grantstephens/Flashing OpenWRT.md

## buttons
#!/bin/sh
# /etc/hotplug.d/button/buttons
# This file uses the slider to disable the client wireless network- this lets the AP network come up if it cannot connect to the one where it is the client.
logger the button was $BUTTON and the action was $ACTION
if [ "$BUTTON" = "BTN_0" ]; then
  if [ "$ACTION" = "pressed" ]; then
    uci set wireless.default_radio0.disabled=0
    logger wificlient enabled
  elif [ "$ACTION" = "released" ]; then
    uci set wireless.default_radio0.disabled=1
    logger wificlient disabled
  fi
fi

uci commit wireless
wifi

## firewall
# /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan wlan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option network 'wan'
	option forward 'ACCEPT'
	option masq '1'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone
	option input 'ACCEPT'
	option output 'ACCEPT'
	option name 'ap'
	option forward 'ACCEPT'
	option network 'ap'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option dest 'wan'
	option src 'ap'

## Flashing OpenWRT.md

      
    Raw
  

              Flashing OpenWRT.md
            
          
    Important Links:

OpenWRT device page

Flash instruction:
The only way to flash LEDE image in TL-WR902AC v3 is to use
tftp recovery mode in U-Boot:

Configure PC with static IP 192.168.0.66/24 and tftp server.
Rename "openwrt-ramips-mt76x8-tplink_tl-wr902ac-v3-squashfs-tftp-recovery.bin" to "tp_recovery.bin" and place it in tftp server directory.
Connect PC with the LAN port, press the reset button, power up the router and keep button pressed for around 6-7 seconds, until device starts downloading the file.
Router will download file from server, write it to flash and reboot.
Router has wifi disabled by default, thus ethernet is needed to setup. Luci also isn't installed with snapshot images


## initwanled
#!/bin/sh /etc/rc.common
# This is the script that starts the wanled script. It needs to be enabled witth /etc/init.d/wanled enable
# Location /etc/init.d/initwanled with execute permission

START=99
STOP=1

start(){
	/usr/bin/wanled &
}

stop(){
	killall -9 wanled
}

## network
# /etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdf6:1775:a6b4::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.0.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device 'lan_dev'
	option name 'eth0.1'
	option macaddr 'b0:4e:26:33:23:38'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '4 6t'

config interface 'wan'
	option proto 'dhcp'

config interface 'ap'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option gateway '192.168.2.1'
	option dns '1.1.1.1 1.0.0.1 9.9.9.9 8.8.8.8'

## Notes.md

      
    Raw
  

              Notes.md
            
          
    Bugs:

Buttons script is not ideal as it restarts the network twice when ever the slider slides
5Ghz is not working- as detailed here. This is due to a driver issue.
The pachage slider-switch package does not work for V3: Issue


## wanled
#!/bin/sh wanled
# This is a script that pings 1.1.1.1 to check for internet connections and changes the LED accourdingly.
# Location /usr/bin with execute permission
while [ true ]; do
  ping -c 1 1.1.1.1
  rc=$?
  if [[ $rc -eq 0 ]] ; then
    echo "1" > /sys/devices/platform/gpio-leds/leds/tl-wr902ac-v3\:green\:wan/brightness
  else
    echo "0" > /sys/devices/platform/gpio-leds/leds/tl-wr902ac-v3\:green\:wan/brightness
  fi
  sleep 10
done

## wireless
# /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/10300000.wmac'
	option htmode 'HT20'
	option country '00'
	option legacy_rates '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'sta'
	option encryption 'psk2'
	option key 'xxx'
	option network 'wan'
	option ssid 'ClientAPName'
	option disabled '0'

config wifi-iface
	option device 'radio0'
	option mode 'ap'
	option network 'ap'
	option encryption 'psk2'
	option key 'xxx'
	option ssid 'APName'
	#!/bin/sh
	# /etc/hotplug.d/button/buttons
	# This file uses the slider to disable the client wireless network- this lets the AP network come up if it cannot connect to the one where it is the client.
	logger the button was $BUTTON and the action was $ACTION
	if [ "$BUTTON" = "BTN_0" ]; then
	if [ "$ACTION" = "pressed" ]; then
	uci set wireless.default_radio0.disabled=0
	logger wificlient enabled
	elif [ "$ACTION" = "released" ]; then
	uci set wireless.default_radio0.disabled=1
	logger wificlient disabled
	fi
	fi

	uci commit wireless
	wifi
	# /etc/config/firewall

	config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

	config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan wlan'

	config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option network 'wan'
	option forward 'ACCEPT'
	option masq '1'

	config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

	config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

	config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

	config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

	config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

	config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

	config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

	config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

	config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

	config include
	option path '/etc/firewall.user'

	config zone
	option input 'ACCEPT'
	option output 'ACCEPT'
	option name 'ap'
	option forward 'ACCEPT'
	option network 'ap'
	option masq '1'
	option mtu_fix '1'

	config forwarding
	option dest 'wan'
	option src 'ap'
	#!/bin/sh /etc/rc.common
	# This is the script that starts the wanled script. It needs to be enabled witth /etc/init.d/wanled enable
	# Location /etc/init.d/initwanled with execute permission

	START=99
	STOP=1

	start(){
	/usr/bin/wanled &
	}

	stop(){
	killall -9 wanled
	}
	# /etc/config/network

	config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

	config globals 'globals'
	option ula_prefix 'fdf6:1775:a6b4::/48'

	config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.0.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

	config device 'lan_dev'
	option name 'eth0.1'
	option macaddr 'b0:4e:26:33:23:38'

	config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

	config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '4 6t'

	config interface 'wan'
	option proto 'dhcp'

	config interface 'ap'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option gateway '192.168.2.1'
	option dns '1.1.1.1 1.0.0.1 9.9.9.9 8.8.8.8'
	#!/bin/sh wanled
	# This is a script that pings 1.1.1.1 to check for internet connections and changes the LED accourdingly.
	# Location /usr/bin with execute permission
	while [ true ]; do
	ping -c 1 1.1.1.1
	rc=$?
	if [[ $rc -eq 0 ]] ; then
	echo "1" > /sys/devices/platform/gpio-leds/leds/tl-wr902ac-v3\:green\:wan/brightness
	else
	echo "0" > /sys/devices/platform/gpio-leds/leds/tl-wr902ac-v3\:green\:wan/brightness
	fi
	sleep 10
	done
	# /etc/config/wireless

	config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/10300000.wmac'
	option htmode 'HT20'
	option country '00'
	option legacy_rates '1'

	config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'sta'
	option encryption 'psk2'
	option key 'xxx'
	option network 'wan'
	option ssid 'ClientAPName'
	option disabled '0'

	config wifi-iface
	option device 'radio0'
	option mode 'ap'
	option network 'ap'
	option encryption 'psk2'
	option key 'xxx'
	option ssid 'APName'