0000:01:00.0: BAR 9: assigned [mem 0x1c200000-0x1c2fffff pref] 97 [ 0.515079] pci 0000:02:00.0: BAR 0: assigned [mem 0x1c000000-0x1c1fffff 64bit] 98 [ 0.522477] pci 0000:02:00.0: BAR 6: assigned [mem 0x1c200000-0x1c20ffff pref] 99 [ 0.529742] pci 0000:01:00.0: PCI bridge to [bus 02] 100 [ 0.534778] pci 0000:01:00.0: bridge window [mem 0x1c000000-0x1c1fffff] 101 [ 0.541635] pci 0000:01:00.0: bridge window [mem 0x1c200000-0x1c2fffff pref] 102 [ 0.549001] ifx_pcie_bios_map_irq port 0 dev 0000:01:00.0 slot 0 pin 1 103 [ 0.555606] ifx_pcie_bios_map_irq dev 0000:01:00.0 irq 144 assigned 104 [ 0.561948] ifx_pcie_bios_map_irq port 0 dev 0000:02:00.0 slot 0 pin 1 105 [ 0.568614] ifx_pcie_bios_map_irq dev 0000:02:00.0 irq 144 assigned 106 [ 0.575753] clocksource: Switched to clocksource MIPS 107 [ 0.581994] NET: Registered protocol family 2 108 [ 0.587124] TCP established hash table entries: 1024 (order: 0, 4096 bytes) 109 [ 0.594010] TCP bind hash table entries: 1024 (order: 0, 4096 bytes) 110 [ 0.600392] TCP: Hash tables configured (established 1024 bind 1024) 111 [ 0.606896] UDP hash table entries: 256 (order: 0, 4096 bytes) 112 [ 0.612741] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes) 113 [ 0.619289] NET: Registered protocol family 1 114 [ 0.750226] gptu: totally 6 16-bit timers/counters 115 [ 0.755062] gptu: misc_register on minor 63 116 [ 0.759156] gptu: succeeded to request irq 126 117 [ 0.763645] gptu: succeeded to request irq 127 118 [ 0.768160] gptu: succeeded to request irq 128 119 [ 0.772672] gptu: succeeded to request irq 129 120 [ 0.777185] gptu: succeeded to request irq 130 121 [ 0.781699] gptu: succeeded to request irq 131 122 [ 0.786527] phy-xrx200 gphy-xrx200: requesting lantiq/vr9_phy11g_a2x.bin 123 [ 0.793849] phy-xrx200 gphy-xrx200: booting GPHY0 firmware at 7DA0000 124 [ 0.800179] phy-xrx200 gphy-xrx200: booting GPHY1 firmware at 7DA0000 125 [ 0.906906] No VPEs reserved for AP/SP, not initialize VPE loader 126 [ 0.906906] Pass maxvpes=<n> argument as kernel argument 127 [ 0.918258] No TCs reserved for AP/SP, not initializing RTLX. 128 [ 0.918258] Pass maxtcs=<n> argument as kernel argument 129 [ 0.930094] Crashlog allocated RAM at address 0x3f00000 130 [ 0.954224] squashfs: version 4.0 (2009/01/31) Phillip Lougher 131 [ 0.959950] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc. 132 [ 0.973688] io scheduler noop registered 133 [ 0.977494] io scheduler deadline registered (default) 134 [ 0.983297] 1e100c00.serial: ttyLTQ0 at MMIO 0x1e100c00 (irq = 112, base_baud = 0) is a lantiq,asc 135 [ 0.992189] console [ttyLTQ0] enabled 136 [ 0.992189] console [ttyLTQ0] enabled 137 [ 0.999517] bootconsole [early0] disabled 138 [ 0.999517] bootconsole [early0] disabled 139 [ 1.010669] nand: device found, Manufacturer ID: 0x01, Chip ID: 0xf1 140 [ 1.015623] nand: AMD/Spansion S34ML01G1 141 [ 1.019510] nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64 142 [ 1.027561] Bad block table found at page 65472, version 0x01 143 [ 1.033473] Bad block table found at page 65408, version 0x01 144 [ 1.038787] 5 ofpart partitions found on MTD device 14000000.nand-parts 145 [ 1.045220] Creating 5 MTD partitions on "14000000.nand-parts": 146 [ 1.051116] 0x000000000000-0x0000000a0000 : "u-boot" 147 [ 1.057847] 0x0000000a0000-0x0000000c0000 : "uboot-env" 148 [ 1.063686] 0x0000000c0000-0x000000100000 : "unused" 149 [ 1.069343] 0x000000100000-0x000007f80000 : "ubi" 150 [ 1.074999] 0x000000000000-0x000008000000 : "nand_chip" 151 [ 1.184128] libphy: lantiq,xrx200-mdio: probed 152 [ 1.195818] net-xrx200: invalid MAC, using random 153 [ 1.260483] eth0: attached PHY [Lantiq XWAY PEF7071] (phy_addr=0:00, irq=-1) 154 [ 1.328455] eth0: attached PHY [Lantiq XWAY PEF7071] (phy_addr=0:01, irq=-1) 155 [ 1.396440] eth0: attached PHY [Lantiq XWAY VR9 GPHY 11G v1.4] (phy_addr=0:11, irq=-1) 156 [ 1.464439] eth0: attached PHY [Lantiq XWAY VR9 GPHY 11G v1.4] (phy_addr=0:13, irq=-1) 157 [ 1.532456] eth0: attached PHY [Lantiq XWAY PEF7071] (phy_addr=0:05, irq=-1) 158 [ 1.639789] ltq-cputemp cputemp@0: Current CPU die temperature: 46.0 °C 159 [ 1.645314] wdt 1f8803f0.watchdog: Init done 160 [ 1.652748] NET: Registered protocol family 10 161 [ 1.661748] NET: Registered protocol family 17 162 [ 1.664886] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this. 163 [ 1.677400] 8021q: 802.1Q VLAN Support v1.8 164 [ 1.685693] UBI: auto-attach mtd3 165 [ 1.687374] ubi0: attaching mtd3 166 [ 1.853790] ubi0: scanning is finished 167 [ 1.867628] ubi0: attached mtd3 (name "ubi", size 126 MiB) 168 [ 1.871709] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 129024 bytes 169 [ 1.878554] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 512 170 [ 1.885255] ubi0: VID header offset: 512 (aligned 512), data offset: 2048 171 [ 1.892043] ubi0: good PEBs: 1012, bad PEBs: 0, corrupted PEBs: 0 172 [ 1.898136] ubi0: user volume: 1, internal volumes: 1, max. volumes count: 128 173 [ 1.905364] ubi0: max/mean erase counter: 400/282, WL threshold: 4096, image sequence number: 1019015774 174 [ 1.914849] ubi0: available PEBs: 987, total reserved PEBs: 25, PEBs reserved for bad PEB handling: 20 175 [ 1.924692] ubi0: background thread "ubi_bgt0d" start[ 1.952404] Freeing unused kernel memory: 7412K 176 [ 1.970683] init: Console is alive 177 [ 1.972972] init: - watchdog - 178 [ 1.984852] kmodloader: loading kernel modules from /etc/modules-boot.d/* 179 [ 1.996418] exFAT: Version 1.2.9 180 [ 2.032042] SCSI subsystem initialized 181 [ 2.041817] dwc2 1e101000.ifxhcd: requested GPIO 495 182 [ 2.899940] dwc2 1e101000.ifxhcd: DWC OTG Controller 183 [ 2.903534] dwc2 1e101000.ifxhcd: new USB bus registered, assigned bus number 1 184 [ 2.910860] dwc2 1e101000.ifxhcd: irq 62, io mem 0x00000000 185 [ 2.916379] dwc2 1e101000.ifxhcd: Hardware does not support descriptor DMA mode - 186 [ 2.923819] dwc2 1e101000.ifxhcd: falling back to buffer DMA mode. 187 [ 2.931284] hub 1-0:1.0: USB hub found 188 [ 2.934268] hub 1-0:1.0: 1 port detected 189 [ 2.941753] usbcore: registered new interface driver usb-storage 190 [ 2.947205] kmodloader: done loading kernel modules from /etc/modules-boot.d/* 191 [ 2.956808] init: - preinit - 192 [ 3.126232] random: procd: uninitialized urandom read (4 bytes read, 13 bits of entropy available) 193 Press the [f] key and hit [enter] to enter failsafe mode 194 Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level 195 [ 4.463898] eth0: port 4 got link 196 [ 6.281305] procd: - early - 197 [ 6.282899] procd: - watchdog - 198 [ 6.463781] eth0: port 4 lost link 199 [ 6.847919] procd: - watchdog - 200 [ 6.850063] procd: - ubus - 201 [ 6.902798] random: ubusd: uninitialized urandom read (4 bytes read, 28 bits of entropy available) 202 [ 6.910897] random: ubusd: uninitialized urandom read (4 bytes read, 28 bits of entropy available) 203 [ 6.919431] random: ubusd: uninitialized urandom read (4 bytes read, 28 bits of entropy available) 204 [ 6.928723] random: ubusd: uninitialized urandom read (4 bytes read, 28 bits of entropy available) 205 [ 6.937403] random: ubusd: uninitialized urandom read (4 bytes read, 28 bits of entropy available) 206 [ 6.946544] random: ubusd: uninitialized urandom read (4 bytes read, 28 bits of entropy available) 207 [ 6.955513] random: ubusd: uninitialized urandom read (4 bytes read, 28 bits of entropy available) 208 [ 6.964726] procd: - init - 209 Please press Enter to activate this console. 210 [ 7.143513] kmodloader: loading kernel modules from /etc/modules.d/* 211 [ 7.164503] kmodloader: done loading kernel modules from /etc/modules.d/* 212 [ 8.349749] random: jshn: uninitialized urandom read (4 bytes read, 34 bits of entropy available) 213 [ 8.415682] random: jshn: uninitialized urandom read (4 bytes read, 34 bits of entropy available) 214 [ 11.990047] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready 215 [ 12.013700] device eth0 entered promiscuous mode 216 [ 12.049481] device eth0.1 entered promiscuous mode 217 [ 12.066598] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready 218 [ 12.468012] eth0: port 4 got link 219 [ 12.470049] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready 220 [ 12.487896] br-lan: port 1(eth0.1) entered forwarding state 221 [ 12.492134] br-lan: port 1(eth0.1) entered forwarding state 222 [ 12.523801] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready 223 [ 14.495761] br-lan: port 1(eth0.1) entered forwarding state 224 [ 32.031805] random: nonblocking pool is initialized 225 226 227 228 BusyBox v1.25.1 () built-in shell (ash) 229 230 ******************************************************************************* 231 * Guide for installing LEDE onto a BT Home Hub 5 Type A & clones * 232 ******************************************************************************* 233 234 You need an USB flash drive with at least 512MB free capacity, formatted as 235 FAT32, exFAT or ext2/3/4, attached to the Hub. The attached flash drive will be 236 accessible at /tmp/mounts/<directory>. 237 238 To install LEDE, the USB flash drive must have a copy of the file: 239 lede-17.01.4-lantiq-xrx200-BTHOMEHUBV5A-squashfs-sysupgrade.bin 240 241 To restore the stock Firmware, the USB flash drive must have a copy of the 242 nanddump backup file (hh5a.nanddump) containing the stock Firmware. 243 244 LIST OF COMMANDS 245 246 To create a backup of the installed firmware (Take care to not overwrite 247 any previously made backup): 248 nanddump --file /tmp/mounts/<directory>/hh5a.nanddump /dev/mtd4 249 250 To install LEDE: 251 prepare 252 253 To restore stock firmware: 254 restore 255 256 TO UPGRADE FROM OpenWrt OR LEDE PRIOR TO r2363-0e34459e6b: 257 258 Restore the stock firmware and do a fresh install of LEDE. 259 260 If you don't have a backup of the stock firmware from your Hub, use the 261 experimental 'migrate' script. It is offered with no guarantee of success. 262 You are strongly advised to restore the stock firmware. 263 264 Please scroll back to view ALL of the above instructions. 265 266 root@LEDE:/# 267 root@LEDE:/# df -h 268 Filesystem Size Used Available Use% Mounted on 269 rootfs 57.4M 7.1M 50.2M 12% / 270 tmpfs 61.0M 56.0K 60.9M 0% /tmp 271 tmpfs 512.0K 0 512.0K 0% /dev 272 root@LEDE:/# cat /etc/openwrt_release 273 DISTRIB_ID='LEDE' 274 DISTRIB_RELEASE='17.01.4' 275 DISTRIB_REVISION='r3560-79f57e422d' 276 DISTRIB_CODENAME='reboot' 277 DISTRIB_TARGET='lantiq/xrx200' 278 DISTRIB_ARCH='mips_24kc' 279 DISTRIB_DESCRIPTION='LEDE Reboot 17.01.4 r3560-79f57e422d' 280 DISTRIB_TAINTS='no-all'
The system booted the image via tftp.
So i copied the firmware file from my computer to the device (ipaddr=192.168.1.1)
1 cd /srv/tftp 2 https://downloads.openwrt.org/snapshots/targets/lantiq/xrx200/openwrt-lantiq-xrx200-bt_homehub-v5a-squashfs-sysupgrade.bin 3 scp -o "KexAlgorithms +diffie-hellman-group14-sha1" 4 /srv/tftp/homehub_v5a/openwrt-lantiq-xrx200-bt_homehub-v5a-squashfs-sysupgrade.bin 5 192.168.1.1:/tmp
Perform the sysupgrade
1 root@LEDE:/# sysupgrade /tmp/openwrt-lantiq-xrx200-bt_homehub-v5a-squashfs-sysupgrade.bin 2 Device BTHOMEHUBV5A not supported by this image 3 Supported devices: bt,homehub-v5a BTHOMEHUBV5A - Image version mismatch: image 1.1, device 1.0. Please wipe config during upgrade (force required) or reinstall. Reason: Config cannot be migrated from swconfig to DSA 4 Image check 'fwtool_check_image' failed.
This upgrade can only performed wiping the configuration and forcefully.
1 root@LEDE:/# sysupgrade -v -F -n /tmp/openwrt-lantiq-xrx200-bt_homehub-v5a-squashfs-sysupgrade.bin 2 Device BTHOMEHUBV5A not supported by this image 3 Supported devices: bt,homehub-v5a BTHOMEHUBV5A - Image version mismatch: image 1.1, device 1.0. Please wipe config during upgrade (force required) or reinstall. Reason: Config cannot be migrated from swconfig to DSA 4 Image check 'fwtool_check_image' failed but --force given - will update anyway! 5 killall: watchdog: no process killed 6 Watchdog handover: fd=3 7 - watchdog - 8 killall: telnetd: no process killed 9 Sending TERM to remaining processes ... ubusd logd netifd odhcpd mountd ntpd dnsmasq 10 Sending KILL to remaining processes ... 11 Volume ID 0, size 21 LEBs (2709504 bytes, 2.6 MiB), LEB size 129024 bytes (126.0 KiB), dynamic, name "kernel", alignment 1 12 Volume ID 1, size 33 LEBs (4257792 bytes, 4.1 MiB), LEB size 129024 bytes (126.0 KiB), dynamic, name "rootfs", alignment 1 13 Set volume size to 120379392 14 Volume ID 2, size 933 LEBs (120379392 bytes, 114.8 MiB), LEB size 129024 bytes (126.0 KiB), dynamic, name "rootfs_data", alignment 1 15 sysupgrade successful 16 umount: can't unmount /dev: Resource busy 17 umount: can't unmount /tmp: Resource busy 18 umount: can't unmoun[ 3161.612532] reboot: Re� 19 ROM VER: 1.1.4 20 CFG 06 21 NAND 22 NAND Read OK 23 24 DDR autotuning Rev 0.3d 25 DDR size from 0xa0000000 - 0xa7ffffff 26 DDR check ok... start booting... 27 28 29 30 U-Boot 2010.06-LANTIQ-v-2.2.46 (Dec 06 2013 - 02:39:45 on tester@clean-machine) 31 32 CLOCK CPU 500M RAM 250M 33 secure boot 34 DRAM: 125 MiB 35 NAND: ONFI flash detected 36 ONFI param page 0 valid 37 NAND device: Manufacturer ID: 0x01, Chip ID: 0xf1 (AMD S34ML01G1) 38 128 MiB 39 Bad block table found at page 65472, version 0x01 40 Bad block table found at page 65408, version 0x01 41 In: serial 42 Out: serial 43 Err: serial 44 Net: Internal phy(GE) firmware version: 0x841b 45 vr9 Switch 46 47 Type "run flash_nfs" to mount root filesystem over NFS 48 …
Came up back again.
UNBRICKED
Switch to dhcp (intermediate)
The BT Homehub 5A has a VDSL2 WAN interface. Therefore we reconfigure the internal network to get an IP/DNS/GW from a DHCP server.
/etc/config/network
1 config interface 'lan' 2 option device 'br-lan' 3 option proto 'dhcp' 4 #option proto 'static' 5 #option ipaddr '192.168.1.1' 6 #option netmask '255.255.255.0' 7 #option ip6assign '60' 8
Restart the networking, which is easily possible if you are connected via UART.
1 /etc/init.d/network restart
You may also register the MAC address of the bridge in the upstream dhcp-server.
To create an access point also enable WiFi and disable the DHCP-server
/etc/config/dhcp
1 config dhcp 'lan' 2 option ignore '1' 3 option interface 'lan' 4 option start '100' 5 option limit '150' 6 option leasetime '12h' 7 option dhcpv4 'server' 8 option dhcpv6 'server' 9 option ra 'server' 10 option ra_slaac '1' 11 list ra_flags 'managed-config' 12 list ra_flags 'other-config'
Restart the DHCP-service
1 /etc/init.d/odhcpd restart
DHCP options
Please also see
-
IANA — Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) Parameters
-
IETF RFC2132 — DHCP Options and BOOTP Vendor Extensions
-
IETF RFC5071 — Dynamic Host Configuration Protocol Options Used by PXELINUX
To push a custom dhcp option you may add them in
- Menu network: interfaces
- Choose the interface and press the «Edit» button
- Select tab DHCP Server
- Select sub-ordinated tab «Advanced Settings»
- There is a input-field «DHCP-Options»
-
additional DNS servers
6,192.168.2.1,6,192.168.3.1 -
custom route
121,192.168.2.0/24,192.168.1.1 -
NTP servers
42,192.168.182.1 -
search domains
119,lan,foo -
pxe TFTP server name
66,192.168.182.16 -
pxe Bootfile name
67,pxelinux.0 -
pxe Configuration file add
209,pxelinux.cfg
-
Or configure it via CLI
/etc/config/dhcp
1 config dhcp 'lan' 2 option interface 'lan' 3 option start '100' 4 option limit '150' 5 option leasetime '12h' 6 option dhcpv4 'server' 7 list ra_flags 'none' 8 list dhcp_option '6,192.168.2.1,192.168.3.1' 9 list dhcp_option '121,192.168.2.0/24,192.168.1.1' 10 # ADDITIONAL OPTIONS OMITTED 11
DNS with dnsmasq
DNSmasq on Omnia Turris
On Turris OS, the DNS function of DNSMASQ is disabled by design, the Knot resolver is used instead. Therefore, changing the settings related to the DNS service in the DHCP and DNS screen of the LuCI interface has no effect.
-
Please see #Knot Resolver
-
Please compare to
Knot resolver (i.e. kresd) — DNS advanced settings for Omnia and MOX
Investigation
When something is changed in the webfrontend, this gets persisted in
/etc/config/dhcp. UCI that also renders a new configuration
/var/etc/dnsmasq.conf.cfg*,
which you may compare to
man dnsmasq
Test config
dnsmasq -C /var/etc/dnsmasq.conf.cfg* —test
Reload config
pgrep dnsmasq |xargs -n1 kill -HUP
Dump cache
pgrep dnsmasq |xargs -n1 kill -USR1
Temporarily change
1 log-queries=extra 2 ### LOG TO FILE 3 #log-facility=/var/log/dnsmasq.log 4 ### LOG TO STDOUT 5 log-facility=-
Tail the log
1 tail -f /var/log/dnsmasq.log
Run dnsmasq in foreground
1 /etc/init.d/dnsmasq stop; 2 /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
Stop dnsmasq using CTRL + ALTgr +
Strict order
DNS servers you specified in LUCI are queried in the opposite order. So if you are using —strict-order specify your backup DNS servers first.
No SRV records
By default the option filterwin2k is activated (1).
man dnsmasq
1 -f, --filterwin2k 2 Later versions of windows make periodic DNS requests 3 which don't get sensible answers from the public DNS 4 and can cause problems by triggering dial-on-demand 5 links. This flag turns on an option to filter such 6 requests. The requests blocked are for records of 7 types SOA and SRV, and type ANY where the requested 8 name has underscores, to catch LDAP requests.
In LUCI this option is toggled with Network -> DHCP and DNS -> Advanced Settings -> «filter useless».
/etc/config/dhcp
1 config dnsmasq 2 option filterwin2k '0'
Remove the entire option or at least set this to «0»!
After applying the configuration, SRV records will resolve.
Local DNS resolution
To allow local DNS resolution, dnsmasq has to be configured correctly.
In my experience the following options should be set in LUCI.
- General settings
- Domain required
- Don’t forward DNS-Requests without DNS-Name
- Authoritative
- This is the only DHCP-Server in the local network
- Domain = «your.domain»
- Local domain suffix appended to DHCP names and hosts file entries
- Local domain = «/your.domain//»
-
Mind the trailing /
-
An empty domain specification, // has the special meaning of «unqualified names only» i.e. names without any dots in them.
- «your.domain» and any query for an unqualified name will be answered by the local system
-
- DNS forwardings = 195.201.246.253, 78.47.38.48
- Choose DNS-servers you really trust
- Rebind protection
- Discard upstream RFC1918 responses
- Allow localhost
- Allow upstream responses in the 127.0.0.0/8 range, e.g. for RBL services
- Local Service Only
- Limit DNS service to subnets interfaces on which we are serving DNS.
- Non-wildcard
- Bind dynamically to interfaces rather than wildcard address (recommended as linux default)
- Exclude interfaces = eth2
- Prevent listening on these interfaces (WAN)
- Domain required
- Advanced Settings
- Filter private
- Do not forward reverse lookups for local networks
- Localise queries
- Localise hostname depending on the requesting subnet if multiple IPs are available
- Expand hosts
- Add local domain suffix to names served from hosts files
- DNSSEC
- DNSSEC check unsigned
- Requires upstream supports DNSSEC; verify unsigned domain responses really come from unsigned domains
- Size of DNS query cache
- Number of cached DNS entries (max is 10000, 0 is no caching)
- On more beefier devices this could speed up some queries
- Filter private
Dynamic DNS
Install the luci app
1 opkg update 2 ### EITHER WITH CURL 3 opkg install luci-app-ddns bind-host curl ca-bundle 4 ### OR WITH WGET 5 opkg install luci-app-ddns bind-host wget ca-certificates
The DNS client in busybox dons not have support for tcp, therefor we can install bind-host.
You might have problems with uclient-fetch:
error: 8 is triggered when HTTP return code is different from 204 or 200.
github libkit/uclient uclient/uclient-fetch.c
To resolve this simply install curl …
# ddns-scripts configuration in
/etc/config/ddns
1 config service "ipv4ddns" 2 option enabled "1" 3 option interface "wan" 4 option use_syslog "1" 5 6 option update_url "http://[USERNAME]:[PASSWORD]@ipv4.nsupdate.rockstable.it/nic/update?hostname=[DOMAIN]&myip=[IP]" 7 option ip_source "web" 8 option ip_url "http://ipv4.nsupdate.rockstable.it/myip" 9 10 option domain "blubb.dyna.rockstable.org" 11 option username "blubb.dyna.rockstable.org" 12 option password "strong_long_pass" 13 14 # for https support, first install wget with ssl support and 15 # a current (and working) bundle of CA certificates: 16 # opkg install wget 17 # mkdir -p /etc/ssl/certs 18 # wget -P /etc/ssl/certs http://curl.haxx.se/ca/cacert.pem 19 option use_https "1" 20 option cacert "/etc/ssl/certs/cacert.pem" 21 #option cacert "/etc/ssl/certs/ca-certificates.crt" 22
Adblock
-
https://openwrt.org/docs/guide-user/services/ad-blocking
-
https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md
A must have feature! But libopenssl1.1 takes some some space. If you are limied on disk space, consider installing it on a extroot.
Install adblocker and a tool to download the blocklists (like uclient-fetch, curl, wget, aria2) and TLS support
1 opkg install luci-app-adblock uclient-fetch libustream-openssl
This is a config that worked out to be fast
/etc/config/adblock
1 config adblock 'global' 2 option adb_dns 'dnsmasq' 3 option adb_fetchutil 'uclient-fetch' 4 option adb_trigger 'wan' 5 option adb_debug '0' 6 option adb_whitelist '/etc/adblock/adblock.whitelist' 7 option adb_whitelist_rset '$1 ~/^([A-Za-z0-9_-]+.){1,}[A-Za-z]+/{print tolower("^"$1"\|[.]"$1)}' 8 option adb_backup '0' 9 option adb_backupdir '/mnt' 10 option adb_enabled '1' 11 12 config adblock 'extra' 13 option adb_debug '0' 14 option adb_nice '0' 15 option adb_whitelist '/etc/adblock/adblock.whitelist' 16 option adb_maxqueue '16' 17 option adb_forcedns '0' 18 option adb_forcesrt '1' 19 20 ### LIST SPECIFIC CONFIG OMITTED 21
You should not set adb_dnsflush = ‘1’, it gets very slow.
Wake on LAN
Install the luci app
1 opkg install luci-app-wol
Install the luci app
1 ### ON OLDER SYSTEMS 2 #opkg install luci-app-samba 3 ### ON CURRENT SYSTEMS 4 opkg install luci-app-samba4
Mount a USB-stick or a mSATA at /srv for some storage.
In most situations every samba account needs a underlying unix account. Authorization to access a file is stored in the filesystem. So we need to prepare the necessary system groups and users. Busybox has all the necessary tools builtin.
Prepare groups and directories to be authorized by membership in group samba
1 groupadd --system samba 2 [ -d /srv/samba ] && mkdir /srv/samba 3 ### EXAMPLES 4 ### DIRECTORY FOR YOUR MUSIC COLLECTION 5 [ -d /srv/samba/music ] && mkdir /srv/samba/music 6 chgrp samba /srv/samba/music 7 ### SET SETGID BIT, 8 ### SO EVERY DIRECTORY AND FILE THAT IS CREATED BELOW 9 ### BELONGS TO GROUP SAMBA 10 ### AND GROUP SAMBA IS ALWAYS ALLOWED 11 ### TO READ AND WRITE BY THE CREATION MASK IN SAMBA 12 chmod 2775 /srv/samba/music 13 14 ### DIRECTORY FOR TEMPORARY NETWORK STORAGE 15 [ -d /srv/samba/tmp ] && mkdir /srv/samba/tmp 16 chgrp samba /srv/samba/tmp 17 ### LETS SEE IF SETGID (2) AND STICKY BIT (1) WORKOUT WELL 18 chmod 3750 /srv/samba/tmp
Allow your printer to save scans on a network share
1 useradd -c 'Printer Gargantua,,,' 2 --system -s /bin/false 3 -d /srv/samba/gargantua -m 4 gargantua
Normal system users are required for authorization and a home directory may be served.
1 ### HOME DIRECTORIES 2 [ -d /srv/home ] && mkdir /srv/home 3 ln -s /srv/home /home 4 ### CREATE A USER AND ITS GROUP, 5 ### MAKE THE USER ADDITIONALLY MEMBER OF GROUP SAMBA, 6 ### DISALLOW A SYSTEM LOGIN AND 7 ### CREATE ITS HOME-DIRECTORY 8 useradd -c 'Tobias Stein,,,' -G samba -s /bin/false -m tobias 9 ### IF YOU WANT TO REMOVE THE USER 10 userdel -r tobias
Create and enable the corresponding Samba accounts
1 smbpasswd -a tobias 2 smbpasswd -e tobias 3 smbpasswd -a gargantua 4 smbpasswd -e gargantua 5 #… 6
Enable service samba4
VPN
Wireguard
Install Wireguard
1 opkg install luci-app-wireguard qrencode
Wireguard Remote-Access VPN
It is relatively comfortable to configure wireguard via the LUCI web-interface
- Generate the key material
-
Please take a look at wireguard#Create keyswireguard#Create keys
-
-
Network -> Interfaces
-
Create a new interface wg0 of type Wireguard-VPN
- General settings
- Enter the previously created private key
-
Set the listening port usually udp/51820
- Set the IP address of the interface
- Advanced Settings
- Usually nothing to change
- Firewall Settings
-
Assign the firewall zone VPN (create new)
-
- Peers
- You should skip this point now
return later when you have configured the firewall.
- You should skip this point now
- General settings
-
-
Network -> Firewall
-
Allow Input, Output and Forward from firewall zone VPN
-
Allow forwarding to the desired zones like WAN, LAN, and GUEST
-
Allow inbound wireguard traffic on the interface wan port udp/51820
-
-
Network -> Interfaces
-
Configure the peer within the interface wg0
- Peers
-
Press the ADD button
- Set a description/name for the connection
- Set the public key of the remote device
- Set the preshared key (psk) of the remote device
- Set the Allowed IPs (probalby the wireguard address of the remote device)
- Tick the checkbox «Route Alloed IPs»
- Set the «Endpoint host» used during connection initiation
- Set a «Persist Keep Alive» interval, when your device is behind a NAT.
-
- Peers
-
Network -> Firewall
- «Traffic Rules»
- Allow any additional traffic that should be routed over the Wireguard tunnel
- «Traffic Rules»
-
Status -> WireGuard Status
- Check connectivity
-
You may also configure wireguard manually on the CLI. In this case configure
/etc/network/config
1 config interface 'wg0' 2 option proto 'wireguard' 3 ### SERVER PRIVATE KEY 4 option private_key '2C/6rN9Tj5thhJZY6kkvUVyc1BQ12kOgSGEkN6757XY=' 5 list addresses '10.255.255.1/24' 6 option listen_port '51820' 7 8 config wireguard_wg0 9 option description 'test' 10 ### CLIENT PUBLIC KEY 11 option public_key 'HR4MQkH/+pMVdXyvLC/iUcTgpCo674CSU+4IDAGgahs=' 12 option preshared_key '4MlwfdGzVo3FfTMEERMhYxu/hzNIA3i0RXuFYkIKTZg=' 13 list allowed_ips '10.255.255.254' 14 option route_allowed_ips '1'
Add this to your firewall configuration to allow unlimited VPN access. Otherwise be more specific. 
/etc/network/firewall
1 config rule 2 option target 'ACCEPT' 3 option src 'wan' 4 option proto 'udp' 5 option name 'Allow-WireGuard-VPN' 6 option dest_port '51820' 7 8 config zone 9 option input 'ACCEPT' 10 option output 'ACCEPT' 11 option name 'vpn' 12 option forward 'ACCEPT' 13 option network 'wg0' 14 15 config forwarding 16 option dest 'guest' 17 option src 'vpn' 18 19 config forwarding 20 option dest 'lan' 21 option src 'vpn' 22 23 config forwarding 24 option dest 'wan' 25 option src 'vpn'
Commit the changes
1 uci commit network 2 uci commit firewall
Wireguard site-to-site
Very similar to the remote access VPN.
- Allowed IPs:
- You probably want to add some addresses that differ from the wireguard address of the remote device
- Firewalling
- You’ll need to specify a much more sophisticated set of rules.
-
It’s always the best idea to route the networks without NAT. For this to work the networks must not overlap. Networks must be planned and reorganized carefully, which is with a growing amount of networks not that easy.
- This approach has the advantage that also remote DNS information can be used (e.g. by DNS forwarding/delegation/replication/…).
-
When straight routing is not possible NAT comes to the rescue.
- The OpenWRT webinterface only supports Source NAT (SNAT) and it’s special case masquerading.
Please compare to networking#NAT
Furthermore no IP address ranges can be specified. - SNAT scrambles IPs based on round-robin, which is not really what we need or want.
-
It is a better idea to use a iptables TARGET module called NETMAP. This neat little iptables-module maps a subnet to another subnet. Please see man -P «less -p ‘NETMAP'» iptables-extensions
- The OpenWRT webinterface only supports Source NAT (SNAT) and it’s special case masquerading.
Please test the rules in live mode (without persistence) to avoid a lock out.
Install the netmap packages
1 opkg install iptables-mod-nat-extra kmod-ipt-nat-extra
Add the NETMAP rules
1 iptables -t nat -A zone_vpn_postrouting -s 192.168.1.0/24 -d 192.168.182.0/24 -j NETMAP --to 192.168.191.0/24 2 iptables -t nat -A zone_vpn_prerouting -s 192.168.182.0/24 -d 192.168.191.0/24 -j NETMAP --to 192.168.1.0/24
Validate existence of the rules
1 iptables -t nat -vnxL zone_vpn_postrouting 2 iptables -t nat -vnxL zone_vpn_prerouting
Test connectivity
1 tcpdump -ni wg0 'not port ssh' 2 while sleep 1; do ping -c4 -W2 192.168.191.1; done
Persist the rules in Network > Firewall > Custom Rules, which is equal to
/etc/firewall.user
1 # This file is interpreted as shell script. 2 # Put your custom iptables rules here, they will 3 # be executed with each firewall (re-)start. 4 5 # Internal uci firewall chains are flushed and recreated on reload, so 6 # put custom rules into the root chains e.g. INPUT or FORWARD or into the 7 # special user chains, e.g. input_wan_rule or postrouting_lan_rule. 8 iptables -t nat -A zone_vpn_postrouting -s 192.168.1.0/24 -d 192.168.182.0/24 -j NETMAP --to 192.168.191.0/24 9 iptables -t nat -A zone_vpn_prerouting -s 192.168.182.0/24 -d 192.168.191.0/24 -j NETMAP --to 192.168.1.0/24
Test the by reloading the firewall
/etc/init.d/firewall restart
Reboot the system
reboot
Samba on the wireguard interface
To allow samba to run on the wireguard interface wg0 in Services > Network-Shares > Edit template reconfigure the
/etc/samba/smb.conf.template
1 [global] 2 netbios name = |NAME| 3 #interfaces = |INTERFACES| 4 interfaces = br-lan 10.255.255.1/24 5 server string = |DESCRIPTION| 6 unix charset = |CHARSET| 7 workgroup = |WORKGROUP| 8 9 #…
And restart the service manually.
OpenVPN
https://openwrt.org/docs/guide-user/services/vpn/openvpn/server
Forget about OpenVPN on a device with 2.7MiB storage. The libraries take up some space.
Be sure to understand the shellscripts, they build on each other.
Install OpenVPN
Install OpenVPN
1 opkg update 2 opkg list '*openvpn*' 3 opkg install luci-app-openvpn 4 opkg install openvpn-openssl openvpn-easy-rsa
Prepare shell environment
Populate shell variables
/etc/openvpn/openvpn_defaults.sh
1 # Configuration parameters 2 OVPN_DIR="/etc/openvpn" 3 OVPN_PKI="/etc/easy-rsa/pki" 4 OVPN_PORT="1194" 5 OVPN_PROTO="udp" 6 OVPN_POOL="192.168.100.0 255.255.255.0" 7 OVPN_DNS="${OVPN_POOL%.* *}.1" 8 OVPN_DOMAIN="$(uci get dhcp.@dnsmasq[0].domain)" 9 OVPN_SERV_MANUAL="false" 10 #OVPN_SERV_MANUAL="IP.ADD.RE.SS" 11 12 # Fetch WAN IP address 13 . /lib/functions/network.sh 14 network_flush_cache 15 network_find_wan NET_IF 16 network_get_ipaddr NET_ADDR "${NET_IF}" 17 OVPN_SERV="${NET_ADDR}" 18 19 # Fetch FQDN from DDNS client 20 NET_FQDN="$(uci -q get ddns.@service[0].lookup_host)" 21 if [ -n "${NET_FQDN}" ] 22 then OVPN_SERV="${NET_FQDN}" 23 fi 24 25 # Override server address manually 26 if [ "${OVPN_SERV_MANUAL}" != "false" ] 27 && [ -n "${OVPN_SERV_MANUAL}" ] 28 then OVPN_SERV="OVPN_SERV_MANUAL" 29 fi
Initialize EasyRSA-PKI
/sbin/openvpn_pki.sh
1 # Configuration parameters 2 export EASYRSA_PKI="${OVPN_PKI}" 3 export EASYRSA_REQ_CN="ovpnca" 4 export EASYRSA_BATCH="1" 5 6 # Remove and re-initialize PKI directory 7 easyrsa init-pki 8 9 # Generate DH parameters 10 easyrsa gen-dh 11 12 # Create a new CA 13 easyrsa build-ca nopass 14 15 # Generate server keys and certificate 16 easyrsa build-server-full server nopass 17 openvpn --genkey tls-crypt-v2-server ${EASYRSA_PKI}/private/server.pem 18 19 # Create OVPN_DIR 20 if [ ! -d "$OVPN_DIR" ]; then 21 UMASK_OLD="$(umask)" 22 umask go= 23 mkdir "$OVPN_DIR" 24 umask "$UMASK_OLD" 25 fi 26 27 # Generate ta.key 28 if [ ! -f "$OVPN_DIR/ta.key" ] 29 UMASK_OLD="$(umask)" 30 then openvpn --genkey --secret "$OVPN_DIR/ta.key" 31 umask "$UMASK_OLD" 32 fi
# Generate client keys and certificate
1 CLIENT=username 2 easyrsa build-client-full client nopass 3 openvpn --tls-crypt-v2 ${EASYRSA_PKI}/private/server.pem 4 --genkey tls-crypt-v2-client 5 ${EASYRSA_PKI}/private/client.pem
Configure firewall
1 uci rename firewall.@zone[0]="lan" 2 uci rename firewall.@zone[1]="wan" 3 uci del_list firewall.lan.device="tun+" 4 uci add_list firewall.lan.device="tun+" 5 uci -q delete firewall.ovpn 6 uci set firewall.ovpn="rule" 7 uci set firewall.ovpn.name="Allow-OpenVPN" 8 uci set firewall.ovpn.src="wan" 9 uci set firewall.ovpn.dest_port="${OVPN_PORT}" 10 uci set firewall.ovpn.proto="${OVPN_PROTO}" 11 uci set firewall.ovpn.target="ACCEPT" 12 uci commit firewall 13 /etc/init.d/firewall restart
Configure VPN service and generate client profiles
/sbin/openvpn_configure
1 #!/bin/sh 2 umask go= 3 OVPN_DH="$(cat ${OVPN_PKI}/dh.pem)" 4 OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)" 5 ls ${OVPN_PKI}/issued 6 |sed -e "s/.w*$//" 7 |while read -r OVPN_ID 8 do 9 OVPN_TC="$(cat ${OVPN_PKI}/private/${OVPN_ID}.pem)" 10 OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)" 11 OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)" 12 OVPN_EKU="$(echo "${OVPN_CERT}" | openssl x509 -noout -purpose)" 13 case ${OVPN_EKU} in 14 (*"SSL server : Yes"*) 15 OVPN_CONF="${OVPN_DIR}/${OVPN_ID}.conf" 16 cat << EOF > ${OVPN_CONF} ;; 17 user nobody 18 group nogroup 19 dev tun 20 port ${OVPN_PORT} 21 proto ${OVPN_PROTO} 22 server ${OVPN_POOL} 23 topology subnet 24 client-to-client 25 keepalive 10 60 26 persist-tun 27 persist-key 28 push "dhcp-option DNS ${OVPN_DNS}" 29 push "dhcp-option DOMAIN ${OVPN_DOMAIN}" 30 push "redirect-gateway def1" 31 push "persist-tun" 32 push "persist-key" 33 <dh> 34 ${OVPN_DH} 35 </dh> 36 EOF 37 (*"SSL client : Yes"*) 38 OVPN_CONF="${OVPN_DIR}/${OVPN_ID}.ovpn" 39 cat << EOF > ${OVPN_CONF} ;; 40 user nobody 41 group nogroup 42 dev tun 43 nobind 44 client 45 remote ${OVPN_SERV} ${OVPN_PORT} ${OVPN_PROTO} 46 auth-nocache 47 remote-cert-tls server 48 EOF 49 esac 50 cat << EOF >> ${OVPN_CONF} 51 <tls-crypt-v2> 52 ${OVPN_TC} 53 </tls-crypt-v2> 54 <key> 55 ${OVPN_KEY} 56 </key> 57 <cert> 58 ${OVPN_CERT} 59 </cert> 60 <ca> 61 ${OVPN_CA} 62 </ca> 63 EOF 64 done 65 /etc/init.d/openvpn restart 66 ls ${OVPN_DIR}/*.ovpn
UPnP
-
https://miniupnp.free.fr/
Install miniupnpc (client) on your pc
1 % sudo apt install miniupnpc 2 % # QUERY STATUS 3 % upnpc -s 4 upnpc : miniupnpc library test client, version 2.1. 5 (c) 2005-2018 Thomas Bernard. 6 Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/ 7 for more information. 8 No IGD UPnP Device found on the network !
Install luci-app-upnp which depends on miniupnpd
1 opkg install luci-app-upnp
Enable UPNP IGD and NAT-PMP on Router via webif and query status again
1 % upnpc -s 2 upnpc : miniupnpc library test client, version 2.1. 3 (c) 2005-2018 Thomas Bernard. 4 Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/ 5 for more information. 6 List of UPNP devices found on the network : 7 desc: http://192.168.182.1:5000/rootDesc.xml 8 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1 9 10 desc: http://[fd93:56fb:daf7::1]:5000/rootDesc.xml 11 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1 12 13 Found valid IGD : http://192.168.179.1:5000/ctl/IPConn 14 Local LAN ip address : fd93:2709:de35:0:fc16:acff:fe54:157e 15 Connection Type : IP_Routed 16 Status : Connected, uptime=451723s, LastConnectionError : ERROR_NONE 17 Time started : Fri Apr 3 08:07:49 2020 18 MaxBitRateDown : 33554432 bps (33.5 Mbps) MaxBitRateUp 4194304 bps (4.1 Mbps) 19 ExternalIPAddress = ww.xx.yy.zz 20 Bytes: Sent: 2283027815 Recv: 2695217145 21 Packets: Sent: 12678549 Recv: 80009359
Get external IP-address via UPNP IGD
Software Flow Offloading
You can find this option in:
Network -> Firewall -> General Settings -> Software Flow offloading
On a TP-Link Archer C7 this improves NAT/routing throughput significantly by a faktor of 3 (from 190Mbit/s -> ~630Mbit/s).
SQM (Smart Queue Management)
-
OpenWRT Wiki SQM (Smart Queue Management)
-
OpenWRT Wiki SQM Details
-
Wiki EN Bufferbloat
-
Bufferbloat.org
OpenWrt has a package for controlling Bufferbloat — the undesirable latency that arises when the router buffers too much data. OpenWrt calls this Smart Queue Management (SQM), although it’s sometimes called active queue management (AQM).
Bufferbloat is most evident when the link is heavily loaded. It causes bad performance for voice and video chat, online games to lag, and generally makes people say, “The Internet is not responsive today.”
The “luci-app-sqm” package solves the problem of Bufferbloat. After installation and configuration, you’ll have a much more responsive network connection under load.
This option may not work properly in conjunction with
#Software Flow Offloading
Install
1 opkg install luci-app-sqm
Configure SQM using Luci.
Network -> SQM QoS
An follow the guide from above.
Trouble Shooting
Slow Routing/NAT throughput
Please see:
#Software Flow Offloading
Wrong Link Speed
I had a problem with link-speed between Docsis-modem in front and a OpenWRT-Router. OpenWRT displayed only 10Base-T (10Mbit/s).
It turns out that (against my expections/assumptions) OpenWRT did not support Auto MDI-X (Wikipedia EN: Medium Dependent Interface).
1 # ethtool eth0 2 Settings for eth0: 3 Supported ports: [ ] 4 Supported link modes: 1000baseT/Full 5 Supported pause frame use: No 6 Supports auto-negotiation: No 7 Supported FEC modes: Not reported 8 Advertised link modes: 1000baseT/Full 9 Advertised pause frame use: No 10 Advertised auto-negotiation: No 11 Advertised FEC modes: Not reported 12 Speed: 1000Mb/s 13 Duplex: Full 14 Port: MII 15 PHYAD: 0 16 Transceiver: external 17 Auto-negotiation: on 18 Current message level: 0x000000ff (255) 19 drv probe link timer ifdown ifup rx_err tx_err 20 Link detected: yes
So all you need to change to achieve the intended Link-Speed is to use
- a cross-over cable or
-
even simpler a (Amazon:) cross-over adapter, which turns some pins of any RJ-45 plug.
DSL
Delete an option to configure it automatically.
/etc/config/network
1 config device 2 option name 'dsl0' 3 option macaddr '54:64:d9:aa:bb:cc'
/etc/config/network
1 config interface 'wan' 2 option proto 'pppoe' ### POINT-TO-POINT OVER ETHERNET 3 option device 'dsl0.7' ### VLAN 7 ON DEVICE dsl0 4 option username 'username' ### PAP/CHAP USERNAME 5 option password 'password' ### PAP/CHAP PASSWORD 6 option ipv6 'auto' 7 ### BRING UP ON BOOT 8 option auto '1' ### DEFAULT - BRING UP 9 option auto '0' 10 ### ACCESS CONCENTRATOR 11 #option ac 'STRING' 12 ### SERVICE NAME 13 #option service 'STRING' 14 ### USE DEFAULT GATEWAY 15 option defaultroute '1' ### DEFAULT - INSTALL ROUTE 16 option defaultroute '0' 17 ### OVERRIDE MTU 18 option mtu '1492' ### DEFAULT 1500 BYTE 19 ### USE DNS SERVERS ADVERTISED BY PEER 20 option peerdns '1' ### DEFAULT - USE DNS SERVERS 21 option peerdns '0' 22 ### USE CUSTOM DNS SERVERS (QUAD9) 23 list dns '9.9.9.9' 24 list dns '149.112.112.112' 25 #…TONS OF OTHER OPTIONS 26 27 config interface 'wan6' 28 option device '@wan' 29 option proto 'dhcpv6'
Please make sure your modem supports the requirements of the ISP.
- Like protocol and annex.
/etc/config/network
1 config dsl 'dsl' 2 ### ANNEX 3 option annex 'a' ### ANNEX A + L + M (all) 4 option annex 'b' ### ANNEX B (all) 5 option annex 'j' ### ANNEX J (all) GERMAN TELEKOM 6 option annex 'm' ### ANNEX M (all) 7 option annex 'bdmt' ### ANNEX B G.992.1 8 option annex 'b2' ### ANNEX B G.992.3 9 option annex 'b2p' ### ANNEX B G.992.5 10 option annex 'at1' ### ANSI T1.413 11 option annex 'admt' ### ANNEX A G.992.1 12 option annex 'alite' ### ANNEX A G.992.2 13 option annex 'a2' ### ANNEX A G.992.3 14 option annex 'a2' ### ANNEX A G.992.5 15 option annex 'l' ### ANNEX L G.992.3 POTS 1 16 option annex 'm2' ### ANNEX M G.992.3 17 option annex 'm2p' ### ANNEX M G.992.5 18 ### TONE 19 option tone 'a' ### A43C + J43 + A43 20 option tone 'av' ### A43C + J43 + A43 + V43 21 option tone 'b' ### B43 + B43C 22 option tone 'bv' ### B43 + B43C + V43 23 ### ENCPASULATION MODE 24 option xfer_mode 'ptm' 25 option xfer_mode 'atm' 26 ### DSL LINE MODE 27 option line_mode 'vdsl' 28 option line_mode 'adsl' 29 ### DOWNSTREAM SNR (SIGNAL TO NOISE) OFFSET 30 option ds_snr_offset '-100' ### -10.0dB 31 option ds_snr_offset '0' ### 0.0dB 32 option ds_snr_offset '100' ### +10.0dB 33 ### FIRMWARE FILE 34 #option firmware '/lib/firmware/vr9-B-dsl.bin' 35
/etc/config/network
1 ### WITH ATM (ANSYNCHRONOUS TRANSFER MODE) ENCAPSULATION 2 config atm-bridge 'atm' 3 ### ATM VIRTUAL PATH IDENTIFIER (VPI) 4 option vpi '1' 5 ### ATM VIRTUAL CHANNEL IDENTIFIER (VCI) 6 option vci '32' 7 ### ENCPASULATION MODE 8 option encaps 'llc' 9 option encaps 'vc' ### VC-mux 10 ### FORWARDING MODE 11 option payload 'bridged' 12 option payload 'routed' 13 ### DEVICE NAME PREFIX ??? 14 option nameprefix 'dsl' 15 ### ATM DEVICE NUMBER 16 option atmdev '12345' 17 ### BRIDGE UNIT NUMBER 18 option unit '12345'
AAL means ATM Adaptation Layer
/etc/init.d/dsl_control
1 Syntax: /etc/init.d/dsl_control [command] 2 3 Available commands: 4 start Start the service 5 stop Stop the service 6 restart Restart the service 7 reload Reload configuration files (or restart if service does not implement reload) 8 enable Enable service autostart 9 disable Disable service autostart 10 enabled Check if service is started on boot 11 dslstat Get DSL status information 12 running Check if service is running 13 status Service status 14 trace Start with syscall trace
Get current dsl-state
1 while sleep 1; do 2 clear; 3 /etc/init.d/dsl_control dslstat; 4 done
No cable connected
1 { 2 "api_version": "4.17.18.6", 3 "firmware_version": "5.8.1.8.1.6", 4 "chipset": "Lantiq-VRX200", 5 "driver_version": "1.5.17.6", 6 "state": "Silent", 7 "state_num": 3, 8 "up": false, 9 "uptime": 0, 10 "atu_c": { 11 12 }, 13 "power_state": "L3 - No power", 14 "power_state_num": 3, 15 "upstream": { 16 17 }, 18 "downstream": { 19 20 }, 21 "errors": { 22 "near": { 23 "es": 0, 24 "ses": 0, 25 "loss": 0, 26 "uas": 55793624, 27 "lofs": 0, 28 "fecs": 0, 29 "hec": 0, 30 "ibe": 0, 31 "crc_p": 0, 32 "crcp_p": 0, 33 "cv_p": 0, 34 "cvp_p": 0 35 }, 36 "far": { 37 "es": 0, 38 "ses": 0, 39 "loss": 0, 40 "uas": 55793623, 41 "lofs": 0, 42 "fecs": 0, 43 "hec": 0, 44 "ibe": 0, 45 "crc_p": 0, 46 "crcp_p": 0, 47 "cv_p": 0, 48 "cvp_p": 0 49 } 50 } 51 }
DSL optimization
- Make sure to run your DSL wire not in parallel to Power wires,
which are used with PowerLine adapters. The 35MHz band disturbs the DSL connection and therefor lowers your uplink speed. There might be an option in your PowerLine Adapter to not use this band for reducing the interference with DSL.
- You may access the DSL wires directly bypassing the TAE-Plug by soldering a (shielded folied) cable with a suitable jack (like RJ-45) to the wires directly and by this mean reducing or nearly eliminating attentuation and reflection when crossing the socket.
DOCSIS 3.1
Technicolor TC4400-EU
-
http://wiki.cable-wiki.xyz/TC4400
Available for end customers.
Vodafone Station
Either you are satisfied with
- using the Vodafone Station as your gateway
- Very basic basic and limited feature set
-
Buy !WIFI
- No control
- …
- OR decide to use an own router.
Normal Mode
- The Vodafone Station (VS) is assigned the public IPv$4/6 addresses and performs NAT.
- The WAN interface of an own router will only receive a private IPv4 address from the VS.
- Double
- Port Forwards ?
- NAT ?
- Firewall rules ?
Bridge Mode
Status
Alles funktioniert einwandfrei.
Einschränkungen sind bisher keine bekannt.
Das Gerät bekommt eine IPv4 und eine IPv6 Adresse zugewiesen.
Vorbereitungen
Überprüfen und sicher stellen, das
- ein aktuelles Backup der Router Konfiguration existiert
- der alternativer Internetzugang (z.B. über LTE funktioniert), damit die Änderung auch wieder Rückgängig gemacht werden kann.
- WAN(6)-Schnittstelle auf DHCP(6) konfiguriert ist, damit nach dem Hochfahren des Modems der Router dahinter auch sofort eine IP-Adresse bezieht
- der interne Router an einem beliebigen LAN-Port verkabelt ist.
Aktivierung
Dauert einige Minuten (t<30min).
- Privatkunden
> MeinKabel > Einstellungen > Interneteinstellungen > Bridge Mode einstellen
-
https://kabel.vodafone.de/meinkabel/einstellungen/interneteinstellungen/bridgemode
-
Erst müssen einige Tipps angesehen werden.
- Um die Änderung der Einstellung wirksam zu machen, wird das Kabelmodem automatisch neu gestartet werden. Die Internet-Verbindung wird hierbei für einige Minuten unterbrochen.
- Wenn die Einstellung von Deinem Vodafone Internet-Anschluss aus getätigt wird, wird keine Bestätigungsseite angezeigt. Um die aktuelle Einstellung zu überprüfen, rufst Du bitte diese Seite erneut auf.
-
Bridgemode:
Ein <-> Aus
-
Achtung!
Wenn Du den Bridgemode aktivierst, wird gleichzeitig NAT, Firewall, Routing und WLAN deaktiviert. Diese Funktionen sind auf der Weboberfläche nicht mehr sichtbar.
Im Bridgemode kannst Du nur noch ein Gerät betreiben. Dieses Gerät kann an einem beliebigen LAN-Port angeschlossen werden.
Die WLAN-Option bleibt weiterhin Vertragsbestandteil. Wenn Du auf die WLAN Option verzichten möchtest, muss diese Option beim Kundenservice schriftlich gekündigt werden.
Omnia Turris
About
-
Omnia Turris overview
-
Turris docs
Devices
|
Device |
Function |
Description |
|
eth0 |
LAN PHY 1 |
LAN switch ports 0,1 |
|
eth1 |
LAN PHY 2 |
LAN switch ports 2,3 |
|
eth2 |
WAN PHY/SFP |
WAN port (RJ-45/SFP) and LAN switch port 4 |
Change WAN interface from RJ-45 to SFP
-
The Devicetree Specification
-
https://saurabhsengarblog.wordpress.com/2015/11/28/device-tree-tutorial-arm/
-
https://www.kernel.org/doc/html/latest/arm/booting.html
Exchange the ARM flattened devicetree blob (dtb) to make the SFP the WAN interface.
1 cd /boot 2 ln -sf armada-385-turris-omnia-sfp.dtb dtb 3 ll /boot 4 drwxr-xr-x 1 root root 158 Sep 9 13:03 ./ 5 drwxr-xr-x 1 root root 142 Sep 9 11:45 ../ 6 -rw-r--r-- 1 root root 18834 Aug 26 01:49 armada-385-turris-omnia-phy.dtb 7 -rw-r--r-- 1 root root 18870 Aug 26 01:49 armada-385-turris-omnia-sfp.dtb 8 -rw-r--r-- 1 root root 1199 Aug 26 01:49 boot.scr 9 lrwxrwxrwx 1 root root 31 Sep 9 13:03 dtb -> armada-385-turris-omnia-sfp.dtb 10 -rwxr-xr-x 1 root root 3359368 Aug 26 01:49 zImage*
Possible SFPs
-
ALLNET ALL4781-VDSL2-SFP / Switch Modul (Mini-GBIC), VDSL2 Telco
-
ALLNET ALL4781-VDSL2-SFP Datasheet
- ONLY VDSL2, not downwards compatible to ADSLx
- ITU-T G.993.2 — Very high speed digital subscriber line transceivers 2 (VDSL2)
- ITU-T G.inp (G.998.4) — Improved impulse noise protection for digital subscriber line (DSL) transceivers
- ITU-T G.vector (G.993.5) — Self-FEXT cancellation (vectoring) for use with VDSL2 transceivers
- ITU-T G.994.1 — Handshake procedures for digital subscriber line transceivers
- Negotiation procedures used in ADSL, ADSL2, G.fast, SHDSL, VDSL, VDSL2
- ITU-T G.997.1 — Physical layer management for digital subscriber line transceivers
- Downstream Power Back-Off (DPBO)
-
-
Metanoia xDSL Chipsets and Modules
-
VDSL2 VTU-R SFP MT-V5311 VDSL2 Transceiver
-
-
Flexoptix has a site for the Omnia Turris
Turris Omnia compatible Universal Transceiver -
Technicolor AFM0002TIM
-
FTTH
ALLNET ALL4781-VDSL2-SFP
Status
Works on VDSL2!
About ALLNET ALL4781-VDSL2-SFP
-
allnet.de Dokumenation Download
-
ALL4781-VDSL2-SFP_QIG_EN.pdf
-
ALL4781-VDSL2-SFP_QIG_DE.pdf
|
LED |
Interval |
Status |
|
green |
blinking |
xDSL synchonizing |
|
green |
continuously |
xDSL in sync |
|
green |
off |
no xDSL |
|
yellow |
continuously |
SFP power |
|
yellow |
off |
SFP without power |
Logs without a cable attached
logread |grep sfp
1 Oct 12 17:55:14 antares kernel: [ 10.711350] sfp sfp: module ALLNET ALL4781 rev V3.4 sn 0000000FC91BA95D dc 16-04-21 2 Oct 12 17:55:14 antares kernel: [ 10.720684] sfp sfp: unknown connector, encoding 8b10b, nominal bitrate 1.3Gbps +0% -0% 3 Oct 12 17:55:14 antares kernel: [ 10.728961] sfp sfp: 1000BaseSX+ 1000BaseLX- 1000BaseCX- 1000BaseT- 100BaseTLX- 1000BaseFX- BaseBX10- BasePX- 4 Oct 12 17:55:14 antares kernel: [ 10.739078] sfp sfp: 10GBaseSR- 10GBaseLR- 10GBaseLRM- 10GBaseER- 5 Oct 12 17:55:14 antares kernel: [ 10.745361] sfp sfp: Wavelength 0nm, fiber lengths: 6 Oct 12 17:55:14 antares kernel: [ 10.750423] sfp sfp: 9µm SM : unsupported 7 Oct 12 17:55:14 antares kernel: [ 10.755139] sfp sfp: 62.5µm MM OM1: unsupported/unspecified 8 Oct 12 17:55:14 antares kernel: [ 10.760897] sfp sfp: 50µm MM OM2: unsupported/unspecified 9 Oct 12 17:55:14 antares kernel: [ 10.766657] sfp sfp: 50µm MM OM3: unsupported/unspecified 10 Oct 12 17:55:14 antares kernel: [ 10.772419] sfp sfp: 50µm MM OM4: 2.540km 11 Oct 12 17:55:14 antares kernel: [ 10.776785] sfp sfp: Options: retimer 12 Oct 12 17:55:14 antares kernel: [ 10.780628] sfp sfp: Diagnostics: 13 Oct 12 17:55:14 antares kernel: [ 16.741379] sfp sfp: module transmit fault indicated 14 Oct 12 17:55:14 antares kernel: [ 19.431401] sfp sfp: module transmit fault recovered 15 Oct 12 17:55:14 antares kernel: [ 19.801394] sfp sfp: module transmit fault indicated 16 Oct 12 17:55:14 antares kernel: [ 22.541597] sfp sfp: module persistently indicates fault, disabling
-
Gets really hot! T>60°C
Device infos with working DSL
1 root@turris:~# ethtool eth2 2 Settings for eth2: 3 Supported ports: [ TP ] 4 Supported link modes: 1000baseX/Full 5 Supported pause frame use: Symmetric 6 Supports auto-negotiation: Yes 7 Supported FEC modes: Not reported 8 Advertised link modes: 1000baseX/Full 9 Advertised pause frame use: Symmetric 10 Advertised auto-negotiation: Yes 11 Advertised FEC modes: Not reported 12 Speed: 1000Mb/s 13 Duplex: Full 14 Port: Twisted Pair 15 PHYAD: 0 16 Transceiver: internal 17 Auto-negotiation: on 18 MDI-X: Unknown 19 Supports Wake-on: d 20 Wake-on: d 21 Link detected: yes 22 root@turris:~# ethtool -m eth2 23 Identifier : 0x03 (SFP) 24 Extended identifier : 0x04 (GBIC/SFP defined by 2-wire interface ID) 25 Connector : 0x22 (RJ45) 26 Transceiver codes : 0x00 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 27 Transceiver type : Ethernet: 1000BASE-SX 28 Encoding : 0x01 (8B/10B) 29 BR, Nominal : 1300MBd 30 Rate identifier : 0x00 (unspecified) 31 Length (SMF,km) : 0km 32 Length (SMF) : 0m 33 Length (50um) : 0m 34 Length (62.5um) : 0m 35 Length (Copper) : 255m 36 Length (OM3) : 0m 37 Laser wavelength : 0nm 38 Vendor name : ALLNET 39 Vendor OUI : 00:0f:c9 40 Vendor PN : ALL4781 41 Vendor rev : V3.4 42 Option values : 0x08 0x00 43 Option : Retimer or CDR implemented 44 BR margin, max : 0% 45 BR margin, min : 0% 46 Vendor SN : 0000000FC91BA95D 47 Date code : 210416__ 48 root@turris:~# ethtool -m eth2 raw on |hexdump -C 49 00000000 03 04 22 00 00 00 01 00 00 00 00 01 0d 00 00 00 |..".............| 50 00000010 00 00 ff 00 41 4c 4c 4e 45 54 20 20 20 20 20 20 |....ALLNET | 51 00000020 20 20 20 20 00 00 0f c9 41 4c 4c 34 37 38 31 20 | ....ALL4781 | 52 00000030 20 20 20 20 20 20 20 20 56 33 2e 34 00 00 00 c7 | V3.4....| 53 00000040 08 00 00 00 30 30 30 30 30 30 30 46 43 39 31 42 |....0000000FC91B| 54 00000050 41 39 35 44 32 31 30 34 31 36 00 00 00 00 00 ae |A95D210416......| 55 00000060 30 30 30 46 43 39 31 42 41 39 35 44 20 20 20 20 |000FC91BA95D | 56 00000070 20 20 20 20 20 20 20 20 45 44 4c 31 36 43 56 31 | EDL16CV1| 57 00000080 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| 58 * 59 00000100 60 root@turris:~# ethtool -k eth2 61 Features for eth2: 62 rx-checksumming: off [fixed] 63 tx-checksumming: on 64 tx-checksum-ipv4: on 65 tx-checksum-ip-generic: off [fixed] 66 tx-checksum-ipv6: on 67 tx-checksum-fcoe-crc: off [fixed] 68 tx-checksum-sctp: off [fixed] 69 scatter-gather: on 70 tx-scatter-gather: on 71 tx-scatter-gather-fraglist: off [fixed] 72 tcp-segmentation-offload: on 73 tx-tcp-segmentation: on 74 tx-tcp-ecn-segmentation: off [fixed] 75 tx-tcp-mangleid-segmentation: off 76 tx-tcp6-segmentation: off [fixed] 77 generic-segmentation-offload: on 78 generic-receive-offload: on 79 large-receive-offload: off [fixed] 80 rx-vlan-offload: off [fixed] 81 tx-vlan-offload: off [fixed] 82 ntuple-filters: off [fixed] 83 receive-hashing: off [fixed] 84 highdma: off [fixed] 85 rx-vlan-filter: off [fixed] 86 vlan-challenged: off [fixed] 87 tx-lockless: off [fixed] 88 netns-local: off [fixed] 89 tx-gso-robust: off [fixed] 90 tx-fcoe-segmentation: off [fixed] 91 tx-gre-segmentation: off [fixed] 92 tx-gre-csum-segmentation: off [fixed] 93 tx-ipxip4-segmentation: off [fixed] 94 tx-ipxip6-segmentation: off [fixed] 95 tx-udp_tnl-segmentation: off [fixed] 96 tx-udp_tnl-csum-segmentation: off [fixed] 97 tx-gso-partial: off [fixed] 98 tx-sctp-segmentation: off [fixed] 99 tx-esp-segmentation: off [fixed] 100 fcoe-mtu: off [fixed] 101 tx-nocache-copy: off 102 loopback: off [fixed] 103 rx-fcs: off [fixed] 104 rx-all: off [fixed] 105 tx-vlan-stag-hw-insert: off [fixed] 106 rx-vlan-stag-hw-parse: off [fixed] 107 rx-vlan-stag-filter: off [fixed] 108 l2-fwd-offload: off [fixed] 109 hw-tc-offload: off [fixed] 110 esp-hw-offload: off [fixed] 111 esp-tx-csum-hw-offload: off [fixed] 112 rx-udp_tunnel-port-offload: off [fixed] 113
mSATA card
The Kingston SKC600MS/1024G fits perfectly into the Omnia Turris.
But you have to move the 2.4GHz WiFi card to the outer slot (below the SIM card). Only the inner mini-PCI-Express port provides the mSATA interface. The card does not work in another slot, but the inner. Please compare to the Omnia Turris specifications. I actually do not understand, why this is not delivered this way, but anyway.
All you’ll need to do is
- Disconnect the antennas
- Open the chassis (with 6 screws)
-
Disconnect all WiFi cables
-
Unscrew the 2.4GHz WiFi card
- Unscrew the board from the chassis (with 5 screws) to get access to the screws, that hold the spacers for the mini-PCI-Express cards
- Move and screw the spacers to the other holes
- Screw the boards to the chassis
- Carefully insert and screw the cards to the board
-
Exchange some WiFi cables to achieve the correct lenght and attach them back to the WiFi cards
- Close the chassis
- Reattach the antennas
Onmia Turris with a Kingston mSATA
Just for completeness a picture of the backside of the Omnia Turris.
Firewall custom rules
In my case custom firewall rules /etc/firewall.user are not applied on reboot.
Procd actually starts firewall early and the firewall also executes /etc/firewall.user, but it may be superseeded by another startup routine like the DynFW, that is started later. I did not yet find the time to investigate the issue and chose a quick work around with cron over the webfrontend.
System > Scheduled Tasks, which is the same as
crontab -e
1 ### CRONTAB OF THE USER ROOT 2 @reboot sleep 30 && /etc/init.d/firewall restart
Knot Resolver
About
Knot Resolver is a minimalistic implementation of a caching validating DNS resolver. Modular architecture keeps the core tiny and efficient, and it provides a state-machine like API for extensions.
-
https://www.knot-resolver.cz/
-
Knot Resolver Docs stable
-
Knot Resolver Docs latest
Replacement of DNSmasq
On Turris OS, the DNS function of DNSMASQ is disabled by design, the Knot resolver is used instead. Therefore, changing the settings related to the DNS service in the DHCP and DNS screen of the LuCI interface has no effect.
-
Please compare to
Knot resolver (i.e. kresd) — DNS advanced settings for Omnia and MOX
Kresd — Clear DNS cache
The kresd DNS cache is persitent on disk and thus survives restarts of the system and daemon. To test something you will have to clear the cache.
Connect via unix-socket and clear the cache via cli.
1 socat - /tmp/kresd/control/$(pgrep kresd) 2 > cache.clear() 3 { 4 ['count'] = 538, 5 } 6 > quit()
Or as a script /usr/sbin/kresd_clear_cache.sh
1 #!/bin/sh 2 3 socat - /tmp/kresd/control/$(pgrep kresd) << EOF 4 cache.clear() 5 quit() 6 EOF
Make schript executable
1 chmod u+x /usr/sbin/kresd_clear_cache.sh 2 ### CLEAR CACHE EASILY 3 kresd_clear_cache.sh
Kresd — Change logging live
Making the log visible renders things lots easier.
1 socat - /tmp/kresd/control/$(pgrep kresd) 2 > log_target('syslog') 3 'syslog' 4 > log_level('debug') 5 'debug' 6 > quit() 7 8 logread -f
This is runtime configuration and does not survive a restart of the daemon.
Kresd — Custom config
Enable custom configuration to be included to kresd
/etc/config/resolver
1 config resolver 'kresd' 2 option rundir '/tmp/kresd' 3 option log_stderr '1' 4 option log_stdout '1' 5 option keep_cache '1' 6 list rpz_file '/etc/kresd/adb_list.overall' 7 option include_config '/etc/kresd/custom.conf'
Commit the configuration and restart the resolver service to let the custom config take effect.
1 uci commit resolver 2 /etc/init.d/resolver restart
Kresd — Forwarding domains
-
Knot Resolver Docs — Forwarding
/etc/kresd/custom.conf
1 -- Forward resolver settings 2 policy.add(policy.suffix( 3 policy.FORWARD('172.16.0.1'), 4 {todname('sub.domain.tld.')} 5 ))
Kresd — Disable DNSsec validation per domain
DNSSEC, data verification
/etc/kresd/custom.conf
1 -- Disable DNSsec for list of domains 2 trust_anchors.set_insecure({'sub.domain.tld.'})
TP-Link Archer C7 v5
Model TP-Link Archer C7 v5
Architecture Qualcomm Atheros QCA9560 802.11bgn ver 1 rev 0
Qualcomm Atheros QCA9880 802.11nac
Target Platform ath79/generic
Firmware Version OpenWrt 21.02.2 r16495-bf0c965af0 / LuCI openwrt-21.02 branch git-22.046.85957-59c3392
Kernel Version 5.4.179
Benchmark
- The iperf server is running on a Omnia Turris (2020).
-
No additional offloding features could be enabled using ethtool. I guess the ath10k driver does not support toggling these features.
- The CPU load is likely to go through the roof.
- The Archer C7 does not support hardware flow offloading.
-
When using 5GHz WiFi.
- I guess there is some offloading is missing, like tcp checksumming.
- When using a routed/NAT setup the CPU is simply at it’s limits.
Test1
- Firewall off
- Flow offloading: off
- Szenario:
- Router uplink via cable on br-lan LAN0
- LAN:
- DHCP server: off
- DHCP client: on (default route)
- WAN: unused
-
Iperf client running laptop connected via WiFi (5GHz)
- CPU load: MAX
-
ksoftirqd: ~80%
-
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 85.0 KByte (default) 5 ------------------------------------------------------------ 6 [ 1] local 192.168.183.127 port 53496 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 1] 0.0000-10.0943 sec 383 MBytes 318 Mbits/sec
Test2
- Firewall on
- Flow offloading: software
- Szenario:
- Router uplink via cable on br-lan LAN0
- LAN:
- DHCP server: off
- DHCP client: on (default route)
- WAN: unused
-
Iperf client running laptop connected via WiFi (5GHz)
- CPU load: MAX
-
ksoftirqd: ~80%
-
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 85.0 KByte (default) 5 ------------------------------------------------------------ 6 [ 1] local 192.168.183.127 port 53488 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 1] 0.0000-10.0799 sec 392 MBytes 326 Mbits/sec
Test3
- Firewall on
- Flow offloading: on
- Szenario:
- Router uplink via cable on br-lan
- LAN:
- DHCP server: off
- DHCP client: on (default route)
- WAN: unused
- Iperf client running laptop connected via cable on br-lan LAN1
- CPU load: MIN
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 85.0 KByte (default) 5 ------------------------------------------------------------ 6 [ 1] local 192.168.183.110 port 36576 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 1] 0.0000-10.0238 sec 1.07 GBytes 918 Mbits/sec
Test4
- Firewall: off
- Flow offloading: none
- Szenario:
- Router uplink via cable on br-lan
- LAN:
- DHCP server: off
- DHCP client: on (default route)
- WAN: unused
- Iperf client running laptop connected via cable on br-lan LAN1
- CPU load: MIN
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 85.0 KByte (default) 5 ------------------------------------------------------------ 6 [ 1] local 192.168.183.110 port 36578 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 1] 0.0000-10.0210 sec 1.07 GBytes 917 Mbits/sec
Test5
- Firewall: on
- Flow offloading: on
- Szenario:
- Router uplink via cable on WAN
- LAN:
- Protocol: Static address
- DHCP server: on
- WAN:
- DHCP client: on (default route)
-
Iperf client running laptop connected via WiFi (5GHz)
- CPU load: MAX
-
ksoftirqd: ~80%
-
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 85.0 KByte (default) 5 ------------------------------------------------------------ 6 [ 1] local 192.168.111.111 port 51764 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 1] 0.0000-10.1084 sec 245 MBytes 203 Mbits/sec 9 ------------------------------------------------------------
Test6
- Firewall: on
- Flow offloading: none
- Szenario:
- Router uplink via cable on WAN
- LAN:
- Protocol: Static address
- DHCP server: on
- WAN:
- DHCP client: on (default route)
-
Iperf client running laptop connected via WiFi (5GHz)
- CPU load: MAX
-
ksoftirqd: ~80%
-
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 85.0 KByte (default) 5 ------------------------------------------------------------ 6 [ 1] local 192.168.111.111 port 51760 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 1] 0.0000-10.1564 sec 203 MBytes 168 Mbits/sec
Test7
- Firewall: on
- Flow offloading: on
- Szenario:
- Router uplink via cable on WAN
- LAN:
- Protocol: Static address
- DHCP server: on
- WAN:
- DHCP client: on (default route)
- Iperf client running laptop connected via cable on br-lan LAN1
- CPU load: MAX
-
ksoftirqd: ~90%
-
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 85.0 KByte (default) 5 ------------------------------------------------------------ 6 [ 1] local 192.168.111.127 port 33552 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 1] 0.0000-10.0391 sec 760 MBytes 635 Mbits/sec
Test8
- Firewall: on
- Flow offloading: none
- Szenario:
- Router uplink via cable on WAN
- LAN:
- Protocol: Static address
- DHCP server: on
- WAN:
- DHCP client: on (default route)
- Iperf client running laptop connected via cable on br-lan LAN1
- CPU load: MAX
-
ksoftirqd: ~85%
-
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 85.0 KByte (default) 5 ------------------------------------------------------------ 6 [ 1] local 192.168.111.127 port 33556 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 1] 0.0000-10.1120 sec 231 MBytes 192 Mbits/sec
Test9
- Firewall: on
- Flow offloading: on
- Szenario:
- Router uplink via cable on WAN
- LAN:
- Protocol: Static address
- DHCP server: on
- WAN:
- DHCP client: on (default route)
- Iperf client running on Archer C7
- CPU load: MAX
-
iperf: ~72%
-
ksoftirqd: ~10%
-
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 262 KByte (default) 5 ------------------------------------------------------------ 6 [ 3] local 192.168.183.238 port 56182 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 3] 0.0-10.0 sec 292 MBytes 245 Mbits/sec
Test10
- Firewall: on
- Flow offloading: none
- Szenario:
- Router uplink via cable on WAN
- LAN:
- Protocol: Static address
- DHCP server: on
- WAN:
- DHCP client: on (default route)
- Iperf client running on Archer C7
- CPU load: MAX
-
iperf: ~71%
-
ksoftirqd: ~11%
-
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 175 KByte (default) 5 ------------------------------------------------------------ 6 [ 3] local 192.168.183.238 port 56184 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 3] 0.0-10.0 sec 294 MBytes 247 Mbits/sec
Test11
- Firewall: off
- Flow offloading: none
- Szenario:
- Router uplink via cable on WAN
- LAN:
- Protocol: Static address
- DHCP server: on
- WAN:
- DHCP client: on (default route)
- Iperf client running on Archer C7
- CPU load: MAX
-
iperf: ~75%
-
ksoftirqd: ~8%
-
1 iperf -c 192.168.183.1 2 ------------------------------------------------------------ 3 Client connecting to 192.168.183.1, TCP port 5001 4 TCP window size: 131 KByte (default) 5 ------------------------------------------------------------ 6 [ 3] local 192.168.183.238 port 56188 connected with 192.168.183.1 port 5001 7 [ ID] Interval Transfer Bandwidth 8 [ 3] 0.0-10.0 sec 314 MBytes 263 Mbits/sec
Прошивки OpenWRT очень навороченные и позволяют делать огромное количество вещей при помощи роутера. Но при этом они не очень интуитивные и простые в освоении простыми пользователями. В частности, для настройки блокировки рекламы, вовсе не достаточно установить пакет adblock и поставить галочки напротив списков блокируемой рекламы.
Как удалить (блокировать, фильровать, отключить) Youtube (ютуб, ютьюб, ютюб) рекламу в приложении Смарт ТВ при помощи роутера с прошивкой OpenWRT и пакета adblock
- Зайдите в панель управления OpenWRT. Для роутера Netgear WNR3500Lv1 достаточно зайти на страницу 192.168.1.1 в браузере. Вообще для любого роутера с прошивкой OpenWRT, панель управления доступна по адресу http://openwrt.lan (если настроен SSL, то и https://openwrt.lan ). В панели управления нужно ввести логин и пароль от неё.
- В ниспадающем меню выберите System -> Software (Система -> Программное обеспечение)
- В разделе Software (Программное обеспечение) найдите следующие пакеты (packages) и установите их:
- adblock (блокировка рекламы)
- luci-app-adblock (настройка adblock через меню Services -> Adblock в панели управления роутера)
- luci-i18n-adblock-ru (перевод настроек adblock на русский язык)
- uclient-fetch (скачивание файлов из Интернета)
- uclient-libustream-openssl (поддержка SSL/TLS при скачивании файлов из Интернета при помощи OpenSSL)
- вместо uclient-libustream-openssl можно использовать libustream-mbedtls (поддержка SSL/TLS при скачивании файлов из Интернета при помощи mbed TLS), но оба пакета ставить не нужно.
После того, как вы нашли нужный пакет при помощи поиска или по алфавиту среди доступных пакетов, для установки просто нажмите на кнопку Install (Установить) напротив выбранного пакета. Далее найдите следующий нужный пакет и повторите процедуру.
- Выберите в ниспадающем меню Services (Сервисы) -> Adblock
- Поставьте галочку напротив Enable Adblock (Включить Adblock)
- Выберите uclient-fetch в качестве Download Utility (Утилита для скачивания)
- Выберите списки для блокировки рекламы, поставив галочки напротив нужных вам. Например: adaway, bitcoin, reg_ru, youtube. Список reg_ru фокусируется на российской рекламе, также в него добавлена общая база easylist. Список youtube фокусируется именно на блокировке рекламы с ютуб (ютьюб, ютюб) .
Обратите внимание, что чем больше список блокируемых хостов, тем больше ресурсов требуется роутеру при фильтрации рекламы (что может серьёзно сказываться на быстродействии роутера). - В разделе Extra Options (Дополнительные настройки) на странице настройки Adblock поставьте галочку на Force Overall Sort (Принудительная полная сортировка)
- В том же разделе можно выбрать Low Priority Service (Низкий приоритет сервиса), чтобы приоритетом была не блокировка рекламы, а другие сервисы роутера.
- Нажмите на кнопку «Save & Apply» (Сохранить и применить) внизу страницы.
- Нажмите на кнопку Refresh (Обновить) в разделе Runtime Information (Информация о состоянии) и убедитесь, что значение Overall domains (Всего доменов) не нулевое.
Если uclient-fetch работает некорректно, вместо него можно попробовать wget или curl (убедитесь, что они установлены в OpenWRT). Обратите внимание, что для скачивания большинства списков блокируемых хостов необходима поддержка SSL.
- Если реклама не блокируется, а количество доменов нулевое, то в Extra Options (Дополнительные настройки) нужно включить вывод отладочных сообщений Verbose Debug Logging (Подробный журнал отладки), после чего ошибки можно посмотреть на вкладке настроек Adblock под названием View Logfile (Показать системный журнал).
После установки и настройки adblock на роутере Netgear WNR3500Lv1 с прошивкой OpenWRT, реклама исчезла не только в Youtube приложении Смарт ТВ, но и в браузерах на компьютере и подключаемых по Wi-Fi устройствах (читалке, планшете, смартфоне). Причём, в отличии от расширений браузера вроде Adblock или Adblock Plus, на некоторых сайтах было замечено отсутствие всплывающих сообщений о том, что у меня включена блокировка рекламы, которую необходимо выключить.
Помимо пакета adblock, прошивка OpenWRT позволяет фильтровать рекламу при помощи более лёгкого пакета — simple-adblock, а также при помощи banhostlist.
p.s. Если вы используете сервисы возврата наличных (кэшбек сервисы), то обратите внимание, что блокировка рекламы может мешать их работе. При совершении покупок для получения кэшбека рекомендуется временно отключать adblock. Благо, для этого достаточно снять галочку Enable Adblock и применить настройки.
Обновление (18 ноября 2018 г.)
Блокировка рекламы с youtube прекрасно работала какое-то время, но youtube быстро исправил это «недоразумение». При этом на форуме OpenWRT в ветке поддержки adblock не предлагается никаких решений по 100% блокировки рекламы на youtube при помощи блокировки поддоменов. К сожалению, youtube предлагает контент и рекламу с одних и тех же серверов, а на уровне страницы adblock для OpenWRT не фильтрует. Так что приходится совмещать adblock для OpenWRT и adblock для браузера, чтобы надёжнее фильтровать рекламу. К сожалению, в случае со Смарт ТВ 100% способа блокировки рекламы в приложении youtube просто нет.
Кроме того, при установке OpenWRT на роутер Linksys EA3500 оказалось, что фильтр для youtube в adblock просто отсутствует. Пришлось зайти в дополнительные настройки (advanced) adblock и отредактировать конфигурацию (edit configuration), добавив следующие строчки:
config source ‘youtube’
option adb_src ‘https://api.hackertarget.com/hostsearch/?q=googlevideo.com’
option adb_src_rset ‘BEGIN{FS=»,»}/^(r[0-9]+.){1,1}([[:alnum:]_-]+.)+[[:alpha:]]+/{sub(/./,»—«);print tolower($1)}’
option adb_src_desc ‘focus on youtube ad-related subdomains, dynamic request API, approx. 180 entries’
option enabled ‘1’
Обновление 2 февраля 2020 г.)
Поскольку блокировка Youtube рекламы при помощи роутера оказалась неэффективной, то пришлось использовать приставку с Android (TV), для которой доступны приложения для просмора Youtube без рекламы и с регулировкой скорости.