root@mini:~# lsusb Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 003 Device 006: ID 8087:0036 Intel Corp. Bus 003 Device 003: ID 0461:4e04 Primax Electronics, Ltd Lenovo Keyboard KB1021 Bus 003 Device 002: ID 17ef:600e Lenovo Optical Mouse Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
auto wlp4s0f0 iface wlp4s0f0 inet dhcp wpa-ssid "igloo studio" wpa-psk "igloo studio password"
auto vmbr0 iface vmbr0 inet static address 10.0.1.1/24 bridge-ports none bridge-stp off bridge-fd 0
# Enable IP forwarding post-up echo 1 > /proc/sys/net/ipv4/ip_forward
# Allow all forwarding from VM network to WAN post-up iptables -A FORWARD -i vmbr0 -o wlp4s0f0 -j ACCEPT post-down iptables -D FORWARD -i vmbr0 -o wlp4s0f0 -j ACCEPT
# Single NAT rule for all traffic post-up iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o wlp4s0f0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.0.1.0/24' -o wlp4s0f0 -j MASQUERADE
auto vmbr1 iface vmbr1 inet manual bridge-ports enp1s0f0 bridge-stp off bridge-fd 0
auto vmbr2 iface vmbr2 inet manual bridge-ports enp1s0f1 bridge-stp off bridge-fd 0
# The IP-address range that should be used for the clients (virtual machines/containers): # dhcp-range=first_available_ip, last_available_ip, net_mask, lease_time (<number>h) dhcp-range=10.0.1.100, 10.0.1.200, 255.255.255.0, 12h
# Just making sure dnsmasq knows the routers IP-address # dhcp-option=3,vmbr0_ip dhcp-option=3,10.0.1.1
Proxmox host allocated wireless IP e.g. 192.168.68.58. Set this IP in /etc/hosts:
1 2 3 4 5 6 7 8 9 10 11 12
root@mini:~# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost 192.168.68.58 mini.local mini
# The following lines are desirable for IPv6 capable hosts
Install/update finished need to modify panel settings out of security are you continue,if you type n will skip this at this time[y/n]: y please set up your username: admin your username will be: admin please set up your password: password your password will be: password please set up the panel port: 10080 your panel port is: 10080 initializing,wait some time here... set username and password success account name and password set down! set port 10080 successpanel port set down! x-ui v0.3.4.4 install finished,it is working now...
x-ui control menu usages: ---------------------------------------------- x-ui - Enter control menu x-ui start - Start x-ui x-ui stop - Stop x-ui x-ui restart - Restart x-ui x-ui status - Show x-ui status x-ui enable - Enable x-ui on system startup x-ui disable - Disable x-ui on system startup x-ui log - Check x-ui logs x-ui update - Update x-ui x-ui install - Install x-ui x-ui uninstall - Uninstall x-ui x-ui geo - Update geo data ----------------------------------------------
Install/update finished need to modify panel settings out of security are you continue,if you type n will skip this at this time[y/n]: y please set up your username: admin your username will be: admin please set up your password: password your password will be: password please set up the panel port: 10080 your panel port is: 10080 initializing,wait some time here... set username and password success account name and password set down! set port 10080 successpanel port set down! x-ui v0.3.4.4 install finished,it is working now...
x-ui control menu usages: ---------------------------------------------- x-ui - Enter control menu x-ui start - Start x-ui x-ui stop - Stop x-ui x-ui restart - Restart x-ui x-ui status - Show x-ui status x-ui enable - Enable x-ui on system startup x-ui disable - Disable x-ui on system startup x-ui log - Check x-ui logs x-ui update - Update x-ui x-ui install - Install x-ui x-ui uninstall - Uninstall x-ui x-ui geo - Update geo data ----------------------------------------------
Change AWS security group, and open EC2 instance port 10080 to admin user’s IP address only.
_______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- OpenWrt 24.10.0-rc2, r28161-ea17e958b9 ----------------------------------------------------- root@SenseWrt:~# tailscale up --netfilter-mode=off --advertise-routes=192.168.88.0/24 --accept-routes Warning: netfilter=off; configure iptables yourself. Warning: UDP GRO forwarding is suboptimally configured on eth1, UDP forwarding throughput capability will increase with a configuration change. See https://tailscale.com/s/ethtool-config-udp-gro
To authenticate, visit:
https://login.tailscale.com/a/98c452901c4ba
Success.
NOTE:192.168.88.0/24 is the ip range of local network setup in OpenWrt.
Disable key expiry for OpenWrt machine in Tailscale console, then enable all OpenWrt clients access Tailscale network:
Now add Tailscale virtual network as a new interface in OpenWrt:
Create firewall for Tailscale virtual network interface in OpenWrt:
Configure firewall for Tailscale virtual network interface in OpenWrt:
NOTE:opt network is for the downstream DHCP clients.
_______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- OpenWrt 24.10.0-rc2, r28161-ea17e958b9 -----------------------------------------------------
root@SenseWrt:~# cat /etc/config/zerotier
config zerotier 'global' # Sets whether ZeroTier is enabled or not option enabled 1 # Sets the ZeroTier listening port (default 9993; set to 0 for random) #option port '9993' # Client secret (leave blank to generate a secret on first run) option secret '' # Path of the optional file local.conf (see documentation at # https://docs.zerotier.com/config#local-configuration-options) #option local_conf_path '/etc/zerotier.conf' # Persistent configuration directory (to perform other configurations such # as controller mode or moons, etc.) #option config_path '/etc/zerotier' # Copy the contents of the persistent configuration directory to memory # instead of linking it, this avoids writing to flash #option copy_config_path '1'
# Network configuration, you can have as many configurations as networks you # want to join (the network name is optional) config network 'earth' # Identifier of the network you wish to join option id '8ca917257083e297' # Network configuration parameters (all are optional, if not indicated the # default values are set, see documentation at # https://docs.zerotier.com/config/#network-specific-configuration) option allow_managed '1' option allow_global '0' option allow_default '0' option allow_dns '0'
# Example of a second network (unnamed as it is optional) #config network # option id '1234567890123456' # option allow_managed '1' # option allow_global '0' # option allow_default '0' # option allow_dns '0'
_______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- OpenWrt 23.05.5, r24106-10cc5fcd00 -----------------------------------------------------
# increase the raw disk root@sense:~# qemu-img resize -f raw ./openwrt.raw 1024M Image resized.
Convert OpenWRT image to VM disk:
1 2 3 4 5 6 7 8 9
# import the raw disk to OpenWRT VM root@sense:~# qm importdisk 104 openwrt.raw local-lvm Use of uninitialized value $dev in hash element at /usr/share/perl5/PVE/QemuServer/Drive.pm line 555. importing disk 'openwrt.raw' to VM 104 ... Logical volume "vm-104-disk-0" created. transferred 0.0 B of 1.0 GiB (0.00%) ... transferred 1.0 GiB of 1.0 GiB (100.00%) unused0: successfully imported disk 'local-lvm:vm-104-disk-0'
Double click the Unused Disk, then click the Add button:
Configure OpenWRT
Start up VM; change the user root password; set LAN ip address temporarily to 192.168.2.3 (Default: 192.168.1.1):
$ ssh -l root 192.168.2.3 The authenticity of host '192.168.2.3 (192.168.2.3)' can't be established. ED25519 key fingerprint is SHA256:AggWAL1oU8+r1f84KoqpvcsYUylZOTfN0sXwHSby3b0. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.2.3' (ED25519) to the list of known hosts. root@192.168.2.3's password: _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- OpenWrt 23.05.5, r24106-10cc5fcd00 -----------------------------------------------------
root@OpenWrt:~# ls -al /var/opkg-lists/ drwxr-xr-x 2 root root 320 Dec 6 03:15 . drwxrwxrwt 17 root root 440 Dec 6 03:15 .. -rw-r--r-- 1 root root 72705 Dec 6 03:15 openwrt_base -rw-r--r-- 1 root root 142 Dec 6 03:15 openwrt_base.sig -rw-r--r-- 1 root root 10039 Dec 6 03:15 openwrt_core -rw-r--r-- 1 root root 142 Dec 6 03:15 openwrt_core.sig -rw-r--r-- 1 root root 100416 Dec 6 03:15 openwrt_kmods -rw-r--r-- 1 root root 142 Dec 6 03:15 openwrt_kmods.sig -rw-r--r-- 1 root root 197242 Dec 6 03:15 openwrt_luci -rw-r--r-- 1 root root 142 Dec 6 03:15 openwrt_luci.sig -rw-r--r-- 1 root root 516243 Dec 6 03:15 openwrt_packages -rw-r--r-- 1 root root 142 Dec 6 03:15 openwrt_packages.sig -rw-r--r-- 1 root root 9918 Dec 6 03:15 openwrt_routing -rw-r--r-- 1 root root 142 Dec 6 03:15 openwrt_routing.sig -rw-r--r-- 1 root root 58240 Dec 6 03:15 openwrt_telephony -rw-r--r-- 1 root root 142 Dec 6 03:15 openwrt_telephony.sig
There is some issue with IPv6 support in OpenWRT when download update. Errors thrown when wan connected to a IPv6 router:
1 2 3 4 5 6 7 8 9 10 11 12 13
root@OpenWrt:~# opkg update Downloading https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.gz *** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.gz ... Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/telephony/Packages.gz *** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/telephony/Packages.gz
Collected errors: * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.gz, wget returned 4. * opkg_download: Check your network settings and connectivity. ... * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/telephony/Packages.gz, wget returned 4. * opkg_download: Check your network settings and connectivity.
Turn off IPv6 - navigate through OpenWRT UI, Network -> Interfaces, select Devices tab. For device br-lan click on Configure …, choose disabled option for Enable IPv6 in General device options tab.
1 2 3 4 5 6 7 8 9 10
root@OpenWRT:~# opkg update Downloading https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.gz Updated list of available packages in /var/opkg-lists/openwrt_core Downloading https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.sig Signature check passed. ... Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/telephony/Packages.gz Updated list of available packages in /var/opkg-lists/openwrt_telephony Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/telephony/Packages.sig Signature check passed.
Need this handy tool to find all the missing parts:
Driver Identifier, a digital assistant for your system’s hardware, can scan the device, identifies outdated or missing drivers, and provides a customized list of updates for your specific hardware:
References
DriverIdentifier is a powerful tool that takes the hassle out of managing and updating drivers on your computer, https://www.driveridentifier.com/