OpenWRT TP-Link TL-WR1043ND

Back in the past I have installed OpenWRT BackFire 10.03 on my TP-Link TL-WR1043ND v1. It was quite pita that time, because I was using WAN port which get disabled after flashing OpenWRT firmware. It was necessary to revert back to crafted TP-Link firmware, which will not disable WAN port after flashing DD-WRT or OpenWRT firmware.

Now come the time to upgrade to currently newest OpenWRT BarrierBreaker 14.07. I decided not to use WAN port anymore (replaced by my Debian Server Router/Firewall/NAS/HTPC) and start with fresh configuration without keeping previous settings.

I have downloaded upgrade OpenWRT firmware to use it over existing OpenWRT installation. I used ‘Flash new firmware image’ option and unchecked ‘Keep setting’.

I did following basic settings:

'System' - 'System' - 'hostname' and 'Timezone'
'System' - 'System' - 'Logging' - 'External system log server' - '192.168.122.1'
'System' - 'Administration' - 'router password'

'Network' - 'Interfaces' - 'LAN' - check 'Bring up on boot', 'Protocol' - 'Static address', check 'Disable DHCP for this interface' (I use Dnsmasq on my primary server).
'Network' - 'Interfaces' - 'WAN' - uncheck 'Bring up on boot'

'Network' - 'Wifi' - 'Scan' and see what channels are less busy
'Network' - 'Wifi' - 'Add' new wireless network

'General Setup' - 'ESSID', 'Mode' - 'Access Point' - 'Network' - 'LAN' - 'Network security' - 'Encryption' - 'WPA2-PSK'
'Advanced Settings' - 'Band' - 2,4GHz, 'Country Code' CZ

Don’t forget to Enable new WiFi network and Restart Log daemon in ‘System -> Startup’ services.


I like to use few extra services on my WiFi access point:

First of all update package database: opkg update

LuCI web interface

In case you did system upgrade from existing OpwnWrt, you may want to install administartion web interface.
opkg install luci

Swap on USB

I already created swap partition on my USB key /dev/sda2, which is automatically detected after installing necessary packages below.
opkg install block-mount kmod-usb-storage swap-utils
swapon -s

Filename        Type    Size  Used  Priority
/dev/sda2        partition  157132  1120  -1

DNS local resolution

I have my own local DNS server and I want name resolution from OpenWrt shell.
opkg install bind-host
/etc/resolv.conf

search homelan
nameserver 192.168.122.1

NFS client

opkg install nfs-utils kmod-fs-nfs kmod-fs-nfs-common
mkdir /disk
touch /etc/diskmount.sh
chmod 755 /etc/diskmount.sh
/etc/diskmount.sh

#!/bin/sh
mount -t nfs home-server:/disk /disk -o nolock

Mail client

opkg install msmtp-nossl

/etc/msmtprc

account default
host 192.168.122.1
auto_from on
maildomain home-wifi.homelan
syslog LOG_MAIL

Cron backup task

ln -sf /etc/crontabs/root /etc/crontab

/etc/crontabs/root

30 0 * * * /usr/bin/test -d /disk/backup || mount home-server:/disk /disk;/usr/bin/test -d /disk/backup; /bin/tar -zcf /disk/backup/home-wifi/home-wifi.tar.gz -C / bin etc lib root sbin tmp usr www

/etc/init.d/cron restart

Arpwatch new MAC monitoring

opkg install http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/oldpackages/arpwatch_2.1a15-3_ar71xx.ipk

ln -s /usr/bin/msmtp /usr/lib/sendmail
/etc/init.d/arpwatch start
/etc/init.d/arpwatch enable

Htop

opkg install htop

Collect daemon client

opkg install collectd collectd-mod-load collectd-mod-memory collectd-mod-network collectd-mod-cpu collectd-mod-df collectd-mod-disk collectd-mod-interface collectd-mod-wireless

mkdir /var/lib/collectd
/etc/init.d/collectd start
/etc/init.d/collectd enable

Monit monitoring client

opkg install monit-nossl
mkdir /etc/monit.d/
/etc/monitrc
Comment ‘#’ everything except:
include /etc/monit.d/*

/etc/monit.d/wifi

set daemon 120
set logfile syslog facility log_daemon
set idfile /var/.monit.id
set statefile /var/.monit.state
set eventqueue basedir /var/monit slots 1000

set httpd port 2812
use address localhost
    allow 0.0.0.0/0.0.0.0
    allow user:password

set mailserver home-server
set mmonit http://user:password@monit.faix.cz/collector

check system home-wifi
    if loadavg (1min) > 4 for 5 times within 15 cycles then alert
    if loadavg (5min) > 2 for 5 times within 15 cycles then alert
    if memory usage > 75% for 5 times within 15 cycles then alert
    if swap usage > 25% for 5 times within 15 cycles then alert
    if cpu usage (user) > 98% for 5 times within 15 cycles then alert
    if cpu usage (system) > 70% for 5 times within 15 cycles then alert
    if cpu usage (wait) > 60% for 5 times within 15 cycles then alert

check process sshd with pidfile /var/run/dropbear.1.pid
    start program "/etc/init.d/dropbear start"
    stop program "/etc/init.d/dropbear stop"
    if failed port 22 protocol ssh then restart
    if 5 restarts within 5 cycles then timeout

check filesystem root with path /
    if space usage > 80% for 5 times within 15 cycles then alert

/etc/init.d/monit start
/etc/init.d/monit enable