Configuration of the Omnia router

Basic configuration

Features enabled in the basic config:

Features disabled:

UCI configuration:

Services retired:

Installed bash, screen and tcpdump:

opkg update
opkg install bash screen tcpdump

Interesting guide? http://www.jauu.net/2015/03/03/complete-openwrt-guide/

Had to hack the resolver to fix internal name resolution, see:

https://forum.turris.cz/t/knot-resolver-configuration-improvement-in-omnia/934/4

-- forward requests to marcos for internal hostnames 
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('anarc.at')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('anarcat.ath.cx')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('orangeseeds.org')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('168.192.in-addr.arpa')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('16.172.in-addr.arpa')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('9.0.0.0.1.0.0.0.8.2.9.1.1.0.0.2.ip6.arpa')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('a.0.d.4.b.e.1.9.0.c.2.f.7.0.6.2.ip6.arpa')}))
policy:add(policy.suffix(policy.FORWARD('192.168.0.3'), {todname('0.0.f.8.f.0.0.f.0.c.2.f.7.0.6.2.ip6.arpa')}))

Traffic shaper

created /etc/updater/hook_postupdate/03_remove_wshaper.sh with this:

#!/bin/sh
opkg remove "luci-i18n-wshaper-cs"
opkg remove "luci-i18n-wshaper-en"
opkg remove "luci-app-wshaper"
opkg remove "wshaper"

so turris doesn't install it again, then installed sqm:

opkg install luci-app-sqm

and followed: https://wiki.openwrt.org/doc/howto/sqm

before: http://www.dslreports.com/speedtest/6435557 after: http://www.dslreports.com/speedtest/6435680

lost 2mbps down, but fixed bufferbloat issue...

some tweaking may restore the 2mbps.

see also: https://forum.turris.cz/t/wondershaper-srsly-qos-aqm/1095

consider flent for network tests: https://forum.turris.cz/t/wondershaper-srsly-qos-aqm/1095

e.g. flent rrul netperf.bufferbloat.net

Deployment procedure

  1. change LAN IP
  2. change WAN connection to PPPoE

Tests to run

  1. Web, on another host:

    curl https://anarc.at/
    

    If no shell access, try Webbloatscore since it produces a screenshot.

  2. DNS: local network should resolve locally, outside should show CNAMEs

    $ host shell.anarc.at
    shell.anarc.at is an alias for marcos.anarc.at.
    marcos.anarc.at has address 206.248.172.91
    
  3. SSH: test if we can reach the inside server from the outside of the network (and not the router)

    $ nc -v shell.anarc.at 22
    Connection to shell.anarc.at 22 port [tcp/ssh] succeeded!
    SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
    

Other ports are assumed to be correctly configured unless otherwise noticed during later use.

Changes from usual OpenWRT configurations

There is a real syslog with persistent logfiles, in /var/log, so forget about logread.

Same with SSH, it's openssh, so /root/.ssh/authorized_keys - because /etc/dropbear/authorized_keys was weird anyways.

Created . Edited .