OpenWRT route configuration skills

OpenWRT route configuration skills

Recently, Google has been completely inaccessible in China, making it more demanding to access the network through VPN. The method described in this article can enable a common route to stably connect to the VPN, in addition, you can select domestic and foreign lines to access the website based on the target, so as to obtain a Wi-Fi environment that has no restrictions or affects the speed. devices connected to the network can access the internet securely without any configuration, no inconvenience.

Chnroutes route table

This route table centralizes all IP segments allocated to mainland China, which are automatically updated daily according to the http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest so that they do not pass through the VPN when accessing domestic addresses.

Think about Cool if you can allow the home route to directly connect to the VPN, and all devices connected to WiFi at home can directly achieve the Fan wall effect, so recently in a treasure of a Netgear WNDR3800 second-hand routing back, has been in the DD-WRT and OpenWRT successfully configured VPN + chnroutes, and finally chose OpenWRT.

DD-WRT vs OpenWRT

About DD-WRT and OpenWRT, I choose OpenWRT mainly because the DD-WRT ROM integrated software too much, the vast majority of not, to configure jffs2 to save the script file, general configuration is saved in nvram, in addition, wireless connectivity is unstable, and 5G frequency bands are often unavailable (of course, this may be a problem with the support of my vro model ). The Configuration File Syntax of OpenWRT is unified, and all the configurations are stored in the file system, and ROM itself only integrates the necessary components, which is very small and can only install what is needed, the WEB management interface is also optional for installation. It is simple and powerful and has been stable for several days.

Configuration

If you have configured OpenWRT to access the Internet, you can skip 1. Brush ROM and 2. Initial Configuration.

1. Brush ROM

A. first make sure that your device can be supported by OpenWRT (here you can view the list of supported devices: http://wiki.openwrt.org/toh/start), and then download the compiled ROM: http://downloads.openwrt.org/here /. The latest stable version is attitude_adjustment (12.09). I downloaded the trunk version.

B. On the OpenWRT official website to find the corresponding device Wiki page to view the flash method, is generally in the router official Web firmware upgrade page directly brush into (My WNDR3800 Wiki page is: http://wiki.openwrt.org/toh/netgear/wndr3800)

2. Initial Configuration

A. after the vro is started, some models do not have a Wi-Fi module installed. You need to first connect to the LAN port with a network cable. the IP address of the local machine is configured as static 192.168.1.x, then telnet to 192.168.1.1, change the root password, and then connect to the ssh client, reference: http://wiki.openwrt.org/doc/start#configuring.openwrt

B. Configure the WAN port to connect the route to the Internet, refer to: http://wiki.openwrt.org/doc/howto/internet.connection.

For example, to configure PPPoE:

uci set network.wan.proto=pppoeuci set network.wan.username='yougotthisfromyour@isp.su'uci set network.wan.password='yourpassword'uci commit networkifup wan

C. Install the LuCI Web management interface and set the boot automatic start, see: http://wiki.openwrt.org/doc/howto/luci.essentials

opkg updateopkg install luci/etc/init.d/uhttpd start/etc/init.d/uhttpd enable

D. Enter the LAN-side IP address of the router in the browser (mostly 192.168.1.1) for Wifi configuration.

3. Configure DNS

A. Create/etc/config/sec_resolv.conf

 vim /etc/config/sec_resolv.conf

Enter the following DNS Servers:

nameserver 8.8.8.8nameserver 8.8.4.4nameserver 208.67.222.222

B. edit/etc/config/dhcp.

vim /etc/config/dhcp

Find the option resolvfile option and replace it:

option resolvfile '/etc/config/sec_resolv.conf'

4. Configure PPTP

A. Install ppp-mod-pptp

opkg updateopkg install ppp-mod-pptp

If you need LuCI support (recommended ):

opkg install luci-proto-ppp

B. Configure the vpn interface, edit the/etc/config/network file, and configure the server, username, and password:

config 'interface' 'vpn'         option 'ifname'    'pptp-vpn'          option 'proto'     'pptp'        option 'username'  'vpnusername'        option 'password'  'vpnpassword'        option 'server'    'vpn.example.org or ipaddress'         option 'buffering' '1'

C. Go to Network-> Firewall and add the vpn to the wan zone.

D. Go to Network-> Interfaces. The VPN Interface is displayed and can be connected.

E. In this case, traceroute www.google.com on the local machine should be able to get the following results:

FL-MBP:~ fatlyz$ traceroute www.google.com traceroute: Warning: www.google.com has multiple addresses; using 74.125.239.113 traceroute to www.google.com (74.125.239.113), 64 hops max, 52 byte packets 1  fc_r0.lan (192.168.7.1)  2.266 ms  0.999 ms  0.946 ms 2  10.7.0.1 (10.7.0.1)  189.259 ms  187.813 ms  188.368 ms 3  23.92.24.2 (23.92.24.2)  189.847 ms  190.489 ms  188.939 ms 4  10ge7-6.core3.fmt2.he.net (65.49.10.217)  188.508 ms  192.216 ms  202.863 ms 5  10ge10-1.core1.sjc2.he.net (184.105.222.14)  195.695 ms  195.691 ms  284.242 ms 6  72.14.219.161 (72.14.219.161)  189.196 ms  192.287 ms  193.220 ms 7  216.239.49.170 (216.239.49.170)  192.496 ms  188.547 ms  189.881 ms 8  66.249.95.29 (66.249.95.29)  190.125 ms  190.335 ms  190.026 ms 9  nuq05s01-in-f17.1e100.net (74.125.239.113)  189.804 ms  190.556 ms  190.242 ms

It can be seen that the second hop is the gateway of the VPN, and the second hop of traceroute www.baidu.com should also be the same result.

Now, you can access sites at home and abroad, such as Google and Baidu.

5. Configure chnroutes

A. Go to the chnroutes project download page: http://chnroutes-dl.appspot.com/download linux.zip, unzip

B. Rename ip-pre-up to chnroutes. sh and open the edit. In if [! -E/tmp/vpn_oldgw]; Insert the following code before then to avoid repeated ppp connection script execution, resulting in repeated route table entries:

 if [ $OLDGW == 'x.x.x.x' ]; then    exit 0fi

X. x is the VPN gateway. You can check the gateway address after the local machine is connected.

C. Connect to the vro through ssh and run the following command:

cd /etc/config/mkdir pptp-vpncd pptp-vpnvim chnroutes.sh 

Paste the edited chnroutes. sh file in vim (of course, you can also directly upload the chnroutes. sh file through ssh, or upload it to a certain place before wget download)

Run the following command to set the permission to executable:

chmod a+x chnroutes.sh

D. Use vim to edit the/lib/netifd/ppp-up file:

vim /lib/netifd/ppp-up

Insert the following content before the [-d/etc/ppp/ip-up.d] & {line to ensure that the ppp connection script is executed:

sh /etc/config/pptp-vpn/chnroutes.sh

E. restart the route. After the router is started, go to LuCI to check the interface status. After the WAN and VPN are connected successfully, go to ssh and run route-n | head-n 10. The effect should be similar to this:

 root@FC_R0:/etc/config# route -n | head -n 10 Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 0.0.0.0         10.7.0.1      0.0.0.0         UG    0      0        0 pptp-vpn 1.0.1.0         58.111.43.1   255.255.255.0   UG    0      0        0 pppoe-wan 1.0.2.0         58.111.43.1   255.255.254.0   UG    0      0        0 pppoe-wan 1.0.8.0         58.111.43.1   255.255.248.0   UG    0      0        0 pppoe-wan 1.0.32.0        58.111.43.1   255.255.224.0   UG    0      0        0 pppoe-wan 1.1.0.0         58.111.43.1   255.255.255.0   UG    0      0        0 pppoe-wan 1.1.2.0         58.111.43.1   255.255.254.0   UG    0      0        0 pppoe-wan 1.1.4.0         58.111.43.1   255.255.252.0   UG    0      0        0 pppoe-wan

The default route for Destination 0.0.0.0 is used, and the gateway is the VPN gateway, which means that the default traffic goes through the VPN. The following entries point the domestic network segment to the gateway provided by the ISP.

Now, pptp vpn and chnroutes have been configured.

6. Configure Automatic reconnection for VPN disconnection

A. Create/etc/config/pptp-vpn/status-check.sh:

vim /etc/config/pptp-vpn/status-check.sh

Paste the following content in vim (this script detects the VPN connection status and disconnects the WAN and vpn interfaces after the disconnection, and reconnects the WAN 10 seconds later, and re-connect to the VPN in 30 seconds ):

#!/bin/shif [ -f "/tmp/vpn_status_check.lock" ]then        exit 0fiVPN_CONN=`ifconfig | grep pptp-vpn`if [ -z "$VPN_CONN" ]then        touch /tmp/vpn_status_check.lock        echo WAN_VPN_RECONNECT at: >> /tmp/vpn_status_check_reconn.log        date >> /tmp/vpn_status_check_reconn.log        ifdown vpn        ifdown wan        sleep 10        ifup wan        sleep 30        ifdown vpn        sleep 10        ifup vpn        sleep 40        rm /tmp/vpn_status_check.lockelse        date > /tmp/vpn_status_check.logfi

Run the following command to set the permission to executable:

chmod a+x /etc/config/pptp-vpn/status-check.sh

B. Enter the LuCI System-> Scheduled Tasks and enter the following content and save it:

*/1 * * * * /etc/config/pptp-vpn/status-check.sh

The above is actually the cron configuration edited. cron runs the detection/reconnection script every minute and restarts cron:

/etc/init.d/cron restart

C. Wait a few minutes and check the/tmp directory. You can see the vpn_oldgw and vpn_status_check.log files and the vpn_status_check.log files. You can see the last time the VPN connection status was detected.

root@FC_R0:/tmp# ls vpn*vpn_oldgw             vpn_status_check.logroot@FC_R0:/tmp# cat vpn_status_check.log Tue Jul 15 00:04:02 HKT 2014root@FC_R0:/tmp#

You can disconnect the VPN interface in LuCI and observe the reconnection between WAN and VPN in the next 4-5 minutes.

D. traceroute www.google.com and www.baidu.com respectively. Observe the second hop address:

FL-MBP:~ fatlyz$ traceroute www.google.com | head -n 3traceroute: Warning: www.google.com has multiple addresses; using 74.125.239.115traceroute to www.google.com (74.125.239.115), 64 hops max, 52 byte packets 1  fc_r0.lan (192.168.7.1)  2.161 ms  0.912 ms  0.895 ms 2  10.7.0.1 (10.7.0.1)  193.747 ms  187.789 ms  289.744 ms 3  23.92.24.2 (23.92.24.2)  259.323 ms  354.625 ms  408.535 ms

FL-MBP:~ fatlyz$ traceroute www.baidu.com | head -n 3traceroute to www.a.shifen.com (180.76.3.151), 64 hops max, 52 byte packets 1  fc_r0.lan (192.168.7.1)  1.190 ms  0.984 ms  0.731 ms 2  58.111.43.1 (58.111.43.1)  20.616 ms  38.822 ms  18.484 ms 3  183.56.35.133 (183.56.35.133)  20.056 ms  52.353 ms  87.841 ms

It can be seen that the destination address at home and abroad has been successfully selected for routing.

Now, the basic configuration, pptp vpn, chnroutes, and automatic reconnection of OpenWRT routes are complete.