Linksys AC Series Router Configuration Tips for OpenWRT: Difference between revisions
mNo edit summary |
|||
(61 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
This | This article has gotten huge. Well, not really. Actually yes. It's an aggregation article that has a bunch of other articles on the same subject which links to and displays the content of the other pages. There is a lot of information here. It is in large part a brain dump of learned knowledge. This means that there hasn't been a lot of editing or neatening up of what's written. Sorry, there just isn't enough time. Maybe one day. | ||
Anyway, what you'll find here is a bunch of information collected on a bunch of different subjects. Many of them relate to very difficult problems that have solutions which will hopefully be valuable and help anyone that can't figure out an issue or how to make something they've pictured in their head but aren't sure how to implement. | |||
This subject(s) of this article are the AC Series of routers manufactured by Linksys and the OpenWRT Firmware designed for them. The Linksys AC Routers include the WRT1200AC, WRT1900AC v1, WRT1900AC v2, WRT1900ACS v2, WR1900ACS v2, WRT3200ACM, and WRT32X (A and B versions, one generic, the other marketed to X-Box owners). The WRT1900AC v2 is essentially a WRT1900ACS v1 and the WRT3200ACM and WRT32X are duplicate hardware models with different firmware (from Linksys). All have a blue / black color scheme except for the WRT32X which is all black. The models are sometimes referred to without the suffix letters as WRT1200, WRT1900, WRT3200. | |||
Details on each model are very nicely summarized on the OpenWRT website | Information covered in this article was written for and tested on various models, including the WRT1900ACS v1, WRT1900ACS v2, WRT3200ACM, and WRT32X. The information applies to all of the models with some variations on the technical details. | ||
All models are available used on eBay. The ACS, ACM, and 32X series are still available new as of the writing of this article in 2020. The most powerful and expensive models are the WRT3200ACM and the WRT32X. The best bargain used in terms of cost and "horsepower" is the ACS series. Occasionally it is possible to find a less than observant vendor on eBay selling an ACS model that is advertised as an AC model. Those are the best deals. | |||
Details on each model are very nicely summarized on the OpenWRT website. Here's a link for the 1200 series: https://openwrt.org/toh/linksys/wrt_ac_series?s[]=wrt1200ac | |||
As it started out, this article was intended to be a quick how to on a couple of items, but then grew to enormous proportions. There was some consideration on breaking it into smaller sections, but the Mediawiki interface with its table of contents mitigates that need to an acceptable level. | As it started out, this article was intended to be a quick how to on a couple of items, but then grew to enormous proportions. There was some consideration on breaking it into smaller sections, but the Mediawiki interface with its table of contents mitigates that need to an acceptable level. | ||
Line 19: | Line 23: | ||
**Run the below commands to install the following items (but first, run opkg update). They're broken down into groups; | **Run the below commands to install the following items (but first, run opkg update). They're broken down into groups; | ||
***General Utilities: opkg install wget htop nano coreutils-dd netcat restic shadow-passwd shadow-useradd shadow-groupadd shadow-chsh lsof bash | ***General Utilities: opkg install wget htop nano coreutils-dd netcat restic shadow-passwd shadow-useradd shadow-groupadd shadow-chsh lsof bash | ||
***Disk Related: opkg install block-mount e2fsprogs kmod-fs-ext4 kmod-usb-storage kmod-usb2 kmod-usb3 ntfs-3g usbutils gdisk cfdisk tune2fs kmod-fs-exfat dosfstools kmod-fs-vfat f2fs-tools kmod-fs-f2fs lsblk ntfs-3g-utils fdisk sfdisk wipefs | ***Disk Related: opkg install block-mount e2fsprogs kmod-fs-ext4 kmod-usb-storage kmod-usb2 kmod-usb3 ntfs-3g usbutils gdisk cfdisk tune2fs kmod-fs-exfat dosfstools kmod-fs-vfat f2fs-tools kmod-fs-f2fs lsblk ntfs-3g-utils fdisk sfdisk wipefs hdparm | ||
***GUI Interface / Tools for "built-in" services: opkg install luci-app-advanced-reboot luci-app-uhttpd | ***GUI Interface / Tools for "built-in" services: opkg install luci-app-advanced-reboot luci-app-uhttpd | ||
***Ease of Use Software: opkg install samba4-server samba4-utils luci-app-samba4 (of all the utilities to install, this is by far the largest in terms of storage space consumed) | ***Ease of Use Software: opkg install samba4-server samba4-utils luci-app-samba4 (of all the utilities to install, this is by far the largest in terms of storage space consumed) | ||
Line 274: | Line 278: | ||
===Recommended Hardware Devices=== | ===Recommended Hardware Devices=== | ||
The best recommendation for a USB Flash Drive is the SanDisk Ultra Fit USB 3.1 Flash Drive Series. And the recommendation is NOT because it is the fastest. They brag speeds up to 130 MB/S. Maybe downhill in a tornado, but under normal systems, that speed is a joke for this piece of hardware. So why recommend it? Well as it turns out, the fastest drive, USB, eSATA, or otherwise that has been tested on the AC Series is about 70 MB/S (this has been confirmed for eSATA) and around 45 MB/S for USB 3.0 (using a Patriot SuperSonic Rage Elite USB 3.1 Flash Drive that has been verified multiple times at over 200 MB/S sustained). Based on that and the below reviews it seems the Ethernet Switch may be topping out at about 70 MB/S, which is quite respectable.[[File:Sabrent USB 3.0 Hub.jpg|alt=Sabrent USB 3.0 Hub|thumb|158x158px|Sabrent USB 3.0 Hub|left]]Some reviews have the USB 3.0 speeds and eSATA speeds about the same at around 70 MB/S: https://www.eteknix.com/linksys-wrt3200acm-router-review/10/ | The best recommendation for a USB Flash Drive is the SanDisk Ultra Fit USB 3.1 Flash Drive Series. And the recommendation is NOT because it is the fastest. They brag speeds up to 130 MB/S. Maybe downhill in a tornado, but under normal systems, that speed is a joke for this piece of hardware. So why recommend it? Well as it turns out, the fastest drive, USB, eSATA, or otherwise that has been tested on the AC Series is about 70 MB/S (this has been confirmed for eSATA) and around 45 MB/S for USB 3.0 (using a Patriot SuperSonic Rage Elite USB 3.1 Flash Drive that has been verified multiple times at over 200 MB/S sustained). Based on that and the below reviews it seems the Ethernet Switch may be topping out at about 70 MB/S, which is quite respectable.[[File:Sabrent USB 3.0 Hub.jpg|alt=Sabrent USB 3.0 Hub (HB-R3MB)|thumb|158x158px|Sabrent USB 3.0 Hub|left]]Some reviews have the USB 3.0 speeds and eSATA speeds about the same at around 70 MB/S: https://www.eteknix.com/linksys-wrt3200acm-router-review/10/ | ||
Others have the USB 3.0 speeds measured considerably slower at about 20 MB/S: https://www.kitguru.net/peripherals/james-morris/linksys-wrt3200acm-ac3200-wireless-router-review/4/ | Others have the USB 3.0 speeds measured considerably slower at about 20 MB/S: https://www.kitguru.net/peripherals/james-morris/linksys-wrt3200acm-ac3200-wireless-router-review/4/ | ||
Line 280: | Line 284: | ||
Anyway, the above mentioned SanDisk device tops out at about 70 MB/S on every system that the above mentioned Patriot device tops out at over 200 MB/S. Notice that 70 MB/S speed mentioned twice? Once for the SanDisk device and once for the AC Series. The next item to consider is price. The SanDisk is not the cheapest, but it is fairly low. When price and performance are both considered, it turns out the SanDisk device beats everyone. And since the AC series router and SanDisk USB Flash Drive both top out at around 70 MB/S, that makes it the perfect match. | Anyway, the above mentioned SanDisk device tops out at about 70 MB/S on every system that the above mentioned Patriot device tops out at over 200 MB/S. Notice that 70 MB/S speed mentioned twice? Once for the SanDisk device and once for the AC Series. The next item to consider is price. The SanDisk is not the cheapest, but it is fairly low. When price and performance are both considered, it turns out the SanDisk device beats everyone. And since the AC series router and SanDisk USB Flash Drive both top out at around 70 MB/S, that makes it the perfect match. | ||
If one is considering using the USB Flash Drive for other purposes, go with the Patriot USB Flash Drive. If using the USB flash drive as a dedicated device for an AC series routers then go with the SanDisk USB flash drive. Plus it's also much smaller and has a lower profile than the patriot device. Both drives claim speeds about double what they can deliver. The final joke is that the Patriot device is USB 3.0 and the SanDisk is a USB 3.1 device.[[File:USB 3.0 Extension.jpg|alt=USB 3.0 Extension|thumb|120x120px|USB 3.0 Extension|left]]Another nice item, which isn't necessary, but makes nice neat way to connect several USB flash drives to a router is a Sabrent USB 3.0 Hub (model HB-RBM3). From [https://www.walmart.com/ip/Sabrent-Premium-3-Port-Aluminum-Mini-USB-3-0-90-180-Degree-Rotatable-HB-R3MB/114811464 Wal-Mart], only about $12. There are other similar device, but this one is much higher quality. Sadly, even with its ability to rotate, it won't plug into the router without blocking several of the Ethernet ports (including the WAN port) or the power connector. Thanks to the overhang on the rear of the AC Series router, it can't be rotated up. | If one is considering using the USB Flash Drive for other purposes, go with the Patriot USB Flash Drive. If using the USB flash drive as a dedicated device for an AC series routers then go with the SanDisk USB flash drive. Plus it's also much smaller and has a lower profile than the patriot device. Both drives claim speeds about double what they can deliver. The final joke is that the Patriot device is USB 3.0 and the SanDisk is a USB 3.1 device.[[File:USB 3.0 Extension.jpg|alt=USB 3.0 Extension|thumb|120x120px|USB 3.0 Extension|left]]Another nice item, which isn't necessary, but makes nice neat way to connect several USB flash drives to a router is a Sabrent USB 3.0 Hub (model HB-RBM3). From [https://www.walmart.com/ip/Sabrent-Premium-3-Port-Aluminum-Mini-USB-3-0-90-180-Degree-Rotatable-HB-R3MB/114811464 Wal-Mart], only about $12. There are other similar device, but this one is much higher quality. Sadly, even with its ability to rotate, it won't plug into the router without blocking several of the Ethernet ports (including the WAN port) or the power connector. Thanks to the overhang on the rear of the AC Series router, it can't be rotated up. This is not the fault of the Sabrent USB 3.0 Hub, but the design of the Linksys Router that causes the issue. It is also worth pointing out that in tests, there was ''no'' drop in transfer speeds between a single USB Flash Drive plugged directly into the router's USB 3.0 port and the same drive plugged into the router via the Sabrent USB 3.0 hub. | ||
[[File:USB to mSATA.jpg|alt=USB to mSATA|left|thumb|120x120px|USB to mSATA Enclosure]] | [[File:USB to mSATA.jpg|alt=USB to mSATA|left|thumb|120x120px|USB to mSATA Enclosure]] | ||
But there is a solution... A USB 3.0 A Male to A Female Adapter (Part # 1206-N, UPC 848076012233) from a company named CMPLE. It is available from several places: [https://www.walmart.com/ip/Cmple-USB-3-0-A-Male-to-A-Female-Adapter/172246645 Wal-Mart], [https://www.ebay.com/itm/NEW-USB-3-0-A-MALE-TO-A-FEMALE-M-F-ADAPTER-CONNECTOR-NEW-/362695174727 eBAy], and from the company that appears to have it manufactured (in China), [https://www.cmple.com/ProductsBySKU/1206-N CMPLE]. Even at about $3.00 it is a bit more expensive than other similar products (and there are only a few). But it has one advantage in that the orientation of the male and female part of the connector are arranged such that the above noted 3 Port USB 3.0 hub from Sabrent can connect and be in the "up" position. All other similar items found require that the hub be rotated to the left, right, or down. Down isn't a choice unless one's router is on the edge of a table. Left and right are good as the adapter provides enough clearance for the hub so it doesn't contact the power cord or the Ethernet cable on the WAN port. | But there is a solution... A USB 3.0 A Male to A Female Adapter (Part # 1206-N, UPC 848076012233) from a company named CMPLE. It is available from several places: [https://www.walmart.com/ip/Cmple-USB-3-0-A-Male-to-A-Female-Adapter/172246645 Wal-Mart], [https://www.ebay.com/itm/NEW-USB-3-0-A-MALE-TO-A-FEMALE-M-F-ADAPTER-CONNECTOR-NEW-/362695174727 eBAy], and from the company that appears to have it manufactured (in China), [https://www.cmple.com/ProductsBySKU/1206-N CMPLE]. Even at about $3.00 it is a bit more expensive than other similar products (and there are only a few). But it has one advantage in that the orientation of the male and female part of the connector are arranged such that the above noted 3 Port USB 3.0 hub from Sabrent can connect and be in the "up" position. All other similar items found require that the hub be rotated to the left, right, or down. Down isn't a choice unless one's router is on the edge of a table. Left and right are good as the adapter provides enough clearance for the hub so it doesn't contact the power cord or the Ethernet cable on the WAN port. | ||
[[File:90 Degree Cable.jpg|alt=90 Degee Cable|left|thumb|121x121px|90 Degee Cable]] | |||
And did locate a cable that has chance (didn't test it by buying it) of fitting behind the above 90° USB 3.0 Hub noted above. The cable would also then have to bend at quite an angle to clear what ever the router was mounted on or sitting on. But it seems possible. It's from this company: http://www.wire-cable-solution.com/showing_2395_2071/ESATA-7Pin-small-90-to-SATA-First-generation.html | |||
Watch out for other idiot sellers that list an "eSATA" cable that isn't. Look closely and you'll see that it's an internal SATA connector. The best tip when searching is to switch to Google or Bing images to find the proper cable. | |||
Google also gives some false hope when searching for a cable like this when it shows just the item, but the link is dead or is redirected to generica SATA cables. | |||
<br /> | |||
====Bottom Line==== | ====Bottom Line==== | ||
Line 322: | Line 335: | ||
*opkg update | *opkg update | ||
*opkg install block-mount e2fsprogs kmod-fs-ext4 kmod-usb-storage kmod-usb2 kmod-usb3 ntfs-3g usbutils gdisk cfdisk tune2fs kmod-fs-exfat dosfstools kmod-fs-vfat f2fs-tools kmod-fs-f2fs lsblk ntfs-3g-utils fdisk sfdisk wipefs | *opkg install block-mount e2fsprogs kmod-fs-ext4 kmod-usb-storage kmod-usb2 kmod-usb3 ntfs-3g usbutils gdisk cfdisk tune2fs kmod-fs-exfat dosfstools kmod-fs-vfat f2fs-tools kmod-fs-f2fs lsblk ntfs-3g-utils fdisk sfdisk wipefs blkid mkf2fs hdparm (block-mount is the package that enables the "Mount Points" menu to appear in the LuCI GUI interface, and a reboot is necessary after installation) | ||
Please note, all of the above packages are not necessary. But they do represent a broad range of tools that are very useful. And since they don't take up a lot of space, it's worth installing them. They don't run as active services or anything either, so no extra RAM or CPU usage unless one types the command. Reboot after installing all of the above software. | Please note, all of the above packages are not necessary. But they do represent a broad range of tools that are very useful. And since they don't take up a lot of space, it's worth installing them. They don't run as active services or anything either, so no extra RAM or CPU usage unless one types the command. Reboot after installing all of the above software. | ||
Line 385: | Line 398: | ||
Change a Volume Label; | Change a Volume Label; | ||
*tune2fs -L WhatEverName /dev/sdaX | *For EXT4: tune2fs -L WhatEverName /dev/sdaX | ||
*For NTFS: ntfslabel /dev/sdXy WhatEverLabelName | |||
*For a Swap File (opkg install swap-utils): swaplabel /dev/sdXy WhatEverLabelName | |||
====Performance Tuning for ExtX==== | ====Performance Tuning for ExtX==== | ||
Line 391: | Line 406: | ||
*tune2fs -o journal_data_writeback /dev/sdaX | *tune2fs -o journal_data_writeback /dev/sdaX | ||
*tune2fs -O | *tune2fs -O has_journal /dev/sdaX | ||
====Performance Tuning for NTFS==== | ====Performance Tuning for NTFS==== | ||
Line 400: | Line 415: | ||
*If compression is also desired, add this in the above noted location: big_writes,compression | *If compression is also desired, add this in the above noted location: big_writes,compression | ||
===Clone a Partition=== | ===Resizing a Parition (and then resize the file system (ext4, etc.))=== | ||
Use CFDISK to resize the partition. It's easy, just run CFDISK, use arrow keys to select resize, change the size of the partition (16G will result in a 16 Gigabyte Parition) | |||
Then resize the files system to take advantage of the extra space: resize2fs /dev/sdXY (opkg install resize2fs if it isn't installed), example resize2fs /dev/sda1 (will resize file system to the full size of the partition), example resize2fs /dev/sda1 32G (will resize file system to 32 Gigabytes, note, partition must be at least 32 Gigabytes for this to work without an error). | |||
===Clone a Partition (see DD section below Restic Section way down)=== | |||
It is recommended to make sure the destination partition is the same size or larger of course. Be prepared to wait a while, even on a USB 3.0 port. | It is recommended to make sure the destination partition is the same size or larger of course. Be prepared to wait a while, even on a USB 3.0 port. | ||
Line 474: | Line 494: | ||
Various commands to "see" the available internal Flash Memory partitions; | Various commands to "see" the available internal Flash Memory partitions; | ||
*ls -la /dev/ub* : A directory listing of UBI devices | *ls -la /dev/ub*<span> </span>: A directory listing of UBI devices | ||
*cat /proc/mtd : A list of the various MTD ([https://openwrt.org/docs/techref/mtd Memory Technology Device]) Partitions | *cat /proc/mtd<span> </span>: A list of the various MTD ([https://openwrt.org/docs/techref/mtd Memory Technology Device]) Partitions | ||
*UBI (Unsorted Block Images) Commands; | *UBI (Unsorted Block Images) Commands; | ||
**ubinfo - provides information about UBI devices and volumes found in the system | **ubinfo - provides information about UBI devices and volumes found in the system | ||
Line 565: | Line 585: | ||
====Mounting Internal Partitions==== | ====Mounting Internal Partitions==== | ||
'''WARNING:''' As of late 2021, with a WRT32X Model Router, it has been demonstrated that simply using the ''ubiattach'' command will render a partition unbootable and cause a "Bad Linux ARM zImage magic!" error message (Note: That error message is not a joke, it is a direct copy and paste, the magic is bad.). As a result of that finding, it is recommended to NOT use the ''ubiattach'' command. And there are exactly 6 results from Google that note this issue, with only one having any relavence (but with no solution other than reflashing an image, it only mentions the issue): https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=326162&sid=8eb66fb3cac5eebe932ce578eb34cacb | |||
To view information about available UBI devices and partitions; | To view information about available UBI devices and partitions; | ||
*ls -la /dev/ub* : A directory listing of UBI devices | *ls -la /dev/ub*<span> </span>: A directory listing of UBI devices | ||
*cat /proc/mtd : A list of the various MTD ([https://openwrt.org/docs/techref/mtd Memory Technology Device]) Partitions | *cat /proc/mtd<span> </span>: A list of the various MTD ([https://openwrt.org/docs/techref/mtd Memory Technology Device]) Partitions | ||
See http://www.linux-mtd.infradead.org/doc/ubi.html for additional information about UBI | See http://www.linux-mtd.infradead.org/doc/ubi.html for additional information about UBI | ||
Line 1,100: | Line 1,122: | ||
=====Additional Notes===== | =====Additional Notes===== | ||
Whenever the DNSMASQ service is started it overwrites the /tmp/ | Whenever the DNSMASQ service is started it overwrites the /tmp/resolv.conf file with it's own version of that same file. It will also delete any symbolic link at /tmp/resolv.conf which typically points to /tmp/resolv.conf.auto. When the DNSMASQ service is stopped it "politely" recreates that symbolic link. An explanation is given here: https://forum.openwrt.org/t/solved-dnsmasq-resolv-conf-inconsitent/13972/2 Basically the site is saying that if the DNSMASQ service is started and you have your own "DNS Service", why do you need to use external DNS Servers (which makes sense). | ||
A side effect of the above behavior is it overwrites MWAN3 settings that are stored in /tmp/resolv.conf.auto. If one has custom external DNS servers enabled for multiple WAN ports they will no longer be used. This is not a flaw with OpenWRT, just a behavior to be aware of. If one needs to configure specific upstream DNS servers, any custom DNS servers configured with MWAN can be configured within DNSMASQ. Again, this is just something to be aware of. | A side effect of the above behavior is it overwrites MWAN3 settings that are stored in /tmp/resolv.conf.auto. If one has custom external DNS servers enabled for multiple WAN ports they will no longer be used. This is not a flaw with OpenWRT, just a behavior to be aware of. If one needs to configure specific upstream DNS servers, any custom DNS servers configured with MWAN can be configured within DNSMASQ. Again, this is just something to be aware of. | ||
The following is not an issue IF a custom /etc/dhcpd.conf file exists (IE, if the default OpenWRT method for configuring DHCPD is used via the /etc/config/dhcp file): There is a problem if one wishes to use DHCPD and NAMED / BIND instead of DNSMASQ as the DHCPD service is not as "polite" as the DNSMASQ service (NAMED / BIND does not cause any conflict). When the DHCPD service starts, as with DNSMASQ, the /tmp/resolv.conf file is replaced. The settings DHCPD configures in the file are the same as DNSMASQ. However, when the DHCPD service is stopped, as noted above, it is as "polite" as DNSMASQ because the symbolic link that directs /tmp/resolv.conf to /tmp/resolv.conf.auto is not recreated. This leaves the /tmp/resolv.conf file configured with the setting ''nameserver 127.0.0.1''. This can be an issue with BIND / NAMED if it is not configured to "answer" (listen and do recursive lookups) on 127.0.01 IP Address. So make sure the BIND / NAMED configuration file includes 127.0.0.1 IP Address in both the allow-recursion and listen-on-port sections. | The following is not an issue IF a custom /etc/dhcpd.conf file exists (IE, if the default OpenWRT method for configuring DHCPD is used via the /etc/config/dhcp file): There is a problem if one wishes to use DHCPD and NAMED / BIND instead of DNSMASQ as the DHCPD service is not as "polite" as the DNSMASQ service (NAMED / BIND does not cause any conflict). When the DHCPD service starts, as with DNSMASQ, the /tmp/resolv.conf file is replaced. The settings DHCPD configures in the file are the same as DNSMASQ. However, when the DHCPD service is stopped, as noted above, it is not as "polite" as DNSMASQ because the symbolic link that directs /tmp/resolv.conf to /tmp/resolv.conf.auto is not recreated. This leaves the /tmp/resolv.conf file configured with the setting ''nameserver 127.0.0.1''. This can be an issue with BIND / NAMED if it is not configured to "answer" (listen and do recursive lookups) on 127.0.01 IP Address. So make sure the BIND / NAMED configuration file includes 127.0.0.1 IP Address in both the allow-recursion and listen-on-port sections. | ||
Oddly, when doing a Google, Bing, etc search for these three terms: "resolvfile" "openwrt" "isc_dhcpd" NOTHING exists on the internet. Until now that is. | Oddly, when doing a Google, Bing, etc search for these three terms: "resolvfile" "openwrt" "isc_dhcpd" NOTHING exists on the internet. Until now that is. | ||
Line 1,353: | Line 1,375: | ||
The Default Configuration File can be over-ridden by placing the DHCPD configuration file here: /etc/dhcpd.conf | The Default Configuration File can be over-ridden by placing the DHCPD configuration file here: /etc/dhcpd.conf | ||
Default Leases File: /tmp/dhcpd.leases | Default Leases File: /tmp/dhcpd.leases (an odd recommendation to make, but even though it is in the /tmp directory, delete this file before using DHCPD, it will be recreated automatically) | ||
DHCPD Executable / Binary File: /usr/sbin/dhcpd | DHCPD Executable / Binary File: /usr/sbin/dhcpd | ||
Line 1,371: | Line 1,393: | ||
But also keep in mind the settings changes in the /etc/init.d/dhcpd startup script only affect the DHCPD service. The /etc/resolv.conf File still derives its settings from the /etc/config/dhcp File when the DHCPD service is restarted or the router is rebooted (same for DNSMASQ). IE, the /etc/config/dhcp File should not be completely dismissed as useless. | But also keep in mind the settings changes in the /etc/init.d/dhcpd startup script only affect the DHCPD service. The /etc/resolv.conf File still derives its settings from the /etc/config/dhcp File when the DHCPD service is restarted or the router is rebooted (same for DNSMASQ). IE, the /etc/config/dhcp File should not be completely dismissed as useless. | ||
====Restricting the DHCPD Service to only Answer / Listen on Desired Interfaces==== | |||
To restrict the DHCPD service to a specific interface, edit the /etc/init.d/dhcpd file, scroll way down to the start_service section, and look for the following line; | |||
*procd_set_param command $PROG -q -f -cf $config_file -lf $lease_file $dhcp_ifs | |||
Change it in similar manner to the below examples; | |||
* procd_set_param command $PROG WhatEverAdapterName WhatEverOtherAdapterName -q -f -cf $config_file -lf $lease_file $dhcp_ifs | |||
* procd_set_param command $PROG eth0.1 br-LAN1_1 -q -f -cf $config_file -lf $lease_file $dhcp_ifs | |||
Many sites suggest that creating a blank / empty zone for the subnet (on a multi-homed device) will make it so DHCPD doesn't answer for those interfaces. But testing has prooven otherwise. The below settings in /etc/dhcpd/dhcpd.conf will '''''00000000000000000000000000''''' prevent the DHCPD service from answering on the interface associated with the W.X.Y.Z IP Address;<syntaxhighlight lang="text"> | |||
subnet W.X.Y.Z netmask 255.255.255.0 { | |||
} | |||
</syntaxhighlight>The Edit Network Interfaces Button and Interfaces File Type setting in Webmin will not work with OpenWRT. | |||
====Special Note==== | ====Special Note==== | ||
Line 1,385: | Line 1,422: | ||
*If a custom /etc/dhcpd.conf file is NOT being used and the standard OpenWRT method of using /etc/config/dhcp method is used (again, HINT: Use a custom /etc/dhcpd.conf file), the DHCPD startup script erases the symbolic link that connects /tmp/resolv.conf --> /tmp/resolv.conf.auto in favor of its own custom /tmp/resolv.conf file (/etc/resolv.conf). This can break DNS settings for networking in general and MWAN3. | *If a custom /etc/dhcpd.conf file is NOT being used and the standard OpenWRT method of using /etc/config/dhcp method is used (again, HINT: Use a custom /etc/dhcpd.conf file), the DHCPD startup script erases the symbolic link that connects /tmp/resolv.conf --> /tmp/resolv.conf.auto in favor of its own custom /tmp/resolv.conf file (/etc/resolv.conf). This can break DNS settings for networking in general and MWAN3. | ||
Solution? Add the following lines to the /etc/init.d/dhcpd startup script;<syntaxhighlight lang="text"> | Solution? Add the following lines to the /etc/init.d/dhcpd startup script to solve the above mentioned issue, plus some optional stuff;<syntaxhighlight lang="text"> | ||
# In the start_service() section after this line: config_file="/etc/dhcpd.conf" | |||
# Add these two lines (completely option, not necessary); | |||
echo -n $"Starting ISC-DHCPD with /etc/dhcpd.conf file" | |||
echo | |||
stop_service() | stop_service() | ||
{ | { | ||
Line 1,391: | Line 1,436: | ||
rm /var/run/dhcpd.pid | rm /var/run/dhcpd.pid | ||
} | } | ||
</syntaxhighlight>And as of OpenWRT 22.0.Whatever, there's another issue. The path for RESOLV.CONF has changed from /tmp/resolv.conf to /tmp/resolv.conf.d/resolv.conf.auto. That change has been reflected in DNSMASQ, but it has NOT been reflected in DHCPD. Solution: Modify the above noted code shown above for /etc/init/d/dhcpd file as follows;<syntaxhighlight lang="text"> | |||
ln -sf "/tmp/resolv.conf.d/resolv.conf.auto" /tmp/resolv.conf | |||
</syntaxhighlight>The ''ln'' command corrects the symbolic link issue mentioned above. And the ''rm'' command corrects the PID file issue that never goes away, again mentioned above. Also note that if the DHCPD package is ever updated, the script will need to be modified again. A startup script could be written, but haven't had time to write that yet. This post gives a fairly goot hint on how to write it: https://askubuntu.com/questions/77149/how-to-find-text-and-replace-that-line-if-exists-with-terminal-otherwise-just-ap Although regular expressions wouldn't be necessary, just a check to see if "stop_service" exists anywhere in the dhcpd startup script and if it doesn't, insert it at the end. | </syntaxhighlight>The ''ln'' command corrects the symbolic link issue mentioned above. And the ''rm'' command corrects the PID file issue that never goes away, again mentioned above. Also note that if the DHCPD package is ever updated, the script will need to be modified again. A startup script could be written, but haven't had time to write that yet. This post gives a fairly goot hint on how to write it: https://askubuntu.com/questions/77149/how-to-find-text-and-replace-that-line-if-exists-with-terminal-otherwise-just-ap Although regular expressions wouldn't be necessary, just a check to see if "stop_service" exists anywhere in the dhcpd startup script and if it doesn't, insert it at the end. | ||
Line 1,402: | Line 1,449: | ||
/etc/init.d/dhcpd enabled && /etc/init.d/dhcpd stop && /etc/init.d/dhcpd start | /etc/init.d/dhcpd enabled && /etc/init.d/dhcpd stop && /etc/init.d/dhcpd start | ||
</syntaxhighlight>Adding the following to the /etc/rc.local file may be necessary too, when restarting the router: /etc/init.d/dhcpd enabled && /etc/init.d/dhcpd stop && /etc/init.d/dhcpd start | </syntaxhighlight>Adding the following to the /etc/rc.local file may be necessary too, when restarting the router: /etc/init.d/dhcpd enabled && /etc/init.d/dhcpd stop && /etc/init.d/dhcpd start | ||
===SOCKD (Dante)=== | ===SOCKD (Dante)=== | ||
Line 1,589: | Line 1,617: | ||
opkg install apache apache-utils apache-mod-ssl | opkg install apache apache-utils apache-mod-ssl | ||
OR for a more complete installation: opkg install apache apache-icons apache-mod-deflate apache-mod-http2 apache-mod-ldap apache-mod-lua apache-mod-proxy apache-mod-proxy-html apache-mod-session-crypto apache-mod-ssl apache-mod-suexec apache-mod-webdav apache-suexec apache-utils | |||
=====Configuration for Apache===== | =====Configuration for Apache===== | ||
Line 1,599: | Line 1,629: | ||
*Executables / Binaries: /usr/lib/apache2 | *Executables / Binaries: /usr/lib/apache2 | ||
*User / Group (/etc/group): apache / apache | *User / Group (/etc/group): apache / apache | ||
*For Redhat or | |||
Below is working configuration file for Apache with CGI capability;<div class="toccolours mw-collapsible mw-collapsed" style="overflow:auto; width:100%;"> | Below is working configuration file for Apache with CGI capability;<div class="toccolours mw-collapsible mw-collapsed" style="overflow:auto; width:100%;"> | ||
Line 1,605: | Line 1,636: | ||
ServerRoot "/usr" | ServerRoot "/usr" | ||
Listen 192.168.1.1:80 | |||
TimeOut 3600 | |||
#LoadModule mpm_event_module lib/apache2/mod_mpm_event.so | |||
#LoadModule mpm_event_module lib/apache2/mod_mpm_event.so | |||
LoadModule mpm_prefork_module lib/apache2/mod_mpm_prefork.so | LoadModule mpm_prefork_module lib/apache2/mod_mpm_prefork.so | ||
#LoadModule mpm_worker_module lib/apache2/mod_mpm_worker.so | #LoadModule mpm_worker_module lib/apache2/mod_mpm_worker.so | ||
Line 1,739: | Line 1,758: | ||
LoadModule alias_module lib/apache2/mod_alias.so | LoadModule alias_module lib/apache2/mod_alias.so | ||
LoadModule rewrite_module lib/apache2/mod_rewrite.so | LoadModule rewrite_module lib/apache2/mod_rewrite.so | ||
<IfModule unixd_module> | <IfModule unixd_module> | ||
Line 1,955: | Line 1,971: | ||
find /usr/share/apache2 -type f -exec chmod 644 {} \; | find /usr/share/apache2 -type f -exec chmod 644 {} \; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=====Notes for Apache===== | =====Additional Notes for Apache Installation===== | ||
In other installations, such as Redhat or CentOS, apache or apache2 is referred to as HTTPD in binary / executables, configuration files, commands, etc. | In other installations, such as Redhat or CentOS, apache or apache2 is referred to as HTTPD in binary / executables, configuration files, commands, etc. | ||
Line 1,965: | Line 1,981: | ||
*LoadModule proxy_scgi_module lib/apache2/mod_proxy_scgi.so (Module does NOT exist for OpenWRT) | *LoadModule proxy_scgi_module lib/apache2/mod_proxy_scgi.so (Module does NOT exist for OpenWRT) | ||
*LoadModule cgid_module lib/apache2/mod_cgid.so (does NOT seem to work, even when setting the ScriptSock Directive) | *LoadModule cgid_module lib/apache2/mod_cgid.so (does NOT seem to work, even when setting the ScriptSock Directive) | ||
For Redhat / CentOS / RockyOS and similar users who are used to having HTTPD stuff located in /var/www/html by default, below are some commands to put in the Startup of OpenWRT to make Apache stuff easier to find (if you're on 'auto pilot'); | |||
*mkdir /tmp/www | |||
*ln -s /usr/share/apache2/htdocs /var/www/html | |||
*ln -s /usr/share/apache2/cgi-bin /var/www/cgi-bin | |||
*ln -s /usr/share/apache2/error /var/www/error | |||
*ln -s /usr/share/apache2/icons /var/www/icons | |||
...and the reason it's in startup is because the VAR Directory in OpenWRT is actually the TMP Directory (IE, VAR is a softlink / shortcut to TMP), so it disappears after rebooting. | |||
Firewall: Open ports on the firewall if public availability is desired. | |||
====Lighttpd==== | ====Lighttpd==== | ||
Line 2,050: | Line 2,078: | ||
opkg update | opkg update | ||
opkg install php7 php7-cgi php7-cli php7-fastcgi php7-fpm | opkg install php7 php7-cgi php7-cli php7-fastcgi php7-fpm snmp-mibs The php-cli (PHP Command Line) is not necessary, but is useful for troubleshooting. Most examples utilizing the PHP command line program refer to it as just php, not php-cli. OpenWRT installs it as php-cli, so instead of having to remember that, it maybe useful to create a symbolic link with this command: ''ln -s /usr/bin/php-cli /usr/bin/php'' | ||
=====PHP Configuration in /etc/php.ini===== | =====PHP Configuration in /etc/php.ini===== | ||
Line 2,311: | Line 2,339: | ||
As noted previously, but worth mentioning again, OpenWRT names the interactive command line interface for PHP ''php-cli''. Most sites give examples that use the command ''php'', so to make it easier create a symbolic link with this command: ln -s /usr/bin/php-cli /usr/bin/php | As noted previously, but worth mentioning again, OpenWRT names the interactive command line interface for PHP ''php-cli''. Most sites give examples that use the command ''php'', so to make it easier create a symbolic link with this command: ln -s /usr/bin/php-cli /usr/bin/php | ||
====MariaDB Server==== | ====MariaDB Server (AKA MySQL)==== | ||
=====Installing===== | =====Installing===== | ||
Line 2,322: | Line 2,350: | ||
**Move the database to an external eSATA drive: datadir = /mnt/sdb3/mysql | **Move the database to an external eSATA drive: datadir = /mnt/sdb3/mysql | ||
**Move the tmp directory to an external eSATA drive: datadir = /tmp (This directory is relative to the datadir, in that it will be created at the same level as the mysql directory, so this is not an abolute path where it will utilize the /tmp directory in the root of the file system) | **Move the tmp directory to an external eSATA drive: datadir = /tmp (This directory is relative to the datadir, in that it will be created at the same level as the mysql directory, so this is not an abolute path where it will utilize the /tmp directory in the root of the file system) | ||
*To create the default database: mysql_install_db --force --basedir=/usr | *To create the default database: mysql_install_db --force --basedir=/usr (basedir refers to where the binary files are, not where the database(s) will be) | ||
*Start the service: service | *And of course from the beginning, OpenWRT doesn't have the proper permissions set for the /etc/mysql Service / Daemon files, so: chmod 644 -R /etc/mysql | ||
*Start the service: service mysqld start | |||
*And if there is an error, try this command again: mysql_install_db --force --basedir=/usr | |||
*To create a password for the current user (blank if not configured): /usr/bin/mysqladmin -u root password 'new-password' | *To create a password for the current user (blank if not configured): /usr/bin/mysqladmin -u root password 'new-password' | ||
*Log into the command line for the database: mysql -u root -p or use phpMyAdmin see below | *Log into the command line for the database: mysql -u root -p or use phpMyAdmin see below | ||
Line 2,350: | Line 2,380: | ||
Show available storage engines: SHOW ENGINES\G or show engines; | Show available storage engines: SHOW ENGINES\G or show engines; | ||
===phpMyAdmin=== | ===phpMyAdmin (make sure Apache or another web server is installed and functional)=== | ||
*opkg update | *opkg update | ||
*opkg install php7-mod-mbstring php7-mod-json php7-mod-hash php7-mod-ctype php7-mod-zip php7-mod-gd php7-mod-mysqli php7-mod-session php7-mod-snmp zoneinfo-northamerica (if one is in North America, if not, choose another zone and remember, phpMyAdmin will display a blank page with no error if a zoneinfo-WhatEverZone is not installed in addition to the zoneinfo-core package, see additional information below, dependencies will also be installed automatically). | *opkg install php7-mod-mbstring php7-mod-json php7-mod-hash php7-mod-ctype php7-mod-zip php7-mod-gd php7-mod-mysqli php7-mod-session php7-mod-snmp zoneinfo-northamerica (if one is in North America, if not, choose another zone and remember, phpMyAdmin will display a blank page with no error if a zoneinfo-WhatEverZone is not installed in addition to the zoneinfo-core package, see additional information below, dependencies will also be installed automatically). | ||
Make sure the /usr/share/apache2/htdocs/phpMyAdmin/tmp has 777 permissions, otherwise Apache based phpMyAdmin sites may stop responding: chmod | Make sure the /usr/share/apache2/htdocs/phpMyAdmin/tmp has 755 permissions (if 755 doesn't work, try 777, phpMyAdmin will whine about 'world permissions', otherwise Apache based phpMyAdmin sites may stop responding: chmod 755 /usr/share/apache2/htdocs/phpMyAdmin/tmp | ||
The following item is VERY important, hence it's typeface in '''BOLD''' CAPITAL letters. If the appropirate additional time zone module is not installed it can cause a completely invisible error (IE, no error in Apache, Lighttpd, or PHP logs). IE, it only displays a blank page. Even using a command line instance of PHP will not reveal the error. This line in the /phpMyAdmin/libraries/classes/Core.php file: date_default_timezone_set(@date_default_timezone_get()); is the source of the issue (Note, this is not the fault of phyMyAdmin, but it would be nice if they wrote a bit of code to address this situation). The error message that can be coaxed out of Lighttpd by taking that line of code and placing it in a file by itself is: Timezone database is corrupt – this should ''never'' happen! (thanks to this site for a key bit of information on that issue: https://e3fi389.wordpress.com/2014/12/07/timezone-database-is-corrupt-date-error-in-openwrt/) | The following item is VERY important, hence it's typeface in '''BOLD''' CAPITAL letters. If the appropirate additional time zone module is not installed it can cause a completely invisible error (IE, no error in Apache, Lighttpd, or PHP logs). IE, it only displays a blank page. Even using a command line instance of PHP will not reveal the error. This line in the /phpMyAdmin/libraries/classes/Core.php (or Common.php) file: date_default_timezone_set(@date_default_timezone_get()); is the source of the issue (Note, this is not the fault of phyMyAdmin, but it would be nice if they wrote a bit of code to address this situation). The error message that can be coaxed out of Lighttpd by taking that line of code and placing it in a file by itself is: Timezone database is corrupt – this should ''never'' happen! (thanks to this site for a key bit of information on that issue: https://e3fi389.wordpress.com/2014/12/07/timezone-database-is-corrupt-date-error-in-openwrt/) | ||
*'''ALSO MAKE SURE TO INSTALL THE APPROPRIATE TIME ZONE MODULE, IN ADDITION TO THE DEFAULT''' zoneinfo-core: opkg install zoneinfo-northamerica (for example) | *'''ALSO MAKE SURE TO INSTALL THE APPROPRIATE TIME ZONE MODULE, IN ADDITION TO THE DEFAULT''' zoneinfo-core: opkg install zoneinfo-northamerica (for example) | ||
Line 2,364: | Line 2,394: | ||
*wget <nowiki>https://files.phpmyadmin.net/phpMyAdmin/4.9.5/phpMyAdmin-4.9.5-english.tar.gz</nowiki> (or whatever the latest version is) | *wget <nowiki>https://files.phpmyadmin.net/phpMyAdmin/4.9.5/phpMyAdmin-4.9.5-english.tar.gz</nowiki> (or whatever the latest version is) | ||
*If not installed, wget needs: opkg install | *If not installed, wget needs: opkg install ca-certificates | ||
*tar -xzvf phpMyAdmin-4.9.5-english.tar.gz | *tar -xzvf phpMyAdmin-4.9.5-english.tar.gz | ||
*mv WhatEverUnTarredDirectory /usr/share/apache/htdocs OR WhatEverLighttpd Directory | *mv WhatEverUnTarredDirectory /usr/share/apache/htdocs OR WhatEverLighttpd Directory | ||
Line 2,409: | Line 2,439: | ||
**post_max_size = 128M | **post_max_size = 128M | ||
**max_file_uploads = 20 | **max_file_uploads = 20 | ||
*If using FPM, change the following in /etc/php7-fpm.d/www.conf (Corrects a non-responsive condition with .PHP Files, perhaps due to how fast OpenWRT cleans up unused chlidren, but root cause unknown, only increasing resources solves the issue) | |||
**pm.max_children = 50 | |||
**pm.min_spare_servers = 4 | |||
**pm.start_server = 5 | |||
**pm.max_spare_servers = 6 | |||
**If MIN and MAX aren't set appropriately, this error will occur: ALERT: [pool www] pm.start_servers(5) must not be less than pm.min_spare_servers(1) and not greater than pm.max_spare_servers(3) | |||
*Make sure bzip2 is installed or the myAdminPHP will complain. | |||
*PHP.ini: Add this line: extension=mysql.so | |||
*To diagnose any issues when attempting to access the phpMyAdmin setup this will display the error message (look for the line that says WarnMissingExtension to spot missing modules): php-cli /usr/share/apache2/htdocs/phpMyAdmin/setup/index.php | *To diagnose any issues when attempting to access the phpMyAdmin setup this will display the error message (look for the line that says WarnMissingExtension to spot missing modules): php-cli /usr/share/apache2/htdocs/phpMyAdmin/setup/index.php | ||
*One final note on Blank Page errors: Watch out for any minor typos in the config.inc.php file like a missing double quote ( " ) or single quote ( ' ) / AKA apostrophe. It will cause a 'blank page error', with nothing in the PHP, Apache, or other error logs. | |||
=====LetsEncrypt / ACME===== | =====LetsEncrypt / ACME===== | ||
Line 2,450: | Line 2,489: | ||
*opkg list procps* | *opkg list procps* | ||
Additional commands are hidden in various other non-intuitive locations. If a desired command or utility isn't available, search for it by name in the LuCI GUI interface, System, Software, Filter Field and then install the package it is contained in. Use caution as some package names and descriptions are a bit misleading and may install undesired programs. | And thankfully OPKG doesn't support installing utilities via wildcards. Solution? Up, see example below using ''coreutils-'' (which always has a dash after coreutils);<syntaxhighlight lang="text"> | ||
opkg list | grep coreutils- | awk '{print $1}' | xargs opkg install | |||
</syntaxhighlight>Additional commands are hidden in various other non-intuitive locations. If a desired command or utility isn't available, search for it by name in the LuCI GUI interface, System, Software, Filter Field and then install the package it is contained in. Use caution as some package names and descriptions are a bit misleading and may install undesired programs. | |||
====Alternate Shells==== | ====Alternate Shells==== | ||
Line 2,493: | Line 2,534: | ||
Install "Change Shell": opkg install shadow-chsh | Install "Change Shell": opkg install shadow-chsh | ||
List available shells: cat /etc/ | List available shells: cat /etc/shells OR chsh -l (NOTE: The chsh -l command doesn't work in OpenWRT as it does in other Linux distributions because chsh was compiled without the -l option, presumably for space considerations) | ||
Change shell: chsh - | Change shell: chsh -s /bin/bash (this will also allow history commands to persist too.) OR just type chsh and it will prompt you to change to a different shell. | ||
=====Profiles===== | =====Profiles===== | ||
Line 2,532: | Line 2,573: | ||
*opkg install samba36-server OR opkg install samba4-server samba4-utils | *opkg install samba36-server OR opkg install samba4-server samba4-utils | ||
*opkg luci-app-samba OR opkg install luci-app-samba4 | *opkg luci-app-samba OR opkg install luci-app-samba4 | ||
*For additional Samba related tools: opkg install samba4-client samba4-admin samba4-utils | |||
*smbpasswd -a root (or whatever user is desired) | *smbpasswd -a root (or whatever user is desired) | ||
Line 2,599: | Line 2,641: | ||
# Below is the key to getting Samba Server to work with Windows 10 | # Below is the key to getting Samba Server to work with Windows 10 | ||
map to guest = Never | map to guest = Never | ||
</syntaxhighlight></div></div>There are so many different sources that babble about solving the Samba / Windows 10 issues that include ntlm = true, server min protocol = SMB3, min protocol = SMB3, blah, blah, blah. Nothing works. All of these items seem to be set correctly with default values as of a version of Samba sometime after 2019, so they do not fix the issue. For the "You can't access this shared folder because your organization's security policies block unauthenticated guest..." Error Message, the above noted ''map to guest = Never'' solves the issue | </syntaxhighlight></div></div>There are so many different sources that babble about solving the Samba / Windows 10 issues that include ntlm = true, server min protocol = SMB3, min protocol = SMB3, blah, blah, blah. Nothing works. All of these items seem to be set correctly with default values as of a version of Samba sometime after 2019, so they do not fix the issue. For the "You can't access this shared folder because your organization's security policies block unauthenticated guest..." Error Message, the above noted ''map to guest = Never'' solves the issue. And whenever creating new shared directories, uncheck "Allow guests" (OpenWRT enables this by default). | ||
Then dd a Network Share: In LUCI GUI, Service, Network Shares, General Settings or Edit Template Tab, enter a Name and a Path, the other defaults are fine. | Then dd a Network Share: In LUCI GUI, Service, Network Shares, General Settings or Edit Template Tab, enter a Name and a Path, the other defaults are fine. | ||
Line 2,606: | Line 2,648: | ||
And lastly, remember if one attempts to share the "Root Directory" ( / ), none of the sub directories will open, because of the way the OpenWRT file system works. | And lastly, remember if one attempts to share the "Root Directory" ( / ), none of the sub directories will open, because of the way the OpenWRT file system works. | ||
====Free Space Tip for Samba==== | |||
In some circumstances Samba will not report the correct amount of free space. This can be quite frustrating when one knows there is enough free space to copy a file, but an obnoxious error message pops up declaring that there needs to be X amount of more free space. | |||
This can occur when one is accessing an external USB Flash Drive under /mnt (for example /mnt/sda1). Samba will report the free space of the root drive of the router instead of the USB Flash Drive. The root drive of the router is often time the internal NVRAM. If one is using the overlay capability of OpenWRT (look it up), this often won't come up as the issue will be masked by the /overlay having an abundant amount of free space. | |||
The hint was found here: https://superuser.com/questions/1423396/samba-reports-incorrect-disk-space-when-on-shared-mount-points-not-directly-bene | |||
And that person was kind enough to cite the Samba Documentation: https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#idm2835<nowiki/>(although they didn't include the anchor link at the end, but it was added here so there wouldn't be any need to scroll down to find it, plus the Samba people that created the documentation page were also kind enough to include a name (ID would work too) attribute so a URL anchor could be used). | |||
Below is the code (minus the comments if one wishes) that can be added in the LuCI GUI, Services, Network Shares, Edit Template Tab.<syntaxhighlight lang="text"> | |||
### The dfree command refers to a script (next two lines) that cause Samba to correctly calculate free space for each | |||
### Directory. This comes into play when accessing an external USB Flash Drive under /mnt/sda1 for instance. Samba | |||
### will incorrectly report the internal NVRAM size instead of the USB Flash Drive free space. | |||
### #!/bin/sh | |||
### df $1 | tail -1 | awk '{print $2" "$4}' | |||
dfree command = /usr/local/samba/dfree | |||
</syntaxhighlight>Don't forget to create the script file (see code above or below);<syntaxhighlight lang="text"> | |||
#!/bin/sh | |||
df $1 | tail -1 | awk '{print $2" "$4}' | |||
</syntaxhighlight> | |||
====WINS (Windows Internet Naming Service) for Samba==== | |||
{{:OpenWRT_WINS_with_Samba}} | |||
===POPTOP / PPTPD=== | ===POPTOP / PPTPD=== | ||
First a warning so readers don't get frustrated: Out of the box (as in a virgin installation of the POPTOP / PPTPD Package), the configuration for PPTPD from OpenWRT as of 8.2020 is broken and will not function. Credit and thanks to this web site for a hint on correcting the default configuration was found here: https://forum.openwrt.org/t/default-config-file-for-pptpd-lacks-logwtmp-option/4795 How to fix it? Well, follow the below directions. Hint: The key is setting the ''option 'logwtmp' '0''' directive in the /etc/config/pptpd file (see below for more information). | First a warning so readers don't get frustrated: Out of the box (as in a virgin installation of the POPTOP / PPTPD Package), the configuration for PPTPD from OpenWRT as of 8.2020 is broken and will not function. Credit and thanks to this web site for a hint on correcting the default configuration was found here: https://forum.openwrt.org/t/default-config-file-for-pptpd-lacks-logwtmp-option/4795 How to fix it? Well, follow the below directions. Hint: The key is setting the ''option 'logwtmp' '0''' directive in the /etc/config/pptpd file (see below for more information). | ||
And yes, for all the haters out there, PPTP is essentially broken as of 2021 and nobody is planning on fixing it or updating anything, so use OpenVPN to be secure. But... It is still useful to have this as a backup method of access to a router. Plus the firewall can be configured such that the PPTP ports are only open to certain IP Addresses. And given that we live in a world where the weakest link in any system is the human being, not technology, it's OK to have PPTP available if one needs it. So to all the nay sayers: Shhhhhhh. Because even if one is using PPTP and it has been compromised, guess what? If one is using Secure Shell / SSH or the LuCI GUI over HTTPS then it doesn't matter that PPTP has been compromised. So again, shhhhhh... | |||
====Installation==== | ====Installation==== | ||
See the PPTP for Clients | See the PPTP for Clients a couple of sub sectins below and make sure the package (opkg install kmod-nf-nathelper-extra) for that is installed and configured (read in the PPTP Client Section above) too. The client software may or may not be necessary for the Server service to work. | ||
opkg install pptpd ppp (dependencies will automatically be installed if just pptpd is installed) | opkg install pptpd ppp (dependencies will automatically be installed if just pptpd is installed) | ||
There is no LuCI GUI available. Given there is no LuCI GUI it is a bit odd the configuration of PPTPD is done through an /etc/config/ppptd file, which is usually reserved for services that have a companion LuCI GUI available. | There is no LuCI GUI available. Given there is no LuCI GUI it is a bit odd the configuration of PPTPD is done through an /etc/config/ppptd file, which is usually reserved for services that have a companion LuCI GUI available. There is a dependency package named luci-proto-ppp that gets installed, but there doesn't seem to be any GUI interface other than maybe something in the System, Realtime Graphs section of the LuCI GUI for PPP traffic (and that's just speculation) . | ||
====POPTOP / PPTPD Configuration Files and other Related File Locations==== | ====POPTOP / PPTPD Configuration Files and other Related File Locations==== | ||
Line 2,629: | Line 2,697: | ||
====Configuring PPTPD==== | ====Configuring PPTPD==== | ||
Again a reminder that there is no LuCI GUI for PPTP (maybe there once was, but not likely to see one in the future). But it's still better to configure things within the confines of the OpenWRT system. | |||
First, configure the /etc/config/pptpd file. Below is a working example;<syntaxhighlight lang="text"> | First, configure the /etc/config/pptpd file. Below is a working example;<syntaxhighlight lang="text"> | ||
config service 'pptpd' | config service 'pptpd' | ||
Line 2,650: | Line 2,720: | ||
*/etc/ppp/options (this can be left with default OpenWRT settings) | */etc/ppp/options (this can be left with default OpenWRT settings) | ||
*/etc/ppp/options.pptpd (see below for a working version of this file, slightly different than the default OpenWRT version) | */etc/ppp/options.pptpd (see below for a working version of this file, slightly different than the default OpenWRT version) | ||
*/etc/ppp/chap-secrets: This is actually a symbolic link to /var/etc/chap-secrets, and that file is in turn dynamically generated from the information in /etc/config/pptp | |||
Below is a working example of the /etc/pptpd.conf file;<syntaxhighlight lang="text"> | Below is a working example of the /etc/pptpd.conf file;<syntaxhighlight lang="text"> | ||
Line 2,730: | Line 2,801: | ||
option src 'wan' | option src 'wan' | ||
option proto '47' | option proto '47' | ||
# ...and while you're in here add the below to the CONFIG ZONE named 'lan' (more information in the next section) | |||
list device 'ppp+' | |||
</syntaxhighlight>The above ''list dest_ip 'W.X.Y.Z'<nowiki/>'' are only needed if using MWAN3 and can be eliminated from firewall configurations that don't have to consider multiple WAN ports. If configured it would be set to the WAN IP Addresses of the router. | </syntaxhighlight>The above ''list dest_ip 'W.X.Y.Z'<nowiki/>'' are only needed if using MWAN3 and can be eliminated from firewall configurations that don't have to consider multiple WAN ports. If configured it would be set to the WAN IP Addresses of the router. | ||
Line 2,791: | Line 2,866: | ||
</syntaxhighlight>Hint: The same settings can be configured with far fewer keystrokes by simply editing the /etc/config/firewall file. The example could also be made far more cleary by directly editing the /etc/config/firewall file, instead of blindly entering a bunch of command, some of which are useless. Additionaly, some won't work correctly if the 'lan' and 'wan' zones aren't at index 0, and 1, as they are by default (IE, if someone has manually added additional zones). | </syntaxhighlight>Hint: The same settings can be configured with far fewer keystrokes by simply editing the /etc/config/firewall file. The example could also be made far more cleary by directly editing the /etc/config/firewall file, instead of blindly entering a bunch of command, some of which are useless. Additionaly, some won't work correctly if the 'lan' and 'wan' zones aren't at index 0, and 1, as they are by default (IE, if someone has manually added additional zones). | ||
=== | ====PPTP (Point to Point Tunneling Protocol) for PPTPD / Server and Clients (IE Clients behind the Router using a remote PPTP system)==== | ||
Again, to be clear, this section is not just about getting PPTP / POPTOP service / daemon working on a router, although it is necessary. This section is also about a router allowing PPTP connections to pass through it, IE if you're not worried about a PPTPD / Server, but you want clients on an internal network to "dial out" to another PPTPD / Server, this is needed. | |||
OpenWRT defines the use of PPTP Clients on the LAN side of a router that wish to connect to a PPTP server via the internet as NAT traversal for PPTP. Default installations of OpenWRT do not have the capability to facilitate PPTP connections by clients (IE, computers on the LAN side of the router). The following software package must be installed; | |||
*opkg update | *opkg update | ||
*opkg install openvpn-easy-rsa openvpn-openssl (Any dependencies will automatically be installed, also see Notes section below) | *opkg install kmod-nf-nathelper-extra | ||
*Install the LuCI GUI interface for OpenVPN manually (see note below on the LuCI, System, Software installation for the OpenVPN LuCI GUI below) | |||
**opkg download luci-app-openvpn | The instructions on enabling the capability is a bit lacking on the OpenWRT site, so below is an improved explanation. After installing the above package, do the following; | ||
**opkg install WhatEverTheFileNameThatGetsDownloaded | |||
*Create a file named 20-nf-conntrack-helper.conf in /etc/sysctl.d: nano /etc/sysctl.d/20n-nf-conntrack-helper.conf | |||
*Add a single line of code in the 20-nf-conntrack-helper.conf file to enable the program: net.netfilter.nf_conntrack_helper = 1 | |||
*Save the file: CTRL + O, then exit nano: CTRL + X | |||
*Restart the sysctl service: service sysctl restart | |||
PPTP should now work for clients wishing to use PPTP connections. | |||
As has been mentioned and will continue to be mentioned, it is understandable that the OpenWRT documentation may be lacking in some ways. Creating and writing good documentation is difficult and time consuming. The nice people responsible for OpenWRT spend most of their time making things work, improving functionality, adding new firmware for new routers, etc.. This leaves little time for good documentation. So for all the nice people that work so hard on OpenWRT, thank you. And no offense meant. The rather cryptic several lines written by the author of the below noted article for more information very likely uses that "shortcut" to create files or may have thought it was helpful to present it in that way. And it may work for some people. But it was decided to present it here slightly differently as done above. | |||
More information on enabling the feature can be found here: https://openwrt.org/docs/guide-user/services/vpn/pptp/nat_traversal | |||
===OpenVPN=== | |||
This section is written for people that are experienced with OpenVPN. | |||
REMEMBER (It will make sense later, and is worth pointing out at the beginning):Certificates are a requirement of encrypted communication for OpenVPN. That part of OpenVPN is made possible by OpenSSL. Two things to remember are these; | |||
*The /etc/openvpn/openvpn-ssl.cnf file contains a major flaw as it delivered by OpenWRT in the software package. There is a directive line (default_md = md5) that will not work with the version of OpenVPN provided by OpenWRT (it's actually been that way for several versions. The directive instructs OpenSSL to produce certificates using a method that has been deemed comprimised. The line should instead read: default_md = sha256 | |||
*There's also a frustrating issue that comes up with a newly created certificate that won't work until the next day. Solution? Set the time of the router to a day or so in the past. Now that can be an adventure because it can't be done via the LuCI GUI. It can of course be done via the command line or Webmin. | |||
The LuCI interface provides a nice interface for keeping track of OpenVPN Server and Client configuration, plus editing and enabling and disabling a specific Server or Client configuration file. OpenVPN for OpenWRT operates as it did for CentOS 6 where a single "OpenVPN Service" would "spawn" multiple instances of the OpenVPN binary / executable depending on how many Server and Client configuration files there are. CentOS 7 and newer has it configured such that each instance of an OpenVPN Server and / or Client configuration file requires a separate service. | |||
====Installation==== | |||
*opkg update | |||
*opkg install openvpn-easy-rsa openvpn-openssl (Any dependencies will automatically be installed, also see Notes section below) | |||
*Install the LuCI GUI interface for OpenVPN manually (see note below on the LuCI, System, Software installation for the OpenVPN LuCI GUI below) | |||
**opkg download luci-app-openvpn | |||
**opkg install WhatEverTheFileNameThatGetsDownloaded | |||
====Files & Directories==== | ====Files & Directories==== | ||
Line 2,848: | Line 2,949: | ||
dh /etc/openvpn/keys/WhatEverPath/dh2048.pem | dh /etc/openvpn/keys/WhatEverPath/dh2048.pem | ||
</syntaxhighlight>In the above configuration file, it is assumed that keys have already been generated (see below section for using Webmin to generate certificates). The above storage location for keys is just an example that can be customized to any directory. | </syntaxhighlight>In the above configuration file, it is assumed that keys have already been generated (see below section for using Webmin to generate certificates). The above storage location for keys is just an example that can be customized to any directory. | ||
=====PID File (if needed)===== | |||
If there's a situation where a PID file is needed to keep track of OpenVPN functionality, thankfully OpenWRT has not included that in their init.d configuration. But it can be added. Below is what needs to be added to the /etc/init.d/openvpn file. It can also be added to the configuration file for an instance of OpenVPN Server or Client.<syntaxhighlight lang="text"> | |||
...in the "openvpn_add_instance" section, add the line in between ---> <----. The rest of the surrounding code for that single line is already there and is just put here for reference. An obviously don't include the ---> or <--- "arrows"; | |||
openvpn_add_instance() { | |||
local name="$1" | |||
local dir="$2" | |||
local conf="$3" | |||
procd_open_instance "$name" | |||
procd_set_param command "$PROG" \ | |||
--syslog "openvpn($name)" \ | |||
--status "/var/run/openvpn.$name.status" \ | |||
--cd "$dir" \ | |||
---> --writepid "/var/run/openvpn.$name.pid" \ <---- | |||
--config "$conf" | |||
procd_set_param file "$dir/$conf" | |||
procd_set_param term_timeout 15 | |||
procd_set_param respawn | |||
procd_append_param respawn 3600 | |||
procd_append_param respawn 5 | |||
procd_append_param respawn -1 | |||
procd_close_instance | |||
} | |||
...and at the bottom of the file, add the following (it removes the PID file after the OpenVPN service / daemon is stopped; | |||
stop_service() | |||
{ | |||
rm /var/run/openvpn* | |||
} | |||
</syntaxhighlight> | |||
=====Firewall===== | =====Firewall===== | ||
Line 3,003: | Line 3,139: | ||
*As of 8.2020, there is also an issue with the version number of of the LuCI GUI for OpenVPN (luci-app-openvpn). The package version displayed via the System, Software page in the LuCI GUI displays git-2.229... Downloading the IPK file manually (opkg download luci-app-openvpn) results in version git-2.234... Additionally, the installation or upgrade via the LuCI GUI for the OpenVPN LuCI GUI interface seems to be unreliable. The recommendation is to download manually (opkg download luci-app-openvpn) and install the downloaded file (opkg install WhatEverTheNameOfTheFileIs) | *As of 8.2020, there is also an issue with the version number of of the LuCI GUI for OpenVPN (luci-app-openvpn). The package version displayed via the System, Software page in the LuCI GUI displays git-2.229... Downloading the IPK file manually (opkg download luci-app-openvpn) results in version git-2.234... Additionally, the installation or upgrade via the LuCI GUI for the OpenVPN LuCI GUI interface seems to be unreliable. The recommendation is to download manually (opkg download luci-app-openvpn) and install the downloaded file (opkg install WhatEverTheNameOfTheFileIs) | ||
*Sadly, possibly due to space constraints and the desire to have the smallest binary / executable file possible for OpenVPN, the OpenWRT version does not contain any "help" information (IE, openvpn --help produces no output) | *Sadly, possibly due to space constraints and the desire to have the smallest binary / executable file possible for OpenVPN, the OpenWRT version does not contain any "help" information (IE, openvpn --help produces no output) | ||
*Do NOT use periods in the name of an OpenVPN instance in the /etc/config/openvpn file, ''config openvpn'' 'WhatEverName' directive. OpenVPN will work, but you won't see it in the LuCI GUI. | |||
To install OpenVPN with OpenSSL and the LUCI GUI for it (under VPN) | To install OpenVPN with OpenSSL and the LUCI GUI for it (under VPN) | ||
Line 3,280: | Line 3,417: | ||
DD is a program that functions as a cloning utility, among other capabilities and functions (noted in an earlier section for a different purpose). When cloning an entire drive (SSD in the form of an mSATA, M.2 (NVME, NGFF), etc. device) / disk / flash drive* (* the term "drive" used later in this section will apply to whatever storage medium is being cloned), the image file should of couse be cloned to a separate device as with any other cloning software. DD is capable of cloning an entire drive, etc. or a single partition | DD is a program that functions as a cloning utility, among other capabilities and functions (noted in an earlier section for a different purpose). When cloning an entire drive (SSD in the form of an mSATA, M.2 (NVME, NGFF), etc. device) / disk / flash drive* (* the term "drive" used later in this section will apply to whatever storage medium is being cloned), the image file should of couse be cloned to a separate device as with any other cloning software. DD is capable of cloning an entire drive, etc. or a single partition | ||
Note, the DD command is built into BusyBox, but does not have all options available. To take advantage of all the options DD offers, install the full package with this command: opkg install | Note, the DD command is built into BusyBox, but does not have all options available. To take advantage of all the options DD offers, install the full package with this command: '''''opkg install coreutils-dd''''' | ||
Below is a generic example command to clone a partition from one drive to another (remember, any data on the destination will be overwritten); | Below is a generic example command to clone a partition from one drive to another (remember, any data on the destination will be overwritten); | ||
Line 3,305: | Line 3,442: | ||
*rm /overlay/ZeroByteFile (this deletes the "Zero Byte File" to free up space as the above DD command made the ZeroByteFile as large as all of the available free space on the drive.) | *rm /overlay/ZeroByteFile (this deletes the "Zero Byte File" to free up space as the above DD command made the ZeroByteFile as large as all of the available free space on the drive.) | ||
=====Partition Cloning | =====Backing Up a Partition using DD Example (AKA Imaging OR IE, Partition Cloning via a TAR / GZ File)===== | ||
The below example(s) copies a single partition (on a drive that contains multiple partitions) in 64K chunks to an image in a compressed ( | The below example(s) copies a single partition (on a drive that contains multiple partitions) in 64K chunks to an image in a compressed (GZ (GunZip), no need to "TAR" it as there is just a single image file that will be created) file. | ||
*Generic Example: dd if=/dev/sdXy conv=sync,noerror bs=64K status=progress | gzip -c > /WhatEverPath/WhatEverFile.img.gz (-c=Do not change files) | *Generic Example: dd if=/dev/sdXy conv=sync,noerror bs=64K status=progress | gzip -9 -c > /WhatEverPath/WhatEverFile.img.gz (-c=Do not change files, -9=Best Compression, but slower) | ||
**Example: dd if=/dev/sdb1 conv=sync,noerror bs=64K status=progress | gzip -c > /mnt/sdb2/DD/EXT4a-9.20.2020.img.gz (this file is named after the partition it exists on and the date, but can be named anything) | **Example: dd if=/dev/sdb1 conv=sync,noerror bs=64K status=progress | gzip -c > /mnt/sdb2/DD/EXT4a-9.20.2020.img.gz (this file is named after the partition it exists on and the date, but can be named anything) | ||
Remember | Remember; | ||
*The TAR/GZ file will contain a single image file, which in turn contains all of the individual files and directories from the source partition or drive (similar to an ISO File or files created by other cloning software). | |||
*If DD is used with out GZ, the resulting file produced by DD will be exactly the same size as the partition it is "cloning". This is because DD has no facility to do data compression. | |||
*Use the above noted (in the section immediately above this one) method to "zero out" unused space as this will aid in reducing the final GZ file size. | |||
*The GZ method has the distinct advantage of allowing one to open the GZ file and extract out single files (after it is mounted of course, look a couple of sections down). | |||
=====Restoring a Partition using DD Example===== | |||
*gzip -dk WhatEverFileName.img.gz | |||
*dd if=/mnt/sdb1/EXT4b-08.08.2020.img of=/dev/sda1 conv=sync,noerror bs=64K status=progress | |||
=====Tip for Configuring a Cloned Drive after Cloning===== | =====Tip for Configuring a Cloned Drive after Cloning===== | ||
Line 3,331: | Line 3,478: | ||
=====Accessing an Image File (IE, mount it like a drive)===== | =====Accessing an Image File (IE, mount it like a drive)===== | ||
In the above example where a partition was cloned to an image file, utilities like WinRAR, WinImage, etc. cannot be used to access the file. Since the image file represents an entire drive or partition, it can be mounted just like a physical drive. | In the above example where a partition was cloned to an image file, utilities like WinRAR, WinImage, etc. cannot be used to access the file. Since the image file represents an entire drive or partition, it can be mounted just like a physical drive. | ||
NOTE: If it is a compressed GZ file, the image must be extracted from the compressed file first: gzip --verbose -d WhatEverFileName (BusyBox has a version of GZIP installed with it, the full gzip utility can be installed with: opkg install gzip) And remember, whereever the file is decompressed, it must have enough space for the original image which will be the size of the partition imaged. | |||
NOTE: The below example is for mounting an Image that was made from a partition, not an entire disk/SSD/USB Flash Drive. | |||
To mount a partition (not a drive); | To mount a partition (not a drive); | ||
*mkdir /tmp/ | *mkdir /tmp/WhatEverMountPoint (the directory can be any directory or file name, an advantage to using the /tmp directory is one doesn't have to worry about dismounting the image as it will not be mounted after a router reboot because the mount point is in the /tmp directory, the image file will exist of course, assuming it is not also in the /tmp directory) | ||
*mount -o loop -t WhatEverFileSystem /WhatEverPath/WhatEverImage.img /tmp/ | *mount -o loop -t WhatEverFileSystem /WhatEverPath/WhatEverImage.img /tmp/WhatEverMountPoint | ||
**-t = the type of file system (this could be -t vfat, -t ntfs, -t ext2, -t ext4 etc., and it should obviously match the type of the original file system, no experiments were done to see if mount utility could "auto detect" the file system, but it may have the capability) | **-t = the type of file system (this could be -t vfat, -t ntfs, -t ext2, -t ext4 etc., and it should obviously match the type of the original file system, no experiments were done to see if mount utility could "auto detect" the file system, but it may have the capability) | ||
**-o = Option (let the mount command know it is a "loop" device) | **-o = Option (let the mount command know it is a "loop" device) | ||
When accessing the mounted image file, the directories shown at the first level may not be familiary as they are organized in the fashion that OpenWRT "sees" them. Open the directory titled ''upper'' and you should see all of the directories one is accustomed to seeing at the root level directory. | |||
====Good 'ole Fashion, just make a copy==== | ====Good 'ole Fashion, just make a copy==== | ||
Forget all the fancy backup stuff for this one. Sometimes it's good just to make a manual copy of things. This method works great for configuration files. Not so much to avoid a failed drive, but more to preserve a working copy of a known good configuration file. The idea is whenever one embarks on an upgrade or a major change (even a minor one too) to a service, sometimes it's good to make a copy of a working configuration file. For instance, using the /etc/config/network configuration file: cp /etc/config/network /etc/config/network-09.30.2020 There, a copy of the original file with a date on the end of it. Simple and effective if one needs to take a "single step back", instead of walking through the complexity of restoring files from Restic or a DD Tar.GZ file. | Forget all the fancy backup stuff for this one. Sometimes it's good just to make a manual copy of things. This method works great for configuration files. Not so much to avoid a failed drive, but more to preserve a working copy of a known good configuration file. The idea is whenever one embarks on an upgrade or a major change (even a minor one too) to a service, sometimes it's good to make a copy of a working configuration file. For instance, using the /etc/config/network configuration file: cp /etc/config/network /etc/config/network-09.30.2020 There, a copy of the original file with a date on the end of it. Simple and effective if one needs to take a "single step back", instead of walking through the complexity of restoring files from Restic or a DD Tar.GZ file. | ||
====LuCI GUI BackUp==== | |||
And of course one can also use the LuCI GUI under System, BackUp / Flash Firmware to create a copy of configuration files and even MTDBLOCK contents. | |||
==Border Mail System (Postfix, MailScanner, MailWatch, ClamD,== | ==Border Mail System (Postfix, MailScanner, MailWatch, ClamD,== | ||
Line 3,406: | Line 3,560: | ||
===Pre-Installation Tasks for Installing Webmin=== | ===Pre-Installation Tasks for Installing Webmin=== | ||
Download the Webmin ...tar.gz file: wget https://prdownloads.sourceforge.net/webadmin/webmin-1.953.tar.gz | Download the Webmin ...tar.gz file: wget https://prdownloads.sourceforge.net/webadmin/webmin-1.953.tar.gz (that's the version number as of this writing, so adjust as they update and locate an updated URL) | ||
Unzip and UnTAR the file; | Unzip and UnTAR the file; | ||
Line 3,414: | Line 3,568: | ||
***CentOS typical location: /usr/libexec/webmin | ***CentOS typical location: /usr/libexec/webmin | ||
***Debian: /usr/share/webmin | ***Debian: /usr/share/webmin | ||
***Locations suggested by Webmin tutorials: /usr/libexec/webmin, /usr/local/webmin | ***Locations suggested by Webmin tutorials: /usr/libexec/webmin, '''/usr/local/webmin''' | ||
***Location noted by https://doxfer.webmin.com/Webmin/Installation_-_the_old_fashioned_way as the most common for "TAR" Installations: /usr/local/webmin | ***Location noted by https://doxfer.webmin.com/Webmin/Installation_-_the_old_fashioned_way as the most common for "TAR" Installations: /usr/local/webmin | ||
*gunzip webmin-1.955.tar.gz and tar xvf webmin-1.955.tar | *gunzip webmin-1.955.tar.gz and tar xvf webmin-1.955.tar | ||
Line 3,420: | Line 3,574: | ||
OR | OR | ||
*tar zxvf webmin-1.955.tar | *tar zxvf webmin-1.955.tar.gz OR tar zxvf webmin-1.955.tar.gz -C /WhatEverPath/WhatEverDirectory (Example: tar zxvf webmin-1.955.tar.gz -C /usr/local/) | ||
(be patient, there are a LOT of files, even on a fast USB 3.0 flash drive it takes a couple of minutes. | (be patient, there are a LOT of files, even on a fast USB 3.0 flash drive it takes a couple of minutes. | ||
*If "untarred" a directory other than the installation, do one of the following; | *If "untarred" a directory other than the installation, do one of the following; | ||
**Move the untarred directory to the desired | **Move the untarred directory to another location than the untarred location, if desired, not necessary | ||
**When installing use the command (not yet): ./setup.sh /WhatEverPath (/usr/local/webmin seems to be a fairly standard location, but of course it can be placed anywhere) | |||
*Before running the setup program; | *Before running the setup program; | ||
**Add the bin Group to /etc/group using this directive: bin:x:1000: (OR, use the groupadd command: groupadd bin, the opkg install shadow-groupadd will be necessary for the groupadd command) | **Add the bin Group to /etc/group using this directive: bin:x:1000: (OR, use the groupadd command: groupadd bin, the opkg install shadow-groupadd will be necessary for the groupadd command) | ||
**Make sure PERL is installed with necessary modules | **Make sure PERL is installed with necessary modules (dependencies will automatically download, and not all of the below are necessary for a base installation of webmin, but come in handy later, and if installing on a USB Flash Drive, as you should be, instead of internal storage, space is not a consideration) | ||
***opkg update | ***opkg update | ||
***opkg install perl perlbase-http-tiny coreutils-stty perlbase-gdbm-file perlbase-extutils perlbase-storable perlbase-time | ***opkg install perl perlbase-http-tiny coreutils-stty perlbase-gdbm-file perlbase-extutils perlbase-storable perlbase-time perl-device-serialport perl-encode-locale perlbase-perlio perlbase-anydbm-file perlbase-anydbm-file perlbase-benchmark perlbase-charnames perlbase-db-file perlbase-dbm-filter perlbase-filecache perlbase-filetest perlbase-getopt perlbase-hash perlbase-sdbm-file perlbase-tap perlbase-test perlbase-unicode | ||
***...and because the above list was trial and error and as Webmin has progressed over the months and years, it needs more PERL (yes, I know about the caps thing) modules, just throw the fistful of darts and install most perl stuff so these in addition too (will need to break it down into two lines probably because of line length limit): opkg install perlbase-bigint perlbase-bignum perlbase-blib perlbase-bytes perlbase-compress perlbase-data perlbase-db perlbase-devel perlbase-diagnostics perlbase-digest perlbase-dumpvalue perlbase-dumpvar perlbase-encoding perlbase-english perlbase-env perlbase-fatal perlbase-fields perlbase-filter perlbase-json-pp perlbase-math perlbase-memoize perlbase-meta-notation perlbase-module perlbase-mro perlbase-next perlbase-o perlbase-open perlbase-ops perlbase-pod perlbase-search perlbase-sigtrap perlbase-sort perlbase-term perlbase-thread perlbase-threads perlbase-universal perlbase-user perlbase-version | |||
**Possible Errors & Solutions during and after Installation; | **Possible Errors & Solutions during and after Installation; | ||
***Most errors will be due to missing PERL modules. So if space isn't an issue, just see the above 'throw all the darts at the dart board strategy' and install all PERL modules. Thanks Webmin for not making a complete list of all the necessary modules and also having your script not properly detect missing modules either. | |||
***"Perl Socket module not installed" Error will occur if perlbase-http-tiny is not installed. | ***"Perl Socket module not installed" Error will occur if perlbase-http-tiny is not installed. | ||
***"stty: not found" / "Login password: ./setup.sh: line 396: stty: not found" (the line number may be different depending on the version of the setup script an Webmin being installed) Error will occur if coreutils-stty is not installed | ***"stty: not found" / "Login password: ./setup.sh: line 396: stty: not found" (the line number may be different depending on the version of the setup script an Webmin being installed) Error will occur if coreutils-stty is not installed | ||
Line 3,442: | Line 3,598: | ||
***"Can't locate ExtUtils/CBuilder.pm in @INC (you may need to install the ExtUtils::CBuilder module" error occurs if perlbase-extutils is not installed | ***"Can't locate ExtUtils/CBuilder.pm in @INC (you may need to install the ExtUtils::CBuilder module" error occurs if perlbase-extutils is not installed | ||
***" can't open '/var/log/webmin/miniserv.pid': No such file or directory" error occurs when stopping Webmin with /etc/webmin/stop | ***" can't open '/var/log/webmin/miniserv.pid': No such file or directory" error occurs when stopping Webmin with /etc/webmin/stop | ||
***failed to open /var/webmin/miniserv.error<span> </span>: No such file or directory at /usr/local/webmin/miniserv.pl line XYZ: This is because webmin wants to put its error log at the /var/webmin location. Nope, how about conforming to some standards and putting in the /var/log directory by default? Up to the end user to configure here: /etc/webmin/miniserv.conf | |||
====A Special note on HTTPS (not the Module) for Webmin: Do NOT worry about it. Forget it. Almost impossible to get working.==== | ====A Special note on HTTPS (not the Module) for Webmin: Do NOT worry about it. Forget it. Almost impossible to get working.==== | ||
Line 3,460: | Line 3,617: | ||
*Detailed instructions to install "The Old Fashion Way..." can be found here: https://doxfer.webmin.com/Webmin/Installation_-_the_old_fashioned_way | *Detailed instructions to install "The Old Fashion Way..." can be found here: https://doxfer.webmin.com/Webmin/Installation_-_the_old_fashioned_way | ||
*In | *In the Webmin installation directory, run: ./setup.sh /WhatEverPathToInstallWebmin (see above for potential locations) | ||
**Config Directory: /etc/webmin | **Config Directory: /etc/webmin | ||
**Log file directory: /var/log/webmin (NOTE: This directory is actually a symbolic link for /tmp, so it will not persist across reboots of a router. If permanent logs for Webmin are desired, change the path) | **Log file directory: /var/log/webmin (NOTE: This directory is actually a symbolic link for /tmp, so it will not persist across reboots of a router. If permanent logs for Webmin are desired, change the path) | ||
***/var/log/webmin (note, this directory is actually located here: /tmp/log/webmin, and needs to be created each time the router is booted as the /tmp directory is just that, temporary) | ***/var/log/webmin (note, this directory is actually located here: /tmp/log/webmin, and needs to be created each time the router is booted as the /tmp directory is just that, temporary) | ||
***As of the 11.2020 version of Webmin, the default location seems to be /var/webmin, so watch out for that and change it to /var/log/webmin, otherwise, other items described in this article won't work, because Webmin won't start without the correct log path. | ***As of the 11.2020 version of Webmin, the default location seems to be /var/webmin, so watch out for that and change it to /var/log/webmin, otherwise, other items described in this article won't work, because Webmin won't start without the correct log path. | ||
***The Log File path can also be created in the /etc/init.d/webmin startup script | |||
**Full path to perl: /usr/bin/perl | **Full path to perl: /usr/bin/perl | ||
**MiniServe Configuration (the web process for webmin): /etc/webmin/miniserv.conf | **MiniServe Configuration (the web process for webmin): /etc/webmin/miniserv.conf | ||
**Configure OS as: 110 - Generic Linux (it changed to 111 some time in late 2020) | **Configure OS as: 110 - Generic Linux (it changed to 111 some time in late 2020, and in late 2021 the Webmin installation script seems to now autodetect OpenWRT at Generic Linux, OS version 5.4) | ||
***OS Choices available when installing Webmin: Pick 110) Geric Linux for OpenWRT; | ***OS Choices available when installing Webmin: Pick 110) Geric Linux for OpenWRT (note, the number changes as Webmin adds OSs, so adjust as necessary); | ||
<syntaxhighlight lang="text"> | <syntaxhighlight lang="text"> | ||
1) Pardus Linux 2) SmartOS 3) Sun Solaris | 1) Pardus Linux 2) SmartOS 3) Sun Solaris | ||
Line 3,514: | Line 3,672: | ||
====Post Installation==== | ====Post Installation==== | ||
The setup script may display some errors; | PID File: By default the PID file for Webmin will be here:var/log/webmin/miniserv.pid That makes sense (NOT). The PID is to indicate whether a process is running, which should go in /var/run. /var/log is for log files. Come on! Really?! It's OK to leave it in the default location, but to put it in a place that makes more sense, modify the /etc/webming/miniserv.conf file and change the pidfile= setting to /var/run/minserv.pid | ||
The setup script may display some errors, the following is related to having Webmin start automatically and an easy fix); | |||
*Error: Failed to open /etc/rc.d/init.d/webmin for writing : No such file or directory | *Error: Failed to open /etc/rc.d/init.d/webmin for writing<span> </span>: No such file or directory | ||
There is a choice for solving the above error, choose one of the following two items; | There is a choice for solving the above error, choose one of the following two items; | ||
Line 3,541: | Line 3,701: | ||
mkdir -p -m 0750 /var/log/webmin | mkdir -p -m 0750 /var/log/webmin | ||
mkdir -p -m 0750 /var/webmin | mkdir -p -m 0750 /var/webmin | ||
/etc/webmin/start | |||
# And don't forget to configure the logfile and errorlog settings in /etc/webmin/miniserv.conf to reflect the above OR leave the Webmin version of the miniserv.conf file as it is and make sure the ...0750 /var/webmin line is above too (then hunt for your log files somewhere besides in a log directory) | |||
# In fact, best to leave that /var/webmin directory creation in place too as webmin puts other temporary crap in there that isn't related to log files. | |||
} | } | ||
Line 3,557: | Line 3,720: | ||
It also may claim that it has started webmin (immediately after the installation), but sometimes it doesn't really do that, so: /etc/webmin/stop, then /etc/webmin/start | It also may claim that it has started webmin (immediately after the installation), but sometimes it doesn't really do that, so: /etc/webmin/stop, then /etc/webmin/start | ||
Webmin seems to have an issue detecting ARM CPUs in the Marvell SoC with OpenWRT. This results in an Error 500 Perl execution failed... ...proc::list_processes. To correct the issue modify the /overlay/webmin/proc/module.info File as follows (It disables the Webmin Processor Module because that module does not run correctly on OpenWRT for the AC Series of routers) by removing the generic-linux or *-linux setting; | This seems to have been corrected with Webmin versions as of approxomately early 2021: <s>Webmin seems to have an issue detecting ARM CPUs in the Marvell SoC with OpenWRT. This results in an Error 500 Perl execution failed... ...proc::list_processes. To correct the issue modify the /overlay/webmin/proc/module.info File as follows (It disables the Webmin Processor Module because that module does not run correctly on OpenWRT for the AC Series of routers) by removing the generic-linux or *-linux setting;</s> | ||
NOTE: As of 11.2020, a newer version of Webmin overcomes the issue OR version 19.07.04 of OpenWRT's perl corrects the issue (didn't test which one it was, just noticed it)<syntaxhighlight lang="text"> | NOTE: As of 11.2020, a newer version of Webmin overcomes the issue OR version 19.07.04 of OpenWRT's perl corrects the issue (didn't test which one it was, just noticed it)<syntaxhighlight lang="text"> | ||
Line 3,569: | Line 3,732: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Verify the /etc/webmin/config file contains the following settings;<syntaxhighlight lang="text"> | <s>Verify the /etc/webmin/config file contains the following settings;</s><syntaxhighlight lang="text"> | ||
os_type=generic-linux | os_type=generic-linux | ||
os_version=4 | os_version=4 | ||
Line 3,575: | Line 3,738: | ||
real_os_version=19.07.03 | real_os_version=19.07.03 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Alternative Method of Configuring Webmin settings in /etc/webmin/config file;<syntaxhighlight lang="text"> | <s>Alternative Method of Configuring Webmin settings in /etc/webmin/config file;</s><syntaxhighlight lang="text"> | ||
os_type=linux | os_type=linux | ||
os_version=4 | os_version=4 | ||
real_os_type=OpenWRT | real_os_type=OpenWRT | ||
real_os_version=19.07.03 | real_os_version=19.07.03 | ||
</syntaxhighlight>...however, this necessitates that any Webmin modules that require certain operating systems (apache, bind, etc.) need to have their module.info files modified to include the os_type of linux. | </syntaxhighlight><s>...however, this necessitates that any Webmin modules that require certain operating systems (apache, bind, etc.) need to have their module.info files modified to include the os_type of linux.</s> | ||
And again, the /overlay/webmin/proc/module.info will need to be modified as above. | <s>And again, the /overlay/webmin/proc/module.info will need to be modified as above.</s> | ||
Also, most of the Webmin modules will need to be custom configured for the OpenWRT environment in order to function properly. See below... | <s>Also, most of the Webmin modules will need to be custom configured for the OpenWRT environment in order to function properly. See below...</s> | ||
As of mid 2021, none of the above items seem to be a concern anymore (at least with a WRT3200ACM, the only one tested thus far with this new tidbit of information). The default /etc/webmin/config file works fine;<syntaxhighlight lang="text"> | |||
passwd_pindex=1 | |||
passwd_mindex=4 | |||
passwd_uindex=0 | |||
passwd_file=/etc/shadow | |||
ld_env=LD_LIBRARY_PATH | |||
path=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin | |||
find_pid_command=ps auwwwx | grep NAME | grep -v grep | awk '{ print $2 }' | |||
by_view=0 | |||
passwd_cindex=2 | |||
tempdelete_days=7 | |||
os_type=generic-linux | |||
os_version=5.4 | |||
real_os_type=Generic Linux | |||
real_os_version=5.4 | |||
lang=en | |||
log=1 | |||
referers_none=1 | |||
md5pass=1 | |||
theme=authentic-theme | |||
product=webmin | |||
</syntaxhighlight> | |||
===Adding and Configuring Webmin Features & Modules=== | ===Adding and Configuring Webmin Features & Modules=== | ||
Line 3,595: | Line 3,781: | ||
*CLOCK, Settings Icon (the gear at the top left of the configuration payne), System configuration, System time setting format, YYYYMMDDHHMM.SS Radio Button | *CLOCK, Settings Icon (the gear at the top left of the configuration payne), System configuration, System time setting format, YYYYMMDDHHMM.SS Radio Button | ||
*...but wait, as of late 2021, something has changed with Webmin or OpenWRT, the above setting now needs to be: MMDDHHMMYY Radio Button | |||
OR | OR | ||
Line 3,776: | Line 3,963: | ||
hostnet_list= | hostnet_list= | ||
</syntaxhighlight>Items such as dhcpd_version can be modified to reflect whatever version of DHCPD is available in the future. No modifications need to be made to the /overlay/webmin/dhcpd/module.info (assuming the root path of Webmin is /overlay) file as this Module seems to be compatible with every version of DHCPD on every Linux distribution. | </syntaxhighlight>Items such as dhcpd_version can be modified to reflect whatever version of DHCPD is available in the future. No modifications need to be made to the /overlay/webmin/dhcpd/module.info (assuming the root path of Webmin is /overlay) file as this Module seems to be compatible with every version of DHCPD on every Linux distribution. | ||
The Edit Network Interfaces Button and Interfaces File Type setting in Webmin will not work with OpenWRT. | |||
====Samba Server Webmin Module (/etc/webmin/samba/config)==== | ====Samba Server Webmin Module (/etc/webmin/samba/config)==== | ||
First, if it hasn't already been stated, a LuCI GUI (Services, Network Shares) for Samba exists. AND it makes sense to stay within the OpenWRT management / configuration paradigm for services (/etc/config/samba3 or samba4). Having noted that, the LuCI GUI does not have all the bells and whistles of Webmin, but what is there looks a whole lot better. So for this one, a hybrid approach is best. | First, if it hasn't already been stated, a LuCI GUI (Services, Network Shares) for Samba exists. AND it makes sense to stay within the OpenWRT management / configuration paradigm for services (/etc/config/samba3 or samba4). Having noted that, the LuCI GUI does not have all the bells and whistles of Webmin, but what is there looks a whole lot better. So for this one, a hybrid approach is best. | ||
Making so Webmin recognizes the Samba Module as an active module requires editing the / | Making so Webmin recognizes the Samba Module as an active module requires editing the /usr/local/webmin/samba/module file (assuming /usr/local is the root of the Wemin installation path chosen). For some reason the wildcard version of Linux (*-linux) setting is not respected with OpenWRT / Webmin. That makes it necessary to add the full name of the os_type setting in the /etc/webmin/config file (which should be ''generic_linux'') into the /usr/local/webmin/samba/module.info file os_support setting. See below; | ||
*Original line: os_support=solaris *-linux aix hpux freebsd osf1 irix openserver unixware openbsd macos netbsd | *Original line: os_support=solaris *-linux aix hpux freebsd osf1 irix openserver unixware openbsd macos netbsd | ||
Line 3,868: | Line 4,057: | ||
====Third Party Modules (OpenVPN Certificate Authority, not OpenVPN itself as that is configured via LuCI or /etc/config, etc)==== | ====Third Party Modules (OpenVPN Certificate Authority, not OpenVPN itself as that is configured via LuCI or /etc/config, etc)==== | ||
Install via the Webmin GUI and remember to configure the module.info file if necessary and settings | Install via the Webmin GUI and remember to configure the module.info file if necessary and settings too. IE, download the module from the Webmin website, and then under the Webmin, Wemin Configuration, Webmin Modules menu, select From uploaded file, and Install Module | ||
OpenVPN (/etc/webmin/openvpn/config);<div class="toccolours mw-collapsible mw-collapsed" style="overflow:auto; width:100%;"> | OpenVPN (/etc/webmin/openvpn/config);<div class="toccolours mw-collapsible mw-collapsed" style="overflow:auto; width:100%;"> | ||
Line 3,894: | Line 4,083: | ||
</syntaxhighlight></div></div> | </syntaxhighlight></div></div> | ||
====Cron==== | |||
It works with one minor exception. For older versions of Webmin, the "Display running status of jobs?" may not work. Other than that, the below configuration /etc/webmin/cron/config file works;<syntaxhighlight lang="text"> | |||
show_comment=1 | |||
hourly_only= | |||
match_mode= | |||
cron_dir= | |||
run_parts= | |||
cron_input=1 | |||
cron_delete_command= | |||
cron_copy_command= | |||
show_time=1 | |||
single_file=/etc/crontabs/root | |||
cronfiles_dir= | |||
cron_allow_file= | |||
cron_edit_command= | |||
max_jobs= | |||
cron_get_command= | |||
match_user= | |||
cron_deny_all= | |||
max_len= | |||
cron_deny_file= | |||
kill_subs= | |||
vixie_cron=0 | |||
show_next=1 | |||
system_crontab= | |||
show_run=2 | |||
add_file= | |||
</syntaxhighlight> | |||
===Starting and Stopping Webmin=== | ===Starting and Stopping Webmin=== | ||
Line 3,979: | Line 4,197: | ||
Unlike many models of routers that require a similar connector be soldered to a circuit board, the AC Series of routers has this feature installed during manufacturing. Even though the cost is quite small per unit, it can add up to a significant amount of money with a large production run. This implies Linksys was anticipating the router would be used by a modding community. So thank you to the Linksys engineers and management that made sure that feature was included with the router. On the cynical "bean counter" side of things, including a feature which makes it easier to salvage a "[[wikipedia:Brick_(electronics)|bricked]]" router, also probably cuts down on the number customers attempting to return "failed" units to Linksys. | Unlike many models of routers that require a similar connector be soldered to a circuit board, the AC Series of routers has this feature installed during manufacturing. Even though the cost is quite small per unit, it can add up to a significant amount of money with a large production run. This implies Linksys was anticipating the router would be used by a modding community. So thank you to the Linksys engineers and management that made sure that feature was included with the router. On the cynical "bean counter" side of things, including a feature which makes it easier to salvage a "[[wikipedia:Brick_(electronics)|bricked]]" router, also probably cuts down on the number customers attempting to return "failed" units to Linksys. | ||
==Serial TTL Cable and Connectors== | |||
{{:Serial_TTL_Cable_and_Connectors}} | |||
===Serial Ports and TTL Serial Communication=== | ===Serial Ports and TTL Serial Communication=== | ||
Line 4,005: | Line 4,226: | ||
[[File:USBABCable.jpg|none|thumb|126x126px|USB B to USB A with Cable]] | [[File:USBABCable.jpg|none|thumb|126x126px|USB B to USB A with Cable]] | ||
Link as of Late 2020:https://www.ebay.com/itm/PL2303TA-USB-to-TTL-RS232-COM-UART-Module-Serial-Cable-Adapter-for-Arduino/233559278066 | Link as of Late 2020:https://www.ebay.com/itm/PL2303TA-USB-to-TTL-RS232-COM-UART-Module-Serial-Cable-Adapter-for-Arduino/233559278066 | ||
[[File:PL2303TA.jpg|none|thumb|126x126px|PL2303TA]] | [[File:PL2303TA.jpg|none|thumb|126x126px|USB PL2303TA Serial to 2.54mm Pitch Molex "70553 Style" Female Pigtail]] | ||
[[File:JSTPH2mmFemale.jpg|left|thumb|126x126px|JST-PH 2.0mm Pitch 6 Pin Female Connector (notice the striped wires that are soldered.]] | |||
<br /> | <br /> | ||
As of early 2021, there doesn't appear to be anyone that manufactures a 6 pin 2.0mm pitch JST-PH female connector / adapter / converter to a "pigtail" 2.54 breadboard / jumper Molex "70553 style" male connector. And that was just when you thought everything existed in the world. Oh, well. | |||
The best "non-soldering" / "plug it all together" solution is the above noted "USB B to USB A with Cable" Connector + the PL2303TA USB (the USB version of a MAX3232) to 2.54 breadboard / jumper Molex "70553 style" female connector to the JST-PH 2.0mm Pitch 6 Pin Female Connector. The stripped off wires that are soldered with fit nicely into the "70553 style" female connector. Everything else is just plugged together, minus the hole in the side of the router for the USB connector. In the end, once put together, it makes it so a router can be connected to a computer via an ordinary USB cable. | |||
===The Real Pin # 1=== | ===The Real Pin # 1=== | ||
Many website tutorials, YouTube videos, diagrams, and even images on the OpenWRT website show the TTL Serial Port for the AC series of routers numbered from left to right, starting with "pin 1", as viewed from the top / front of the circuit board. This is NOT correct, although both the names / labels of the pins and what their function is (Ground, TX (Transmit), and RX (Receive)), ''are correct''. It is an industry standard to identify "Pin 1" on a circuit board in several manners. The most common methods includes a triangle printed on the circuit board closest to "Pin 1" and a square solder connection (as viewed from the bottom). Another convention that is typically followed, but is not an absolute rule, is putting "Pin 1" closest to the nearest edge of a circuit board. The AC Series of routers all have a square solder connection on the bottom and a triangle printed on top of the circuit board for "Pin 1" on the right side of the connector, as viewed from the top. Since there is no pinout standard for that type of connector, the manufacturer (Linksys in this case) gets to define where "Pin 1" is located. And per the triangle marking, pin closest to edge, and square solder connection pin number one is located as indicated by the below image. PERIOD. Image is courtesy of: http://wtarreau.blogspot.com/2018/ | Many website tutorials, YouTube videos, diagrams, and even images on the OpenWRT website show the TTL Serial Port for the AC series of routers numbered from left to right, starting with "pin 1", as viewed from the top / front of the circuit board. This is NOT correct, although both the names / labels of the pins and what their function is (Ground, TX (Transmit), and RX (Receive)), ''are correct''. It is an industry standard to identify "Pin 1" on a circuit board in several manners. The most common methods includes a triangle printed on the circuit board closest to "Pin 1" and a square solder connection (as viewed from the bottom). Another convention that is typically followed, but is not an absolute rule, is putting "Pin 1" closest to the nearest edge of a circuit board. The AC Series of routers all have a square solder connection on the bottom and a triangle printed on top of the circuit board for "Pin 1" on the right side of the connector, as viewed from the top. Since there is no pinout standard for that type of connector, the manufacturer (Linksys in this case) gets to define where "Pin 1" is located. And per the triangle marking, pin closest to edge, and square solder connection pin number one is located as indicated by the below image. PERIOD. Image is courtesy of: http://wtarreau.blogspot.com/2018/ | ||
Line 4,015: | Line 4,248: | ||
For a detailed explanation of Serial Ports: https://en.wikipedia.org/wiki/Serial_port | For a detailed explanation of Serial Ports: https://en.wikipedia.org/wiki/Serial_port | ||
[[wikipedia:JST_connector|JST Connector]] Specifications: http://www.jst-mfg.com/product/pdf/eng/ePH.pdf | [[wikipedia:JST_connector|JST Connector]] Specifications: http://www.jst-mfg.com/product/pdf/eng/ePH.pdf And a nice video on the subject: https://www.youtube.com/watch?v=wn3ixZ-sv5w | ||
Various comparisons between RS-232 and TTL: https://learn.sparkfun.com/tutorials/serial-communication/wiring-and-hardware | Various comparisons between RS-232 and TTL: https://learn.sparkfun.com/tutorials/serial-communication/wiring-and-hardware | ||
Line 4,052: | Line 4,285: | ||
==MWAN Failover== | ==MWAN Failover== | ||
{{:OpenWRT_MWAN_Failover}} | {{:OpenWRT_MWAN_Failover}} | ||
==Samba Scare on WAN== | |||
{{:OpenWRT_Samba_Scare_on_WAN}} | |||
==NMAP Utility (Port Scanner)== | |||
{{:OpenWRT_NMAP_Utility}} | |||
==PPPoE (Point to Point over Ethernet)== | ==PPPoE (Point to Point over Ethernet)== | ||
{{:OpenWRT_PPPoE}} | {{:OpenWRT_PPPoE}} | ||
==User Names and Passwords | ==Wireless Client Bridge Mode with OpenWRT== | ||
{{:WRT_Router_Series_Wireless_Client_Bridge_Mode_with_OpenWRT}} | |||
==Monitoring Services with Monit== | |||
{{:WRT_Router_Series_Monit}} | |||
==eXtplorer== | |||
{{:EXtplorer_on_OpenWRT}} | |||
==De Brick or Un Bricking a WRT Series Router== | |||
{{:De_Brick_or_Un_Bricking_a_WRT_Series_Router}} | |||
==WRT Series COPY MTD Partitions== | |||
{{:WRT_Series_COPY_MTD_Partitions}} | |||
==AC Series Recommended Software and Utilities== | |||
{{:AC_Series_Recommended_Software_and_Utilities}} | |||
==U Boot for WRT Series== | |||
{{:U_Boot_for_WRT_Series}} | |||
==Serial Port Communication on Linksys AC Series with OpenWRT== | |||
{{:Serial_Port_Communication_on_Linksys_AC_Series_with_OpenWRT}} | |||
==User Names and Passwords | |||
opkg update | opkg update | ||
opkg install shadow-passwd shadow-useradd shadow-groupadd | opkg install shadow-passwd shadow-useradd shadow-groupadd | ||
Line 4,067: | Line 4,330: | ||
After: root::18475:0:99999:7:::<br /> | After: root::18475:0:99999:7:::<br /> | ||
===Weak Passwords=== | |||
Not that one would ever want to configure a "weak password", and out of the box, the OpenWRT GUI doesn't allow that. As it should be. But the frustrating part is having that limitation imposed with no way around it. Maybe there is a good reason to temporarily configure a weak password. Is that possible with the OpenWRT LuCI GUI interface? No, not by default. Is there a way around it? Not via that same GUI as far as Google is concerned. But there is a way... | |||
Install the above passwd command, and at a command prompt type: passwd (then enter whatever password one wants) | |||
* | * |