OpenWrt is an embedded Linux system, want to understand the embedded Linux system friends blessed, today's small series to introduce you to the basic configuration of OpenWrt routing, together to learn it.
Chnroutes routing Table
This routing table centralizes all IP segments assigned to mainland China, and is automatically updated daily according to Http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest, allowing access to domestic addresses without a VPN.
Think that if you can make the home of the route directly connected to the VPN, all the devices connected to the WiFi at home directly to the fan wall effect, should be very cool, so recently in a treasure full of a Netgear WNDR3800 second-hand route back, successively respectively in Dd-wrt and OpenWRT successfully configured V PN + chnroutes, and finally chose the OpenWRT.
Dd-wrt vs OpenWRT
About Dd-wrt and OpenWRT, I chose OpenWRT mainly because dd-wrt ROM integration of too many software, the vast majority of use, to configure JFFS2 to save the script file, the general configuration is stored in the NVRAM, and wireless less stable, 5G frequency band is often not found ( Of course it may be my router model support problem). OpenWRT's configuration file syntax is unified, configuration is stored in the file system, and ROM itself only integrates the necessary components, very small, can only install the necessary things, Web management interface is optional installation, simple and powerful, after several days of use has been more stable.
Configuration
Well-configured OpenWRT children's shoes can be skipped directly over 1. Brush ROM and 2. Initial configuration
1. Brush ROM
A. First make sure that your device can be supported by OpenWRT (see the list of supported devices here: Http://wiki.openwrt.org/toh/start) and download the compiled rom:http://downloads.openwrt.org/here. The latest version of stable is Attitude_adjustment (12.09) and I am downloading the trunk version.
B. On the OpenWRT website to find the corresponding device Wiki page to view the brush machine method, usually in the official router Web firmware Upgrade page directly into the (my WNDR3800 Wiki page is: http://wiki.openwrt.org/toh/netgear/ wndr3800)
2. Initial Configuration
A. After the router starts, some models do not have Wifi module installed, you need to first connect to LAN port with a network cable, the native IP is configured as static 192.168.1.x, and then telnet to 192.168.1.1, change the root password, and then ssh to connect, reference: http://w Iki.openwrt.org/doc/start#configuring.openwrt
B. Configure the WAN port to make way for Internet connection, refer to: Http://wiki.openwrt.org/doc/howto/internet.connection.
For example, to configure PPPoE:
The code is as follows:
UCI set Network.wan.proto=pppoe
UCI set Network.wan.username= ' yougotthisfromyour@isp.su '
UCI set network.wan.password= ' YourPassword '
UCI commit Network
Ifup Wan
C. Install the LuCI Web management interface and set the boot to start automatically, reference: Http://wiki.openwrt.org/doc/howto/luci.essentials
The code is as follows:
OPKG Update
Opkg Install Luci
/ETC/INIT.D/UHTTPD start
/ETC/INIT.D/UHTTPD Enable
d. browser input router LAN side IP (more than 192.168.1.1), for Wifi and other configuration
3. Configure DNS
A. Creating/etc/config/sec_resolv.conf
Vim/etc/config/sec_resolv.conf fill in the following DNS Servers:
The code is as follows:
NameServer 8.8.8.8
NameServer 8.8.4.4
NameServer 208.67.222.222
B. Edit/etc/config/dhcp
Vim/etc/config/dhcp Find option Resolvfile options, replace with:
Option Resolvfile '/etc/config/sec_resolv.conf '
4. Configuring PPTP
A. Installing the PPP-MOD-PPTP
The code is as follows:
OPKG Update
Opkg Install PPP-MOD-PPTP
If you need LuCI support (recommended):
Opkg Install LUCI-PROTO-PPP
B. Configure the VPN interface, edit the/etc/config/network file, should already have the following (if not, need to insert), and configure the inside of the server, username and password:
The code is as follows:
Config ' interface ' VPN
Option ' ifname ' Pptp-vpn '
Option ' Proto ' PPTP '
Option ' username ' vpnusername '
option ' Password ' Vpnpassword '
Option ' Server ' vpn.example.org or ipaddress '
Option ' buffering ' 1 '
C. Enter Network-"Firewall, add VPN to WAN zone, the effect is as follows:
D. Enter the Network-"Interfaces, you should already be able to see the VPN Interface and can connect, the effect is as shown:
E. At this time in the native traceroute www.google.com, you should be able to get similar results as follows:
The code is as follows:
fl-mbp:~ fatlyz$ traceroute www.google.com
Traceroute:Warning:www.google.com has multiple addresses; Using 74.125.239.113
Traceroute to Www.google.com (74.125.239.113), hops max, byte packets
Fc_r0.lan (192.168.7.1) 2.266 ms 0.999 ms 0.946 ms
10.7.0.1 (10.7.0.1) 189.259 ms 187.813 ms 188.368 ms
23.92.24.2 (23.92.24.2) 189.847 ms 190.489 ms 188.939 ms
10ge7-6.core3.fmt2.he.net (65.49.10.217) 188.508 ms 192.216 ms 202.863 ms
10ge10-1.core1.sjc2.he.net (184.105.222.14) 195.695 ms 195.691 ms 284.242 ms
72.14.219.161 (72.14.219.161) 189.196 ms 192.287 ms 193.220 ms
216.239.49.170 (216.239.49.170) 192.496 ms 188.547 ms 189.881 ms
66.249.95.29 (66.249.95.29) 190.125 ms 190.335 ms 190.026 ms
Nuq05s01-in-f17.1e100.net (74.125.239.113) 189.804 ms 190.556 ms 190.242 ms
As can be seen, the second hop is the VPN gateway, and Traceroute www.baidu.com the second jump should also be the same result.
At this time already can visit Google, Baidu and other domestic and foreign sites.
5. Configure Chnroutes
A. Download page to chnroutes project: http://chnroutes-dl.appspot.com/download Linux.zip, unzip
B. Rename the ip-pre-up to chnroutes.sh, open the edit, in the IF [!-E/TMP/VPN_OLDGW]; Then insert the following code to avoid repeated execution of the PPP connection script resulting in a duplicate Add route table entry:
The code is as follows:
if [$OLDGW = = ' x.x.x.x ']; Then
Exit 0
Fi
Where x.x.x.x is the gateway to the VPN, you can check the gateway address before you connect to the local computer.
C.SSH connect to the router, execute the following command:
The code is as follows:
cd/etc/config/
mkdir PPTP-VPNCD Pptp-vpnvim chnroutes.sh
In Vim to paste the edited chnroutes.sh (of course, you can also ssh directly to the chnroutes.sh file, or upload to a place and then wget download)
Execute the following command to set permissions to executable:
chmod a+x chnroutes.sh
D. Edit the/lib/netifd/ppp-up file with vim:
Vim/lib/netifd/ppp-up
Insert the following before [-D/ETC/PPP/IP-UP.D] && {This line to ensure that the PPP connection script can be executed:
sh/etc/config/pptp-vpn/chnroutes.sh
E. Restart the route, after the start, enter the LuCI to view the status of the interface, such as WAN and VPN are connected successfully, SSH in, execute Route-n | Head-n 10, the effect should look something like this:
The code is as follows:
root@fc_r0:/etc/config# Route-n | Head-n 10
Kernel IP Routing Table
Destination Gateway genmask Flags Metric Ref use Iface
0.0.0.0 10.7.0.1 0.0.0.0 UG 0 0 0 Pptp-vpn
1.0.1.0 58.111.43.1 255.255.255.0 UG 0 0 0 Pppoe-wan
1.0.2.0 58.111.43.1 255.255.254.0 UG 0 0 0 Pppoe-wan
1.0.8.0 58.111.43.1 255.255.248.0 UG 0 0 0 Pppoe-wan
1.0.32.0 58.111.43.1 255.255.224.0 UG 0 0 0 Pppoe-wan
1.1.0.0 58.111.43.1 255.255.255.0 UG 0 0 0 Pppoe-wan
1.1.2.0 58.111.43.1 255.255.254.0 UG 0 0 0 Pppoe-wan
1.1.4.0 58.111.43.1 255.255.252.0 UG 0 0 0 Pppoe-wan
Where Destination is the default route for 0.0.0.0, the gateway is a VPN gateway, which means that the default traffic is VPN, while the following entries point to the gateway provided by the ISP for the domestic network segment.
The PPTP VPN and Chnroutes are now configured.
6. Configure VPN disconnection Auto-re-connect
A. Create/etc/config/pptp-vpn/status-check.sh:
vim/etc/config/pptp-vpn/status-check.sh
Paste the following in vim (this script detects the status of the VPN connection, disconnects the WAN and VPN interfaces after a wire break, reconnect the WAN after 10 seconds, and re-connects the VPN after 30 seconds):
The code is as follows:
#!/bin/sh "/P" if [-F "/tmp/vpn_status_check.lock"]
Then
Exit 0
Fi "P" vpn_conn= ' ifconfig | grep pptp-vpn '/P ' p ' if [-Z ' $VPN _conn ']
Then
Touch/tmp/vpn_status_check.lock
echo Wan_vpn_reconnect at: "/tmp/vpn_status_check_reconn.log
Date "/tmp/vpn_status_check_reconn.log"/P "p" Ifdown VPN
Ifdown Wan
Sleep 10
Ifup Wan
Sleep 30
Ifdown VPN
Sleep 10
Ifup VPN
Sleep 40
Rm/tmp/vpn_status_check.lock "/P"
Date "/tmp/vpn_status_check.log
Fi
Execute the following command to set permissions to executable:
chmod a+x/etc/config/pptp-vpn/status-check.sh
B. Enter Luci System-"scheduled" to fill in the following, and save:
*/1 * * * */etc/config/pptp-vpn/status-check.sh
The above is actually editing the cron configuration, cron runs the Detect/re-connect script every minute, and restarts cron:
/etc/init.d/cron restart
C. Wait a few minutes, view the/tmp directory, you should be able to see the VPN_OLDGW and Vpn_status_check.log files, view the Vpn_status_check.log file, you can see the last time the VPN connection status was detected.
The code is as follows:
root@fc_r0:/tmp# ls vpn*
VPN_OLDGW Vpn_status_check.log
root@fc_r0:/tmp# Cat Vpn_status_check.log
Tue Jul 00:04:02 HKT 2014
root@fc_r0:/tmp#
You can interrupt the VPN interface at LuCI, and observe the interconnection of the WAN and VPN for the next 4-5 minutes.
D. traceroute www.google.com and www.baidu.com, respectively, to observe the address of the second hop:
The code is as follows:
fl-mbp:~ fatlyz$ traceroute www.google.com | Head-n 3
Traceroute:Warning:www.google.com has multiple addresses; Using 74.125.239.115
Traceroute to Www.google.com (74.125.239.115), hops max, byte packets
Fc_r0.lan (192.168.7.1) 2.161 ms 0.912 ms 0.895 ms
10.7.0.1 (10.7.0.1) 193.747 ms 187.789 ms 289.744 ms
23.92.24.2 (23.92.24.2) 259.323 ms 354.625 ms 408.535 ms
The code is as follows:
fl-mbp:~ fatlyz$ traceroute www.baidu.com | Head-n 3
Traceroute to Www.a.shifen.com (180.76.3.151), hops max, byte packets
1 Fc_r0.lan (192.168.7.1) 1.190 ms 0.984 ms 0.731 ms
2 58.111.43.1 (58.111.43.1) 20.616 ms 38.822 ms 18.484 ms
3 183.56.35.133 (183.56.35.133) 20.056 ms 52.353 ms 87.841 ms
As can be seen, the destination addresses at home and abroad have been successfully routed.
At this point, the basic configuration of the OpenWRT route, PPTP VPN, Chnroutes, and automatic re-connection are already configured.
The above is the method of OpenWrt routing configuration, if you want to configure the OPENWRT routing, you may want to try the method described in this article, I hope that you have some help.