How To Configure DHCP on OpenWRT router

First uninstall pre-installed dnsmasq:

/etc/init.d/dnsmasq stop
opkg remove dnsmasq

Then install the ISC DHCP server app:

opkg install http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/oldpackages/isc-dhcp-server-ipv4_4.2.4-3_ar71xx.ipk

dhcp_install

Once that is done run:

nano /etc/dhcpd.conf

and replace the content with this:

# Show that we want to be the only DHCP server in this network:
authoritative;

option domain-name "myHome.com";
option domain-name-servers 192.168.0.1, 192.168.0.2;
#DHCP Scope:
subnet 192.168.0.0 netmask 255.255.255.0 {
#DHCP range
range 192.168.0.100 192.168.0.130;
#default gateway
option routers 192.168.0.1;
}

default-lease-time 691200; # 8 days
max-lease-time 864000; # 10 days

# Static assignments
host PC1 {
hardware ethernet 00:11:22:33:44:55;
fixed-address 192.168.0.10;
}

host PC2 {
hardware ethernet 00:88:77:77:66:66;
fixed-address 192.168.0.11;
}

Save the file and start the service

/etc/init.d/dhcpd start

To see dhcpd leases run:

more /var/dhcpd.leases

# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.2.4

lease 192.168.1.100 {
  starts 4 2015/03/05 17:57:24;
  ends 4 2015/03/05 17:59:24;
  tstp 4 2015/03/05 17:59:24;
  cltt 4 2015/03/05 17:57:24;
  binding state free;
  hardware ethernet 11:22:33:55:44:33;
  client-hostname "Windows7-PC";
}
lease 192.168.1.102 {
  starts 4 2015/03/05 18:19:06;
  ends 4 2015/03/05 18:21:06;
  tstp 4 2015/03/05 18:21:06;
  cltt 4 2015/03/05 18:19:06;
  binding state free;
  hardware ethernet 11:33:55:ee:ff:55;
  client-hostname "mobile-phone";
}

Job done. To install DNS follow here.

How To Configure BIND as a DNS Server

The aim is to setup two DNS servers:
Master DNS server – OpenWRT router -192.168.0.1 – FQDN: ns1.example.com
Slave DNS server – Debian server – 192.168.0.2 – FQDN: ns2.example.com
Web Server – 192.168.0.3 – FQDN: example.com

  1. Setting the Hostname on the Name Servers
  2. Install Bind on Both Name Servers
  3. Configure the Master Bind Server
  4. Configure the Slave Bind Server

1. Setting the hostname

Edit /etc/hosts file so it looks like this

127.0.0.1       localhost
192.168.0.1     ns1.example.com ns1

and for debian server:

127.0.0.1       localhost
192.168.0.2     ns2.example.com ns2

then edit the /etc/hostname so it looks like this:

ns1

and for debian box:

ns2

2. Instal BIND

On the OpenWRT router from the ssh run the following:
Uninstall preinstalled dnsmasq:

/etc/init.d/dnsmasq stop
opkg remove dnsmasq

then install BIND

opkg update
opkg install bind-server bind-tools

On a debian box run:

 sudo apt-get update
 sudo apt-get install bind9 bind9utils bind9-doc

3. Configure the Master Bind Server

On the OpenWRT box the bind directory structure is a bit different from the one on debian as there is only one file that holds all the config: /etc/bind/named.conf

We need to add few bits to it (highlighted in red)

// this section defines who is allow to submit queries to the server
acl goodclients {
        192.168.0.0/24;
        localhost;
        localnets;
};

options {
        directory "/tmp";

        recursion yes;
        allow-transfer { none; };

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

// here we define our zones

zone "example.com" {
    type master;
    file "/etc/bind/zones/db.example.com";
    allow-transfer { 192.168.0.2; };
};

zone "0.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.192.168.0";
    allow-transfer { 192.168.0.2; };
};

Create the Forward Zone File

In the /etc/bind folder create zones subfolder then create db.example.com file and paste this content:

$TTL 604800
@ IN SOA ns1.example.com. root.example.com. (
                        10 ; Serial
                    604800 ; Refresh
                     86400 ; Retry
                   2419200 ; Expire
                  604800 ) ; Negative Cache TTL
;

; Name servers
example.com. IN NS ns1.example.com.
example.com. IN NS ns2.example.com.

; A records for name servers
ns1 IN A 192.168.0.1
ns2 IN A 192.168.0.2

; Other A records
@         IN A 192.168.0.3
www       IN A 192.168.0.3
computer1 IN A 192.168.0.4
printer   IN A 192.168.0.5

IMPORTANT bit to remember here is to change the serial number each time this file is edited!

 

Create the Reverse Zone File

In /etc/bind/zones create file: db.192.168.0 and paste this content:

 

$TTL    604800
@       IN      SOA     example.com. admin.example.com. (
                 10       ; Serial
           604800         ; Refresh
            86400         ; Retry
          2419200         ; Expire
           604800 )       ; Negative Cache TTL
;

; Name servers
IN      NS      ns1.example.com.
IN      NS      ns2.example.com.

; PTR Records
1               IN      NS      ns1.example.com.
2               IN      NS      ns2.example.com.
3               IN      NS      www.example.com.
5               IN      NS      printer.example.com.
4               IN      NS      computer1.example.com.

Testing

named-checkconf /etc/bind/named.conf

If there is a problem with the config this will tell you where to look in the config file. If the config is fine there is no output.
Next we check our zones:

named-checkzone example.com /etc/bind/zones/db.example.com

If your file has no problems, it should tell you that it loaded the correct serial number and give the “OK” message;

zone example.com/IN: loaded serial 10
OK

then we do the same thing to the reverse lookup zone file.

if everthing is OK the we enable and start the BIND service:

/etc/init.d/named enable
/etc/init.d/named start

With the server running run this:

dig ANY intra @localhost

and if everything is setup correctly you should get something like this:

root@wrt:/etc/bind/zones# dig any example.com @localhost

; <<>> DiG 9.9.6-P1 <<>> any example.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<

 

Configure the Slave Bind Server

Configuring the Options File

Now on our debian box we edit the config file

nano /etc/bind/named.conf.options

Edit the options section so it looks like this:

options {
directory "/var/cache/bind";
recursion no;
allow-transfer { none; };

dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

Save and close the file when you are finished.

Configuring the Local Configuration File

sudo nano /etc/bind/named.conf.local

We will create each of our zone specifications.

First, we will work on the forward zone:

zone "example.com" {
};

and edit it so it looks like this:

zone "example.com" {
type slave;
file "db.example.com";
masters { 192.168.0.1; };
};

This completes our forward zone setup.

We can use this same exact format to take care of our reverse zone config:

zone "0.168.192.in-addr.arpa" {
type slave;
file "db.192.168.0";
masters { 192.168.0.1; };
};

When you are finished, you can save and close the file.

To check that zone transfer was successful run:

sudo tail -f /var/log/syslog

That should have some entries to indicate that the zone files have been transferred correctly.

To configure DHCP follow here.

Good source of BIND config knowledge here.

TP-LINK TL WR1043ND v2 OpenWRT setup

The aim is to replace the TP-LINK firmware with OpenWRT and convert the device into LAN access point.

1. Get the firmware:

Downloaded the firmware from here. File called: openwrt-ar71xx-generic-tl-wr1043nd-v2-squashfs-factory

2. Login to the router and upgrade the firmware.

3. Login to the router via telnet:

BusyBox v1.22.1 (2015-02-25 03:48:40 UTC) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 CHAOS CALMER (Bleeding Edge, r44528)
 -----------------------------------------------------
  * 1 1/2 oz Gin            Shake with a glassful
  * 1/4 oz Triple Sec       of broken ice and pour
  * 3/4 oz Lime Juice       unstrained into a goblet.
  * 1 1/2 oz Orange Juice
  * 1 tsp. Grenadine Syrup
 -----------------------------------------------------
root@OpenWrt:~#

and set the root password. Once that is done re-login via SSH.

4. As I am not connecting that device to internet as yet, I need to tell it what is the default gateway:

root@OpenWrt:/etc/config# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
root@OpenWrt:/etc/config# route add default gw 192.168.1.254 br-lan
root@OpenWrt:/etc/config# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.254   0.0.0.0         UG    0      0        0 br-lan
192.168.1.0     *               255.255.255.0   U     0      0        0 br-lan
root@OpenWrt:/etc/config# ping google.com
PING google.com (216.58.209.238): 56 data bytes
64 bytes from 216.58.209.238: seq=0 ttl=56 time=8.552 ms
64 bytes from 216.58.209.238: seq=1 ttl=56 time=8.600 ms

5. Install Web Console.
Add the a line like this to your /etc/opkg.conf to enable the openwrt package repository:

src luci http://downloads.openwrt.org/kamikaze/8.09.2/YOUR_ARCHITECTURE/packages

then run:

# opkg update

then to install the https enabled web console:

root@OpenWrt:/# opkg install luci-ssl
 Installing luci-ssl (git-15.051.48491-4137afe-1) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/luci/luci-ssl_git-15.051.48491-4137afe-1_all.ipk.
 Installing luci (git-15.051.48491-4137afe-1) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/luci/luci_git-15.051.48491-4137afe-1_all.ipk.
 Installing libustream-polarssl (2014-03-25-fc0b5ec804ee43c532978dd04ab0509c34baefb0) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/libustream-polarssl_2014-03-25-fc0b5ec804ee43c532978dd04ab0509c34baefb0_ar71xx.ipk.
 Installing libpolarssl (1.3.10-1) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/libpolarssl_1.3.10-1_ar71xx.ipk.
 Installing px5g (3) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/px5g_3_ar71xx.ipk.
 Configuring luci.
 Configuring libpolarssl.
 Configuring libustream-polarssl.
 Configuring px5g.
 Configuring luci-ssl.

7. Login to the Web Console:

OpenWRT-login

 

Job Done.