Openwrt安装后配置的过程。

软件升级

可以通过下面命令对软件升级

opkg update
# Upgrade all package upgradable
opkg list-upgradable | awk -F ' - ' '{print $1}' | xargs opkg upgrade

软件安装

安装的主要软件包括openssh-server, nginx, vimzshlsof等,通过opkg install xxx实现。

  • wpa-supplicant: 连接校园网wifi

  • hostapd: 开启热点

配置

1. ssh配置 [1]

  • Edit /etc/ssh/sshd_config and change #PermitRootLogin without-password to PermitRootLogin yes

  • Enable and start OpenSSH server. OpenSSH will listen now on port 22.

    /etc/init.d/sshd enable
/etc/init.d/sshd start

2. 连接校园网

用以通过无线连接校园网做外网出口。

连接

  • Network -> Wireless -> radio1(5G)/radio0(2.4G) -> Scan连 接:

    配置 参数
    General Setup -> Mode Client
    General Setup -> ESSID Wifi名称(SJTU)
    General Setup -> BSSID 校园网MAC地址,可以绑定特定的wifi MAC
    General Setup -> Network 网络 Interface接口,下面IPv4IPv6两个
    Security -> Encryption WPA2-EAP
    Security -> EAP Method PEAP
    Security -> Authentication EAP-MSCHAPv2
    Security -> Identity 用户名
    Security -> Password 密码

IPv4

  • 新建 Network -> Interface (Name: SJTU)

    • General -> Protocol: DHCP client
    • General -> Device: unspecified
    • General -> Bring up on boot: selected
    • Firewall Settings -> Create / Assign firewall-zone: SJTU/SJTU6

IPv6

  • 新建 Network -> Interface (Name: SJTU6)

    • General -> Protocol: DHCP6 client
    • General -> Device: wlan1
    • General -> Bring up on boot: selected
    • Firewall Settings -> Create / Assign firewall-zone: SJTU/SJTU6

  • IPv6 NAT66

    • Network -> Interface -> LAN edit -> DHCP server 配置如下:

      配置 参数
      RA - Service server mode
      DHCPv6-Service server mode
      Local IPv6 DNS Server unchecked
      NDP-Proxy disabled

    • NAT66配置 [2]

      • 打开 IPv6, iptables添加IPv6的NAT表。在 /etc/firewall.user里面加上:

         WAN6=SJTU
 LAN=br-lan
 ip6tables -t nat -A POSTROUTING -o $WAN6 -j MASQUERADE
 ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 ip6tables -A FORWARD -i $LAN -j ACCEPT

        WAN6和LAN分别改成外网IPv6和内网网卡(interface)的名字,注意不是防火墙区域(zone)的名字,也不是LuCI里面Network->Interfaces里面看到的名字,而是ifconfig看到的名字

      • 正确配置网关

        添加/etc/hotplug.d/iface/99-ipv6文件:

          #!/bin/sh
  [ "$ACTION" = ifup ] || exit 0
  iface=SJTU6
  [ -z "$iface" -o "$INTERFACE" = "$iface" ] || exit 0
  ip -6 route add `ip -6 route show default|sed -e 's/from [^ ]* //'`
  logger -t IPv6 "Add IPv6 default route."

        这里iface是LuCI里面Network->Interfaces里面看到的名 字,一般叫wan6。这个脚本的意思是在wan6起来以后读取默认 网关,把带from的内容去掉,再加到系统路由表里。同时

        chmod +x /etc/hotplug.d/iface/99-ipv6

  • 静态 IP

  • 开启热点

    • 安装hostapd软件

    • Network -> Wireless -> radio0(2.4G)/radio1(5G) -> Add添 加:

      配置 参数
      General Setup -> Mode Access Point
      General Setup -> ESSID Wifi名称(sunnet)
      General Setup ->Network lan
      Security -> Encryption WPA2-PSK
      Security -> Key 密码

3. WAN口转LAN口

  • 修改Network -> Interface -> Devices
    • br-lan : Bridge ports 添加 wan

4. 挂载U盘

安装下述packages即可。

  opkg install block-mount e2fsprogs kmod-fs-ext4 kmod-usb-storage kmod-usb2 kmod-usb3

5. zsh

  • 安装zsh

  • 修改/etc/passwdroot:开头行中/bin/ash/usr/bin/zsh

  • .oh-my-zsh文件夹复制到/root/

  • cd root && ln -s .oh-my-zsh/sunic-zsh/zshrc.sh .zshrc

6. vim

  • 复制.vimrc/root/

7. nginx

  • 安装nginx

  • 复制证书和配置文件

Problems

  • Nginx代理luci时报错:No related RPC reply
    • Status: 待解决

Reference

[1] Replacing Dropbear by openssh-server

[2] OpenWRT 路由器作为 IPv6 网关的配置