openwrt - 入門( opkg, uci, luci )

最後更新: 2014/09/26

介紹

主頁: https://openwrt.org/

 

目錄

  1. 安裝
  2. Download
  3. First Login
  4. UCI (Unified Configuration Interface)
  5. SSH (Dropbear)
  6. uHTTPd
  7. opkg (Package Manager)
  8. 救機 (password reset)
  9. 系統升級
  10. LuCI
  11. version

 


安裝

 

如果 Hardware 的版本與 firmware 版本不同, 千萬不要硬上 !!

因為變磚了就煩了 ..

 

查看 Hardware 的版本:

 


Download

 

下載: http://downloads.openwrt.org/snapshots/trunk/ar71xx/

openwrt-<CPU 名稱>-generic-<Router 名稱>-<硬件版本>-<格式>-<用圖>

Example

openwrt-ar71xx-generic-tl-wr740n-v1-squashfs-factory.bin
openwrt-ar71xx-generic-tl-wr740n-v1-jffs2-factory.bin
openwrt-ar71xx-generic-tl-wr740n-v1-squashfs-sysupgrade.bin
openwrt-ar71xx-generic-tl-wr740n-v1-jffs2-sysupgrade.bin

 

Firmware 常見的3種格式 TRX, TRX2, BIN

 


First Login

 

當 router  安裝完 openwrt 後, 它只有 telnet 被啟動,

只有設置好root 的 pw 後, 我們才可以 ssh 它 ~

首先我們要 telnet 入去 router

telnet 192.168.1.1

設定它的 password

passwd

 


UCI (Unified Configuration Interface)

 

uci 是 openwrt 的中央設定工具, 我們可以透過它設定 router 上的一切一切

Default 是有安裝的, 除非人手刪了~

所需的packages:

  • uci(/sbin/uci)
  • libuci(/lib/libuci.so )

所有設定值保存放在

/etc/config/xxx

常用 config file:

  • /etc/config/dhcp
  • /etc/config/dropbear
  • /etc/config/firewall
  • /etc/config/network
  • /etc/config/system
  • /etc/config/timeserver
  • /etc/config/wireless

格式:

package 'example'

config 'example' 'test'
        option   'string'      'some value'
        option   'boolean'     '1'
        list     'collection'  'first item'
        list     'collection'  'second item'

 

Usage: uci <command> [arguments]

 

command:

commit 把修改設定值寫入 flash, 並且套用(包括 uci 及 人手修改)

show [<config>[.<section>[.<option>]]]   <-- 查看設定 (compressed notation)

get <-- 查看某個設定值 (compressed notation)

changes [config]

set <config>.<section>[.<option>]=<value>

add_list   <config>.<section>.<option>=<string>

delete <config>[.<section[.<option>]]    

revert <config>[.<section>[.<option>]] <-- 一日未 commit, 一日都可以 revert

export [config]  <--- 匯出某"設定" (UCI syntax)

import [config]

 

Example:

  • uci set dhcp.lan.leasetime=4h
  • uci set dhcp.lan.leasetime=24h

 

  • uci get dhcp.lan.leasetime
24h
  • uci show dhcp
.................
dhcp.lan=dhcp
dhcp.lan.interface=lan
dhcp.lan.start=100
dhcp.lan.limit=150
dhcp.lan.leasetime=24h
.................
  • uci changes
dhcp.lan.leasetime=1
dhcp.lan.leasetime=24h
  • uci revert dhcp
  • uci get dhcp.lan.leasetime
12h
  • uci commit

 

系統現在的狀態:

uci -P /var/state show network.wan

-P <path>  add a search path for config change files and use as default

次序

某些設定是有次序之分的, 比如 firewall 的 rule

所以它們有另一種格式

@rule[-1]

[-1] 代表最尾

root@OpenWrt:~# uci add firewall rule
root@OpenWrt:~# uci set firewall.@rule[-1].src=wan
root@OpenWrt:~# uci set firewall.@rule[-1].target=ACCEPT
root@OpenWrt:~# uci set firewall.@rule[-1].proto=tcp
root@OpenWrt:~# uci set firewall.@rule[-1].dest_port=22
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# /etc/init.d/firewall restart

 

詳見

http://wiki.openwrt.org/doc/uci

 


自動啟動 Service

 

/etc/init.d/xxx

i.e.

/etc/init.d/crond ???

  • start 是次啟動
  • enable 每次 boot 機啟用 !!

說明

/etc/init.d/crond 引入了 /etc/rc.common, 它內有 enable function

原理是在 /etc/rc.d 建立 soft-link

ls /etc/rc.d | grep cron

S50cron

 


SSH(Dropbear)

 

設定檔:

/etc/config/dropbear

  • enable <-- on
  • BannerFile <-- /etc/banner
  • Port <-- 22
  • GatewayPorts <--- tunnel port
  • Interface <-- 0.0.0.0
  • RootLogin <-- default: on
  • RootPasswordAuth <-- default: on

 

SSH From Wan:

/etc/config/firewall

..........................................
#Allow SSH
config rule
        option src              wan
        option proto            tcp
        option dest_port        ssh
        option target           ACCEPT

 


opkg (Package Manager)

 

網上可用的 package:

http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages

設定檔:

/etc/opkg.conf

src/gz  snapshots  http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages <-- 下載 Packages.gz
dest  root  /
dest  ram  /tmp
lists_dir   ext   /var/opkg-lists      <--- /var/opkg-lists/snapshots  
option   overlay_root    /overlay
arch all 100
# package優先次序

lock檔:

/usr/lib/opkg/lock

usage:

opkg [options...] [arguments...]

update                            <-- 下載可用的 package 資料(/var/opkg-lists/snapshots)

install <pkgs>

remove <pkgs>

flag <flag> <pkgs>          <-- hold, noprune, user, ok, installed, unpacked

configure <pkgs>

upgrade <pkgs>              <-- (找出 pkgs opkg list-upgradable)  * 不建議在 SquashFS partition 上使用

download <pkg>             <-- 下載某 package (並沒有下載所要的依賴 package)

資訊 cli :

  • status [pkg|regexp]
  • info [pkg|regexp]

 

  • list [pkg|regexp]              # List available packages
  • list-installed                     # List installed packages 

 

  • files <pkg>                     # 這 <pkg> 有什麼 files
  • search <file|regexp>       # 這 file 是屬於什麼 package

Example:

opkg info screen

Package: screen
Version: 4.3.1-1
Depends: libc, libncurses
Status: unknown ok not-installed
Section: utils
Architecture: ar71xx
Maintainer: Etienne CHAMPETIER <champetier.etienne@gmail.com>
MD5Sum: e49ce215d2ffaddb10a8d9974f56691e
Size: 154676
Filename: screen_4.3.1-1_ar71xx.ipk
Source: feeds/packages/utils/screen
Description: Screen is a full-screen window manager that multiplexes a physical
 terminal between several processes, typically interactive shells.

opkg depends -A screen

screen depends on:
        libc
        libncurses

Destination for any package installation:

dest root /
dest ram /tmp
dest mnt /mnt

opkg install somepackage -d destination_name

Example:

-d ram

有用 options:

--cache <directory>

--nodeps

Example:

用 winscp 上載所需的 package 到 /tmp/package

opkg install *

查看依賴性:

opkg depends  muninlite

muninlite depends on:
        xinetd

Troubleshoot:

rm /usr/lib/opkg/lock

 


救機(password reset)

 

以下過程只適用於使用 SquashFS 的 openwrt router

原因是squashfs 才有 failsafe mode

Step1:

把 PC 的 network 設置為 192.168.1.2

Step2:

長 ping 192.168.1.1, 會見到以下情況

ping -t 192.168.1.1

Ping 192.168.1.1 (使用 32 位元組的資料):
回覆自 192.168.1.101: 目的地主機無法連線。
要求等候逾時。
回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64
回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64
回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64
要求等候逾時。
要求等候逾時。
要求等候逾時。
要求等候逾時。
回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64
回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64
回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64
回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64
.....................

 

 

Step3:

在前段 4 次ping 到的期間按 reset 制, 之後會見到系統的 LED 狂閃

Step4:

當成功 ping 到 router 時,就可以 telnet 它 !!

此時不用 Password Login

Step5:

由於系統是在 Read-only file system, 所以要 mount_root 它 r/w

之後才可以

reset password

passwd

刪除一切設定:

mtd -r erase rootfs_data <-- 相當於 firstboot 指令

                       OR

firstboot   <--   all settings will be reseted

Step6:

reboot -f      <--- Force reboot (initis not running)

P.S.

不在 rescuse mode 用 firstboot 是會出事的 !!

 


系統升級

 

我們可以用官方工具去升級router: sysupgrade

sysupgrade [options] <image>

options:

-f <config>  restore configuration from .tar.gz (file or url) <--- 整個 overlayfs 來
-n           do not save configuration over reflash
-v           more verbose
-c           保留系統設定 <--- 根據 /lib/upgrade/keep.d 來保留

base-files
firewall
base-files-essential
uhttpd

自己要保留的設定就放在 /etc/sysupgrade.conf

檢查檔案的原整性:

# -c      Check sums against list in FILEs

md5sum -c md5sums

86c3f5da10a7f7350391c0fd191cd9b4 *openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-sysupgrade.bin

Example:

md5sum -c md5sums.txt

openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-sysupgrade.bin: OK

# 檢查一次 image 的完整性再 upgrade 會好 D !!

升級 Example:

sysupgrade -v openwrt-ar71xx-generic-tl-wr740n-v3-squashfs-sysupgrade.bin

Saving config files...
etc/sysctl.conf
etc/shells
etc/rc.local
etc/profile
etc/passwd
etc/inittab
etc/hosts
etc/group
etc/firewall.user
etc/dropbear/dropbear_rsa_host_key
etc/dropbear/dropbear_dss_host_key
etc/config/wireless
etc/config/timeserver
etc/config/system
etc/config/network
etc/config/firewall
etc/config/dropbear
etc/config/dhcp
Switching to ramdisk...
Performing system upgrade...
Unlocking firmware ...

Writing from <stdin> to firmware ...
Appending jffs2 data from /tmp/sysupgrade.tgz to firmware...TRX header not found
Error fixing up TRX header
Upgrade completed
Rebooting system...

基本上是不會升級錯的 ~

Invalid image, hardware ID mismatch, hw:07400001 image:07400003.
Image check 'platform_check_image' failed.

Error: Firmware upgrade is not implemented for this platform.

sysupgrade openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-factory.bin

Firmware upgrade is not implemented for this platform.

root@ns8-fw:/tmp# sysupgrade openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-sysupgrade.bin

Firmware upgrade is not implemented for this platform.

解決:

mtd write openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-sysupgrade.bin firmware

 


mtd

 

 

https://datahunter.org/mtd

 


LuCI

 

主頁: http://luci.subsignal.org/trac

介紹:

  • web user interface
  • Lua programming language
  • use object-oriented libraries
  • use templating
  • MVC-Webframework

安裝:

opkg install luci

packages:

luci <-- Meta package 來, 它是一大堆 depends

uhttpd, luci-mod-admin-full, luci-theme-openwrt, luci-app-firewall,

luci-proto-core, luci-proto-ppp, libiwinfo-lua

luci-ssl   <--   https

luci-theme-openwrt

luci-i18n-*

luci-app-*

  • luci-app-firewall
  • luci-app-ddns
  • luci-app-ahcp
  • luci-app-freifunk-policyrouting
  • luci-app-multiwan
  • luci-app-ntpc
  • luci-app-openvpn
  • luci-app-qos
  • luci-app-statistics
  • luci-app-samba
  • luci-app-tinyproxy
  • luci-app-vnstat
  • luci-app-wol
  • luci-app-wshaper

luci-proto-ppp <--- PPPoE

luci-proto-pptp

pptp

  • ppp
  • kmod-gre
  • resolveip

 

啟用:

/etc/init.d/uhttpd enable  <--  started at every boot
/etc/init.d/uhttpd start

 

Tips:

 

Hostnames:

tim-pc.lan <-- 要配合 domain 使用

 

Unsaved Change:

 


Version

 

BarrierBreaker 14.07

* Linux kernel updated to version 3.10
* Procd: new preinit, init, hotplug and event system written in C

Networking improvements:

* Added support for dynamic firewall rules and zones
* Added reworked event support to allow obsoleting network hotplug-scripts
* Netifd now handles setup and configuration reload of wireless interfaces

UCI configuration improvements:

* Support for testing configuration and rollback to working last working state
* Unified change trigger system to restart services on-demand
* Added a data validation layer
* Configuration support for GRE tunnels

Filesystem improvements:

* Added support for filesystem snapshot and rollback
* Rewritten mounting system in C for rootfs and block devices

USB:

* Support for QMI-based 3g/4g modems

Service:

* Support for DNSSEC validation

 

Attitude Adjustment12.09

* Kernel 3.3

OS:

Switched to shadow passwords
Support for external overlay filesystems in release images

Network:

New netifd implementation to replace the old script based network configuration system
Support for bridge firewalling in release images