octavia

  1. hardware
  1. octavia
  2. Configuration of the Omnia router
    1. Basic configuration
    2. Traffic shaper
    3. Deployment procedure
    4. Tests to run
    5. Changes from usual OpenWRT configurations

Octavia est mon routeur maison. J'ai écrit mon tout premier article pour LWN à son sujet, voir 2016-11-15-omnia.

Il porte le nom de l'auteure de science-fiction Octavia E. Butler, "an African-American science-fiction writer" known for her "critique of present day hierarchies, the remaking of the human, the creation of alternative communities, and afro-futurism". The New York times described her novels as "evocative" and "often troubling" explorations of "far-reaching issues of race, sex, power".

The destiny of Earthseed is to take root among the stars.

-- Octavia Butler

Configuration of the Omnia router

Basic configuration

Features enabled in the basic config:

Features disabled:

UCI configuration:

Services retired:

Installed bash, screen and tcpdump:

opkg update
opkg install bash screen tcpdump

Interesting guide? http://www.jauu.net/2015/03/03/complete-openwrt-guide/

Had to hack the resolver to fix internal name resolution, see:

https://forum.turris.cz/t/knot-resolver-configuration-improvement-in-omnia/934/4

-- forward requests to marcos for internal hostnames 
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('anarc.at')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('anarcat.ath.cx')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('orangeseeds.org')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('168.192.in-addr.arpa')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('16.172.in-addr.arpa')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('9.0.0.0.1.0.0.0.8.2.9.1.1.0.0.2.ip6.arpa')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('a.0.d.4.b.e.1.9.0.c.2.f.7.0.6.2.ip6.arpa')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('0.0.f.8.f.0.0.f.0.c.2.f.7.0.6.2.ip6.arpa')}))

Traffic shaper

created /etc/updater/hook_postupdate/03_remove_wshaper.sh with this:

#!/bin/sh
opkg remove "luci-i18n-wshaper-cs"
opkg remove "luci-i18n-wshaper-en"
opkg remove "luci-app-wshaper"
opkg remove "wshaper"

so turris doesn't install it again, then installed sqm:

opkg install luci-app-sqm

and followed: https://wiki.openwrt.org/doc/howto/sqm

before: http://www.dslreports.com/speedtest/6435557 after: http://www.dslreports.com/speedtest/6435680

lost 2mbps down, but fixed bufferbloat issue...

some tweaking may restore the 2mbps.

see also: https://forum.turris.cz/t/wondershaper-srsly-qos-aqm/1095

consider flent for network tests: https://forum.turris.cz/t/wondershaper-srsly-qos-aqm/1095

e.g. flent rrul netperf.bufferbloat.net

Deployment procedure

  1. change LAN IP
  2. change WAN connection to PPPoE

Tests to run

  1. Web, on another host:

    curl https://anarc.at/

    If no shell access, try Webbloatscore since it produces a screenshot.

  2. DNS: local network should resolve locally, outside should show CNAMEs

    $ host shell.anarc.at
shell.anarc.at is an alias for marcos.anarc.at.
marcos.anarc.at has address 206.248.172.91

  3. SSH: test if we can reach the inside server from the outside of the network (and not the router)

    $ nc -v shell.anarc.at 22
Connection to shell.anarc.at 22 port [tcp/ssh] succeeded!
SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3

Other ports are assumed to be correctly configured unless otherwise noticed during later use.

Changes from usual OpenWRT configurations

There is a real syslog with persistent logfiles, in /var/log, so forget about logread.

Same with SSH, it's openssh, so /root/.ssh/authorized_keys - because /etc/dropbear/authorized_keys was weird anyways.

Created . Edited .