quentin/wpj428
2
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'main' of git.deuxfleurs.fr:quentin/wpj428

Browse source
This commit is contained in:
Quentin 2021-03-22 20:23:46 +00:00
parent e9da3b65a0 41a833a2db
commit fd0b98e0ad
1 changed files with 72 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
README.md
View file

@ -207,6 +207,12 @@ verbose call end reason (3,2001): [cm] no-service
## Final Modem Configuration
### Generic
1. Set a password
2. Set a name: `parangon`
3. Set IP range: `192.168.0.254/24`
### ModemManager
We append the following to ModemManager:
@ -225,6 +231,8 @@ Then we can start the interface with:
ifup broadband
```
Add our broadband interface to the WAN zone in the firewall.
Both IPv6 and IPv4 should work:
```
@ -232,21 +240,74 @@ ping openwrt.org
ping -6 openwrt.org
```
### Configure Zones
*Not yet written*
### Configure Wireguard
*Not yet written*
On the router:
### Configure SQS
```bash
mkdir /tmp/x
cd /tmp/x
umask go=
wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
wg genpsk > wgclient.psk
```
*Only if required, not yet written*
Add to `/etc/config/network`
```
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.2.3'
option private_key '???'
config wireguard_wg0
option public_key '???'
option description 'rayonx'
option persistent_keepalive '25'
option endpoint_port '51820'
list allowed_ips '192.168.2.0/24'
option route_allowed_ips '1'
option endpoint_host 'rayonx.machine.dufour.io'
```
Doc:
- https://openwrt.org/docs/guide-user/services/vpn/wireguard/basics
- https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
### Configure SQM
*Not relevant now*
### Configure our DNS recursive resolver
*Not yet written*
We use LuCi to setup our recursive DNS
Go to Network -> DHCP and DNS -> Advanced Settings -> Set port 5353 for the DNS server
Go to Service -> Recursive DNS -> Unbound -> DHCP -> and select dnsmasq
Go to System -> Startup -> Start unbound
Check in Service -> Recursive DNS -> Files -> Show: Unbound -> at the end, forward-zone must be declared for you
Check with `netstat -tlpn` that unbound listens on port 53 and dnsmasq on port 5353.
Finally check with `dig +short @192.168.1.1 sci-hub.se` and `dig +short @192.168.1.1 parangon.lan` (this is the name of our router)
We use:
- http://kacangbawang.com/say-bye-to-providers-dns-servers-be-your-own-dns-resolver/
Related with OpenWRT:
- https://openwrt.org/docs/guide-user/services/dns/unbound
- https://openwrt.org/docs/guide-user/services/dns/dot\_unbound
- https://forum.openwrt.org/t/using-unbound-alongside-dnsmasq/50537
- https://gist.github.com/kevinoid/00656e6e4815e3ffe25dabe252e0f1e3
- https://kevinlocke.name/bits/2017/03/09/unbound-with-dnsmasq-on-openwrt/
- https://blog.josefsson.org/tag/openwrt/
- https://zhmail.com/2018/04/20/setting-up-a-dns-over-tls-forwarding-cache-on-openwrt-snapshot-r6693-or-later/
- https://www.dnssec-deployment.org/2012/03/a-validating-recursive-resolver-on-a-70-home-router/
- https://blog.grobox.de/2018/what-is-dns-privacy-and-how-to-set-it-up-for-openwrt/
Not related with OpenWRT:
- https://calomel.org/unbound_dns.html
- https://feeding.cloud.geek.nz/posts/setting-up-your-own-dnssec-aware/
Sites to test:
- sci-hub.se (`ping sci-hub.se` should not return `127.0.0.1`)
@ -257,6 +318,10 @@ Sites to test:
Test with Youtube on Android.
## Known Bugs
section\_id is not defined: https://forum.openwrt.org/t/updated-cant-fetch-latest-git-error-when-creating-interface-with-luci-section-id-is-not-defined/91836/3
## Logs
uboot logs: