Howto openwrt
download stable image
download openwrt image for x86:
wget https://downloads.openwrt.org/releases/23.05.4/targets/x86/legacy/openwrt-23.05.4-x86-legacy-generic-squashfs-combined.img.gz
decompress image:
gzip -d openwrt-23.05.4-x86-legacy-generic-squashfs-combined.img.gz
copy image to pendrive:
dd if=openwrt-23.05.4-x86-legacy-generic-squashfs-combined.img of=/dev/sdd status=progress
download snapshot image
download latest snapshot:
mkdir ~/snapshot-$(date +%F)/openwrt/{image,packages,scripts} -p
cd ~/snapshot-$(date +%F)/openwrt/image
wget https://downloads.openwrt.org/snapshots/targets/x86/legacy/openwrt-x86-legacy-generic-squashfs-combined.img.gz
download packages:
cd ~/openwrt/snapshot-$(date +%F)/packages/ wget https://mirror-03.infra.openwrt.org/snapshots/targets/x86/legacy/kmods/6.6.67-1-798f9a954b40c2dc861e7fb593a9ad97/kmod-e1000e-6.6.67-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/targets/x86/legacy/kmods/6.6.67-1-798f9a954b40c2dc861e7fb593a9ad97/kmod-pptp-6.6.67-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/targets/x86/legacy/kmods/6.6.67-1-798f9a954b40c2dc861e7fb593a9ad97/kmod-gre-6.6.67-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/targets/x86/legacy/kmods/6.6.67-1-798f9a954b40c2dc861e7fb593a9ad97/kmod-iptunnel-6.6.67-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/libsmartcols1-2.40.2-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/losetup-2.40.2-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/libreadline8-8.2-r2.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/libncurses6-6.4-r2.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/blockdev-2.40.2-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/lsblk-2.40.2-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/terminfo-6.4-r2.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/libmount1-2.40.2-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/libblkid1-2.40.2-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/libfdisk1-2.40.2-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/base/fdisk-2.40.2-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/packages/libparted-3.6-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/packages/parted-3.6-r1.apk wget https://mirror-03.infra.openwrt.org/snapshots/packages/i386_pentium-mmx/packages/bash-5.2.32-r1.apk
decompress image:
gzip -d openwrt-x86-legacy-generic-squashfs-combined.img.gz
flash the image to drive:
dd if=openwrt-x86-legacy-generic-squashfs-combined.img of=/dev/sdd status=progress
boot system then install packages:
touch repo.list && apk add --repositories-file=repo.list --allow-untrusted --no-cache --no-network *.apk
openwrt 24.10.0-rc2
download firmware for x86 generic:
wget https://downloads.openwrt.org/releases/24.10.0-rc2/targets/x86/legacy/openwrt-24.10.0-rc2-x86-legacy-generic-squashfs-combined.img.gz
decompress image:
gzip -d openwrt-24.10.0-rc2-x86-legacy-generic-squashfs-combined.img.gz
copy image to pendrive:
dd if=openwrt-24.10.0-rc2-x86-legacy-generic-squashfs-combined.img of=/dev/sdd status=progress
download kernel packages for network:
wget https://downloads.openwrt.org/releases/24.10.0-rc2/targets/x86/legacy/kmods/6.6.63-1-d72a65c77b491eb21add169b1df0a748/kmod-e1000e_6.6.63-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/targets/x86/legacy/kmods/6.6.63-1-d72a65c77b491eb21add169b1df0a748/kmod-pptp_6.6.63-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/targets/x86/legacy/kmods/6.6.63-1-d72a65c77b491eb21add169b1df0a748/kmod-gre_6.6.63-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/targets/x86/legacy/kmods/6.6.63-1-d72a65c77b491eb21add169b1df0a748/kmod-iptunnel4_6.6.63-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/targets/x86/legacy/packages/libc_1.2.5-r4_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/libsmartcols1_2.40.2-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/losetup_2.40.2-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/packages/bash_5.2.32-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/libreadline8_8.2-r2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/libncurses6_6.4-r2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/blockdev_2.40.2-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/packages/libparted_3.6-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/packages/parted_3.6-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/lsblk_2.40.2-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/terminfo_6.4-r2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/libmount1_2.40.2-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/libblkid1_2.40.2-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/libfdisk1_2.40.2-r1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/24.10.0-rc2/packages/i386_pentium-mmx/base/fdisk_2.40.2-r1_i386_pentium-mmx.ipk
install packages:
opkg install *.ipk
configure grub:
https://wiki.vidalinux.org/index.php?title=Howto_openwrt#configure_grub
resize squashfs filesystem:
https://wiki.vidalinux.org/index.php?title=Howto_openwrt#resize_squashfs
install packages again:
opkg install *
edit /etc/config/network add the following:
config device 'lan_br'
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
config device 'eth1'
option name 'eth1'
config device 'eth2'
option name 'eth2'
config device 'eth3'
option name 'eth3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.99.1'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
restart network:
service network restart
reboot to enable wifi module:
reboot
install luci web interface:
https://wiki.vidalinux.org/index.php?title=Howto_openwrt#install_luci
upgrade firmware
download upgrade image:
wget https://mirror-03.infra.openwrt.org/releases/23.05.4/targets/x86/legacy/openwrt-23.05.4-x86-legacy-generic-squashfs-combined.img.gz
upgrade from terminal:
sysupgrade -v /tmp/openwrt-23.05.4-x86-legacy-generic-squashfs-combined.img.gz
resize squashfs
download the following scripts:
wget https://raw.githubusercontent.com/vidalinux/openwrt/main/resizefs.sh wget https://raw.githubusercontent.com/vidalinux/openwrt/main/expand.sh
execute the script to resize your root partition:
bash resizefs.sh
execute the script to expand your partition:
bash expand.sh
then reboot:
reboot
configure network
edit /etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd5c:aa60:b3ab::/48'
config device 'lan_br'
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
config device 'eth1'
option name 'eth1'
config device 'eth2'
option name 'eth2'
config device 'eth3'
option name 'eth3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.99.1'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
start network:
service network restart
install tool packages
update repo for stable version:
opkg update
install packages:
opkg install bash curl parted fdisk lsblk nano hostapd wireless-tools wpa-supplicant kmod-iwlwifi pciutils blockdev mount-utils losetup resize2fs openssh-sftp-server iperf3
upgrade all packages
upgrade all packages installed:
opkg update opkg list-upgradable | cut -f 1 -d ' ' | xargs -r opkg upgrade
configure dhcp server
edit /etc/config/dhcp:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan.ovox.local'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
list server '4.2.2.1'
list server '4.2.2.2'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wifi2'
option interface 'wifi2'
option start '240'
option leasetime '2m'
option limit '14'
restart dhcp service:
service dnsmasq restart
configure firewall
edit /etc/config/firewall:
config defaults
option syn_flood 1
option input REJECT
option output ACCEPT
option forward REJECT
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config zone
option name wifi2
list network 'wifi2'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
config forwarding
option src wifi2
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow IPSec
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
dnat rule example:
config redirect
option src wan
option src_dip 192.168.24.45
option dest lan
option dest_ip 192.168.99.208
option target DNAT
option name DNAT-IP-WAN-LAN
option enabled
snat rule example:
config redirect
option target SNAT
option src lan
option dest wan
option src_ip 192.168.99.208
option src_dip 192.168.24.45
option enabled 1
option name SNAT-IP-LAN-WAN
restart firewall:
service firewall restart
configure 4g modem
install packages:
opkg update opkg install qmi-utils lib-qmi luci-proto-qmi kmod-usb-net-qmi-wwan uqmi kmod-usb-net kmod-usb-net-cdc-ether kmod-usb-serial-wwan kmod-usb-serial-option kmod-usb-serial picocom
configure network interface:
config interface 'wwan'
option ifname 'wwan0'
option service 'fdd_lte'
option apn 'fast.t-mobile.com'
option proto 'qmi'
option device '/dev/cdc-wdm0'
option metric '40'
option auth 'none'
option pdptype 'ipv4'
add the following rules to /etc/config/firewall:
config dhcp 'wwan'
option interface 'wwan'
option ignore '1'
config zone
option name wwan
list network 'wwan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wwan
reboot system:
reboot
check connection status:
uqmi -d /dev/cdc-wdm0 --get-data-status
check sim card status:
qmicli --device=/dev/cdc-wdm0 --device-open-proxy --uim-get-card-status
install luci
install packages:
opkg update opkg install luci-compat luci-lib-ipkg luci luci-ssl
install luci modules:
opkg install luci-mod-rpc luci-mod-dashboard luci-mod-network luci-mod-system luci-mod-status luci-app-opkg
download theme ipk:
wget --no-check-certificate https://github.com/jerrykuku/luci-theme-argon/releases/download/v2.3.1/luci-theme-argon_2.3.1_all.ipk -O luci-theme-argon_2.3.1_all.ipk opkg install luci-theme-argon_2.3.1_all.ipk
restart http server:
service uhttpd restart
enter web interface:
https://192.168.99.1
configure grub
set grub boot loader timeout edit /boot/grub/grub.cfg:
set timeout="0"
soekris net6501
install e1000e driver for intel 82574L:
mkdir openwrt/packages/23.05.4-x86 -p cd openwrt/packages/23.05.4-x86 wget https://downloads.openwrt.org/releases/23.05.4/targets/x86/legacy/packages/kmod-e1000e_5.15.162-1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/targets/x86/legacy/packages/kmod-ptp_5.15.162-1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/targets/x86/legacy/packages/libc_1.2.4-4_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/libsmartcols1_2.39-2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/losetup_2.39-2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/packages/bash_5.2.15-1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/libreadline8_8.2-1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/libncurses6_6.4-2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/blockdev_2.39-2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/packages/libparted_3.6-1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/packages/parted_3.6-1_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/lsblk_2.39-2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/terminfo_6.4-2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/libmount1_2.39-2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/libblkid1_2.39-2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/libfdisk1_2.39-2_i386_pentium-mmx.ipk wget https://downloads.openwrt.org/releases/23.05.4/packages/i386_pentium-mmx/base/fdisk_2.39-2_i386_pentium-mmx.ipk opkg install *.ipk
ax210 wireless drivers
drivers for intel ax210 wireless module:
opkg install iwlwifi-firmware-ax200 iwlwifi-firmware-ax210
mediatek 7916
drivers for mt7916an wireless module:
opkg install kmod-mt7915e kmod-mt7915-firmware kmod-mt7916-firmware kmod-mt7921-common kmod-mt7921-firmware kmod-mt7921e kmod-mt792x-common mt7986-wo-firmware kmod-mt76x2
mediatek 7916an
drivers for mt7916an wireless module:
opkg update opkg install kmod-mt7915e kmod-mt7915-firmware kmod-mt7916-firmware kmod-mt7921-common kmod-mt7921-firmware kmod-mt7921e kmod-mt792x-common mt7986-wo-firmware
mediatek 7925
drivers for mt7925 wireless module:
apk update apk add kmod-mt7925e
install firmware:
mkdir -p /lib/firmware/mediatek/mt7925 && cd /lib/firmware/mediatek/mt7925 wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/mediatek/mt7925/BT_RAM_CODE_MT7925_1_1_hdr.bin wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/mediatek/mt7925/WIFI_MT7925_PATCH_MCU_1_1_hdr.bin wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/mediatek/mt7925/WIFI_RAM_CODE_MT7925_1_1.bin
load kernel module:
modprobe mt7925e
watch kernel for errors:
dmesg |grep mt7925
install hostapd-ssl:
apk update apk del hostapd apk add hostapd-openssl
enable wifi:
uci set wireless.radio0.disabled=0 wifi up
add the following to /etc/rc.local:
modprobe mt7925e uci set wireless.radio0.disabled=0 wifi up
configure /etc/config/wireless:
config wifi-device 'radio0' option type 'mac80211' option path 'pci0000:00/0000:00:1a.0/0000:0d:00.0' option band '6g' option channel '1' option htmode 'HE160' option disabled '0' option cell_density '0' option country 'DE' config wifi-iface 'default_radio0' option device 'radio0' option network 'lan' option mode 'ap' option ssid 'OpenWrt' option encryption 'sae' option key 'testtest' option ieee80211k '1' option ieee80211d '1' option ieee80211w '2' option ieee80211h '1' option ieee80211ax '1'
configure /etc/config/network:
config device option name 'phy0-ap0' config device option name 'phy1-ap0'
reboot system:
reboot
configure wireless 2G
edit /etc/config/wireless:
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:1a.0/0000:0d:00.0'
option channel '11'
option band '2g'
option htmode 'HE80'
option cell_density '1'
option txpower '11'
option country 'US'
option disabled '0'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt2G'
option encryption 'psk2+tkip+ccmp'
option key 'livinglavidalinux'
restart network:
service network restart
configure wireless 5G
edit /etc/config/wireless:
config wifi-device 'radio1' option type 'mac80211' option path 'pci0000:00/0000:00:1a.0/0000:0d:00.0+1' option band '5g' option channel '36' option htmode 'HE80' option disabled '0' config wifi-iface 'default_radio1' option device 'radio1' option network 'lan' option mode 'ap' option ssid 'OpenWrt5G' option encryption 'psk2+tkip+ccmp' option key 'livinglavidalinux'
restart network:
service network restart
configure wireless 6G
install hostapd-ssl:
opkg update opkg remove hostapd opkg install hostapd-openssl
enable wifi:
uci set wireless.radio1.disabled=0 uci set wireless.radio0.disabled=0 uci commit wifi up
configure /etc/config/wireless:
config wifi-device 'radio0' option type 'mac80211' option path 'pci0000:00/0000:00:1a.0/0000:0d:00.0' option band '6g' option channel '1' option htmode 'HE160' option disabled '0' option cell_density '0' option country 'DE' config wifi-iface 'default_radio0' option device 'radio0' option network 'lan' option mode 'ap' option ssid 'OpenWrt6G' option encryption 'sae' option key 'testtest' option ieee80211k '1' option ieee80211d '1' option ieee80211w '2' option ieee80211h '1' option ieee80211ax '1'
restart network:
service network restart
statistics
install packages:
opkg update opkg install luci-app-statistics collectd collectd-mod-cpu \ collectd-mod-interface collectd-mod-iwinfo \ collectd-mod-load collectd-mod-memory collectd-mod-network collectd-mod-uptime /etc/init.d/luci_statistics enable /etc/init.d/collectd enable
dual wan
change interface name and add metric on /etc/config/network:
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option metric '10'
config interface 'wan2'
option device 'eth1'
option proto 'dhcp'
option metric '20'
install mwan3 package:
opkg update opkg install mwan3
install luci mwan3 module:
opkg install luci-app-mwan3
configure mwan3 wan intefaces on /etc/config/mwan3:
config globals 'globals' option mmx_mask '0x3F00' config interface 'wan' option initial_state 'online' option family 'ipv4' list track_ip '4.2.2.1' list track_ip '4.2.2.2' list track_ip '8.8.8.8' list track_ip '8.8.4.4' option track_method 'ping' option reliability '1' option count '1' option size '56' option max_ttl '60' option timeout '4' option interval '10' option failure_interval '5' option recovery_interval '5' option down '5' option up '5' option enabled '1' config interface 'wan2' option initial_state 'online' option family 'ipv4' list track_ip '4.2.2.1' list track_ip '4.2.2.2' list track_ip '8.8.8.8' list track_ip '8.8.4.4' option track_method 'ping' option reliability '1' option count '1' option size '56' option max_ttl '60' option timeout '4' option interval '10' option failure_interval '5' option recovery_interval '5' option down '5' option up '5' option enabled '1'
configure mwan3 members on /etc/config/mwan3:
config member 'wan_member' option interface 'wan' option metric '1' option weight '1' config member 'wan2_member' option interface 'wan2' option metric '2' option weight '2'
configure mwan3 policy on /etc/config/wman3:
config policy 'wan_to_wan2' list use_member 'wan_member' list use_member 'wan2_member' option last_resort 'unreachable'
configure mwan3 rules on /etc/config/mwan3:
config rule 'all' option proto 'all' option src_ip '192.168.99.0/24' option dest_ip '0.0.0.0/0' option sticky '0' option use_policy 'wan_to_wan2'
make sure you have correct rules for wan and wan2 on your /etc/config/firewall:
config zone option name wan list network 'wan' option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1 config forwarding option src lan option dest wan config zone option name wan2 list network 'wan2' option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1 config forwarding option src lan option dest wan2
restart firewall to apply rules:
service firewall restart
restart mwan3 service to apply changes:
service mwan3 restart
to verify mwan3 status use:
mwan3 status
wifi pineapple nano
to flash the device continue holding the reset button for 10 seconds, then release:
the blue led will remain solid
set ip address to your usb ethernet interface:
ifconfig eth1 192.168.1.2 netmask 255.255.255.0 up
download openwrt firmware image:
wget https://mirror-03.infra.openwrt.org/snapshots/targets/ath79/generic/openwrt-ath79-generic-hak5_lan-turtle-squashfs-sysupgrade.bin
browse to the following address to flash the device with new firmware:
http://192.168.1.1
share internet with pineapple nano:
cat > /usr/local/bin/sharenetwlan << EOF #!/bin/bash echo "1" > /proc/sys/net/ipv4/ip_forward iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -I POSTROUTING -o wlan0 -j MASQUERADE EOF
fix permissions and run script:
chmod +x /usr/local/bin/sharenetwlan /usr/local/bin/sharenetwlan
access pineapple nano via ssh:
ssh root@192.168.1.1
fix nameservers:
cat > /etc/resolv.conf << EOF nameserver 4.2.2.1 nameserver 4.2.2.2 EOF
install wireless drivers:
opkg install kmod-ath9k-htc kmod-ath9k-common ath9k-htc-firmware hostapd wireless-tools wpa-supplicant
install support por sdcard:
opkg install block-mount kmod-fs-ext4 e2fsprogs parted kmod-usb-storage kmod-mmc kmod-sdhci
default hak5 pineapple nano image:
https://downloads.hak5.org/api/devices/wifipineapplenano/firmwares/recovery
nftables
give access to another subnet:
nft add rule ip nat postrouting ip saddr 192.168.88.0/24 ip daddr 192.168.77.0/24 oif "eth2" accept
mikrotik 951g dumaos
for this tutorial you need a usb to ttl adapter:
https://www.amazon.com/dp/B00LODGRV8
open the mikrotik router then solder 3 cables on uart conector:
rx + tx + gnd
connect the cables to usb adapter:
rx to tx tx to rx gnd to gnd
then access the console output using screen:
screen /dev/ttyUSB0 115200
when system boot press f and enter to get shell then execute the following:
mount -o remount,rw /
edit ssh dropbear config to accept connections:
vi /etc/config/dropbear
change root user password:
passwd root
reboot router
reboot
connect to router using ssh:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc root@192.168.88.1 -p7777
backup configuration:
sysupgrade -b /tmp/backup-netdumaOS-$(date +%F).tar.gz
on receiver machine execute the following cmd:
nc -l -p 1234 > ./backup-netdumaOS-$(date +%F).tar.gz
on router execute the following to transfer backup to receiver machine:
nc 192.168.88.145 1234 < /tmp/backup-netdumaOS-2025-03-24.tar.gz
execute the following to list current partitions:
cat /proc/mtd
on receiver machine execute the following to received parttion mtd0:
nc -l -p 1234 > ./numaOS_sysbackup_mtd0_2025-03-24.bin
on router execute the following to backup and transfer the mtd0 output to receiver machine:
dd if=/dev/mtd0| nc 192.168.88.145 1234
on receiver machine execute the following to received parttion mtd1:
nc -l -p 1234 > ./numaOS_sysbackup_mtd1_2025-03-24.bin
on router execute the following to backup and transfer the mtd1 output to receiver machine:
dd if=/dev/mtd1| nc 192.168.88.145 1234
on receiver machine execute the following to received parttion mtd2:
nc -l -p 1234 > ./numaOS_sysbackup_mtd2_2025-03-24.bin
on router execute the following to backup and transfer the mtd2 output to receiver machine:
dd if=/dev/mtd2| nc 192.168.88.145 1234
download latest openwrt for mikrotik 951g on your machine:
wget https://downloads.openwrt.org/releases/24.10.0/targets/ath79/mikrotik/openwrt-24.10.0-ath79-mikrotik-mikrotik_routerboard-951g-2hnd-squashfs-sysupgrade.bin
start an http server using python:
python -m http.server
on router use wget to download image from http server:
wget http://192.168.88.145:8000/openwrt-24.10.0-ath79-mikrotik-mikrotik_routerboard-951g-2hnd-squashfs-sysupgrade.bin
install firmware using command line ( on serial console ):
sysupgrade -v openwrt-24.10.0-ath79-mikrotik-mikrotik_routerboard-951g-2hnd-squashfs-sysupgrade.bin
if you bricked your router don't panic, config /etc/dnsmasq.conf with tftp:
cat > /etc/dnsmasq.conf << EOF interface=eth0 dhcp-range=192.168.6.100,192.168.6.119,12 dhcp-host=e4:8d:8c:a0:67:96,192.168.6.101 enable-tftp tftp-root=/tftproot dhcp-boot=/tftproot/openwrt.bin,boothost,192.168.6.1 no-daemon EOF
download the following image and rename it:
mkdir /tftproot wget https://downloads.openwrt.org/releases/24.10.0/targets/ath79/mikrotik/openwrt-24.10.0-ath79-mikrotik-mikrotik_routerboard-951g-2hnd-initramfs-kernel.bin -O /tftproot/openwrt.bin
if you have NetworkManager stop the service:
systemctl stop NetworkManager
set your machine ip address to 192.168.6.1:
ip addr add 192.168.6.1/24 dev eth0
iniciate dnsmasq server:
dnsmasq
use screen to view your serial console:
screen /dev/ttyUSB0 115200
if you have the following error:
dnsmasq-dhcp[1644]: DHCPDISCOVER(eth0) dc:08:0f:a1:1e:f4 no address available
use this mac address to configure your dnsmasq.conf:
dhcp-host=dc:08:0f:a1:1e:f4,192.168.6.101
when system boot reflash your router, start http server with router image:
python -m http.server
download image to router:
wget http://192.168.6.1:8000/openwrt-24.10.0-ath79-mikrotik-mikrotik_routerboard-951g-2hnd-squashfs-sysupgrade.bin
install firmware using command line ( on serial console ):
sysupgrade -v openwrt-24.10.0-ath79-mikrotik-mikrotik_routerboard-951g-2hnd-squashfs-sysupgrade.bin
references
references
- http://www.soekris.com/products/net6501-1.html
- http://www.soekris.com/media/manuals/net6501_manual.pdf
- https://openwrt.org/toh/start
- https://mirror-03.infra.openwrt.org/releases/23.05.3/targets
- https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_nat
- https://forum.openwrt.org/t/x86-64-build-mt7975-kmod-module/171529/5
- https://openwrt.org/docs/guide-user/network/wan/wwan/ltedongle
- https://openwrt.org/docs/guide-user/additional-software/extroot_configuration
- https://docs.hak5.org/wifi-pineapple-6th-gen-nano-tetra/faq-troubleshooting/firmware-recovery
- https://asiarf.com/product/wi-fi-6e-mini-pcie-module-mt7916-aw7916-npd/
- https://firmware-selector.openwrt.org
- https://aur.archlinux.org/packages/iwlwifi-lar-disable-dkms
- https://blog.christophersmart.com/2019/09/09/monitoring-openwrt-with-collectd-influxdb-and-grafana/