Wednesday, September 23, 2020

NanoPi R2S and OpenWRT

Although there is an OEM version of OpenWRT (FriendlyWRT) for NanoPi R2S, personally I prefer using the original version of OpenWRT if it is possible.  The FriendlyWRT is fine solution however it is few versions behind the official OpenWRT build.  In addition, the OEM version preloaded with many plugins that I either don't use or I don't know.  For instance, it comes it with many VPN related plugins that are populate in its home market.


Currently, its support hasn't make to the mainstream yet.  It is still under development and its image is under the snapshot branch.  Being a snapshot image, it only contains the very core.  That is it doesn't come with luci preloaded.  Here are steps that I use to set mine up.  Firstly, ssh into your NanoPi, then:-

1) Install luci to regain GUI access.

opkg update
opkg install luci

2) Install packges for OpenVPN, Custom Command and ttyd.

opkg install openvpn-openssl luci-app-openvpn luci-app-commands luci-app-ttyd

3) Install packages for statistics such as CPU load, thermal etc

opkg install luci-app-statistics
opkg install collectd-mod-cpu collectd-mod-interface collectd-mod-memory collectd-mod-ping collectd-mod-rrdtool collectd-mod-wireless collectd-mod-thermal

4) Install Smart Queue Management (SQM) package

opkg install luci-app-sqm

You may need to restart the r2s to get this to work.

 https://openwrt.org/docs/guide-user/luci/luci_app_statistics 

 

Here is settings for the front LEDs in the /etc/config/system file. 

config led 'led_wan'
        option name 'WAN'
        option sysfs 'nanopi-r2s:green:wan'
        option trigger 'netdev'
        option mode 'link tx rx'
        option dev 'eth0'

config led 'led_lan'
        option name 'LAN'
        option sysfs 'nanopi-r2s:green:lan'
        option trigger 'netdev'
        option mode 'link tx rx'
        option dev 'eth1'

 

 

n.b. all packages in one command:

opkg install luci openvpn-openssl luci-app-openvpn luci-app-commands luci-app-ttyd luci-app-statistics collectd-mod-cpu collectd-mod-interface collectd-mod-memory collectd-mod-ping collectd-mod-rrdtool collectd-mod-wireless collectd-mod-thermal luci-app-sqm
Posted by at No comments:
Labels: , , , ,

Saturday, September 12, 2020

OpenWRT and Wireguard

VPN Unlimited has a great step by step guide ( https://www.vpnunlimitedapp.com/help/manuals/open-wrt-wireguard-setup) for setting up Wireguard on OpenWRT.

Here, I just want to add a few useful notes on setting up Wireguard.

First, these are packages required to make Wireguard working.


Second, you may need to restart the Wireguard interface to see settings being applied.  Sometimes you may even need to reboot the router.

Last but not the least, it is possible to have one local network using the normal WAN interface, and another network to use WG interface/ OpenVPN TUN Interface. You can do it by using VPN and WAN Policy-Based Routing (luci-app-vpn-policy-routing).

As below, you can specify the routing path for a machine, a group of machines or a network.



It is worth to note that, the policy routing only works if no NAT offloading is deployed.



Again, you may need to do a restart before you can see things become effective.

Posted by at No comments:
Labels: , , , , , ,

Saturday, September 5, 2020

How to Update OPNSense to a specific version

Two days ago, I updated my OPNSense to version 20.7.2.  Then I started experiencing issue with my connection.  My connection would cut off after a few hours and I could not get onto the firewall.  Luckily, I have a backup of my configuration so reinstalling the firewall should not be a big problem.

Now, I have this issue of bring the firewall up to date.  If I use the standard method to update the firewall, it will update it to the latest version, i.e. 20.7.2 which is the version I had problems with.  Hence, I need a way to bring my firewall to the last good version, e.g. 20.7.1.

After consulting the know-it-all Google, here is what I found.  On the firmware settings page, rather than using the default flavor, choose "(other)".  In the box underneath, specify the version you want to update to, e.g.

<major version>/MINT/<decimal version number>/OpenSSL

20.7/MINT/20.7.1/OpenSSL

Save the settings, and then press the "Check For Update" button as usual.  You now should get an update offer to the version you specified.

I hope I don't need to do this again in the future, but I guess this is something good to know.


ref: https://forum.opnsense.org/index.php?topic=9638.0

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)