OpenWrt / LEDE - alternative firmware | [firmware] OpenWrt / LEDE - discussion and problem solving



Rep: (577)
Build OpenWrt / LEDE from source | DD-WRT FIRMWARE | Collect bin (dump) for the programmer | Upgraded UBOOT loaders


OpenWrt / LEDE - alternative firmware


Attached Image


Latest version:OpenWrt 19.07.4
This topic should be placed under the image and logs spoilerPicture

Description / What is discussed in the topic, and what is not
OpenWrt is an embedded Linux kernel-based operating system designed primarily for home routers. Core components include the Linux kernel, util-linux, uClibc or musl, and BusyBox. The source code is open. Distributed under the GNU GPL license.

The LEDE project is developed on the basis of Linux, an embedded meta-distribution based on OpenWRT, focused on a wide range of SOHO wireless routers and non-network devices. “Linux Embedded Development Environment”.
LEDE turned away from the parent project in May 2016, with the goal of continuing to develop better software in an open management model and encouraging new developers to contribute and development efforts.

https://www.openwrt.org
https://github.com/openwrt

https://lede-project.org
https://github.com/lede-project

Emulator OpenWrt / LEDE web interface LuCI (old design theme)


  • This topic is intended to discuss the settings, the installation process on your router and everything related to the OpenWrt / LEDE firmware.
  • In this topicdon't discuss compile from source and rebuild, there is a topic for this Build OpenWrt / LEDE from source
Useful programs
WinSCP graphical client SFTP and SCP
Settings for connecting to a router with LEDE (dropbear must be enabled)
Attached Image

Under Linux, you can either run under winscp wine, or upload files scp command
scp file path [email protected]: the path where to fill in the router
Example:
scp ~ / 1.bin [email protected]: / tmp /

Tftpd32
TFTP for Linux using Ubuntu as an example
Configure tftpd-hpa TFTP server

Install the tftpd-hpa package:
sudo apt-get install tftpd-hpa

After installation, edit the file
sudo nano / etc / default / tftpd-hpa
containing server settings. Let's bring it to the following form:

TFTP_USERNAME = "tftp"
TFTP_DIRECTORY = "/ var / tftp"
TFTP_ADDRESS = "0.0.0.0:69"
TFTP_OPTIONS = "- ipv4 --secure --create --umask 027 --permissive"


In the settings are additional options:
create allows the server to create new files,
ipv4 instructs it to wait for connections only on IPv4 addresses,
umask instructs to reset the write bit for the group and all access bits for other users,
permissive instructs not to carry out any file permissions checks in excess of the operating system.
Create a directory for the tftp server, give the server access to the directory:


sudo mkdir / var / tftp

sudo chown tftp: tftp / var / tftp


You can also change the home directory of the tftp user in the / etc / passwd file to / var / tftp.

Now we just write the ip addresses we need through the gnome network manager and that's it.

It remains to restart the daemon to start working with the new directory:
sudo /etc/init.d/tftpd-hpa restart

Instructions
Useful topics
OpenWrt project news
Download OpenWrt / LEDE


Post has been editedstp101 - 15.09.20, 19:15
Reason for editing: Issue OpenWrt 19.07.4



Rep: (60)
When switching from LEDE to OpenWrt 18.06 with saving settings, will they be saved or will it be necessary to reconfigure?



Rep: (29)
From 12.09 to 17.01.4, I picked up the settings, but just in case, you can save, in luci there is a possibility, or you can copy / etc / something at least via ssh.



Rep: (34)
Where to find firmware for TP-Link TL-WR941N / ND v3.1

Presently
established
Attached Image


Sensor power to maximum. Went through all the channels. For some reason, the phone gives a maximum of 65.0 Mbit / s, although it supports 72 Mbit / s. The native firmware always gives it a speed of 130. DD-WRT also has problems with it!
For those devices that are supposed to work in full mode in N mode at 40hz - limited speed is assigned. So far I can not understand what's the matter.

Post has been editedyarikx600 - 01.08.18, 19:19



Rep: (577)
Yarikx600 @ 08/01/18, 19:18*
So far I can not understand what's the matter.

https: //wiki.openwrt.o...%BC%D0%B1%D0%B8%D1%82c

Post has been editedstp101 - 01.08.18, 19:49



Rep: (498)
Yarikx600 @ 08/01/18, 18:18*
Where to find firmware for TP-Link TL-WR941N / ND v3.1

17.01.5tl-wr941nd-v2-squashfs-sysupgrade.bin



Rep: (18)
For some reason, when switching from CC 15.05 to Lede 17.04 with saving the settings of the router, the multicast stops on the iptv prefix. I'm flashing back, everything works. What could be wrong? I install Igmpproxy, of course, after manual firmware installation.



Rep: (498)
Romio_03 @ 08.08.18, 15:39*
What could be wrong?


Make sure that/ etc / config / igmpproxy

config igmpproxy
option quickleave 1
# option verbose [0-2]

config phyint
option network wan
option zone wan
option direction upstream
list altnet 192.168.0.0/16
list altnet 172.16.0.0/12
list altnet 10.0.0.0/8

config phyint
option network lan
option zone lan
option direction downstream


And in/ etc / config / firewall

config rule
option name 'Allow-IPTV-IGMPPROXY'
option src 'wan'
option proto 'udp'
option dest_ip '224.0.0.0/4'
option target 'ACCEPT'
option family 'ipv4'
option dest 'lan'

config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'



Another problem may be due to emerging support.IGMP snooping.

/ etc / config / network
option igmp_snooping '1'



Rep: (577)
Wifi work planner

In various topics I noticed that people were interested in how to turn off wifi in OpenWrt at a specified time, here’s a quick guide.
There are two options.

Option 1 - via cron.

To do this, go to the System ->Scheduled Tasks
And enter the desired command in this window
Attached Image

Details painted here:DD-WRT - alternative firmware (Post stp101 # 52504079)the principle is the same, so it will work in OpenWrt

Option 2 - through the web interface.
This is such a thing
Attached Image

But it needs to be installed. The Internet must be configured so that the router was from where to download and install :)
Packages will be needed: wifischedule, luci-app-wifischedule and luci-i18n-wifischedule-en
To install from the web interface, go to the System ->Software
In pictures
Attached Image
Attached Image
Attached Image

Or via the console, connect via ssh and give opkg update commands (update the package list) and install opkg install luci-app-wifischedule (all other packages should pull themselves up if they don’t catch up, manually install opkg install luci luci-i18n -wifischedule-ru)
That's all :) Now you can go to Services ->Wi-Fi scheduler and customize the WIFI work schedule

Post has been editedstp101 - 06.09.18, 16:07



Rep: (390)
Transferring / overlay to an external drive (if there is not enough space in the built-in flash memory or flash memory is very "flimsy" and is subject to dying
1) Prepare a USB flash drive. There are two sections on the flash drive. The first is 1 GB with an ext4 file system. The second is for all the remaining space with the ext4 file system.

2) Insert the USB flash drive into the router. Update the list of packages and install the necessary:
opkg update
opkg install kmod-usb-storage block-mount kmod-fs-ext4

3) In LuCi, a new menu item will appear, associated with mounting drive partitions (System в†’ Mount Points). There you need to click the Generate Config button, which will detect the partitions on the connected drive - in Mount Points, the sections / dev / sda1 (1024 MB) and / dev / sda2 will appear

4) Click Edit near sda1, enable Enable this mount, select / overlay as Mount point. Similarly, enable sda2 automount as / data
In / data you can download torrents, etc. This is just a section for your needs. I have traffic statistics going there, for example.

5) Copy the contents / overlay to the USB flash drive. In the terminal:
mkdir -p / tmp / extoverlay
mount / dev / sda1 / tmp / extoverlay
tar -C / overlay -cvf -. | tar -C / tmp / extoverlay -xf -
umount / tmp / extoverlay

6) Reload the router (if everything worked out, then the amount of free space on the Software page should be added)

In case of problems (for example, with the settings so that you have lost access to the router), you can always turn off the router, plug the USB flash drive into the computer, correct the settings.

For fans of micro-optimization: first, readthis
If the desire to optimize has not disappeared yet, you can replace ext4 with F2FS (respectively, instead of kmod-fs-ext4 set kmod-fs-f2fs)
If you are not ready to use F2FS, and the desire to save a flash drive resource is stronger than the fear of adventure on the fifth point, then:
- in item 1, after creating partitions on a flash drive, execute in the terminal:
sudo umount / dev / sdb1
sudo tune2fs -o journal_data_writeback / dev / sdb1
sudo tune2fs -O ^ has_journal / dev / sdb1
sudo e2fsck -f / dev / sdb1
sudo umount / dev / sdb2
sudo tune2fs -o journal_data_writeback / dev / sdb2
sudo tune2fs -O ^ has_journal / dev / sdb2
sudo e2fsck -f / dev / sdb2

- in step 4 on the Advanced Settings tab for both sections, enter in the Mount options line:
noatime

Personally, such manipulations with tuning a penny flash drive are lazy to do.


Post has been editedDart raiden - 08.04.19, 22:43



Rep: (390)
Configuring blocking bypass in Russia and Ukraine

Bypass blocking in Russia, direct traffic to blocked sites via VPN
A script that automatically performs all the necessary actions.. If you want to do the same thing manually, read on.

Prerequisites:
- stitched OpenWrt 18.06
- installed LuCi web interface
- the router has Internet access

1) Update the list of packages (System в†’ Software в†’ Update lists), install OpenVPN:
openvpn-mbedtls

However, openvpn-openssl will work. If you use something more earlier than OpenWrt 18.06, then it is vital to install openvpn-openssl instead of openvpn-mbedtls.

2) Downloadconfiguration file, put .ovpn in / etc / openvpn
I will not describe in detail the process of moving files to the file system of the router, you can useWinSCP, SFTP plugin for Total Commander(the plugin can work on SCP), either directly from the console using wget and unzip, there are many ways.

Edit this file by writing somewhere in the middle of his line:
route 1.1.1.1

3) Replace the contents of / etc / config / openvpn with:
package openvpn

config openvpn antizapret

option enabled 1
option config /etc/openvpn/antizapret-tcp.ovpn

(again, the way to edit the config is left to the reader: one is convenient through vi, the other through the same WinSCP). antizapret-tcp.ovpn is the file that you copied in the last step. If its name has changed, then, accordingly, correct it here in the config file.

4) Enable and run VPN (System в†’ Startup). Check that everything started correctly. In Status в†’ System Log will be approximately the following:
daemon.notice openvpn (antizapret) [3180]: OpenVPN 2.4.5
...
daemon.notice openvpn (antizapret) [3180]: Initialization Sequence Completed в†ђ Everything Started

If instead you are watching a magazine
daemon.err openvpn (antizapret) [3180]: openvpn ROUTE:
you need to open antizapret-tcp.ovpn with a text editor and add the line
max-routes 50000

5) Create a new interface (Network в†’ Interfaces в†’ Add new interface):
Name of the new interface: antizapret
Protocol of the new interface: unmanaged
Cover the following interface: Ethernet Adapter: "tun0"
Advanced settings в†’ Bring up on boot
Firewall Settings в†’ Create: в†’ antizapret
Save and apply

6) Configure antizapret firewall zone (Network в†’ Firewall в†’ antizapret в†’ Edit):
Input: reject
Enable Masquerading and MSS clamping
Allow forward from source zones: lan
Save and apply

7) Fix / etc / config / dhcp:
value
option rebind_protection
change from 1 to 0

8) Specify the DNS-server, which will be used if a VPN-server connection is terminated:
in the settings of both WAN and WAN6 (Network в†’ Interfaces) to disable Use DNS servers advertised by peer interfaces on the Advanced settings tab,
the WAN interface settings in the Use custom DNS servers to enter the address 1.1.1.1
Save and apply

On the message В«WARNING: this configuration may cache passwords in memoryВ» in the magazine to pay attention is not necessary, it is irrelevant, because we do not have the password. If annoying, you can add them to line configuration file
auth-nocache

Similarly, with В«Unrecognized option or missing or extra parameter (s) in [PUSH-OPTIONS]: 4: block-outside-dnsВ» - this option is given to the server in case if the client should Windows. If annoying, you can add them to line configuration file
ignore-unknown-option block-outside-dns


Pros:
- only the traffic to the blocked domains goes through the VPN, the rest of the traffic goes "directly" (no loss of speed, your IP does not change)
- a consequence of the previous one: the traffic is small and the maintenance of a free service does not beat the owner’s pocket

Bypassing blocking in Ukraine, we send traffic to blocked sites via VPN
A script that automatically performs all the necessary actions.. If you want to do the same thing manually, read on.

Prerequisites:
- stitched OpenWrt 18.06
- installed LuCi web interface
- the router has Internet access

1) Update the list of packages (System в†’ Software в†’ Update lists), install OpenVPN, assembled with mbed TLS support:
openvpn-mbedtls

However, openvpn-openssl will work. If you use something more earlier than OpenWrt 18.06, then it is vital to install openvpn-openssl instead of openvpn-mbedtls.

2) Downloadconfiguration file, put .ovpn in / etc / openvpn
I will not describe in detail the process of moving files to the file system of the router, you can useWinSCP, SFTP plugin for Total Commander(the plugin can work on SCP), either directly from the console using wget and unzip, there are many ways.

3) Replace the contents of / etc / config / openvpn with:
package openvpn

config openvpn zaborona

option enabled 1
option config /etc/openvpn/zaborona-help.ovpn

(again, the way to edit the config is left to the reader: one is convenient through vi, the other through the same WinSCP). zaborona-help.ovpn is the file that you copied in the last step. If its name has changed, then, accordingly, correct it here in the config file.

4) Enable and run VPN (System в†’ Startup). Check that everything started correctly. In Status в†’ System Log will be approximately the following:
daemon.notice openvpn (zaborona) [3180]: OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH / PKTINFO] [AEAD]
...
daemon.notice openvpn (zaborona) [3180]: Initialization Sequence Completed в†ђ Everything Started

If instead you are watching a magazine
openvpn (zaborona) [3180] daemon.err: OpenVPN ROUTE:
you need to open antizapret-tcp.ovpn with a text editor and add the line
max-routes 50000

5) Create a new interface (Network в†’ Interfaces в†’ Add new interface):
Name of the new interface: zaborona
Protocol of the new interface: unmanaged
Cover the following interface: Ethernet Adapter: "tun0"
Advanced settings в†’ Bring up on boot
Firewall Settings в†’ Create: в†’ zaborona
Save and apply

6) Configure the zaborona firewall zone (Network в†’ Firewall в†’ zaborona в†’ Edit):
Input: reject
Enable Masquerading and MSS clamping
Allow forward from source zones: lan
Save and apply

7) If you have lost access to the Internet after this item, do not do it. In the settings of the interface "WAN" (Network в†’ Interfaces) disable Use DNS servers advertised by peer on the Advanced settings tab. In Use custom DNS servers enter the address 74.82.42.42. Click next to the "+", in the second line that appears, enter the address 77.88.8.8. Save and Apply.

In the settings of the interface "WAN6" (Network в†’ Interfaces) disable Use DNS servers advertised by peer on the Advanced settings tab. Use custom DNS servers to enter the address 2001: 4860: 4860 :: 8888. Click next to "+", in the second line that appears, enter the address 2001: 4860: 4860 :: 8844. Save and Apply.

On the message В«WARNING: this configuration may cache passwords in memoryВ» in the magazine to pay attention is not necessary, it is irrelevant, because we do not have the password. If annoying, you can add them to line configuration file
auth-nocache

Similarly, with В«Unrecognized option or missing or extra parameter (s) in [PUSH-OPTIONS]: 4: block-outside-dnsВ» - this option is given to the server in case if the client should Windows. If annoying, you can add them to line configuration file
ignore-unknown-option block-outside-dns


Pros:
- only the traffic to the blocked domains goes through the VPN, the rest of the traffic goes "directly" (no loss of speed, your IP does not change)
- a consequence of the previous one: the traffic is small and the maintenance of a free service does not beat the owner’s pocket


Automatic DNS-over-HTTPS off in Firefox
Firefox uses the default DNS-over-HTTPS and DNS-requests fly by DNS-server Antizapret / Zaborona. thattell your browser to use a DoH undesirableShould be added to the line /etc/dnsmasq.conf
server = / use-application-dns.net /
and disable DNS over HTTPS in the network browser.

Do not forget to restart dnsmasq:
service dnsmasq restart


How to copy or edit a file on a router
Using WinSCP
1) set an administrator password (via LuCI)

2) in the System → Administration section, enable Dropbear on the “lan” interface (if enabled on “wan”, it will be available to the entire Internet (if you have a white IP), soon hard-working Chinese will pick it up. Therefore, do not hang it on “wan ").

3) usingWinSCPconnect with the following parameters:
Host name: 192.168.1.1
Login: root
Password: password_which_you_installed_on_step_1

You get the usual 2-panel file manager, with which you can drag files from the PC to the router and back, as well as edit the files on the router).
With Total Commander / Double Commander
1) set an administrator password (via LuCI)

2) in the System → Administration section, enable Dropbear on the “lan” interface (if enabled on “wan”, it will be available to the entire Internet (if you have a white IP), soon hard-working Chinese will pick it up. Therefore, do not hang it on “wan ").

3) using the SFTP plug-in for TC / DC (this plug-in, despite its name, is able to work on SCP) connect with the following parameters:
Connect to: 192.168.1.1
User name: root
Password: password_which_you_installed_on_step_1

If you create or edit a file in Windows, and then copy it to the router, then before you copy, make sure that the line breaks UNIX-like native-file rather than Windows-native-! To do this, simply open the file in Notepad ++ and in the status bar at the bottom right to find "Unix (LF)". If there is "Windows (CR LF)", then right-click on the line, select the "Unix (LF)" and save the file. All this needs to be repeated after each edit, so make sure you edit as you please, and then check the transfers and fill up on the router.

Post has been editedDart raiden - 12.07.20, 20:00



Rep: (44)
Who uses an external usb modem.
I noticed that switching (if [up \ down]) of the wwan interface after a crash is unstable. have to "shaman" hands.
Can anyone have a solution \ ideas how to make a fully working auto-enable script.



Rep: (18)
Tell me what and where it is necessary to register, so that the Internet on the Openwrt firmware automatically rises when the router is turned on and restarted



Rep: (44)
* crosby7896,
It seems to be raised by default by automaton. read wiki
uci set network.wan.auto =; uci commit



Rep: (59)
People, tell me what to cut traffic with in the new firmware (18.06), wshaper does not find, TP-Link TL-WR2543ND router



Rep: (11)
Hi, tell me how to configure the tp link wr841n router so that you can watch ip tv normally without hanging on the Open wrt and lede firmware?



Rep: (390)
nefarious @ 08.08.18, 16:21*
wshaper does not find

Wondershaper (wshaper) is not recommended. Better use qos-scripts or sqm-scripts

Post has been editedDart raiden - 09.08.18, 09:42



Rep: (498)
Mrkrasoff78 @ 08/09/18 05:15*
Hi, tell me how to configure the tp link wr841n router so that you can watch ip tv normally without hanging on the Open wrt and lede firmware?

If you are watching via Wi-Fi, thenudpxIt will greatly help not to overwhelm the Wi-Fi channel.



Rep: (42)
Guys, the WAN port on the TL-WR841N (TP-LINK) router does not work, launched on the firmware in the bridge mode through the 3-4 lan port of the Internet. But he (the Internet) often falls off and writes "without access to the Internet." How to configure on OpenWRT in the bridge rotura mode? but I did not understand a little by digging in the settings



Rep: (254)
Groowy @ 08/09/18, 23:11*
How to configure on OpenWRT in the bridge rotura mode?

On openwrt, it is enough to create a new interface for wan and bind it to any of the lan ports. Just do not forget to exclude it from vlan for lokalki and add it to vlan for wan. And do not need any bridges.
Here is an example instructionhttp://smfd.ru/blog/op…-wan-reassign-web-luci

Post has been editedsolalex1 - 09.08.18, 21:23



Rep: (42)
* solalex1,
Thank you, everything is fine tuned, only now the problem arose in the fact that iptv is not broadcast over WiFi. There are ways to solve this situation?

Posted 10/08/2018 12:16 PM:

Instructions found but the question has matured - how to execute these commands? where to open?
Run the commands to install udpxy:

# opkg update
# opkg install udpxy


Full version    

Help     rules

Now: 10.11.20, 10:46