+ Reply to Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 25

Thread: The OpenWrt Thread

  1. #1

    The OpenWrt Thread

    Hello. I'm dedicating this thread for all OpenWRT discussions, questions and answers.
    And as such, I have a question:

    Sometimes at home I use my company laptop via VPN to the corporate network. While connected to the VPN, I would like my browser and torrent client to connect to my home network via proxy. Now, I'm thinking that this proxy server can be installed on my OpenWRT router.
    1. Is my assumption correct and can it be done?
    2. My router is an old WR740N, would it work correctly with a proxy server? Performance-wise, say I download with full speed and also use the proxy, would the router be able to handle it, or just heat up and die? Do I need a lot of resources/performance for proxy server?
    3. I would also like to use my home proxy at work, to access prohibited sites, will it work externally?
    4. What plugin would be best fitted for this?

    On a side-note, could you also help me decide on a good gigabyte router from here https://wiki.openwrt.org/toh/recommended_routers for openwrt?
    My ISP uses PPPoE.


    Thank you!
    Last edited by Master Razor; 11.09.17 at 14:06.
    Reply With QuoteReply With Quote
    Thanks

  2. #2
    Guys, please. I really need some advice.
    Reply With QuoteReply With Quote
    Thanks

  3. #3
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Sorry, I missed this thread!

    First, I'd like to say OpenWrt (that's how you spell it and I renamed the thread accordingly) is awesome. If you have a supported router with USB, you can basically do whatever you want; indeed, the very first thing I did was cracking a WEP network to get free Internet Be sure to check the image generator out if you haven't already, it will let you build firmware images that contain the stuff you want (complete with including pre-written configuration files) and nothing of what you don't. After that, you won't want to flash the "official" images and install packages by hand anymore.

    The split to LEDE and the fractured codebases and development that exist as a result are a sorry state of affairs. I wish they'd reunificate the projects or at least find a way to solve that issue.

    Anyway, on to your questions.

    Quote Originally Posted by Master Razor View Post
    Sometimes at home I use my company laptop via VPN to the corporate network. While connected to the VPN, I would like my browser and torrent client to connect to my home network via proxy. Now, I'm thinking that this proxy server can be installed on my OpenWRT router.
    1. Is my assumption correct and can it be done?
    Yes, several proxy servers are available for OpenWrt; tinyproxy sounds best for the hardware and casual usage you mention. Whatever you choose, make sure to secure it after installing. Not sure why you'd want to proxy torrents through your home network, however. I would install Transmission or rTorrent and vsftpd on the router to effectively create a seedbox instead.

    2. My router is an old WR740N, would it work correctly with a proxy server? Performance-wise, say I download with full speed and also use the proxy, would the router be able to handle it, or just heat up and die? Do I need a lot of resources/performance for proxy server?
    Routers don't "heat up and die" except in exceptional circumstances, you'll just get reduced performance. The TL-WR740N can be flashed with the BREED bootloader, which supports altering the processor clocks; you could underclock them to sacrifice speed in exchange for less heat, and/or open the router and put a small heatsink on the CPU or SoC.

    tinyproxy is, as the name suggests, specifically designed to use as little resources as possible.

    3. I would also like to use my home proxy at work, to access prohibited sites, will it work externally?
    Depends on how good your workplace's filter is. In a worst-case scenario you may have to run your proxy on port 443 with stunnel.

    4. What plugin would be best fitted for this?
    See above.

    On a side-note, could you also help me decide on a good gigabyte router from here https://wiki.openwrt.org/toh/recommended_routers for openwrt?
    My ISP uses PPPoE.
    Can't recommend a gigabit router personally (all my infrastructure is still 100 Mbit), but the TL-WR1043ND seems good if you're on a budget. Decent flash size and RAM plus a USB port for persistent storage and swap space.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  4. Who Said Thanks:

    H265 (17.09.17) , cloud99 (14.09.17) , Master Razor (13.09.17)

  5. #4
    You seem to have a lot of experience with this stuff. When you build a firmware image do you actually check your used space or does the compiler warn you when your image will take more than the maximum amout of flash space? The last time I built my custom image I calculated the space used by the packages before compiling them to make sure I don't go over.


    My current config is:
    make image PROFILE=TLWR740 PACKAGES="base-files busybox dnsmasq dropbear firewall hotplug2 iptables iptables-mod-nat-extra kmod-ipt-nat-extra iw jshn kernel kmod-ath kmod-ath9k kmod-ath9k-common kmod-cfg80211 kmod-crypto-aes kmod-crypto-arc4 kmod-crypto-core kmod-gpio-button-hotplug kmod-ipt-conntrack kmod-ipt-core kmod-ipt-nat kmod-ipt-nathelper kmod-leds-gpio kmod-ledtrig-default-on kmod-ledtrig-netdev kmod-ledtrig-timer -kmod-ledtrig-usbdev kmod-lib-crc-ccitt kmod-mac80211 kmod-nls-base kmod-ppp kmod-pppoe kmod-pppox -kmod-usb-core -kmod-usb-ohci -kmod-usb2 kmod-wdt-ath79 mtd netifd ppp ppp-mod-pppoe swconfig uboot-envtools ubus ubusd uci uhttpd wpad-mini libblobmsg-json libc libip4tc libjson liblua libnl-tiny libubox libubus libuci libxtables qos-scripts kmod-ipv6 kmod-ip6tables ip6tables wol ddns-scripts dnsmasq-dhcpv6 bash arptables kmod-arptables radvd wide-dhcpv6-client ip miniupnpd libip4tc tinyproxy"
    Reply With QuoteReply With Quote
    Thanks

  6. #5
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Quote Originally Posted by Master Razor View Post
    When you build a firmware image do you actually check your used space or does the compiler warn you when your image will take more than the maximum amout of flash space? The last time I built my custom image I calculated the space used by the packages before compiling them to make sure I don't go over.
    There are no checks or warnings. If you add too many files or packages, the building process will run as usual, but ultimately no firmware will be generated, and the only things you'll find under the bin directory are kernel images (meant to be loaded in memory via serial debugging, or kexec if you're adventurous).

    Anyway, your command line is not incorrect, but it has a lot of fluff. Firstly, let's have a look at the first few lines of `make info' for the LEDE 17.01.2 ar71xx image builder (because that's the version I have at hand right now).

    Code:
    Current Target: "ar71xx (Generic)"
    Default Packages: base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd kmod-gpio-button-hotplug swconfig kmod-ath9k wpad-mini uboot-envtools dnsmasq iptables ip6tables ppp ppp-mod-pppoe firewall odhcpd odhcp6c
    Available Profiles:
    
    Default:
        Default Profile (all drivers)
        Packages: kmod-usb-core kmod-usb-ohci kmod-usb2 kmod-usb-ledtrig-usbport
    Both everything listed after "Default Packages" (don't confuse with default profile) and their dependencies are implied for any image you build, so there's no need to specify you want busybox, iptables and such. Now, these are the lines pertaining to your particular router model. Note how the profile names differ from yours, I assume you're trying to build OpenWrt 12.09.

    Code:
    tl-wr740n-v1:
        TP-LINK TL-WR740N/ND v1
        Packages: 
    tl-wr740n-v3:
        TP-LINK TL-WR740N/ND v3
        Packages: 
    tl-wr740n-v4:
        TP-LINK TL-WR740N/ND v4
        Packages: 
    tl-wr740n-v5:
        TP-LINK TL-WR740N/ND v5
        Packages: 
    tl-wr740n-v6:
        TP-LINK TL-WR740N/ND v6
        Packages:
    This means the TL-WR740N routers require no additional packages over the default ones; USB support won't be added, so you don't need to explicitly disallow it in the command line either.

    If you're still confused, just flash a stock image and run opkg list-installed.
    • Whatever is in the list and you want to have, doesn't need to be specified when building the image.
    • Whatever isn't in the list and you want to have, must be added to the command line.
    • Whatever is in the list that you don't want to have, must be removed via the command line (-thing -thing2). If it's still there after flashing your image, then it's a dependency of something else and thus still necessary.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  7. Who Said Thanks:

    H265 (17.09.17) , Master Razor (17.09.17)

  8. #6
    Some more questions for Attitude Adjustment 12.09:

    1. So, if I add many packages and the size exceeds the maximum firmware size, there will be no images built in the bin folder?
    2. Where do I find the default packages list? I couldn't find any reference online.
    3. When specifying the packages do I need to also add their dependencies?
    Reply With QuoteReply With Quote
    Thanks

  9. #7
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Did you actually read my post? Everything's already answered there But I'll do it again anyway.

    Quote Originally Posted by Master Razor View Post
    1. So, if I add many packages and the size exceeds the maximum firmware size, there will be no images built in the bin folder?
    2. Where do I find the default packages list? I couldn't find any reference online.
    3. When specifying the packages do I need to also add their dependencies?
    1. Correct.
    2. Run `make info' in the image builder's directory. You'll get the list of base packages plus the specific additions for each router model.
    3. No, package dependencies are always included, and if you attempt to remove a package something else depends on, then it won't be removed at all.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  10. #8
    Thanks anon, I executed the command and the output is:

    Code:
    Current Target: "ar71xx (Generic)"
    Default Packages: base-files libc libgcc busybox dropbear mtd uci opkg hotplug2 netifd kmod-leds-gpio kmod-gpio-button-hotplug kmod-wdt-ath79 swconfig kmod-ledtrig-default-on kmod-ledtrig-timer kmod-ledtrig-netdev kmod-ath9k wpad-mini uboot-envtools dnsmasq iptables ppp ppp-mod-pppoe kmod-ipt-nathelper firewall
    
    TLWR740:
    	TP-LINK TL-WR740N/ND
    	Packages:
    What I want to achieve is:
    ipv4/ipv6 (dns, dhcp, nat...)
    iptables for ipv4/ipv6
    proxy
    bash scripting
    most, if not all linux utils (like wget, curl, which...) and functionality (crontab...)

    I basically want the maximum functionality of this router.

    Would this be ok for what I want? Or is still too fluffy?
    Code:
    iptables-mod-nat-extra ip6tables qos-scripts wol ddns-scripts dnsmasq-dhcpv6 bash arptables radvd wide-dhcpv6-client ip lua tinyproxy stunnel curl wget wput whereis

    Sorry if these may seem like noob questions but the last time I built a OpenWrt image was back in 2012 and I haven't kept any notes whatsoever. I don't even know what packages I used back then.
    Last edited by Master Razor; 17.09.17 at 21:51.
    Reply With QuoteReply With Quote
    Thanks

  11. #9
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Quote Originally Posted by Master Razor View Post
    Would this be ok for what I want? Or is still too fluffy?
    Code:
    iptables-mod-nat-extra ip6tables qos-scripts wol ddns-scripts dnsmasq-dhcpv6 bash arptables radvd wide-dhcpv6-client ip lua tinyproxy stunnel curl wget wput whereis
    As long as it actually generates an image, then yes, it's OK You may be asking too much of a router with 4 MB of flash space, but you'll have to try and see.

    If space just isn't enough, there are USB/SD card mods for some hardware revisions... or you can just get a TL-MR3220 and build a minimal image which supports extroot, then install anything and everything you want.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  12. #10
    If I want to use just:
    ... in my crontab, do I still need ddns-scripts ?


    I guess my final config would be:
    ip6tables dnsmasq-dhcpv6 wol qos-scripts wget tinyproxy stunnel bash
    Also I wanted to ask, what is this separation between OpenWrt and LEDE? Is OpenWrt not stable anymore or what?
    Last edited by Master Razor; 18.09.17 at 22:12.
    Reply With QuoteReply With Quote
    Thanks

  13. #11
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Quote Originally Posted by Master Razor View Post
    If I want to use just:

    ... in my crontab, do I still need ddns-scripts ?
    No. And if you don't need to make HTTPS or FTP requests, you don't even need the wget package either, because a very basic version of it is built in busybox (you're missing the output destination in that command line, by the way).

    Also I wanted to ask, what is this separation between OpenWrt and LEDE? Is OpenWrt not stable anymore or what?
    You could say it's politics, many of the developers wanted a new start due to what they saw as stagnation and inefficiency in the OpenWrt project.

    https://lede-project.org/about
    [LEDE-DEV] openwrt and lede - remerge proposal
    https://forum.openwrt.org/viewtopic.php?id=70867

    However, this also means discarding the tons of documentation and information available on the OpenWrt wiki, forums and third-party tutorials, and not all of the community has moved on. It's a suboptimal situation.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  14. Who Said Thanks:

    Master Razor (19.09.17)

  15. #12
    No. And if you don't need to make HTTPS or FTP requests, you don't even need the wget package either, because a very basic version of it is built in busybox (you're missing the output destination in that command line, by the way).
    So that's why my wget never worked with https. How do you know these things?

    I sure could've used your help in 2012 when I flashed this image. I just never occured to me to ask you.
    Reply With QuoteReply With Quote
    Thanks

  16. #13
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Quote Originally Posted by Master Razor View Post
    So that's why my wget never worked with https. How do you know these things?
    I checked the documentation, and once even compiled my own firmware - not using the image builder, but actually compiling everything from source - before realizing my hardware just wasn't up for the task: six hours per image. If yours is, make sure you try it, it'll let you remove even more stock fluff and apply cool source patches, like the one that enables 250 channels at full speed and power.

    With that said, it's not hard to attempt to wget an HTTPS or FTP link and notice it's not supported

    I sure could've used your help in 2012 when I flashed this image. I just never occured to me to ask you.
    Well, you asked at the right time, because I basically didn't know anything about OpenWrt until last year!
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  17. #14
    I sucessfully flashed the new image.
    Real final config:
    make image PROFILE=TLWR740 PACKAGES="bash ip6tables dnsmasq-dhcpv6 wide-dhcpv6-client radvd etherwake tinyproxy stunnel"
    Filesystem Size Used Available Use% Mounted on
    rootfs 448.0K 232.0K 216.0K 52% /
    /dev/root 2.5M 2.5M 0 100% /rom
    tmpfs 14.3M 104.0K 14.2M 1% /tmp
    tmpfs 512.0K 0 512.0K 0% /dev
    /dev/mtdblock3 448.0K 232.0K 216.0K 52% /overlay
    overlayfs:/overlay 448.0K 232.0K 216.0K 52% /


    I'm near the end, so please bear with me.
    For tinyproxy:
    I assume there is no way to password-protect a proxy, correct? Once is enabled, it can be used by anybody.
    I want to make the firewall entry to only allow proxy on wan, and no lan. I'll get to it.
    Last edited by Master Razor; 23.09.17 at 04:04.
    Reply With QuoteReply With Quote
    Thanks

  18. #15
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Well, yesterday I typed a reply for most of your post as it was before the edit before leaving for work, so I'll submit it anyway

    Quote Originally Posted by Master Razor View Post
    In my case I am flashing from Attitude Adjustment beta to final. In this case I will use the sysupgrade file, correct?
    Yes.

    In order to save all my config I'm going to try to use /lib/upgrade/keep.d/
    I created a new file in /lib/upgrade/keep.d/, and added my config and folder paths in it. Will this work?
    Or do I have to add them into the pre-defined files (base-files, base-files-essential, etc)?
    Or should I put all my custom files in /etc/sysupgrade.conf?
    No, don't touch anything under keep.d. Run `opkg list-changed-conffiles' first. Anything listed there is a default configuration file that was modified and will always be preserved when doing a sysupgrade. Anything listed on /lib/upgrade/keep.d/* and /etc/sysupgrade.conf won't be lost either. I don't really know the difference between them, but keep.d is suppposed to be some sort ot fallback/deprecated method; editing the .conf file is the preferred way to add custom files or directories that you don't want to lose during an upgrade.

    Personally, though, I prefer to make a tar of /overlay, do a clean install, and then restore configuration files manually.

    Could you also tell me what are the default files in /lib/upgrade/keep.d# ?
    Mine has base-files, base-files-essential, firewall, ppp, uhttpd
    That depends on which packages you have installed. The image I'm using right now has no firewall or ppp, but includes LuCI and vsftpd, so it looks like this.

    Code:
    root@LEDE:/lib/upgrade/keep.d# ls -la
    drwxr-xr-x    2 root     root          4096 Jun  6 19:35 .
    drwxr-xr-x    3 root     root          4096 Apr 17 13:42 ..
    -rw-r--r--    1 root     root            97 Apr 17 13:42 base-files
    -rw-r--r--    1 root     root           158 Apr 17 13:42 base-files-essential
    -rw-r--r--    1 root     root            18 Jun  5 17:37 luci-base
    -rw-r--r--    1 root     root            16 Apr 17 13:42 opkg
    -rw-r--r--    1 root     root            32 Feb 28  2017 uhttpd
    -rw-r--r--    1 root     root            12 May  9 16:11 vsftpd
    Also, if you haven't backed up the router's bootloader and ART partition and replaced the former with u-boot_mod or BREED, you really should. They'll give you a safety network in case you build a bad image or something goes wrong during flashing.

    Quote Originally Posted by Master Razor View Post
    For tinyproxy:
    I assume there is no way to password-protect a proxy, correct? Once is enabled, it can be used by anybody.
    I want to make the firewall entry to only allow proxy on wan, and no lan. I'll get to it.
    1. there is proxy authentication, but tinyproxy doesn't support it without a patch (which I doubt is included in the official package). You have a clever, if somewhat unwieldy workaround: https://serverfault.com/questions/22...authentication
    2. setting iptables to reject all packets sent to any router interface where the source IP is within your local subnet and the destination port is that of tinyproxy should do. Binding the proxy on the wan interface only may seem to work, but it would still be reachable locally by attempting to connect to your WAN address instead.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  19. Who Said Thanks:

    cloud99 (26.09.17) , Master Razor (24.09.17)

+ Reply to Thread
Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •