My First 5 Minutes on an OpenWRT Router
by kacang bawang
This article talks about the changes that I like to make away from default configuration on a new OpenWRT installation.
Set password, then re-login via ssh
|
1 2 3 4 |
telnet 192.168.1.1 #or whatever the ip may be passwd exit ssh 192.168.1.1 |
Turn off IPv6
If you don’t have a specific use for it, turn it off.
|
1 2 3 4 5 6 7 |
# turn off ipv6 support for current session sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.default.disable_ipv6 = 1 # preserve change across reboots # edit /etc/sysctl.conf net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6 = 1 |
Configure WAN and LAN
I don’t like my wired and wireless bridged, so remove the bridge. Then add a new interface definition for the wifi network. We will need to add routing between wired and wireless in the firewall settings later.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# edit /etc/config/network #turn off wifi/wired bridging config interface 'lan' ... #option type 'bridge' ... #add wifi interface config interface 'wifi' option proto static option ipaddr (ip for this interface, eg. 192.168.3.1) option netmask (netmask, eg. 255.255.255.0) |
Link wireless device to ‘wifi’ interface, and select AP/Client mode. If you want to be an access point, set mode to ‘ap’. If you want to connect to an access point, then set mode to ‘client’. The other settings are dual-purpose.
|
1 2 3 4 5 6 7 8 9 10 |
# edit /etc/config/wireless config wifi-iface ... option network 'wifi' option encryption 'psk2' option ssid 'accesspointname' option key 'accespointpassword' option mode 'ap' #option mode 'client' |
Enable DHCP on the wifi interface
|
1 2 3 4 5 6 7 8 |
#edit /etc/config/dhcp #add section config dhcp 'wifi' option interface 'wifi' option start '100' option limit '150' option leastime '1h' |
Configure local domain name
I found it easiest to edit dnsmasq.conf directly than to try to go through UCI (the stuff in /etc/config) for this one.
|
1 2 3 4 5 6 7 |
#edit /etc/dnsmasq.conf #add section domain=lan,192.168.0.0/16 #you could also split the network into two domains #lan and wifi, though over time I found this to be impractical |
Configure firewall
Last but not least, we need to include the ‘wifi’ interface into the “lan” zone of the firewall. This marks the wifi interface as trusted, and messages from it will be accepted and forward to other interfaces.
|
1 2 3 4 5 6 7 |
#edit /etc/config/firewall config zone option name 'lan' ... option network 'wifi' ... |
And that’s about it. We’ve split out the wifi interface (which comes bridged by default) and set up host names for our DHCP clients. The rest of the settings are fine as defaults. Perhaps the wifi settings could use a tweaking, but that’s a topic for another day.
Note that ipv6 is no longer persistently disabled with the proposed edits to /etc/sysctl.conf. One way to persistently disable it is to place the sysctl -w commands in a script in /etc/init.d and give it a high run level.
I imagine you will get a lot of traffic now that news has broken about the dhcp6 bug.
https://wiki.openwrt.org/doc/techref/initscripts