Back in the past I have installed OpenWRT BackFire 10.03 on my TP-Link TL-WR1043ND v1. It was quite pita that time, because I was using WAN port which get disabled after flashing OpenWRT firmware. It was necessary to revert back to crafted TP-Link firmware, which will not disable WAN port after flashing DD-WRT or OpenWRT firmware.
Now come the time to upgrade to currently newest OpenWRT BarrierBreaker 14.07. I decided not to use WAN port anymore (replaced by my Debian Server Router/Firewall/NAS/HTPC) and start with fresh configuration without keeping previous settings.
I have downloaded upgrade OpenWRT firmware to use it over existing OpenWRT installation. I used ‘Flash new firmware image’ option and unchecked ‘Keep setting’.
I did following basic settings:
'System' - 'System' - 'hostname' and 'Timezone'
'System' - 'System' - 'Logging' - 'External system log server' - '192.168.122.1'
'System' - 'Administration' - 'router password'
'Network' - 'Interfaces' - 'LAN' - check 'Bring up on boot', 'Protocol' - 'Static address', check 'Disable DHCP for this interface' (I use Dnsmasq on my primary server).
'Network' - 'Interfaces' - 'WAN' - uncheck 'Bring up on boot'
'Network' - 'Wifi' - 'Scan' and see what channels are less busy
'Network' - 'Wifi' - 'Add' new wireless network
'General Setup' - 'ESSID', 'Mode' - 'Access Point' - 'Network' - 'LAN' - 'Network security' - 'Encryption' - 'WPA2-PSK'
'Advanced Settings' - 'Band' - 2,4GHz, 'Country Code' CZ
Don’t forget to Enable new WiFi network and Restart Log daemon in ‘System -> Startup’ services.
I like to use few extra services on my WiFi access point:
First of all update package database: opkg update
LuCI web interface
In case you did system upgrade from existing OpwnWrt, you may want to install administartion web interface.
opkg install luci
Swap on USB
I already created swap partition on my USB key /dev/sda2, which is automatically detected after installing necessary packages below.
opkg install block-mount kmod-usb-storage swap-utils
swapon -s
Filename Type Size Used Priority
/dev/sda2 partition 157132 1120 -1
DNS local resolution
I have my own local DNS server and I want name resolution from OpenWrt shell.
opkg install bind-host
/etc/resolv.conf
search homelan
nameserver 192.168.122.1
NFS client
opkg install nfs-utils kmod-fs-nfs kmod-fs-nfs-common
mkdir /disk
touch /etc/diskmount.sh
chmod 755 /etc/diskmount.sh
/etc/diskmount.sh
#!/bin/sh
mount -t nfs home-server:/disk /disk -o nolockMail client
opkg install msmtp-nossl
/etc/msmtprc
account default
host 192.168.122.1
auto_from on
maildomain home-wifi.homelan
syslog LOG_MAILCron backup task
ln -sf /etc/crontabs/root /etc/crontab
/etc/crontabs/root
30 0 * * * /usr/bin/test -d /disk/backup || mount home-server:/disk /disk;/usr/bin/test -d /disk/backup; /bin/tar -zcf /disk/backup/home-wifi/home-wifi.tar.gz -C / bin etc lib root sbin tmp usr www
/etc/init.d/cron restart
Arpwatch new MAC monitoring
opkg install http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/oldpackages/arpwatch_2.1a15-3_ar71xx.ipk
ln -s /usr/bin/msmtp /usr/lib/sendmail
/etc/init.d/arpwatch start
/etc/init.d/arpwatch enable
Htop
opkg install htop
Collect daemon client
opkg install collectd collectd-mod-load collectd-mod-memory collectd-mod-network collectd-mod-cpu collectd-mod-df collectd-mod-disk collectd-mod-interface collectd-mod-wireless
mkdir /var/lib/collectd
/etc/init.d/collectd start
/etc/init.d/collectd enable
Monit monitoring client
opkg install monit-nossl
mkdir /etc/monit.d/
/etc/monitrc
Comment ‘#’ everything except:
include /etc/monit.d/*
/etc/monit.d/wifi
set daemon 120
set logfile syslog facility log_daemon
set idfile /var/.monit.id
set statefile /var/.monit.state
set eventqueue basedir /var/monit slots 1000
set httpd port 2812
use address localhost
allow 0.0.0.0/0.0.0.0
allow user:password
set mailserver home-server
set mmonit http://user:password@monit.faix.cz/collector
check system home-wifi
if loadavg (1min) > 4 for 5 times within 15 cycles then alert
if loadavg (5min) > 2 for 5 times within 15 cycles then alert
if memory usage > 75% for 5 times within 15 cycles then alert
if swap usage > 25% for 5 times within 15 cycles then alert
if cpu usage (user) > 98% for 5 times within 15 cycles then alert
if cpu usage (system) > 70% for 5 times within 15 cycles then alert
if cpu usage (wait) > 60% for 5 times within 15 cycles then alert
check process sshd with pidfile /var/run/dropbear.1.pid
start program "/etc/init.d/dropbear start"
stop program "/etc/init.d/dropbear stop"
if failed port 22 protocol ssh then restart
if 5 restarts within 5 cycles then timeout
check filesystem root with path /
if space usage > 80% for 5 times within 15 cycles then alert
/etc/init.d/monit start
/etc/init.d/monit enable
