wiki.TerraBase.info

Linksys AC Series Router Configuration Tips for OpenWRT: Difference between revisions

← Older editNewer edit →
VisualWikitext
Line 244: Line 244:
It is recommended to make sure the destination partition is the same size or larger of course.  Be prepared to wait a while, even on a USB 3.0 port.  
It is recommended to make sure the destination partition is the same size or larger of course.  Be prepared to wait a while, even on a USB 3.0 port.  


*dd if=/dev/sda1 of=/dev/sda2 status=progress  
*dd if=/dev/sda1 of=/dev/sda2 status=progress


Note: After cloning, to save confusion and sanity, remove the source drive.  It also may be necessary to reboot the router or dismount and mount the drive if it was already mounted to see the "cloned" directories and files.  All of this is necessary because ''everything'' is cloned and OpenWRT may display two /dev/sdX devices that are exactly the same (IE sdb1 and sdb1 as two distinct, but duplicate device partitions).
Note: After cloning, to save confusion and sanity, remove the source drive.  It also may be necessary to reboot the router or dismount and mount the drive if it was already mounted to see the "cloned" directories and files.  All of this is necessary because ''everything'' is cloned and OpenWRT may display two /dev/sdX devices that are exactly the same (IE sdb1 and sdb1 as two distinct, but duplicate device partitions).
Line 2,058: Line 2,058:
*opkg install htop restic luci-app-uhttpd libustream-mbedtls20150806 zoneinfo-northamerica
*opkg install htop restic luci-app-uhttpd libustream-mbedtls20150806 zoneinfo-northamerica


==== Full Versions of Commands available in BusyBox (but limited in BB due to size constraints) ====
====Full Versions of Commands available in BusyBox (but limited in BB due to size constraints)====


* opkg list coreutils*
*opkg list coreutils*
* opkg list shadow*
*opkg list shadow*
* opkg list procps*
*opkg list procps*


Additional commands are hidden in various other non-intuitive locations.  If a desired command or utility isn't available, search for it by name in the LuCI GUI interface, System, Software, Filter Field and then install the package it is contained in.  Use caution as some package names and descriptions are a bit misleading and may install undesired programs.
Additional commands are hidden in various other non-intuitive locations.  If a desired command or utility isn't available, search for it by name in the LuCI GUI interface, System, Software, Filter Field and then install the package it is contained in.  Use caution as some package names and descriptions are a bit misleading and may install undesired programs.
Line 2,437: Line 2,437:
Configuration File: /etc/vsftpd.conf
Configuration File: /etc/vsftpd.conf


NOTE 1: The default configuration file (/etc/vsftpd.conf) for VSFTPD will never work under any circumstances for an OpenWRT router that is in a "normal" / default configuration in regards to its firewall and several other items.  It is understood that the OpenWRT developers have better things to do than configuring an old FTP server, but they may as well leave the configuration file blank or perhaps include all of the options, but comment everything out rather than having a configuration file that does nothing more than give an end user false hope.
* Be sure to read the
 
* The default configuration file (/etc/vsftpd.conf) for VSFTPD will never work under any circumstances for an OpenWRT router that is in a "normal" / default configuration in regards to its firewall and several other items.  It is understood that the OpenWRT developers have better things to do than configuring an old FTP server, but they may as well leave the configuration file blank or perhaps include all of the options, but comment everything out rather than having a configuration file that does nothing more than give an end user false hope.
NOTE 2: The OpenWRT Package creates an /etc/vsftpd Directory, but it isn't used.  Case in point: The default userlist_file name for the OpenWRT version of VSFTPD is /etc/vsftpd.user_list.  For other platforms such as CentOS, that file is located in the /etc/vsftpd Directory, but for OpenWRT it is located in the /etc Directory.  So why is the /etc/vsftpd Directory created (with nothing in it)?  Best guess is that since other Platforms like CentOS that put configuration files in the /etc/vsftpd Directory, there might be some "template" in the vsftpd source code that creates that Directory by default and the OpenWRT developers forgot to disable that function.
* The OpenWRT Package creates an /etc/vsftpd Directory, but it isn't used.  Case in point: The default userlist_file name for the OpenWRT version of VSFTPD is /etc/vsftpd.user_list.  For other platforms such as CentOS, that file is located in the /etc/vsftpd Directory, but for OpenWRT it is located in the /etc Directory.  So why is the /etc/vsftpd Directory created (with nothing in it)?  Best guess is that since other Platforms like CentOS that put configuration files in the /etc/vsftpd Directory, there might be some "template" in the vsftpd source code that creates that Directory by default and the OpenWRT developers forgot to disable that function.
 
* The /etc/init.d/vsftpd startup script is very simple.  So simple in fact that it requires a setting (listen=YES) in the .conf file for vsFTPD for vsFTPD that documentation indicates is set to "yes" if vsFTPD is NOT run via an init.d script.  In OpenWRT's case, the startup script is so simple it essentially runs vsFTPD as if it were starting from the command line.  This causes no issues, but is a bit counter intutive if one reads the vsFTPD documentation on the "listen" directive.
NOTE 3: The /etc/init.d/vsftpd startup script is very simple.  So simple in fact that it requires a setting (listen=YES) in the .conf file for vsFTPD for vsFTPD that documentation indicates is set to "yes" if vsFTPD is NOT run via an init.d script.  In OpenWRT's case, the startup script is so simple it essentially runs vsFTPD as if it were starting from the command line.  This causes no issues, but is a bit counter intutive if one reads the vsFTPD documentation on the "listen" directive.


Below is a working configuration file;<syntaxhighlight lang="text">
Below is a working configuration file;<syntaxhighlight lang="text">
Line 2,545: Line 2,544:
According to documentation, the vsFTPD Service / Daemon can only "listen" on a single IP Address (listen_address=W.X.Y.Z).  This also appears to apply to Passive FTP settings (pasv_address=W.X.Y.Z).  There is a solution.  Run multiple instances of vsFTPD.  Easy to say, but a bit more complex to accomplish.
According to documentation, the vsFTPD Service / Daemon can only "listen" on a single IP Address (listen_address=W.X.Y.Z).  This also appears to apply to Passive FTP settings (pasv_address=W.X.Y.Z).  There is a solution.  Run multiple instances of vsFTPD.  Easy to say, but a bit more complex to accomplish.


Because of the simplicity of the /etc/init.d/vsftpd startup script, it is not possible to use the same binary / executable File (/usr/sbin/vsftpd) for multiple vsFTPD instances.  The solution is to create two symbolic links to the /usr/sbin/vsftpd binary / executable File.
Because of the simplicity of the /etc/init.d/vsftpd startup script, it is not possible to use the same binary / executable File (/usr/sbin/vsftpd) for multiple vsFTPD instances.  The solution is to create two symbolic links to the /usr/sbin/vsftpd binary / executable File. Be sure to set the permissions on the new startup script to 755: chmod 755 WhatEverScriptFileName (chmod 755 /etc/init.d/vsftpd)


*ln -s /usr/sbin/vsftpd /usr/sbin/vsftpd1
*ln -s /usr/sbin/vsftpd /usr/sbin/vsftpd1
Line 2,559: Line 2,558:


start() {
start() {
mkdir -m 0755 -p /var/run/vsftpd1
# /var/run/vsftpd is the secure_chroot_dir default value that vsFTPD requires to run
# It can be shared amongst multiple instances of vsFTPD
mkdir -m 0755 -p /var/run/vsftpd
service_start /usr/sbin/vsftpd1 /etc/vsftpd1.conf
service_start /usr/sbin/vsftpd1 /etc/vsftpd1.conf
}
}
Line 2,586: Line 2,587:


</syntaxhighlight>
</syntaxhighlight>
Also note that vsFTPD module has a behavior where it will add items that are left blank in the GUI interface as commented out configuration items in the /etc/vsftpd.conf file.
For multiple vsFTPD instances, Webmin allows for cloning modules.  Remember to change the configuration file location if taking advantage of this feature.


====CAUTION!====
====CAUTION!====
Line 2,591: Line 2,595:
*If the configuration of vsFTPD includes the use of userlist_enable or userlist_deny, make sure that the /etc/vsftpd.user_list File is created with VI or NANO as opposed to a Windows utility through Samba.  The reason is vsFTPD will not be able to read the file properly if it contains CR/LF (Carriage Return / Line Feeds).
*If the configuration of vsFTPD includes the use of userlist_enable or userlist_deny, make sure that the /etc/vsftpd.user_list File is created with VI or NANO as opposed to a Windows utility through Samba.  The reason is vsFTPD will not be able to read the file properly if it contains CR/LF (Carriage Return / Line Feeds).
*If one reads any documentation about the CentOS (possible others) version of vsFTPD, there are references to using the included "user_list" file and a custom named version of the file.  After some experimentation, it was determined that it may not work in the fashion noted for the OpenWRT version of vsFTPD as it does for other platforms.  Feel free to experiment.
*If one reads any documentation about the CentOS (possible others) version of vsFTPD, there are references to using the included "user_list" file and a custom named version of the file.  After some experimentation, it was determined that it may not work in the fashion noted for the OpenWRT version of vsFTPD as it does for other platforms.  Feel free to experiment.
*It is worth repeating this warning: If any of the files (vsftpd1.user_list, etc.) referenced in a vsFTPD configuration file are not present, the vsftpd service will start and appear to be functioning (PS, TOP, HTOP, etc. will all show it as running), but...  There will be nothing displayed on client FTP software.
*It is worth repeating this warning: If any of the files (/var/run/vsftpd, vsftpd1.user_list, etc.) referenced in a vsFTPD configuration file are not present, the vsftpd service will start and appear to be functioning (PS, TOP, HTOP, etc. will all show it as running), but...  There will be nothing displayed on client FTP software.
*If the background= setting is configured as background=NO (as one might do for troubleshooting), it will prevent a router from starting any services after vsFTPD.  Since vsFTPD's "start order" is 50, any services after that will not start.
*Several older forum postings and other web sites, as far back as 2007, make references to installing various additional pieces of software such as kmod-nf-ipvs-<ins>ftp</ins> along with other kernel modules.  They are not necessary.
*Remember, OpenWRT provides two different vsFTPD packages, one without FTPS capability (opkg install vsftpd) and one with FTPS capability (opkg install vsftpd-tls)


====Notes & Questions====
====Notes & Questions====
It seems very odd that the choice for FTP server that OpenWRT provides is vsFTPD as the latest version is half a decade old.  Why not use something that still gets updated on a regular basis like ProFTPD?  Perhaps the developers of OpenWRT are attempting to send a quiet message that FTP is not a good thing to use because it is not encrypted.  But if that's the case, why not remove every FTP server package that doesn't contain SFTP (SSH FTP) or FTPS (SSL/TSL FTP) functionality?
It seems very odd that the choice for FTP server that OpenWRT provides is vsFTPD as the latest version is half a decade old.  Why not use something that still gets updated on a regular basis like ProFTPD?  Perhaps the developers of OpenWRT are attempting to send a quiet message that FTP is not a good thing to use because it is not encrypted.  But if that's the case, why not remove every FTP server package that doesn't contain SFTP (SSH FTP) or FTPS (SSL/TSL FTP) functionality?
==== Tips for Troubleshooting ====
As with anything related to computers, it can be difficult to figure out what is wrong with a configuration of a service and why it isn't working as expected.  vsFTPD is no exception.  To eliminate a potential issue, namely the firewall, consider configuring vsFTPD to listen on a LAN interface.  This will eliminate problems related to PASV / Passive FTP issues.  Also consider using a command line version of FTP as opposed to a browser version.  Command line versions of FTP will often times display more error information than a web browser that has FTP capability.


===Telnet===
===Telnet===
Line 2,660: Line 2,670:
===BackUps===
===BackUps===


==== Restic ====
====Restic====
opkg install restic
opkg install restic


Line 2,677: Line 2,687:
Additional Information: https://restic.readthedocs.io/en/stable/ (Note: In some of their examples a tilde ( ~ ) is used, which is a user's home directory)
Additional Information: https://restic.readthedocs.io/en/stable/ (Note: In some of their examples a tilde ( ~ ) is used, which is a user's home directory)


==== DD ====
====DD====
Another program that functions as an effective cloning utility is ''dd'' (noted in an earlier section).  Ideally an additional USB Flash drive should be used.  Note, to utilize the full dd program, instead of the one built into BusyBox: opkg install corutils
Another program that functions as an effective cloning utility is ''dd'' (noted in an earlier section).  Ideally an additional USB Flash drive should be used.  Note, to utilize the full dd program, instead of the one built into BusyBox: opkg install corutils


* dd if=/dev/sdXy of=/dev/sdXy bs=64K conv=noerror,sync status=progress (if = source, of = destination, bs=block size (IE amount to copy at a time), noerror=Don't stop on read errors, sync=If an error occurs use zeros or nuls to pad file, progress=show the progress)
*dd if=/dev/sdXy of=/dev/sdXy bs=64K conv=noerror,sync status=progress (if = source, of = destination, bs=block size (IE amount to copy at a time), noerror=Don't stop on read errors, sync=If an error occurs use zeros or nuls to pad file, progress=show the progress)


To copy to a compressed file;
To copy to a compressed file;


* dd if=/dev/sdXy conv=sync,noerror bs=64K status=progress | gzip -c  > /WhatEverPath/WhatEverFile.img.gz (-c=Do not change files)
*dd if=/dev/sdXy conv=sync,noerror bs=64K status=progress | gzip -c  > /WhatEverPath/WhatEverFile.img.gz (-c=Do not change files)
* Example: dd if=/dev/sdb1 conv=sync,noerror bs=64K status=progress | gzip -c  > /mnt/sdb2/DD/EXT4a-9.20.2020.img.gz
*Example: dd if=/dev/sdb1 conv=sync,noerror bs=64K status=progress | gzip -c  > /mnt/sdb2/DD/EXT4a-9.20.2020.img.gz


Everything will be cloned, including the UUID of the partition.  If the second flash drive is being used for the sole purpose of backing up settings, as opposed to replacing a bootable flash drive, then to prevent confusion with the source USB Flash Drive or Partition, change the UUID;
Everything will be cloned, including the UUID of the partition.  If the second flash drive is being used for the sole purpose of backing up settings, as opposed to replacing a bootable flash drive, then to prevent confusion with the source USB Flash Drive or Partition, change the UUID;


* tune2fs -U random /dev/sdXy*
*tune2fs -U random /dev/sdXy*


OR
OR


* tune2fs -U UUID /dev/sdXy* (where UUID is the actual UUID)
*tune2fs -U UUID /dev/sdXy* (where UUID is the actual UUID)


To verify the change, use the following command;
To verify the change, use the following command;


* blkid /dev/sdXy
*blkid /dev/sdXy


In the above examples X and y should be replaced with actual mount point references.  IE, sda1, sdb3, sde2, etc.
In the above examples X and y should be replaced with actual mount point references.  IE, sda1, sdb3, sde2, etc.
Retrieved from "https://wiki.terrabase.info/wiki/Linksys_AC_Series_Router_Configuration_Tips_for_OpenWRT"