Contents
- Start service on boot
- Enable SSH from WAN
- Unlock root data partition
- Increase DNS cache size
- Use custom DNS server
- Useful packages
- IPv6
- Statistcs and collectd
- Pass through SSH and Mosh for IPv6
- SQM (Smart Queue Management) to reduce Bufferbloat
- UPnP
- List packages installed after flash
- Misc configuration
- Useful reads
- Device-specific notes
- Misc notes
- Packages
Start service on boot
OpenWrt does not have update-rc.d or chkconfig. To start a service called service-name on boot, run:
Enable SSH from WAN
Place into /etc/firewall.user:
1 iptables --append input_wan --protocol tcp --dport 22 --jump ACCEPT
When SSH from WAN is enabled, it's probably a good idea to disable password logins via SSH (only public key authentication will be allowed):
1 sed -i -e "s/'on'/'off'/" /etc/config/dropbear
will set PasswordAuth option to "off", making /etc/config/dropbear look like:
config dropbear option PasswordAuth 'off' option Port '22'
Unlock root data partition
OpenWrt sometimes does not unlock the data partition. I've particularly noticed this on the WRT54GL and OpenWrt 10.03.
mtd unlock rootfs_data
Increase DNS cache size
uci set dhcp.@dnsmasq[-1].cachesize=8192 uci commit dhcp
Or place into /etc/config/dhcp:
config dnsmasq # ... option cachesize '8192'
Use custom DNS server
Create /etc/resolv.local containing nameserver entries. Add resolv-file to dnsmasq.conf:
echo resolv-file=/etc/resolv.local >> /etc/dnsmasq.conf
and restart dnsmasq:
/etc/init.d/dnsmasq restart
Useful packages
Package |
Use |
miniupnpd luci-app-upnp |
Enable UPnP so ports in firewall can automatically be opened |
umdns |
Lightweight Avahi/mDNS server |
IPv6
Statistcs and collectd
1 # Install luci statistics app, collectd, and some useful collectd modules
2 opkg update
3 opkg install luci-app-statistics
4 opkg install collectd-mod-interface collectd-mod-memory collectd-mod-ping collectd-mod-rrdtool collectd-mod-wireless collectd-mod-conntrack collectd-mod-cpu collectd-mod-iptables collectd-mod-uptime
5 opkg install luci-proto-vpnc
6
7 uci get luci_statistics.collectd_interface.Interfaces
8 uci set luci_statistics.collectd_interface.Interfaces='br-lan 6in4-henet'
9 # wan interfaces only
10 uci set luci_statistics.collectd_interface.Interfaces='eth1 6in4-henet'
11
12 # set wireless interfaces
13 uci get luci_statistics.collectd_iwinfo.Interfaces
14 uci add_list luci_statistics.collectd_iwinfo.Interfaces='wlan0'
15 uci add_list luci_statistics.collectd_iwinfo.Interfaces='wlan1'
16
17 uci set luci_statistics.collectd.Interval=60
18 uci commit luci_statistics
19
20 /etc/init.d/luci_statistics enable
21 /etc/init.d/collectd enable
Pass through SSH and Mosh for IPv6
Into /etc/config/firewall:
config rule option src 'wan' option proto 'tcp' option dest 'lan' option dest_port '22' option family 'ipv6' option target 'ACCEPT' option name 'SSH for IPv6' config rule option src 'wan' option proto 'udp' option dest 'lan' option dest_port '60000-61000' option family 'ipv6' option target 'ACCEPT' option name 'Mosh for IPv6'
SQM (Smart Queue Management) to reduce Bufferbloat
Configuration (see SQM page on OpenWrt wiki for more information):
config queue 'eth1' option qdisc_advanced '0' option enabled '1' option interface 'eth0' option download '250000' option upload '250000' option debug_logging '0' option verbosity '5' option qdisc 'cake' option script 'piece_of_cake.qos' option linklayer 'ethernet' option overhead '44'
and adjust download and upload (in kbps) appropriately.
UPnP
List packages installed after flash
Not 100% accurate, from https://gist.github.com/devkid/8d4c2a5ab62e690772f3d9de5ad2d978#gistcomment-2658305:
1 #!/bin/sh
2
3 PRECISION=6
4
5 trunk_time () {
6 PKGTIME=$(opkg info "$1" | grep '^Installed-Time: ' | cut -f2 -d ' ')
7 PKGTIME=${PKGTIME:0:$2}
8 return
9 }
10
11 trunk_time busybox $PRECISION && BUILD_TIME=$PKGTIME
12
13 for i in $(opkg list-installed | cut -d' ' -f1)
14 do
15 trunk_time $i $PRECISION
16 if [ "$PKGTIME" != "$BUILD_TIME" ]
17 then
18 echo $i
19 fi
20 done
Misc configuration
Useful reads
Setting up NAT64 and DNS64 on OpenWRT, for IPv6-only networks.
My complete OpenWrt setup guide. Comprehensive, from-scratch setup guide.
https://github.com/imaginator/home-network/blob/master/build-firmware: git repository for storing configuration for building an OpenWrt image
Device-specific notes
TP-Link Archer C7
Latest community built firmware, many patches & optimizations: vurrut/openwrt-optimized-archer-c7-v2. Based off of widely used infinitnet/lede-ar71xx-optimized-archer-c7-v2.
Misc notes
SSH keys for Dropbear should be appended to /etc/dropbear/authorized_keys
Analyzing OpenWrt firewall logs w/ Splunk. Forward log information to another syslog server, have Splunk index thse files. Debugging OpenWrt by shipping logs to rsyslog details rsyslog writing files.
Packages
- iptables-mod-extra