====== fw4 ====== mss https://forum.openwrt.org/t/firewall4-etc-firewall-user/121548/8 /etc/nftables.d/20-wg-maxseg-size.nft chain mangle_forward_mss_custom { type filter hook forward priority mangle; policy accept; iifname { "br-lan", "br-vxlan102"} tcp flags syn tcp option maxseg size set 1320 oifname { "br-lan", "br-vxlan102" } tcp flags syn tcp option maxseg size set 1320 } ====== burimi openwrt apc ====== apcupsd apcupsd-cgi collectd-mod-apcups luci-ssl kmod-phy-ath79-usb kmod-usb-core kmod-usb-ehci kmod-usb-hid kmod-usb-ohci kmod-usb2 libusb-1.0-0 libusb-compat4 usbids usbutils ====== burimi ====== luci-proto-wireguard wireguard-tools bash curl luci-ssl luci-proto-vxlan kmod-vxlan vxlan iperf3 tcpdump luci-ssl luci-app-adblock luci-app-sqm luci-app-qos luci-app-nlbwmon openssh-server openssh-client luci-proto-wireguard wireguard-tools bash curl luci-ssl luci-proto-vxlan kmod-vxlan vxlan iperf3 tcpdump luci-ssl luci-app-adblock luci-app-nlbwmon openssh-keygen openssh-server openssh-client luci-app-ddns luci-app-https-dns-proxy https-dns-proxy ddns-scripts ddns-scripts-services ddns-scripts-cloudflare cloudflared ====== needed packages ejupi ====== luci-app-wireguard luci-proto-wireguard wireguard-tools bash curl luci-ssl luci-proto-vxlan kmod-vxlan vxlan ====== needed packages ====== +-> kmod-usb-net-rtl8152 usbutils tcpdump luci-app-wireguard luci-proto-wireguard wireguard-tools luci-proto-vxlan vxlan iperf3 bash curl luci-ssl ====== docker with plex and other cool stuff ====== https://paul-mackinnon.medium.com/openwrt-raspberry-pi-docker-vlan-project-9cb1db10684c ====== dropbear ssh openwrt ====== cp /root/.ssh/authorized_keys /etc/dropbear/ chmod 700 /etc/dropbear chmod 600 /etc/dropbear/authorized_keys ====== opkg list_install and reinstall ====== opkg list_installed | grep luci | awk {'print $1'} | sed 's/^/opkg install --force-depends --force-overwrite --force-reinstall /' | bash - ====== Docker kubernetes openwrt ====== https://5pi.de/2019/05/10/k8s-on-openwrt/ ====== Upgrade all upgradable images ====== opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade ====== stats not working 19.0.2 ====== rm -f /tmp/luci-indexcache or reboot. @jow- jow- closed this on Mar 14 @db260179 db260179 commented 4 days ago And rm -rf /tmp/luci-modulecache is required ====== Openwrt in Ubuntu ====== https://forum.openwrt.org/t/guide-run-openwrt-as-a-container-in-proxmox/44683/5 http://www.makikiweb.com/Pi/lxc_openwrt.html ====== extroot ====== ====== move / (root) different media ====== * used in openwrt mkdir -p /tmp/introot mkdir -p /tmp/extroot mount --bind / /tmp/introot mount /dev/sda1 /tmp/extroot tar -C /tmp/introot -cvf - . | tar -C /tmp/extroot -xf - umount /tmp/introot umount /tmp/extroot * change the moount point to rollback root@rtfr:~# cat /mnt/ubi0_1/upper/etc/config/fstab config global option anon_swap '0' option auto_swap '1' option auto_mount '1' option delay_root '5' option check_fs '0' option anon_mount '1' config mount option enabled '1' option uuid 'bdefa4c4-7bcd-40b1-8c43-82cbdf1854ea' option target '/' * overlay before the change root@rtfr:~# df -h Filesystem Size Used Available Use% Mounted on /dev/root 2.5M 2.5M 0 100% /rom tmpfs 250.0M 1.4M 248.6M 1% /tmp /dev/ubi0_1 23.7M 20.3M 2.2M 90% /overlay overlayfs:/overlay 23.7M 20.3M 2.2M 90% / ubi1:syscfg 29.6M 244.0K 27.8M 1% /tmp/syscfg tmpfs 512.0K 0 512.0K 0% /dev /dev/sda1 14.0G 135.7M 13.2G 1% /mnt/sda1 /dev/ubi1_0 29.6M 244.0K 27.8M 1% /mnt/ubi1_0 * overlay after the change root@rtfr:~# df -h Filesystem Size Used Available Use% Mounted on /dev/root 2.5M 2.5M 0 100% /rom tmpfs 250.0M 3.5M 246.5M 1% /tmp /dev/sda1 14.0G 135.1M 13.2G 1% / ubi1:syscfg 29.6M 244.0K 27.8M 1% /tmp/syscfg tmpfs 512.0K 0 512.0K 0% /dev /dev/ubi0_1 23.7M 20.9M 1.6M 93% /mnt/ubi0_1 /dev/ubi1_0 29.6M 244.0K 27.8M 1% /mnt/ubi1_0 * GLi /dev/mtdblock6 11.3M 1.7M 9.5M 15% /overlay ====== vxlan ====== VXLAN example configuration Here is an example configuration for a VXLAN tunnel. Only the required options are used, optional ones can be specified additionally. VXLAN interface definition: config interface 'vxlan0' option proto 'vxlan' option peeraddr '10.10.222.1' option port '4789' option vid '8' option tunlink 'eth0' config interface 'l2vpn' option ifname '@vxlan0' option proto 'static' option ipaddr '10.10.0.1' option netmask '255.255.255.0' option layer '2' ====== Raspberry pi 4 USB wifi dongle ====== MediaTek MT7612U https://forum.openwrt.org/t/wi-fi-adapter-for-raspberry-pi-4-b/56969/7 ====== Docker in openwrt ====== https://openwrt.org/docs/guide-user/virtualization/docker_host ====== Openwrt wifi pi4 workaround ====== works only on 20MHZ channel https://forum.openwrt.org/t/ac-mode-on-raspberry-pi-4-wifi/65074/33 cat <<'EOF' > /tmp/hostapd-40-a.conf interface=wlan0 ctrl_interface=/var/run/hostapd ctrl_interface_group=0 driver=nl80211 channel=36 macaddr_acl=0 wmm_enabled=1 obss_interval=300 ht_capab=[HT40+][SHORT-GI-20][DSSS_CCK-40] ieee80211ac=1 vht_oper_chwidth=0 vht_capab=[SHORT-GI-80][SU-BEAMFORMEE] beacon_int=50 dtim_period=20 basic_rates=180 240 360 480 540 disassoc_low_ack=0 ssid=pi40 bridge=br-lan hw_mode=a auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=turtle23 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP EOF kill -9 $(pidof hostapd) 2>/dev/null; sleep 7 /etc/init.d/wpad disable; /etc/init.d/wpad stop ifconfig wlan0 down; sleep 3 /usr/sbin/hostapd -s -d -B /tmp/hostapd-40-a.conf ====== Rename interfaces by MAC address ====== Rename interfaces by MAC address A simple method to configure persistent interface names by MAC address. uci set network.wan1.ifname="wan1" uci set network.wan2.ifname="wan2" uci -q delete network.wan1_dev uci set network.wan1_dev="device" uci set network.wan1_dev.name="wan1" uci set network.wan1_dev.mac="11:22:33:44:55:66" uci -q delete network.wan2_dev uci set network.wan2_dev="device" uci set network.wan2_dev.name="wan2" uci set network.wan2_dev.mac="aa:bb:cc:dd:ee:ff" uci commit network cat << "EOF" > /etc/rc.local NET_DEVS="$(ls /sys/class/net/*/device/uevent \ | awk -F '/' '{print $5}')" for NET_DEV0 in ${NET_DEVS} do NET_MAC0="$(cat /sys/class/net/"${NET_DEV0}"/address)" I="0" while uci -q get network.@device["${I}"] > /dev/null do NET_DEV="$(uci -q get network.@device["${I}"].name)" NET_MAC="$(uci -q get network.@device["${I}"].mac)" if [ -n "${NET_DEV}" -a -n "${NET_MAC}" ] \ && [ "${NET_MAC}" = "${NET_MAC0}" ] then ip link set "${NET_DEV0}" down ip link set "${NET_DEV0}" name "${NET_DEV}" fi done done /etc/init.d/network reload EOF sh /etc/rc.local ====== ipv6 ====== * ollow the following steps to disable IPV6 on your OpenWrt router: uci set 'network.lan.ipv6=0' uci set 'network.wan.ipv6=0' uci set 'dhcp.lan.dhcpv6=disabled' /etc/init.d/odhcpd disable uci commit * Disable RA and DHCPv6 so no IPv6 IPs are handed out: uci -q delete dhcp.lan.dhcpv6 uci -q delete dhcp.lan.ra uci commit dhcp /etc/init.d/odhcpd restart * You can now disable the LAN delegation: uci set network.lan.delegate="0" uci commit network /etc/init.d/network restart * You might as well disable odhcpd: /etc/init.d/odhcpd disable /etc/init.d/odhcpd stop * And finally you can delete the IPv6 ULA Prefix: uci -q delete network.globals.ula_prefix uci commit network /etc/init.d/network restart