Back in the past I have installed OpenWRT BackFire 10.03 on my TP-Link TL-WR1043ND v1. It was quite pita that time, because I was using WAN port which get disabled after flashing OpenWRT firmware. It was necessary to revert back to crafted TP-Link firmware, which will not disable WAN port after flashing DD-WRT or OpenWRT firmware.
Now come the time to upgrade to currently newest OpenWRT BarrierBreaker 14.07. I decided not to use WAN port anymore (replaced by my Debian Server Router/Firewall/NAS/HTPC) and start with fresh configuration without keeping previous settings.
I have downloaded upgrade OpenWRT firmware to use it over existing OpenWRT installation. I used ‘Flash new firmware image’ option and unchecked ‘Keep setting’.
I did following basic settings:
'System' - 'System' - 'hostname' and 'Timezone' 'System' - 'System' - 'Logging' - 'External system log server' - '192.168.122.1' 'System' - 'Administration' - 'router password' 'Network' - 'Interfaces' - 'LAN' - check 'Bring up on boot', 'Protocol' - 'Static address', check 'Disable DHCP for this interface' (I use Dnsmasq on my primary server). 'Network' - 'Interfaces' - 'WAN' - uncheck 'Bring up on boot' 'Network' - 'Wifi' - 'Scan' and see what channels are less busy 'Network' - 'Wifi' - 'Add' new wireless network 'General Setup' - 'ESSID', 'Mode' - 'Access Point' - 'Network' - 'LAN' - 'Network security' - 'Encryption' - 'WPA2-PSK' 'Advanced Settings' - 'Band' - 2,4GHz, 'Country Code' CZ
Don’t forget to Enable new WiFi network and Restart Log daemon in ‘System -> Startup’ services.
I like to use few extra services on my WiFi access point:
First of all update package database:
LuCI web interface
In case you did system upgrade from existing OpwnWrt, you may want to install administartion web interface.
opkg install luci
Swap on USB
I already created swap partition on my USB key /dev/sda2, which is automatically detected after installing necessary packages below.
opkg install block-mount kmod-usb-storage swap-utils
Filename Type Size Used Priority /dev/sda2 partition 157132 1120 -1
DNS local resolution
I have my own local DNS server and I want name resolution from OpenWrt shell.
opkg install bind-host
search homelan nameserver 192.168.122.1
opkg install nfs-utils kmod-fs-nfs kmod-fs-nfs-common
chmod 755 /etc/diskmount.sh
#!/bin/sh mount -t nfs home-server:/disk /disk -o nolock
opkg install msmtp-nossl
account default host 192.168.122.1 auto_from on maildomain home-wifi.homelan syslog LOG_MAIL
Cron backup task
ln -sf /etc/crontabs/root /etc/crontab
30 0 * * * /usr/bin/test -d /disk/backup || mount home-server:/disk /disk;/usr/bin/test -d /disk/backup; /bin/tar -zcf /disk/backup/home-wifi/home-wifi.tar.gz -C / bin etc lib root sbin tmp usr www
Arpwatch new MAC monitoring
opkg install http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/oldpackages/arpwatch_2.1a15-3_ar71xx.ipk
ln -s /usr/bin/msmtp /usr/lib/sendmail /etc/init.d/arpwatch start /etc/init.d/arpwatch enable
opkg install htop
Collect daemon client
opkg install collectd collectd-mod-load collectd-mod-memory collectd-mod-network collectd-mod-cpu collectd-mod-df collectd-mod-disk collectd-mod-interface collectd-mod-wireless
mkdir /var/lib/collectd /etc/init.d/collectd start /etc/init.d/collectd enable
Monit monitoring client
opkg install monit-nossl
Comment ‘#’ everything except:
set daemon 120 set logfile syslog facility log_daemon set idfile /var/.monit.id set statefile /var/.monit.state set eventqueue basedir /var/monit slots 1000 set httpd port 2812 use address localhost allow 0.0.0.0/0.0.0.0 allow user:password set mailserver home-server set mmonit http://user:firstname.lastname@example.org/collector check system home-wifi if loadavg (1min) > 4 for 5 times within 15 cycles then alert if loadavg (5min) > 2 for 5 times within 15 cycles then alert if memory usage > 75% for 5 times within 15 cycles then alert if swap usage > 25% for 5 times within 15 cycles then alert if cpu usage (user) > 98% for 5 times within 15 cycles then alert if cpu usage (system) > 70% for 5 times within 15 cycles then alert if cpu usage (wait) > 60% for 5 times within 15 cycles then alert check process sshd with pidfile /var/run/dropbear.1.pid start program "/etc/init.d/dropbear start" stop program "/etc/init.d/dropbear stop" if failed port 22 protocol ssh then restart if 5 restarts within 5 cycles then timeout check filesystem root with path / if space usage > 80% for 5 times within 15 cycles then alert
/etc/init.d/monit start /etc/init.d/monit enable