![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2024-07-19
介紹
目錄
- 安裝
- Download
- First Login
- UCI (Unified Configuration Interface)
- SSH (Dropbear)
- uHTTPd
- opkg (Package Manager)
- 救機 (password reset)
- 系統升級
- LuCI
- service
- Versions
安裝
如果 Hardware 的版本與 firmware 版本不同, 千萬不要硬上 !!
因為變磚了就煩了 ..
查看 Hardware 的版本:
Download
下載: http://downloads.openwrt.org/snapshots/trunk/ar71xx/
openwrt-<CPU 名稱>-generic-<Router 名稱>-<硬件版本>-<格式>-<用圖>
Example
openwrt-ar71xx-generic-tl-wr740n-v1-squashfs-factory.bin
openwrt-ar71xx-generic-tl-wr740n-v1-jffs2-factory.bin
openwrt-ar71xx-generic-tl-wr740n-v1-squashfs-sysupgrade.bin
openwrt-ar71xx-generic-tl-wr740n-v1-jffs2-sysupgrade.bin
Firmware 常見的3種格式 TRX, TRX2, BIN
First Login
當 router 安裝完 openwrt 後, 它只有 telnet 被啟動,
只有設置好root 的 pw 後, 我們才可以 ssh 它 ~
首先我們要 telnet 入去 router
telnet 192.168.1.1
設定它的 password
passwd
UCI (Unified Configuration Interface)
uci 是 openwrt 的中央設定工具, 我們可以透過它設定 router 上的一切一切
Default 是有安裝的, 除非人手刪了~
所需的packages:
- uci(/sbin/uci)
- libuci(/lib/libuci.so )
所有設定值保存放在
/etc/config/xxx
常用 config file:
- /etc/config/dhcp
- /etc/config/dropbear
- /etc/config/firewall
- /etc/config/network
- /etc/config/system
- /etc/config/timeserver
- /etc/config/wireless
格式:
package 'example'
config 'example' 'test'
option 'string' 'some value'
option 'boolean' '1'
list 'collection' 'first item'
list 'collection' 'second item'
Usage: uci <command> [arguments]
command:
commit 把修改設定值寫入 flash, 並且套用(包括 uci 及 人手修改)
show [<config>[.<section>[.<option>]]] <-- 查看設定 (compressed notation)
get <-- 查看某個設定值 (compressed notation)
changes [config]
set <config>.<section>[.<option>]=<value>
add_list <config>.<section>.<option>=<string>
delete <config>[.<section[.<option>]]
revert <config>[.<section>[.<option>]] <-- 一日未 commit, 一日都可以 revert
export [config] <--- 匯出某"設定" (UCI syntax)
import [config]
Example:
- uci set dhcp.lan.leasetime=4h
- uci set dhcp.lan.leasetime=24h
- uci get dhcp.lan.leasetime
24h
- uci show dhcp
................. dhcp.lan=dhcp dhcp.lan.interface=lan dhcp.lan.start=100 dhcp.lan.limit=150 dhcp.lan.leasetime=24h .................
- uci changes
dhcp.lan.leasetime=1 dhcp.lan.leasetime=24h
- uci revert dhcp
- uci get dhcp.lan.leasetime
12h
- uci commit
系統現在的狀態:
uci -P /var/state show network.wan
-P <path> add a search path for config change files and use as default
次序
某些設定是有次序之分的, 比如 firewall 的 rule
所以它們有另一種格式
@rule[-1]
[-1] 代表最尾
root@OpenWrt:~# uci add firewall rule root@OpenWrt:~# uci set firewall.@rule[-1].src=wan root@OpenWrt:~# uci set firewall.@rule[-1].target=ACCEPT root@OpenWrt:~# uci set firewall.@rule[-1].proto=tcp root@OpenWrt:~# uci set firewall.@rule[-1].dest_port=22 root@OpenWrt:~# uci commit firewall root@OpenWrt:~# /etc/init.d/firewall restart
詳見
http://wiki.openwrt.org/doc/uci
自動啟動 Service
/etc/init.d/xxx
i.e.
/etc/init.d/crond ???
- start 是次啟動
- enable 每次 boot 機啟用 !!
說明
/etc/init.d/crond 引入了 /etc/rc.common, 它內有 enable function
原理是在 /etc/rc.d 建立 soft-link
ls /etc/rc.d | grep cron
S50cron
SSH(Dropbear)
設定檔:
/etc/config/dropbear
- enable <-- on
- BannerFile <-- /etc/banner
- Port <-- 22
- GatewayPorts <--- tunnel port
- Interface <-- 0.0.0.0
- RootLogin <-- default: on
- RootPasswordAuth <-- default: on
SSH From Wan:
/etc/config/firewall
..........................................
#Allow SSH
config rule
option src wan
option proto tcp
option dest_port ssh
option target ACCEPT
救機(password reset)
以下過程只適用於使用 SquashFS 的 openwrt router
原因是squashfs 才有 failsafe mode
Step1:
把 PC 的 network 設置為 192.168.1.2
Step2:
長 ping 192.168.1.1, 會見到以下情況
ping -t 192.168.1.1 Ping 192.168.1.1 (使用 32 位元組的資料): 回覆自 192.168.1.101: 目的地主機無法連線。 要求等候逾時。 回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64 回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64 回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64 要求等候逾時。 要求等候逾時。 要求等候逾時。 要求等候逾時。 回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64 回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64 回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64 回覆自 192.168.1.1: 位元組=32 time<1ms TTL=64 .....................
Step3:
在前段 4 次ping 到的期間按 reset 制, 之後會見到系統的 LED 狂閃
Step4:
當成功 ping 到 router 時,就可以 telnet 它 !!
此時不用 Password Login
Step5:
由於系統是在 Read-only file system, 所以要 mount_root 它 r/w
之後才可以
reset password
passwd
刪除一切設定:
mtd -r erase rootfs_data <-- 相當於 firstboot 指令
OR
firstboot <-- all settings will be reseted
Step6:
reboot -f <--- Force reboot (initis not running)
P.S.
不在 rescuse mode 用 firstboot 是會出事的 !!
系統升級
我們可以用官方工具去升級router: sysupgrade
sysupgrade [options] <image>
options:
-f <config> restore configuration from .tar.gz (file or url) <--- 整個 overlayfs 來
-n do not save configuration over reflash
-v more verbose
-c 保留系統設定 <--- 根據 /lib/upgrade/keep.d 來保留
base-files
firewall
base-files-essential
uhttpd
自己要保留的設定就放在 /etc/sysupgrade.conf
檢查檔案的原整性:
# -c Check sums against list in FILEs
md5sum -c md5sums
86c3f5da10a7f7350391c0fd191cd9b4 *openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-sysupgrade.bin
Example:
md5sum -c md5sums.txt
openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-sysupgrade.bin: OK
# 檢查一次 image 的完整性再 upgrade 會好 D !!
升級 Example:
sysupgrade -v openwrt-ar71xx-generic-tl-wr740n-v3-squashfs-sysupgrade.bin
Saving config files...
etc/sysctl.conf
etc/shells
etc/rc.local
etc/profile
etc/passwd
etc/inittab
etc/hosts
etc/group
etc/firewall.user
etc/dropbear/dropbear_rsa_host_key
etc/dropbear/dropbear_dss_host_key
etc/config/wireless
etc/config/timeserver
etc/config/system
etc/config/network
etc/config/firewall
etc/config/dropbear
etc/config/dhcp
Switching to ramdisk...
Performing system upgrade...
Unlocking firmware ...
Writing from <stdin> to firmware ...
Appending jffs2 data from /tmp/sysupgrade.tgz to firmware...TRX header not found
Error fixing up TRX header
Upgrade completed
Rebooting system...
基本上是不會升級錯的 ~
Invalid image, hardware ID mismatch, hw:07400001 image:07400003.
Image check 'platform_check_image' failed.
Error: Firmware upgrade is not implemented for this platform.
sysupgrade openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-factory.bin
Firmware upgrade is not implemented for this platform.
root@ns8-fw:/tmp# sysupgrade openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-sysupgrade.bin
Firmware upgrade is not implemented for this platform.
解決:
mtd write openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-sysupgrade.bin firmware
mtd
https://datahunter.org/mtd
LuCI
主頁: http://luci.subsignal.org/trac
介紹:
- web user interface
- Lua programming language
- use object-oriented libraries
- use templating
- MVC-Webframework
安裝:
opkg install luci
packages:
luci <-- Meta package 來, 它是一大堆 depends
uhttpd, luci-mod-admin-full, luci-theme-openwrt, luci-app-firewall,
luci-proto-core, luci-proto-ppp, libiwinfo-lua
luci-ssl <-- https
luci-theme-openwrt
luci-i18n-*
luci-app-*
- luci-app-firewall
- luci-app-ddns
- luci-app-ahcp
- luci-app-freifunk-policyrouting
- luci-app-multiwan
- luci-app-ntpc
- luci-app-openvpn
- luci-app-qos
- luci-app-statistics
- luci-app-samba
- luci-app-tinyproxy
- luci-app-vnstat
- luci-app-wol
- luci-app-wshaper
luci-proto-ppp <--- PPPoE
luci-proto-pptp
pptp
- ppp
- kmod-gre
- resolveip
啟用:
/etc/init.d/uhttpd enable <-- started at every boot
/etc/init.d/uhttpd start
Tips:
Hostnames:
tim-pc.lan <-- 要配合 domain 使用
Unsaved Change:
service
# Print a list of available services.
# ls /etc/init.d
service
# Print a list of available actions for a service.
# /etc/init.d/<service>
service <service>
# Execute that action on a specific service.
# /etc/init.d/<service> <action>
service <service> <action>
特別 action
- enabled Check if the service is enabled.
- running Check if the service is running.
Versions
openwrt-22.03
openwrt-21.02
- Linux 5.4
BarrierBreaker 14.07
* Linux kernel updated to version 3.10
* Procd: new preinit, init, hotplug and event system written in C
Networking improvements:
* Added support for dynamic firewall rules and zones
* Added reworked event support to allow obsoleting network hotplug-scripts
* Netifd now handles setup and configuration reload of wireless interfaces
UCI configuration improvements:
* Support for testing configuration and rollback to working last working state
* Unified change trigger system to restart services on-demand
* Added a data validation layer
* Configuration support for GRE tunnels
Filesystem improvements:
* Added support for filesystem snapshot and rollback
* Rewritten mounting system in C for rootfs and block devices
USB:
* Support for QMI-based 3g/4g modems
Service:
* Support for DNSSEC validation
Attitude Adjustment12.09
* Kernel 3.3
OS:
Switched to shadow passwords
Support for external overlay filesystems in release images
Network:
New netifd implementation to replace the old script based network configuration system
Support for bridge firewalling in release images
