Merge branch 'main' of git.deuxfleurs.fr:quentin/wpj428

2021-03-22 20:23:46 +00:00 · 2021-03-22 20:23:46 +00:00 · fd0b98e0ad
commit fd0b98e0ad
parent e9da3b65a0 41a833a2db
1 changed files with 72 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -207,6 +207,12 @@ verbose call end reason (3,2001): [cm] no-service

 ## Final Modem Configuration

+### Generic
+
+  1. Set a password
+  2. Set a name: `parangon`
+  3. Set IP range: `192.168.0.254/24`
+
 ### ModemManager

 We append the following to ModemManager:
@ -225,6 +231,8 @@ Then we can start the interface with:
 ifup broadband
 ```

+Add our broadband interface to the WAN zone in the firewall.
+
 Both IPv6 and IPv4 should work:

 ```
@ -232,21 +240,74 @@ ping openwrt.org
 ping -6 openwrt.org
 ```

-### Configure Zones
-
-*Not yet written*

 ### Configure Wireguard

-*Not yet written*
+On the router:

-### Configure SQS
+```bash
+mkdir /tmp/x
+cd /tmp/x
+umask go=
+wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
+wg genpsk > wgclient.psk
+```

-*Only if required, not yet written*
+Add to `/etc/config/network`
+
+```
+config interface 'wg0'
+	option proto 'wireguard'
+	list addresses '192.168.2.3'
+	option private_key '???'
+
+config wireguard_wg0
+	option public_key '???'
+	option description 'rayonx'
+	option persistent_keepalive '25'
+	option endpoint_port '51820'
+	list allowed_ips '192.168.2.0/24'
+	option route_allowed_ips '1'
+	option endpoint_host 'rayonx.machine.dufour.io'
+```
+
+Doc:
+
+ - https://openwrt.org/docs/guide-user/services/vpn/wireguard/basics
+ - https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
+
+### Configure SQM
+
+*Not relevant now*

 ### Configure our DNS recursive resolver

-*Not yet written*
+We use LuCi to setup our recursive DNS
+
+Go to Network -> DHCP and DNS -> Advanced Settings -> Set port 5353 for the DNS server  
+Go to Service -> Recursive DNS -> Unbound -> DHCP -> and select dnsmasq  
+Go to System -> Startup -> Start unbound  
+Check in  Service -> Recursive DNS -> Files -> Show: Unbound -> at the end, forward-zone must be declared for you
+Check with `netstat -tlpn` that unbound listens on port 53 and dnsmasq on port 5353.
+Finally check with `dig +short @192.168.1.1 sci-hub.se` and `dig +short @192.168.1.1 parangon.lan` (this is the name of our router)
+
+We use:
+  - http://kacangbawang.com/say-bye-to-providers-dns-servers-be-your-own-dns-resolver/
+
+Related with OpenWRT:
+  - https://openwrt.org/docs/guide-user/services/dns/unbound  
+  - https://openwrt.org/docs/guide-user/services/dns/dot\_unbound
+  - https://forum.openwrt.org/t/using-unbound-alongside-dnsmasq/50537
+  - https://gist.github.com/kevinoid/00656e6e4815e3ffe25dabe252e0f1e3
+  - https://kevinlocke.name/bits/2017/03/09/unbound-with-dnsmasq-on-openwrt/
+  - https://blog.josefsson.org/tag/openwrt/
+  - https://zhmail.com/2018/04/20/setting-up-a-dns-over-tls-forwarding-cache-on-openwrt-snapshot-r6693-or-later/
+  - https://www.dnssec-deployment.org/2012/03/a-validating-recursive-resolver-on-a-70-home-router/
+  - https://blog.grobox.de/2018/what-is-dns-privacy-and-how-to-set-it-up-for-openwrt/
+
+Not related with OpenWRT:
+  - https://calomel.org/unbound_dns.html
+  - https://feeding.cloud.geek.nz/posts/setting-up-your-own-dnssec-aware/

 Sites to test:
  - sci-hub.se (`ping sci-hub.se` should not return `127.0.0.1`)
@ -257,6 +318,10 @@ Sites to test:

 Test with Youtube on Android.

+## Known Bugs
+
+section\_id is not defined: https://forum.openwrt.org/t/updated-cant-fetch-latest-git-error-when-creating-interface-with-luci-section-id-is-not-defined/91836/3
+
 ## Logs

 uboot logs: