Skip to content

Instantly share code, notes, and snippets.

@p7cq

p7cq/OpenWrt_on_Raspberry_Pi_5.md

Created July 18, 2024 19:12
Show Gist options
  • Save p7cq/8d193c15386fe37c1f6c76c91edd2b8a to your computer and use it in GitHub Desktop.
Save p7cq/8d193c15386fe37c1f6c76c91edd2b8a to your computer and use it in GitHub Desktop.
Download ZIP
OpenWrt on Raspberry Pi 5
Raw
OpenWrt_on_Raspberry_Pi_5.md

A portable router to use on the go, based on OpenWrt and Raspberry Pi 5.

Network adapters:

  • D-Link DUB 1312 USB 3.0 Gigabit Ethernet Adapter
  • Wi-Pi 11n 150 Mbps Wi-Fi USB Adapter

Preparations

Change Wireless LAN country code and update EEPROM from inside Raspberry Pi OS (see this).

Download OpenWrt FACTORY (SQUASHFS) snapshot image. Flash the image, insert the microSD card into Raspberry Pi and power on.

Initial setup

Change password for root after first boot.

Configure system

uci set system.@system[0].hostname='rocinante.lan'
uci set system.@system[0].description='When in Rome'
uci set system.@system[0].zonename='Europe/Bucharest'
uci set system.@system[0].timezone='EET-2EEST,M3.5.0/3,M10.5.0/4'

uci delete system.ntp.server

uci add_list system.ntp.server='0.pool.ntp.org'
uci add_list system.ntp.server='1.pool.ntp.org'
uci add_list system.ntp.server='2.pool.ntp.org'
uci add_list system.ntp.server='3.pool.ntp.org'

uci commit system

Configure network

echo -e "\nexport router_lan_ip=172.24.42.65\nexport router_lan_bitmask=27" >> ~/.profile
source ~/.profile

uci delete network.lan.netmask

uci set network.lan.ipaddr="${router_lan_ip}/${router_lan_bitmask}"
uci set network.lan.force_link=1

uci set network.wan=interface
uci set network.wan.proto='dhcp'
uci set network.wan.peerdns='0'
uci set network.wan.dns='1.1.1.3 1.0.0.3'

uci add network device
uci set network.@device[1].name='phy0-sta0'

uci commit network

Update DHCP range:

uci set dhcp.lan.start='67'
uci set dhcp.lan.limit='93'

uci commit dhcp

Configure wireless (STA)

uci set wireless.radio0.channel='auto'
uci set wireless.radio0.htmode='HT20'
uci set wireless.radio0.disabled='0'
uci set wireless.radio0.country='RO'

uci rename wireless.default_radio0='sta0'

uci set wireless.sta0.mode='sta'
uci set wireless.sta0.network='wan'
uci set wireless.sta0.ssid='Tycho Station'
uci set wireless.sta0.encryption='psk2'
uci set wireless.sta0.key=', so long as you are on the right side.'

uci commit wireless

wifi

Both phy0-sta0 and br-lan interfaces should now have IPs assigned from an existing Wi-Fi router (the one broadcasting the ssid configured above) and from the lan configuration, respectively.

Test internet connection on the router:

opkg update

Install and configure the web UI

opkg update
opkg install luci-ssl-nginx

Change the default certificate

Existing private and public key files:

/etc/nginx/conf.d/_lan.key
/etc/nginx/conf.d/_lan.crt

Reconfigure NGINX

uci set nginx._lan.uci_manage_ssl='no' # do not allow LuCI to manage certificates
uci set nginx._lan.server_name=$(uname -n)

uci -q delete nginx._lan.listen
uci -q delete nginx._redirect2ssl.listen

uci add_list nginx._lan.listen="${router_lan_ip}:443 ssl"
uci add_list nginx._redirect2ssl.listen="${router_lan_ip}:80"

uci commit nginx

reboot

Check configured IP and ports:

root@rocinante:/# netstat -tln | grep -E ':80|:443'
tcp        0      0 172.24.42.65:443          0.0.0.0:*               LISTEN
tcp        0      0 172.24.42.65:80           0.0.0.0:*               LISTEN

Reconfigure SSH

echo "ssh-ed25519 AAAAC3NzaC1lZDI1NEE5AAAAIMd7CmaALG3anehAM8" > /etc/dropbear/authorized_keys

uci set dropbear.@dropbear[0].Interface='lan'
uci set dropbear.@dropbear[0].PasswordAuth='off'
uci set dropbear.@dropbear[0].RootPasswordAuth='off'

uci commit dropbear

service dropbear restart

Check configured IP and port:

root@rocinante:/# netstat -tln | grep :22
tcp        0      0 172.24.42.65:22        0.0.0.0:*               LISTEN

Router configuration

The router will be configured with the internal Wi-Fi in mode sta - the device providing the internet -, and an external Wi-Fi adapter connected via USB in mode ap - the device external clients will connect to. It will use the built-in Raspberry Pi ethernet adapter (eth0) as a WAN connection and delegate its LAN membership to the USB ethernet adapter.

The sta device configuration will change whenever location changes, the ap device configuration will remain the same.

Base packages

opkg update
opkg install kmod-usb-core kmod-usb-uhci kmod-usb-ohci kmod-usb2 usbutils openssl-util lm-sensors

The Ethernet Adapter

Install kernel drivers

opkg update
opkg install kmod-usb-net-asix-ax88179

Configure adapter

Change the LAN bridge br-lan to include eth1 instead of eth0:

uci set network.@device[0].ports='eth1'

uci commit network

service network restart

Connect the adapter and check https://rocinante.lan.

Relocate internal ethernet adapter

uci set network.wan.ports='eth0'

uci commit network

service network restart

The Wi-Fi Adapter (AP)

Install kernel drivers

opkg update
opkg install kmod-rt2800-lib kmod-rt2800-usb kmod-rt2x00-lib kmod-rt2x00-usb

Configure adapter

Add device:

uci add network device

uci set network.@device[2].name='phy1-ap0'

uci commit network

service network restart

Connect the adapter; its details should automatically be added in /etc/config/wireless.

Configure the AP:

uci rename wireless.radio2='radio1'
uci rename wireless.default_radio2='ap0'

uci set wireless.radio1.disabled='0'

uci set wireless.ap0.device='radio1'
uci set wireless.ap0.ssid='Rocinante'
uci set wireless.ap0.encryption='psk2'
uci set wireless.ap0.key='Do 3 what 3 Romans 0 Do 1'

uci commit wireless

wifi

Connect a client device to the ssid specified above, you should be able to reach the internet.

Miscellaneous

Packet steering

uci set network.globals.packet_steering='2'
uci set network.globals.steering_flows='128'

uci commit network

service network restart

Expand filesystem*

Install required packages:

opkg update
opkg install cfdisk losetup resize2fs squashfs-tools-unsquashfs

Check DEVICE and PARTITION are correct.

DEVICE="/dev/mmcblk0"   # SD card
cfdisk "$DEVICE"        # resize, then write
PARTITION="${DEVICE}p2" # should be the Linux (83) partition
  
FS_SIZE="$(unsquashfs -s "$PARTITION" | grep -o 'Filesystem size [0-9]* bytes' | grep -o '[0-9][0-9]*')"
FS_OFFSET="$(expr '(' "$FS_SIZE" + 65535 ')' / 65536 '*' 65536)" 
LOOP_DEVICE="$(losetup -f --show -o "$FS_OFFSET" "$PARTITION")"

# fsck, resize, fsck
e2fsck "$LOOP_DEVICE"
# e2fsck 1.47.0 (5-Feb-2023)
# rootfs_data: recovering journal
# rootfs_data primary superblock features different from backup, check forced.
# Pass 1: Checking inodes, blocks, and sizes
# Pass 2: Checking directory structure
# Pass 3: Checking directory connectivity
# /lost+found not found.  Create<y>? no
# Pass 4: Checking reference counts
# Pass 5: Checking group summary information
# Feature orphan_present is set but orphan file is clean.
# Clear<y>? yes

# rootfs_data: ***** FILE SYSTEM WAS MODIFIED *****
# rootfs_data: 880/25376 files (0.5% non-contiguous), 31938/101696 blocks

resize2fs $LOOP_DEVICE
# resize2fs 1.47.0 (5-Feb-2023)
# Resizing the filesystem on /dev/loop1 to 31088448 (1k) blocks.
# The filesystem on /dev/loop1 is now 31088448 (1k) blocks long.

e2fsck $LOOP_DEVICE
# e2fsck 1.47.0 (5-Feb-2023)
# rootfs_data: clean, 880/7407840 files, 1888214/31088448 blocks

reboot

*) When using SquashFS only.

Kernel drivers for other adapters

Wi-Pi 11n 150 Mbps Wi-Fi USB

kmod-rt2800-lib kmod-rt2800-usb kmod-rt2x00-lib kmod-rt2x00-usb

TP Link TL-WN821N 11n 300 Mbps (V1)

kmod-ath9k-htc

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment