How To Configure DHCP on OpenWRT router

Posted on 14/03/2015
by AlfPi

First uninstall pre-installed dnsmasq:

/etc/init.d/dnsmasq stop
opkg remove dnsmasq

Then install the ISC DHCP server app:

opkg install http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/oldpackages/isc-dhcp-server-ipv4_4.2.4-3_ar71xx.ipk

Once that is done run:

nano /etc/dhcpd.conf

and replace the content with this:

# Show that we want to be the only DHCP server in this network:
authoritative;

option domain-name "myHome.com";
option domain-name-servers 192.168.0.1, 192.168.0.2;
#DHCP Scope:
subnet 192.168.0.0 netmask 255.255.255.0 {
#DHCP range
range 192.168.0.100 192.168.0.130;
#default gateway
option routers 192.168.0.1;
}

default-lease-time 691200; # 8 days
max-lease-time 864000; # 10 days

# Static assignments
host PC1 {
hardware ethernet 00:11:22:33:44:55;
fixed-address 192.168.0.10;
}

host PC2 {
hardware ethernet 00:88:77:77:66:66;
fixed-address 192.168.0.11;
}

Save the file and start the service

/etc/init.d/dhcpd start

To see dhcpd leases run:

more /var/dhcpd.leases

# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.2.4

lease 192.168.1.100 {
  starts 4 2015/03/05 17:57:24;
  ends 4 2015/03/05 17:59:24;
  tstp 4 2015/03/05 17:59:24;
  cltt 4 2015/03/05 17:57:24;
  binding state free;
  hardware ethernet 11:22:33:55:44:33;
  client-hostname "Windows7-PC";
}
lease 192.168.1.102 {
  starts 4 2015/03/05 18:19:06;
  ends 4 2015/03/05 18:21:06;
  tstp 4 2015/03/05 18:21:06;
  cltt 4 2015/03/05 18:19:06;
  binding state free;
  hardware ethernet 11:33:55:ee:ff:55;
  client-hostname "mobile-phone";
}

Job done. To install DNS follow here.

How To Configure BIND as a DNS Server

Posted on 14/03/2015
by AlfPi

The aim is to setup two DNS servers:
Master DNS server – OpenWRT router -192.168.0.1 – FQDN: ns1.example.com
Slave DNS server – Debian server – 192.168.0.2 – FQDN: ns2.example.com
Web Server – 192.168.0.3 – FQDN: example.com

Setting the Hostname on the Name Servers
Install Bind on Both Name Servers
Configure the Master Bind Server
Configure the Slave Bind Server

1. Setting the hostname

Edit /etc/hosts file so it looks like this

127.0.0.1       localhost
192.168.0.1     ns1.example.com ns1

and for debian server:

127.0.0.1       localhost
192.168.0.2     ns2.example.com ns2

then edit the /etc/hostname so it looks like this:

ns1

and for debian box:

ns2

2. Instal BIND

On the OpenWRT router from the ssh run the following:
Uninstall preinstalled dnsmasq:

/etc/init.d/dnsmasq stop
opkg remove dnsmasq

then install BIND

opkg update
opkg install bind-server bind-tools

On a debian box run:

 sudo apt-get update
 sudo apt-get install bind9 bind9utils bind9-doc

3. Configure the Master Bind Server

On the OpenWRT box the bind directory structure is a bit different from the one on debian as there is only one file that holds all the config: /etc/bind/named.conf

We need to add few bits to it (highlighted in red)

// this section defines who is allow to submit queries to the server
acl goodclients {
        192.168.0.0/24;
        localhost;
        localnets;
};

options {
        directory "/tmp";

        recursion yes;
        allow-transfer { none; };

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

// here we define our zones

zone "example.com" {
    type master;
    file "/etc/bind/zones/db.example.com";
    allow-transfer { 192.168.0.2; };
};

zone "0.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.192.168.0";
    allow-transfer { 192.168.0.2; };
};

Create the Forward Zone File

In the /etc/bind folder create zones subfolder then create db.example.com file and paste this content:

$TTL 604800
@ IN SOA ns1.example.com. root.example.com. (
                        10 ; Serial
                    604800 ; Refresh
                     86400 ; Retry
                   2419200 ; Expire
                  604800 ) ; Negative Cache TTL
;

; Name servers
example.com. IN NS ns1.example.com.
example.com. IN NS ns2.example.com.

; A records for name servers
ns1 IN A 192.168.0.1
ns2 IN A 192.168.0.2

; Other A records
@         IN A 192.168.0.3
www       IN A 192.168.0.3
computer1 IN A 192.168.0.4
printer   IN A 192.168.0.5

IMPORTANT bit to remember here is to change the serial number each time this file is edited!

Create the Reverse Zone File

In /etc/bind/zones create file: db.192.168.0 and paste this content:

$TTL    604800
@       IN      SOA     example.com. admin.example.com. (
                 10       ; Serial
           604800         ; Refresh
            86400         ; Retry
          2419200         ; Expire
           604800 )       ; Negative Cache TTL
;

; Name servers
IN      NS      ns1.example.com.
IN      NS      ns2.example.com.

; PTR Records
1               IN      NS      ns1.example.com.
2               IN      NS      ns2.example.com.
3               IN      NS      www.example.com.
5               IN      NS      printer.example.com.
4               IN      NS      computer1.example.com.

Testing

named-checkconf /etc/bind/named.conf

If there is a problem with the config this will tell you where to look in the config file. If the config is fine there is no output.
Next we check our zones:

named-checkzone example.com /etc/bind/zones/db.example.com

If your file has no problems, it should tell you that it loaded the correct serial number and give the “OK” message;

zone example.com/IN: loaded serial 10
OK

then we do the same thing to the reverse lookup zone file.

if everthing is OK the we enable and start the BIND service:

/etc/init.d/named enable
/etc/init.d/named start

With the server running run this:

dig ANY intra @localhost

and if everything is setup correctly you should get something like this:

root@wrt:/etc/bind/zones# dig any example.com @localhost

; <<>> DiG 9.9.6-P1 <<>> any example.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<

Configure the Slave Bind Server

Configuring the Options File

Now on our debian box we edit the config file

nano /etc/bind/named.conf.options

Edit the options section so it looks like this:

options {
directory "/var/cache/bind";
recursion no;
allow-transfer { none; };

dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

Save and close the file when you are finished.

Configuring the Local Configuration File

sudo nano /etc/bind/named.conf.local

We will create each of our zone specifications.

First, we will work on the forward zone:

zone "example.com" {
};

and edit it so it looks like this:

zone "example.com" {
type slave;
file "db.example.com";
masters { 192.168.0.1; };
};

This completes our forward zone setup.

We can use this same exact format to take care of our reverse zone config:

zone "0.168.192.in-addr.arpa" {
type slave;
file "db.192.168.0";
masters { 192.168.0.1; };
};

When you are finished, you can save and close the file.

To check that zone transfer was successful run:

sudo tail -f /var/log/syslog

That should have some entries to indicate that the zone files have been transferred correctly.

To configure DHCP follow here.

Good source of BIND config knowledge here.

TP-LINK TL WR1043ND v2 OpenWRT setup

Posted on 25/02/2015
by AlfPi

The aim is to replace the TP-LINK firmware with OpenWRT and convert the device into LAN access point.

1. Get the firmware:

Downloaded the firmware from here. File called: openwrt-ar71xx-generic-tl-wr1043nd-v2-squashfs-factory

2. Login to the router and upgrade the firmware.

3. Login to the router via telnet:

BusyBox v1.22.1 (2015-02-25 03:48:40 UTC) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 CHAOS CALMER (Bleeding Edge, r44528)
 -----------------------------------------------------
  * 1 1/2 oz Gin            Shake with a glassful
  * 1/4 oz Triple Sec       of broken ice and pour
  * 3/4 oz Lime Juice       unstrained into a goblet.
  * 1 1/2 oz Orange Juice
  * 1 tsp. Grenadine Syrup
 -----------------------------------------------------
root@OpenWrt:~#

and set the root password. Once that is done re-login via SSH.

4. As I am not connecting that device to internet as yet, I need to tell it what is the default gateway:

root@OpenWrt:/etc/config# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
root@OpenWrt:/etc/config# route add default gw 192.168.1.254 br-lan
root@OpenWrt:/etc/config# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.254   0.0.0.0         UG    0      0        0 br-lan
192.168.1.0     *               255.255.255.0   U     0      0        0 br-lan
root@OpenWrt:/etc/config# ping google.com
PING google.com (216.58.209.238): 56 data bytes
64 bytes from 216.58.209.238: seq=0 ttl=56 time=8.552 ms
64 bytes from 216.58.209.238: seq=1 ttl=56 time=8.600 ms

5. Install Web Console.
Add the a line like this to your /etc/opkg.conf to enable the openwrt package repository:

src luci http://downloads.openwrt.org/kamikaze/8.09.2/YOUR_ARCHITECTURE/packages

then run:

# opkg update

then to install the https enabled web console:

root@OpenWrt:/# opkg install luci-ssl
 Installing luci-ssl (git-15.051.48491-4137afe-1) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/luci/luci-ssl_git-15.051.48491-4137afe-1_all.ipk.
 Installing luci (git-15.051.48491-4137afe-1) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/luci/luci_git-15.051.48491-4137afe-1_all.ipk.
 Installing libustream-polarssl (2014-03-25-fc0b5ec804ee43c532978dd04ab0509c34baefb0) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/libustream-polarssl_2014-03-25-fc0b5ec804ee43c532978dd04ab0509c34baefb0_ar71xx.ipk.
 Installing libpolarssl (1.3.10-1) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/libpolarssl_1.3.10-1_ar71xx.ipk.
 Installing px5g (3) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/px5g_3_ar71xx.ipk.
 Configuring luci.
 Configuring libpolarssl.
 Configuring libustream-polarssl.
 Configuring px5g.
 Configuring luci-ssl.

7. Login to the Web Console:

Job Done.