mss
https://forum.openwrt.org/t/firewall4-etc-firewall-user/121548/8
/etc/nftables.d/20-wg-maxseg-size.nft
chain mangle_forward_mss_custom {
type filter hook forward priority mangle; policy accept;
iifname { "br-lan", "br-vxlan102"} tcp flags syn tcp option maxseg size set 1320
oifname { "br-lan", "br-vxlan102" } tcp flags syn tcp option maxseg size set 1320
}
apcupsd apcupsd-cgi collectd-mod-apcups luci-ssl kmod-phy-ath79-usb kmod-usb-core kmod-usb-ehci kmod-usb-hid kmod-usb-ohci kmod-usb2 libusb-1.0-0 libusb-compat4 usbids usbutils
luci-proto-wireguard wireguard-tools bash curl luci-ssl luci-proto-vxlan kmod-vxlan vxlan iperf3 tcpdump luci-ssl luci-app-adblock luci-app-sqm luci-app-qos luci-app-nlbwmon openssh-server openssh-client
luci-proto-wireguard wireguard-tools bash curl luci-ssl luci-proto-vxlan kmod-vxlan vxlan iperf3 tcpdump luci-ssl luci-app-adblock luci-app-nlbwmon openssh-keygen openssh-server openssh-client luci-app-ddns luci-app-https-dns-proxy https-dns-proxy ddns-scripts ddns-scripts-services ddns-scripts-cloudflare cloudflared
luci-app-wireguard luci-proto-wireguard wireguard-tools bash curl luci-ssl luci-proto-vxlan kmod-vxlan vxlan
+→ kmod-usb-net-rtl8152 usbutils tcpdump luci-app-wireguard luci-proto-wireguard wireguard-tools luci-proto-vxlan vxlan iperf3 bash curl luci-ssl
cp /root/.ssh/authorized_keys /etc/dropbear/ chmod 700 /etc/dropbear chmod 600 /etc/dropbear/authorized_keys
opkg list_installed | grep luci | awk {'print $1'} | sed 's/^/opkg install --force-depends --force-overwrite --force-reinstall /' | bash -
opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade
rm -f /tmp/luci-indexcache or reboot. @jow- jow- closed this on Mar 14 @db260179 db260179 commented 4 days ago And rm -rf /tmp/luci-modulecache is required
mkdir -p /tmp/introot mkdir -p /tmp/extroot mount --bind / /tmp/introot mount /dev/sda1 /tmp/extroot tar -C /tmp/introot -cvf - . | tar -C /tmp/extroot -xf - umount /tmp/introot umount /tmp/extroot
root@rtfr:~# cat /mnt/ubi0_1/upper/etc/config/fstab
config global
option anon_swap '0'
option auto_swap '1'
option auto_mount '1'
option delay_root '5'
option check_fs '0'
option anon_mount '1'
config mount
option enabled '1'
option uuid 'bdefa4c4-7bcd-40b1-8c43-82cbdf1854ea'
option target '/'
root@rtfr:~# df -h Filesystem Size Used Available Use% Mounted on /dev/root 2.5M 2.5M 0 100% /rom tmpfs 250.0M 1.4M 248.6M 1% /tmp /dev/ubi0_1 23.7M 20.3M 2.2M 90% /overlay overlayfs:/overlay 23.7M 20.3M 2.2M 90% / ubi1:syscfg 29.6M 244.0K 27.8M 1% /tmp/syscfg tmpfs 512.0K 0 512.0K 0% /dev /dev/sda1 14.0G 135.7M 13.2G 1% /mnt/sda1 /dev/ubi1_0 29.6M 244.0K 27.8M 1% /mnt/ubi1_0
root@rtfr:~# df -h Filesystem Size Used Available Use% Mounted on /dev/root 2.5M 2.5M 0 100% /rom tmpfs 250.0M 3.5M 246.5M 1% /tmp /dev/sda1 14.0G 135.1M 13.2G 1% / ubi1:syscfg 29.6M 244.0K 27.8M 1% /tmp/syscfg tmpfs 512.0K 0 512.0K 0% /dev /dev/ubi0_1 23.7M 20.9M 1.6M 93% /mnt/ubi0_1 /dev/ubi1_0 29.6M 244.0K 27.8M 1% /mnt/ubi1_0
/dev/mtdblock6 11.3M 1.7M 9.5M 15% /overlay
VXLAN example configuration Here is an example configuration for a VXLAN tunnel. Only the required options are used, optional ones can be specified additionally.
VXLAN interface definition: config interface 'vxlan0' option proto 'vxlan' option peeraddr '10.10.222.1' option port '4789' option vid '8' option tunlink 'eth0' config interface 'l2vpn' option ifname '@vxlan0' option proto 'static' option ipaddr '10.10.0.1' option netmask '255.255.255.0' option layer '2'
works only on 20MHZ channel
https://forum.openwrt.org/t/ac-mode-on-raspberry-pi-4-wifi/65074/33
cat <<'EOF' > /tmp/hostapd-40-a.conf interface=wlan0 ctrl_interface=/var/run/hostapd ctrl_interface_group=0 driver=nl80211 channel=36 macaddr_acl=0 wmm_enabled=1 obss_interval=300 ht_capab=[HT40+][SHORT-GI-20][DSSS_CCK-40] ieee80211ac=1 vht_oper_chwidth=0 vht_capab=[SHORT-GI-80][SU-BEAMFORMEE] beacon_int=50 dtim_period=20 basic_rates=180 240 360 480 540 disassoc_low_ack=0 ssid=pi40 bridge=br-lan hw_mode=a auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=turtle23 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP EOF
kill -9 $(pidof hostapd) 2>/dev/null; sleep 7 /etc/init.d/wpad disable; /etc/init.d/wpad stop ifconfig wlan0 down; sleep 3 /usr/sbin/hostapd -s -d -B /tmp/hostapd-40-a.conf
Rename interfaces by MAC address
A simple method to configure persistent interface names by MAC address.
uci set network.wan1.ifname="wan1"
uci set network.wan2.ifname="wan2"
uci -q delete network.wan1_dev
uci set network.wan1_dev="device"
uci set network.wan1_dev.name="wan1"
uci set network.wan1_dev.mac="11:22:33:44:55:66"
uci -q delete network.wan2_dev
uci set network.wan2_dev="device"
uci set network.wan2_dev.name="wan2"
uci set network.wan2_dev.mac="aa:bb:cc:dd:ee:ff"
uci commit network
cat << "EOF" > /etc/rc.local
NET_DEVS="$(ls /sys/class/net/*/device/uevent \
| awk -F '/' '{print $5}')"
for NET_DEV0 in ${NET_DEVS}
do
NET_MAC0="$(cat /sys/class/net/"${NET_DEV0}"/address)"
I="0"
while uci -q get network.@device["${I}"] > /dev/null
do
NET_DEV="$(uci -q get network.@device["${I}"].name)"
NET_MAC="$(uci -q get network.@device["${I}"].mac)"
if [ -n "${NET_DEV}" -a -n "${NET_MAC}" ] \
&& [ "${NET_MAC}" = "${NET_MAC0}" ]
then
ip link set "${NET_DEV0}" down
ip link set "${NET_DEV0}" name "${NET_DEV}"
fi
done
done
/etc/init.d/network reload
EOF
sh /etc/rc.local
uci set 'network.lan.ipv6=0' uci set 'network.wan.ipv6=0' uci set 'dhcp.lan.dhcpv6=disabled' /etc/init.d/odhcpd disable uci commit
uci -q delete dhcp.lan.dhcpv6 uci -q delete dhcp.lan.ra uci commit dhcp /etc/init.d/odhcpd restart * You can now disable the LAN delegation:
uci set network.lan.delegate="0" uci commit network /etc/init.d/network restart
* You might as well disable odhcpd:
/etc/init.d/odhcpd disable /etc/init.d/odhcpd stop
uci -q delete network.globals.ula_prefix uci commit network /etc/init.d/network restart