DNS_PROBE_FINISHED_NXDOMAIN error

Guestbook

From time to time, not always, getting DNS_PROBE_FINISHED_NXDOMAIN error in browser especially when visit Chinese AI sites e.g. https://chat.qwen.ai/ and https://chat.z.ai/

The root reason is because some ISPs have slower or inconsistent DNS resolution.

The fix is switching to a faster public resolver like Google (8.8.8.8/8.8.4.4) or Cloudflare (1.1.1.1/1.0.0.1) in network settings.

This is how to change DNS settings in OpenWRT.

How to fix 'unknown terminal type' error when Ghostty logon AWS EC2

Guestbook

Popular Ghostty Terminal https://ghostty.org/ from it to logon AWS EC2 instance, “unknown terminal type“ thrown on EC2.

On Ghostty Terminal host:

1
$ infocmp -x > /tmp/ghostty.terminfo

Then copy Ghostty terminal info file across over to EC2 instance:

1
$ scp ghostty.terminfo ec2-user@i-0012f794e5fabcdef:/tmp

Logon EC2 instance, and run: 

1
2
3
4
5
6
7
8
9
10
11
12
[ec2-user@ip-10-215-240-19 ~]$ tic -x /tmp/ghostty.terminfo
"/tmp/ghostty.terminfo", line 2, col 31, terminal 'xterm-ghostty': older tic versions may treat the description field as an alias

[ec2-user@ip-10-215-240-19 ~]$ pwd
/home/ec2-user

[ec2-user@ip-10-215-240-19 ~]$ find .terminfo/
.terminfo/
.terminfo/x
.terminfo/x/xterm-ghostty
.terminfo/g
.terminfo/g/ghostty

Why This Happens

Ghostty uses TERM=xterm-ghostty which requires a terminfo entry on the remote system. Older Linux servers/macOS servers simply don’t have that entry in their terminfo database, so the other terminal utilities throw this “unknown terminal type“ error.

SAME issue also happens when run asitop in Ghostty. Error thrown:

1
2
'xterm-ghostty': unknown terminal type.
/opt/homebrew/Cellar/asitop/0.0.24/libexec/lib/python3.14/site-packages/blessed/terminal.py:186: UserWarning: Failed to setupterm(kind='xterm-ghostty'): setupterm: could not find terminal

This is because asitop (via the blessed library) doesn’t recognize Ghostty‘s terminal type xterm-ghostty.

Either run as:

1
TERM=xterm-256color sudo asitop

or, add an alias to the shell config (~/.zshrc or ~/.bashrc):

1
alias asitop='TERM=xterm-256color sudo asitop'

Ghostty uses xterm-ghostty as its $TERM value, which isn’t in the terminfo database that blessed checks against. Falling back to xterm-256color gives it a fully compatible terminal description while keeping all the color/formatting support asitop needs.

Proxmox over Bluetooth

Guestbook

With Proxmox latest version 8.4.1 which has WiFi 7 / Bluetooth 5.4 support. A Intel® Wi-Fi 7 BE200 network adapter https://www.intel.com/content/www/us/en/products/sku/230078/intel-wifi-7-be200/specifications.html is in action.

On Proxmox host, USB devices:

1
2
3
4
5
6
7
8
root@mini:~# lsusb
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 006: ID 8087:0036 Intel Corp.
Bus 003 Device 003: ID 0461:4e04 Primax Electronics, Ltd Lenovo Keyboard KB1021
Bus 003 Device 002: ID 17ef:600e Lenovo Optical Mouse
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Proxmox Bluetooth - USB mapping

Proxmox Bluetooth - Resource Mappings

Proxmox Bluetooth - USB Device

Proxmox Bluetooth - Add Device

Proxmox over Wireless

Guestbook

To make Proxmox latest version 9.1-1 8.4-1 support WiFi 7. Intel® Wi-Fi 7 BE200 network adapter https://www.intel.com/content/www/us/en/products/sku/230078/intel-wifi-7-be200/specifications.html is in action.

Setup wireless network as main network for Proxmox. TP-Link Deco BE85/BE95 Mesh WiFi 7 System as the Access Point, with DHCP enabled for the clients.

Basically you need to get the latest Linux firmware for Intel Wireless cards driver iwlwifi https://wireless.docs.kernel.org/en/latest/en/users/drivers/iwlwifi.html, overwriting the the firmware come along with Proxmox.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
root@mini:~# uname -a
Linux mini 6.17.9-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.17.9-1 (2026-01-12T16:25Z) x86_64 GNU/Linux

root@mini:~# lspci -vnn | grep -i net
01:00.0 Ethernet controller [0200]: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection [8086:10fb] (rev 01)
01:00.1 Ethernet controller [0200]: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection [8086:10fb] (rev 01)
02:00.0 Ethernet controller [0200]: Intel Corporation Ethernet Controller I226-V [8086:125c] (rev 04)
03:00.0 Ethernet controller [0200]: Intel Corporation Ethernet Controller I226-V [8086:125c] (rev 04)
04:00.0 Network controller [0280]: Intel Corporation Wi-Fi 7(802.11be) AX1775*/AX1790*/BE20*/BE401/BE1750* 2x2 [8086:272b] (rev 1a)

root@mini:~# dmesg | grep wifi
[    3.587646] iwlwifi 0000:04:00.0: enabling device (0000 -> 0002)
[    3.591932] iwlwifi 0000:04:00.0: Detected crf-id 0x2001910, cnv-id 0x2001910 wfpm id 0x80000000
[    3.591947] iwlwifi 0000:04:00.0: PCI dev 272b/00f4, rev=0x472, rfid=0x112200
[    3.591950] iwlwifi 0000:04:00.0: Detected Intel(R) Wi-Fi 7 BE200 320MHz
[    3.592034] iwlwifi 0000:04:00.0: Direct firmware load for iwlwifi-gl-c0-fm-c0-102.ucode failed with error -2
[    3.592063] iwlwifi 0000:04:00.0: Direct firmware load for iwlwifi-gl-c0-fm-c0-101.ucode failed with error -2
[    3.592086] iwlwifi 0000:04:00.0: Direct firmware load for iwlwifi-gl-c0-fm-c0-100.ucode failed with error -2
[    3.592110] iwlwifi 0000:04:00.0: Direct firmware load for iwlwifi-gl-c0-fm-c0-99.ucode failed with error -2
[    3.592132] iwlwifi 0000:04:00.0: Direct firmware load for iwlwifi-gl-c0-fm-c0-98.ucode failed with error -2
[    3.592134] iwlwifi 0000:04:00.0: no suitable firmware found!
[    3.592136] iwlwifi 0000:04:00.0: minimum version required: iwlwifi-gl-c0-fm-c0-98
[    3.592138] iwlwifi 0000:04:00.0: maximum version supported: iwlwifi-gl-c0-fm-c0-102
[    3.592139] iwlwifi 0000:04:00.0: check git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
[    4.071952] Modules linked in: snd_sof_xtensa_dsp(+) snd_sof snd_sof_utils snd_soc_acpi_intel_match snd_soc_acpi_intel_sdca_quirks soundwire_generic_allocation snd_soc_acpi soundwire_bus snd_soc_sdca crc8 snd_soc_avs x86_pkg_temp_thermal intel_powerclamp snd_soc_hda_codec coretemp snd_hda_ext_core sch_fq_codel snd_hda_codec snd_hda_core snd_intel_dspcfg kvm_intel snd_intel_sdw_acpi snd_hwdep i915(+) mei_hdcp mei_pxp snd_soc_core drm_buddy kvm btusb ttm snd_compress btrtl irqbypass ac97_bus snd_pcm_dmaengine drm_display_helper btintel polyval_clmulni ghash_clmulni_intel snd_pcm cec ov13858 iwlwifi intel_pmc_core snd_timer aesni_intel v4l2_fwnode btbcm pmt_telemetry snd v4l2_async cmdlinepart btmtk rapl pmt_discovery intel_cstate rc_core spi_nor pmt_class pcspkr wmi_bmof mei_me videodev input_leds intel_pmc_ssram_telemetry cfg80211 bluetooth mtd soundcore mei i2c_algo_bit igen6_edac mc intel_vsec acpi_pad acpi_tad mac_hid zfs(PO) spl(O) msr vhost_net vhost vhost_iotlb tap efi_pstore nfnetlink dmi_sysfs ip_tables

Proxmox vanila version doesn’t support Intel Wifi. 

1
2
3
4
5
root@mini:~# git clone git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git

root@mini:~# rm /lib/firmware/iwlwifi-*.{ucode,pnvm}.xz

root@mini:~# cp linux-firmware/intel/iwlwifi-*.{ucode,pnvm} /lib/firmware/

After machine restarted:

1
2
3
4
5
6
7
8
9
10
11
root@mini:~# dmesg | grep wifi
[    3.564714] iwlwifi 0000:04:00.0: enabling device (0000 -> 0002)
[    3.568230] iwlwifi 0000:04:00.0: Detected crf-id 0x2001910, cnv-id 0x2001910 wfpm id 0x80000000
[    3.568245] iwlwifi 0000:04:00.0: PCI dev 272b/00f4, rev=0x472, rfid=0x112200
[    3.568248] iwlwifi 0000:04:00.0: Detected Intel(R) Wi-Fi 7 BE200 320MHz
[    3.568562] iwlwifi 0000:04:00.0: Direct firmware load for iwlwifi-gl-c0-fm-c0-102.ucode failed with error -2
[    3.574238] iwlwifi 0000:04:00.0: loaded firmware version 101.6ef20b19.0 gl-c0-fm-c0-101.ucode op_mode iwlmld
[    4.008136] Modules linked in: kvm(+) snd_hda_core snd_intel_dspcfg snd_intel_sdw_acpi sch_fq_codel snd_hwdep irqbypass snd_soc_core polyval_clmulni ghash_clmulni_intel iwlmld(+) aesni_intel i915(+) snd_compress mei_pxp mei_hdcp rapl mac80211 libarc4 ac97_bus drm_buddy btusb snd_pcm_dmaengine snd_pcm ov13858 ttm intel_pmc_core snd_timer intel_cstate btrtl v4l2_fwnode iwlwifi drm_display_helper snd pmt_telemetry mei_me btintel pmt_discovery v4l2_async btbcm cec pmt_class cmdlinepart rc_core spi_nor btmtk pcspkr wmi_bmof videodev input_leds intel_pmc_ssram_telemetry cfg80211 mtd soundcore bluetooth mei i2c_algo_bit igen6_edac mc intel_vsec acpi_tad acpi_pad mac_hid zfs(PO) spl(O) msr vhost_net vhost vhost_iotlb tap efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic xor raid6_pq usbmouse hid_generic usbkbd usbhid hid dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio nvme ixgbe nvme_core i2c_i801 xhci_pci nvme_keyring spi_intel_pci i2c_mux xfrm_algo i2c_smbus nvme_auth spi_intel mdio igc
[    4.240699] iwlwifi 0000:04:00.0: Detected RF FM, rfid=0x112200
[    4.349269] iwlwifi 0000:04:00.0: base HW address: e0:8f:4c:b2:58:95
[    4.540839] iwlwifi 0000:04:00.0 wlp4s0f0: renamed from wlan0

Install wifi support packages:

1
root@mini:~# apt install wpasupplicant wireless-tools dnsmasq

Configure network interfaces:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
root@mini:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface enp2s0 inet manual
iface enp3s0 inet manual

iface enp1s0f0 inet manual
iface enp1s0f1 inet manual

iface enp1s0f0v0 inet manual
...
iface enp1s0f0v7 inet manual

iface enp1s0f1v0 inet manual
...
iface enp1s0f1v7 inet manual

auto wlp4s0f0
iface wlp4s0f0 inet dhcp
        wpa-ssid "igloo studio"
        wpa-psk "igloo studio password"

auto vmbr0
iface vmbr0 inet static
        address 10.0.1.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        # Enable IP forwarding
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

        # Allow all forwarding from VM network to WAN
        post-up   iptables -A FORWARD -i vmbr0 -o wlp4s0f0 -j ACCEPT
        post-down iptables -D FORWARD -i vmbr0 -o wlp4s0f0 -j ACCEPT

        # Single NAT rule for all traffic
        post-up   iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o wlp4s0f0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.1.0/24' -o wlp4s0f0 -j MASQUERADE

auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp1s0f0
        bridge-stp off
        bridge-fd 0

auto vmbr2
iface vmbr2 inet manual
        bridge-ports enp1s0f1
        bridge-stp off
        bridge-fd 0

source /etc/network/interfaces.d/*

Configure dnsmasq for VMs’ DNS and DHCP management:

1
2
3
4
5
6
7
8
9
10
11
12
13
root@mini:~# cat /etc/dnsmasq.conf
...
## Proxmox
# Hosts dnsmasq on vmbr0
interface=vmbr0

# The IP-address range that should be used for the clients (virtual machines/containers):
# dhcp-range=first_available_ip, last_available_ip, net_mask, lease_time (<number>h)
dhcp-range=10.0.1.100, 10.0.1.200, 255.255.255.0, 12h

# Just making sure dnsmasq knows the routers IP-address
# dhcp-option=3,vmbr0_ip
dhcp-option=3,10.0.1.1

Proxmox host allocated wireless IP e.g. 192.168.68.58. Set this IP in /etc/hosts:

1
2
3
4
5
6
7
8
9
10
11
12
root@mini:~# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.68.50 mini.local mini

# The following lines are desirable for IPv6 capable hosts

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Update DNS resolver:

1
2
3
root@mini:~# cat /etc/resolv.conf 
nameserver 192.168.2.1
nameserver 192.168.68.1

then access Proxmox web UI via URL https://192.168.68.50:8006

Reboot Proxmox host:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
root@mini:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: nic0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether a8:b8:e0:05:96:4f brd ff:ff:ff:ff:ff:ff
    altname enxa8b8e005964f
3: nic1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether a8:b8:e0:05:96:50 brd ff:ff:ff:ff:ff:ff
    altname enxa8b8e0059650
4: nic2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether a8:b8:e0:05:96:4d brd ff:ff:ff:ff:ff:ff
    altname enxa8b8e005964d
5: nic3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether a8:b8:e0:05:96:4e brd ff:ff:ff:ff:ff:ff
    altname enxa8b8e005964e
6: wlp4s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e0:8f:4c:b2:58:95 brd ff:ff:ff:ff:ff:ff
    altname wlxe08f4cb25895
    inet 192.168.68.50/22 brd 192.168.71.255 scope global dynamic wlp4s0f0
       valid_lft 7078sec preferred_lft 7078sec
    inet6 fda5:9d5d:ff57:10:e28f:4cff:feb2:5895/64 scope global dynamic mngtmpaddr proto kernel_ra 
       valid_lft forever preferred_lft forever
    inet6 2403:581d:e139:10:e28f:4cff:feb2:5895/64 scope global dynamic mngtmpaddr proto kernel_ra 
       valid_lft 6155sec preferred_lft 2553sec
    inet6 fe80::e28f:4cff:feb2:5895/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
7: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 1e:1e:8a:24:5e:3d brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.1/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::1c1e:8aff:fe24:5e3d/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever

Proxmox Network settings:

Proxmox Wireless - Network

Linux/Ubuntu VM in Proxmox:

Proxmox Wireless - Ubuntu VM

Windows VM in Proxmox:

Proxmox Wireless - Windows VM

Windows VM in Proxmox‘s network:

Proxmox Wireless - Windows VM Network

References

Xray, X-UI, Reality protocol, Vision flow on Oracle Cloud

Guestbook

Oracle Cloud instance, which runs Oracle Linux:

1
2
3
4
$ ssh -i .ssh/id_rsa_ -l opc 19.214.86.113

$ sudo -i
[root@apocalypse ~]#

Install X-UI:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[root@apocalypse ~]# bash <(curl -Ls https://raw.githubusercontent.com/FranzKafkaYu/x-ui/master/install_en.sh)

...

2025-01-21 23:05:50 (100 MB/s) - ‘/usr/bin/x-ui’ saved [25637/25637]

Install/update finished need to modify panel settings out of security
are you continue,if you type n will skip this at this time[y/n]: y
please set up your username: admin
your username will be: admin
please set up your password: password
your password will be: password
please set up the panel port: 10080
your panel port is: 10080
initializing,wait some time here...
set username and password success
account name and password set down!
set port 10080 successpanel port set down!
x-ui v0.3.4.4 install finished,it is working now...

x-ui control menu usages: 
----------------------------------------------
x-ui              - Enter     control menu
x-ui start        - Start     x-ui 
x-ui stop         - Stop      x-ui 
x-ui restart      - Restart   x-ui 
x-ui status       - Show      x-ui status
x-ui enable       - Enable    x-ui on system startup
x-ui disable      - Disable   x-ui on system startup
x-ui log          - Check     x-ui logs
x-ui update       - Update    x-ui 
x-ui install      - Install   x-ui 
x-ui uninstall    - Uninstall x-ui 
x-ui geo          - Update    geo  data
----------------------------------------------

Find the root path of X-UI:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[root@ip-237-45-6-183 ~]# x-ui

  x-ui control menu
  0. exit
————————————————
  1. install   x-ui
  2. update    x-ui
  3. uninstall x-ui
————————————————
  4. reset username
  5. reset panel
  6. reset panel port
  7. check panel info
————————————————
  8. start x-ui
  9. stop  x-ui
  10. restart x-ui
  11. check x-ui status
  12. check x-ui logs
————————————————
  13. enable  x-ui on system startup
  14. disable x-ui on system startup
————————————————
  15. enable bbr 
  16. issuse certs
  17. x-ui cron jobs
 
x-ui status: running
enable on system startup: yes
xray status: running

please input a legal number[0-16],input 7 for checking login info:7
[INF] 当前面板信息[current panel info]:
面板版本[version]: 0.3.4.4:20230717
用户名[username]: admin
密码[userpasswd]: password
监听端口[port]: 10080
根路径[rootPath]: /xui/

Add new Inbound:

X-UI - Oracle Cloud Inbound

Open X-UI panel port and VLESS port in Oracle Cloud firewall:

1
2
3
4
5
6
7
8
[root@apocalypse ~]# firewall-cmd --zone=public --permanent --add-port=10080/tcp
success

[root@apocalypse ~]# firewall-cmd --zone=public --permanent --add-port=32854/tcp
success

[root@apocalypse ~]# firewall-cmd --reload
success

Open X-UI panel port and VLESS port in Oracle Cloud Security List Ingress Rules:

X-UI - Oracle Cloud

References

Xray, X-UI, Reality protocol, Vision flow on Amazon Linux

Guestbook

AWS EC2 instance, which runs Amazon Linux:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
$ ssh -i .ssh/aws-free-tier.pem -l ec2-user ec2-203-129-56-97.ap-southeast-2.compute.amazonaws.com
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'

$ sudo -i
[root@ip-237-45-6-183 ~]#

Install X-UI:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[root@ip-237-45-6-183 ~]# bash <(curl -Ls https://raw.githubusercontent.com/FranzKafkaYu/x-ui/master/install_en.sh)

...

2025-01-21 23:05:50 (100 MB/s) - ‘/usr/bin/x-ui’ saved [25637/25637]

Install/update finished need to modify panel settings out of security
are you continue,if you type n will skip this at this time[y/n]: y
please set up your username: admin
your username will be: admin
please set up your password: password
your password will be: password
please set up the panel port: 10080
your panel port is: 10080
initializing,wait some time here...
set username and password success
account name and password set down!
set port 10080 successpanel port set down!
x-ui v0.3.4.4 install finished,it is working now...

x-ui control menu usages: 
----------------------------------------------
x-ui              - Enter     control menu
x-ui start        - Start     x-ui 
x-ui stop         - Stop      x-ui 
x-ui restart      - Restart   x-ui 
x-ui status       - Show      x-ui status
x-ui enable       - Enable    x-ui on system startup
x-ui disable      - Disable   x-ui on system startup
x-ui log          - Check     x-ui logs
x-ui update       - Update    x-ui 
x-ui install      - Install   x-ui 
x-ui uninstall    - Uninstall x-ui 
x-ui geo          - Update    geo  data
----------------------------------------------

Change AWS security group, and open EC2 instance port 10080 to admin user’s IP address only.

Find the root path of X-UI:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[root@ip-237-45-6-183 ~]# x-ui

  x-ui control menu
  0. exit
————————————————
  1. install   x-ui
  2. update    x-ui
  3. uninstall x-ui
————————————————
  4. reset username
  5. reset panel
  6. reset panel port
  7. check panel info
————————————————
  8. start x-ui
  9. stop  x-ui
  10. restart x-ui
  11. check x-ui status
  12. check x-ui logs
————————————————
  13. enable  x-ui on system startup
  14. disable x-ui on system startup
————————————————
  15. enable bbr 
  16. issuse certs
  17. x-ui cron jobs
 
x-ui status: running
enable on system startup: yes
xray status: running

please input a legal number[0-16],input 7 for checking login info:7
[INF] 当前面板信息[current panel info]:
面板版本[version]: 0.3.4.4:20230717
用户名[username]: admin
密码[userpasswd]: password
监听端口[port]: 10080
根路径[rootPath]: /WMa7/

In Firefox, go to http://203.129.56.97:10080/WMa7/ and login as admin user:

X-UI - Login

X-UI - Panel

Switch to the latest version Xray e.g. v24.12.31:

X-UI - Xray

Add new Inbound:

X-UI - Inbound

Open up port 32609 to the world 0.0.0.0/0 in AWS security group.

Copy inbound QR link:

X-UI - QR

X-UI - QR Link

and paste to Xray Windows client e.g. v2rayN:

X-UI - v2rayN

References

How to install and run Tailscale client on OpenWrt

Guestbook

Install Tailscale package iptables-nft and tailscale from OpenWrt console:

OpenWrt - Tailscale iptables-nft

OpenWrt - Tailscale

Enable and connect Tailscale service in OpenWrt:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
$ ssh -l root SenseWrt
root@SenseWrt's password: 

BusyBox v1.36.1 (2024-12-03 11:41:08 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 24.10.0-rc2, r28161-ea17e958b9
 -----------------------------------------------------
 
root@SenseWrt:~# tailscale up --netfilter-mode=off --advertise-routes=192.168.88.0/24 --accept-routes
Warning: netfilter=off; configure iptables yourself.
Warning: UDP GRO forwarding is suboptimally configured on eth1, UDP forwarding throughput capability will increase with a configuration change.
See https://tailscale.com/s/ethtool-config-udp-gro

To authenticate, visit:

	https://login.tailscale.com/a/98c452901c4ba

Success.

NOTE: 192.168.88.0/24 is the ip range of local network setup in OpenWrt.

Disable key expiry for OpenWrt machine in Tailscale console, then enable all OpenWrt clients access Tailscale network:

OpenWrt - Tailscale Machines

Now add Tailscale virtual network as a new interface in OpenWrt:

OpenWrt - Tailscale Network Interface

Create firewall for Tailscale virtual network interface in OpenWrt:

OpenWrt - Tailscale Firewall

Configure firewall for Tailscale virtual network interface in OpenWrt:

OpenWrt - Tailscale Firewall General Settings

NOTE: opt network is for the downstream DHCP clients.

References

  • 韩风 Talk - Tailscale 玩法之内网穿透、异地组网、全隧道模式、纯 IP 的双栈 DERP 搭建、Headscale 协调服务器搭建,用一期搞定,看一看不亏吧?https://www.youtube.com/watch?v=mgDpJX3oNvI

How to install and run ZeroTier client on OpenWrt

Guestbook

Install ZeroTier package zerotier from OpenWrt console:

OpenWrt - ZeroTier

Enable ZeroTier service in OpenWrt:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
$ ssh -l root SenseWrt
root@SenseWrt's password: 

BusyBox v1.36.1 (2024-12-03 11:41:08 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 24.10.0-rc2, r28161-ea17e958b9
 -----------------------------------------------------

root@SenseWrt:~# cat /etc/config/zerotier 

config zerotier 'global'
	# Sets whether ZeroTier is enabled or not
	option enabled 1
	# Sets the ZeroTier listening port (default 9993; set to 0 for random)
	#option port '9993'
	# Client secret (leave blank to generate a secret on first run)
	option secret ''
	# Path of the optional file local.conf (see documentation at
	# https://docs.zerotier.com/config#local-configuration-options)
	#option local_conf_path '/etc/zerotier.conf'
	# Persistent configuration directory (to perform other configurations such
	# as controller mode or moons, etc.)
	#option config_path '/etc/zerotier'
	# Copy the contents of the persistent configuration directory to memory
	# instead of linking it, this avoids writing to flash
	#option copy_config_path '1'

# Network configuration, you can have as many configurations as networks you
# want to join (the network name is optional)
config network 'earth'
	# Identifier of the network you wish to join
	option id '8ca917257083e297'
	# Network configuration parameters (all are optional, if not indicated the
	# default values are set, see documentation at
	# https://docs.zerotier.com/config/#network-specific-configuration)
	option allow_managed '1'
	option allow_global '0'
	option allow_default '0'
	option allow_dns '0'

# Example of a second network (unnamed as it is optional)
#config network
#	option id '1234567890123456'
#	option allow_managed '1'
#	option allow_global '0'
#	option allow_default '0'
#	option allow_dns '0'

Restart ZeroTier service:

1
2
$ root@SenseWrt:~# /etc/init.d/zerotier restart
Generating secret - please wait... done.

Verify ZeroTier client status, which ztks555nye is the virtual network interface created on OpenWrt:

1
2
3
root@SenseWrt:~# zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks 8ca917257083e297 igloo.studio 9a:09:7b:41:3d:26 OK PRIVATE ztks555nye 192.168.196.176/24

Enable and authorise the new ZeroTier client OpenWrt in https://my.zerotier.com/.

Now add ZeroTier virtual network as a new interface in OpenWrt:

OpenWrt - ZeroTier Network Interface

Create firewall for ZeroTier virtual network interface in OpenWrt:

OpenWrt - ZeroTier Firewall

Configure firewall for ZeroTier virtual network interface in OpenWrt:

OpenWrt - ZeroTier Firewall General Settings

NOTE: opt network is for the downstream DHCP clients.

Add Allow-ZeroTier firewall rule:

OpenWrt - ZeroTier Firewall Rule

Restart ZeroTier service again:

1
2
$ root@SenseWrt:~# /etc/init.d/zerotier restart
Generating secret - please wait... done.

Then all OpenWrt clients can access ZeroTier network now.

References

Connecting OpenWRT to internet

Guestbook

OpenWRT is running on Proxmox. Now setting up it to connect internet.

Add new network interface OPT on eth2 adapter:

OpenWRT - OPT Interface

OpenWRT - OPT Advanced Settings

OpenWRT - OPT Firewall Settings

OpenWRT - OPT DHCP Server General Setup

OpenWRT - OPT DHCP Server Advanced Settings

OpenWRT - OPT DHCP Server IPv6 Settings

OpenWRT - OPT DHCP Server IPv6 RA Settings

OpenWRT - OPT

Add a new Firewall Zone, from network opt to wan:

OpenWRT - Firewall Zone General Settings

OpenWRT - Firewall Zone Advanced Settings

OpenWRT - Firewall Zone Conntrack Settings

OpenWRT - Firewall Zone

Add a new Firewall Traffic Rule for network opt:

OpenWRT - Firewall Traffic Rule General Settings

OpenWRT - Firewall Traffic Rule Advanced Settings

OpenWRT - Firewall Traffic Rule Time Restrictions

OpenWRT - Firewall Traffic Rule

Setup DHCP clients’ static IP addresses:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
$ ssh -l root 192.168.2.1
root@192.168.2.1's password:

BusyBox v1.36.1 (2024-09-23 12:34:46 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.5, r24106-10cc5fcd00
 -----------------------------------------------------

root@OpenWRT:~# cat /etc/config/dhcp
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/local/'
	option domain 'local'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
...
config host
	option name 'TL-SX3016F'
	option ip '192.168.2.100'
	option mac '3C:52:A1:47:23:5D'

config host
	option name 'MikroTik'
	option ip '192.168.2.110'
	option mac '78:9A:18:D0:20:ED'

config domain
	option name 'TL-SX3016F'
	option ip '192.168.2.100'

config domain
	option name 'MikroTik'
	option ip '192.168.2.110'

OpenWRT - DHCP and DNS