OpenWrt / LEDE - alternative firmware | [firmware] OpenWrt / LEDE - discussion and problem solving



Rep: (578)
Build OpenWrt / LEDE from source | DD-WRT FIRMWARE | Collect bin (dump) for the programmer | Upgraded UBOOT loaders


OpenWrt / LEDE - alternative firmware


Attached Image


Latest version:OpenWRT 19.07.5
This topic should be placed under the image and logs spoilerPicture

Description / What is discussed in the topic, and what is not
OpenWrt is an embedded Linux kernel-based operating system designed primarily for home routers. Core components include the Linux kernel, util-linux, uClibc or musl, and BusyBox. The source code is open. Distributed under the GNU GPL license.

The LEDE project is developed on the basis of Linux, an embedded meta-distribution based on OpenWRT, focused on a wide range of SOHO wireless routers and non-network devices. “Linux Embedded Development Environment”.
LEDE turned away from the parent project in May 2016, with the goal of continuing to develop better software in an open management model and encouraging new developers to contribute and development efforts.

https://www.openwrt.org
https://github.com/openwrt

https://lede-project.org
https://github.com/lede-project

Emulator OpenWrt / LEDE web interface LuCI (old design theme)


  • This topic is intended to discuss the settings, the installation process on your router and everything related to the OpenWrt / LEDE firmware.
  • In this topicdon't discuss compile from source and rebuild, there is a topic for this Build OpenWrt / LEDE from source
Useful programs
WinSCP graphical client SFTP and SCP
Settings for connecting to a router with LEDE (dropbear must be enabled)
Attached Image

Under Linux, you can either run under winscp wine, or upload files scp command
scp file path [email protected]: the path where to fill in the router
Example:
scp ~ / 1.bin [email protected]: / tmp /

Tftpd32
TFTP for Linux using Ubuntu as an example
Configure tftpd-hpa TFTP server

Install the tftpd-hpa package:
sudo apt-get install tftpd-hpa

After installation, edit the file
sudo nano / etc / default / tftpd-hpa
containing server settings. Let's bring it to the following form:

TFTP_USERNAME = "tftp"
TFTP_DIRECTORY = "/ var / tftp"
TFTP_ADDRESS = "0.0.0.0:69"
TFTP_OPTIONS = "- ipv4 --secure --create --umask 027 --permissive"


In the settings are additional options:
create allows the server to create new files,
ipv4 instructs it to wait for connections only on IPv4 addresses,
umask instructs to reset the write bit for the group and all access bits for other users,
permissive instructs not to carry out any file permissions checks in excess of the operating system.
Create a directory for the tftp server, give the server access to the directory:


sudo mkdir / var / tftp

sudo chown tftp: tftp / var / tftp


You can also change the home directory of the tftp user in the / etc / passwd file to / var / tftp.

Now we just write the ip addresses we need through the gnome network manager and that's it.

It remains to restart the daemon to start working with the new directory:
sudo /etc/init.d/tftpd-hpa restart

Instructions
Useful topics
OpenWrt project news
Download OpenWrt / LEDE


Post has been editedstp101 - 11.12.20, 01:37
Reason for editing: Update OpenWRT 18.06.9 and 19.07.5



Rep: (263)
* Dart Raiden,
Yes, indeed, I lied here - Wireguard Ioti hike cuts.
It can be seen, I used him only with Waifa, but for some reason I decided that from the mobile network.
To bypass restrictions on a permanent basis, only OpenVPN and PPTP used

* AndreyP68,
Just in one place I have with OpenVPN, and in the other with PPTP there is a Yota.
I did not notice something cut. PPTP speed is almost not cut down. and OpenVPN by itself heavy

Post has been editedthe1024 - 02.10.18, 17:48



Rep: (93)
The BOOST version 1.68 is lying in the repository for a specific architecture. They are clearly set. There, near this release, there is a module that, judging by the logs, is looking for a version 1.67 library. Does not find and rolled.
Error Loading Shared Library libboost_system.So.1.67.0: No Such File or Directory
I suspect, I either forgot to rebuild, or incorrectly collected. But what to do with it?

Post has been editedyalexey - 03.10.18, 06:42



Rep: (44)
* yalexey
At what stage an error occurs? Log where?



Rep: (93)
* yuras202 , Log system. When rebooting the demon from this package in the system log, errors are raised. It does not start, along the way.



Rep: (44)
* yalexey
Once again - where is the log? What is the demon?



Rep: (93)
* yuras202 , / dev / log
I2pd.



Rep: (399)
Yes, it is, I forgot to rebuild
https://github.com/openwrt/packages/issues/7136.



Rep: (9)
Good to all.

LinkOn the firmware assembled for some popular models of routers.

In each folder there is a file* .manifest. It has a list of what is included in the firmware.
There is also a file.configBoth can be used as a layout for assembling firmware for yourself. To put the folder in the root where the source OpenWRT codes were merged. After doingMake Clean && Make Menuelectand configure under your needs.

Branch18.06.X.

Included trail. Packages:
relayd
zram
kmod-pppoe
kmod-pppol2tp
kmod-pppox
kmod-pptp
LUCI-APP-UPNP
luci-app-wifischedule
luci-app-ddns
luci-app-mwan3

The firmware also includes a package.sqm-scripts(read -https://openwrt.org/do...rk/traffic-shaping/sqm , https://openwrt.org/do...ic-shaping/sqm-details). This shaper \ Limiter, which allows you to dynamically distribute the bandwidth for all settings connected to the router. Those, if one starts to swing torrents, the second is to watch the movie in HD-Que, and the third wants to play something online and he is extremely important ping to the game server, then with the correct configuration of this package, none of These three will not be deprived in their desires.
Proper package settingsqm-scriptsIt is the right (and truthful) specifying in its settings of the speed of the BX / OSE channel to the network. It is necessary to indicate ~ 80-90% of the claimed speed provider. For example, the speed at the tariff of the BX - 40Mbit \ C, Ex-20Mbit \ s. In the SQM-Scripts settings, we indicate (in kilobits) - BX - 40 x 1024 x 0.8 =32768, OX - 20 x 1024 x 0.8 =16384

The performance of the firmware is checked for:
TP-LINK TL-WR740N-V4
TP-LINK TL-WR840N-V2
TP-LINK TL-WR941ND-V3
TP-LINK TL-WR841ND-V9

Attention. Firmware shipped as it is. All responsibility for the "collision" of their routers in the event of an unsuccessful flashing falls exclusively to you.

Post has been edited151078 - 03.10.20, 12:38



Rep: (399)
Yalexey @ 03.10.18, 06:38*
I suspect it either forgot to rebuild

Corrected when translated - it will work
https://github.com/ope...369DD31ED0B49CCE593ED7

Post has been editedDart raiden - 04.10.18, 23:10



Rep: (2)
* Dart Raiden,
* AndreyP68,
* the1024,

As a result, I have a final question. What is the technology of traffic encryption and supplier for me to choose for iota? Now there is a free account on onevpn.co, it is just a prejudice service, speed 0.2, constantly breaking, has to restart. What option is better? Ready, honestly, on a reasonable subscription fee, if it is paid much better.



Rep: (263)
* k2seven,
To hide traffic from Yota enough PPTP.
I connected the sister at one time the annual tariff from Hideme.
But maybe there are more comfortable and cheap providers, I somehow did not look much then.

And OpenVPN is certainly a stereland, but the channel on that router is 2-3 times less gave. If a powerful router and a decent speed, then you can and OpenVPN try



Rep: (399)
You can try ProtonvPn from free. Or kick iota so that they learn to recognize the Wireguard as VPN.
Well, or rent your VPS and raise PPTP there.

Post has been editedDart raiden - 06.10.18, 14:23



Rep: (399)
Smarted here old posts on the forum ...
Oncecated by paranoid solutions

Announcement by email when an unknown device appears in the home network
  • Create a script /etc/detect_new_Device.sh of this content:
    #! / bin / sh

    # Script to Detect New DHCP Lease
    # This Will Be Called by DNSMASQ Every Time a New Device Is Connected
    # WITH THE FOLLOWING ARGUMENTS
    # $ 1 = Add | Old.
    # $ 2 = Mac Address
    # $ 3 = ip address
    # $ 4 = Device Name

    notification_email = "[email protected]"
    known_mac_addr = "/ etc / known_mac_addr.txt"

    # Check If The Mac Is In Known Devices List
    Grep -Q "$ 2" "$ known_mac_addr"
    unknown_mac_addr = $?

    if ["$ 1" == "add"] && ["$ unknown_mac_addr" -ne 0]; Then.
    MSG = "New Device on` UCI Get System. @ System [0] .Hostname`. `Uci Get DHCP. @ DNSMASQ [0] .domain` $ *"
    Echo `Date`" $ MSG ">>/tmp/dhcpmasq.log.
    # Encode Colon (:) and form e-mail
    Echo "To:" "$ notification_email">/tmp/email.txt
    Echo "From:" "$ notification_email">>/tmp/email.txt
    ECHO "SUBJECT: A New Device Appears in the Home Network">>/tmp/email.txt
    Echo "$ MSG" | SED S /: / - / G>>/tmp/email.txt
    SSMTP "$ notification_email"</tmp/email.txt
    fi


  • Make it executable:
    chmod + x /etc/detect_new_Device.sh


  • Create /etc/known_mac_addr.txt (MAC addresses reportnotneed to; one address on the string; example):
    00: E0: 12: 34: 56: 78
    00: A5: BA: BA: AA: A4


  • In /etc/dnsmasq.conf Add
    dhcp-script = / etc / detect_new_device.sh


  • Opkg Update && Opkg Install SSMTP

  • In /etc/ssmtp/ssmtp.conf change the following lines for gmail
    MailHub = smtp.gmail.com: 587
    UsestartTls = Yes.
    [email protected].
    Authpass = Blablabla

    Authpass - either password from mail (if 2-factor authorization is not included) orapplication password(if 2-factor authorization is enabled)



The same thing, but through Telegram (may not work, I am writing blindly
  • Create a bot. To do this, you need to start a dialogue with @botfather and ask for it to create a new bot using the / newbot command. @BotFather will task two questions: What a new bot will be at a new bot and what nickname he will have. The name may be arbitrary, and nickname should be ended with a line _bot.
    After successfully creating a bot, you will be issued an access token of the type 215540172: AAHGFMPDY9DKEUFJ-GALJZUX1MFLI7D0PLQ.

  • Create a script /etc/detect_new_Device.sh of this content:
    #! / bin / sh

    # Script to Detect New DHCP Lease
    # This Will Be Called by DNSMASQ Every Time a New Device Is Connected
    # WITH THE FOLLOWING ARGUMENTS
    # $ 1 = Add | Old.
    # $ 2 = Mac Address
    # $ 3 = ip address
    # $ 4 = Device Name

    api_token = "Tocken_koty_y_I_Poli_a
    Chat_id = ""
    known_mac_addr = "/ etc / known_mac_addr.txt"

    if [-z "$ Chat_id"]; Then.
    Echo 'Please, Define Chat_id First! See "Chat": {"ID": XXXXXXX STRING BELOW: '
    Wget -qo - https://api.telegram.org/bot$Api_Token/GetUpdates
    exit 1
    fi

    # Check If The Mac Is In Known Devices List
    Grep -Q "$ 2" "$ known_mac_addr"
    unknown_mac_addr = $?

    if ["$ 1" == "add"] && ["$ unknown_mac_addr" -ne 0]; Then.
    MSG = "New Device on` UCI Get System. @ System [0] .Hostname`. `Uci Get DHCP. @ DNSMASQ [0] .domain` $ *"
    Echo `Date`" $ MSG ">>/tmp/dhcpmasq.log.
    wget -qs "https://api.telegram.org/bot$Api_Token/sendMessage?chat_id=$CHAT_ID&pase_mode=html&text=$MSG" 2>&1
    fi


  • Make it executable:
    chmod + x /etc/detect_new_Device.sh


  • Create /etc/known_mac_addr.txt (MAC addresses reportnotneed to; one address on the string; example):
    00: E0: 12: 34: 56: 78
    00: A5: BA: BA: AA: A4


  • In /etc/dnsmasq.conf Add:
    dhcp-script = / etc / detect_new_device.sh


  • Start a chat with the created bot in Telegram. Do not remove this chat, otherwise the messages from the router will stop coming

  • Single to start the script from the command line:
    /etc/detect_new_Device.sh.


  • In the response line find Chat ID and enter in Chat_id = '' Script.


Information about working with API Telegram takenfrom here


Post has been editedDart raiden - 02.08.20, 07:55



Rep: (0)
Did someone have the experience of implementing proprietary drivers in the OpenWRT bill? There are drivers themselves in the form .o and .ko files from the original firmware.



Rep: (9)
Good everyone.

For those who want their own VPN.

1. From the finished (package is in the OpenWarthttps: //support.zeroti...xotfmnzi2zdm5m2jmzte_) https://www.8host.com/...omoshhyu-zerotier-one/

2. On VPS \ VDS:
a. Gohttps://vps.today/. We choose-pay the cheapest problem for sample. There is even QIWI.
b. Install:
- orhttps://pritunl.com/(Web GUI; OpenVPN, IPSec)
- orhttps://github.com/streisandeffect/streisand(without GUI, after configuration, get a ready-made config. File for customers; Wireguard, OpenConnect, OpenSsh, OpenVPN, Shadowsocks, SSLH, Stunnel, Tor Bridge)
- orhttps: //www.pfsense.or...-pfsense/features.html(OpenVPN, IPSec, L2TP). My choice. And in the corporate segment as well. However, 512MB RAM is not enough to work. My small wiki by PfSense, Proxmox (KVM), ZFS, CEPH, ETC virtualizationhttps: //forum.netgate....20102/proxmox-ceph-zfs.

Post has been edited151078 - 07.10.18, 11:37



Rep: (500)
Dart Raiden @ 10/07/18, 00:39*
Announcement by email when an unknown device appears in the home network


And it is not easier to do that unknown Mac addresses can not connect at all.

ASHE88 @ 10/07/18, 09:11*
Did someone have the experience of implementing proprietary drivers in the OpenWRT bill? There are drivers themselves in the form .o and .ko files from the original firmware.


Most likely they will not work because they are compiled on different kernel. Without source code, you do nothing.

The most realistic version is a search that someone has already written these drivers under OpenWRT. I observed this repeatedly. Only here are hiding such people very well. :)

Post has been editedLESHIY_ODESSA - 07.10.18, 11:31



Rep: (9)
ASHE88 @ 10/07/18, 10:11*
Did someone have the experience of implementing proprietary drivers in the OpenWRT bill? There are drivers themselves in the form .o and .ko files from the original firmware.

In the branch about Prometheus \ Padavan ask.

Post has been edited151078 - 07.10.18, 11:45



Rep: (46)
Maybe the iota is not to blame, when I tried to raise a wireguard, my outgoing speed was almost equal to my tariff, but with incoming speed there were huge problems, just observed the funny few tens of kilobytes, as a result I had to write your IPTABLES rules instead of which are generated by the fayer configuration.
Look at my post, the firewall setting section, I described it there, and there is also a reference to the test where the speed of incoming / outgoing traffic is visible, and the recommendation was advised by the forum. The post itselfASUS RT-AC58U - Discussion (post MNSOLD # 77373022)



Rep: (399)
ASHE88 @ 10/07/18, 10:11*
Did someone have the experience of implementing proprietary drivers in the OpenWRT bill? There are drivers themselves in the form .o and .ko files from the original firmware.

Maybe help
https://github.com/Nossiac/mtk-openwrt-feeds

There are also pre-assembled firewood in the form of .ko + modules everything you need to integrate them


Leshiy_odessa @ 10/07/18, 11:29*
And it is not easier to do that unknown Mac addresses can not connect at all.

It is possible, but if the attacker understands that it is worth a restriction on Mac, it simply slides one of the allowed poppies and you will not even know about it. And so, he may not think that the owner of the point is so paranoid, and breaks carelessly, raising the alarm.

Post has been editedDart raiden - 07.10.18, 13:38



Rep: (0)
Dart Raiden @ 10/07/18, 15:33*
Maybe help

There is under MediaTek, and I'm interested in Broadcom.

Another question: did I get NetGear WNR3500LV2, which is reckoned when installing OpenWRT due to driving problems (?) Nand-flash driveAnd in DD-WRT I have not yet found a way to block access to webmore from WLAN. There is itSources of firmwareFor independent compilation on the office. The site of the manufacturer, so, is it possible to remove this driver and where to look?

Post has been editedAshe88 - 07.10.18, 14:49


Full version    

Help     rules

Now: 21.12.20, 19:05