Knowledgebase/OpenWrt OLSR Setup: Unterschied zwischen den Versionen

Aus FunkFeuer Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „Currently there is no easy wizard for setting up OLSR on OpenWrt. This guide shall serve as a base for those that feel komfortable with building their own Open…“)
 
(Add very manual OpenWrt setup instructions)
Zeile 36: Zeile 36:
* optional: vim (or any other text editor. Per default OpenWrt comes with a very minimal vi implementation by BusyBox)
* optional: vim (or any other text editor. Per default OpenWrt comes with a very minimal vi implementation by BusyBox)
* optional: netdata (will suck quite a lot of RAM and storage space but can be handy for debugging)
* optional: netdata (will suck quite a lot of RAM and storage space but can be handy for debugging)
All the following files can be added build time by putting them into a new directory in the OpenWrt build tree called <code>files</code>.


=== netdata ===
=== netdata ===
Zeile 67: Zeile 69:
ipc = no
ipc = no
</pre>
</pre>
=== disable unnecessary services per default ===
We don't need <code>dlep_proxy</code>, <code>dlep_radio</code> and <code>olsrd6</code> so disable it per default by creating the file <code>/etc/uci-defaults/99_disable_stuff</code>:
<pre>
#!/bin/sh
/etc/init.d/dlep_proxy disable
/etc/init.d/dlep_radio disable
/etc/init.d/olsrd6 disable
exit 0
</pre>
and giving the file execute permissions.
If you have installed the packages on a pre compiled OpenWrt installation, disable the services by simply running the three commands in the file manually.
=== Freifunk Status Page ===
To configure the data on the Freifunk status page that unauthenticated users will see, create the file <code>/etc/config/freifunk</code> with the following content (edit at least the nickname to contain a valid Funkfeuer nick):
<pre>
package 'freifunk'
config 'public' 'contact'
option 'nickname' ''
option 'name' ''
option 'mail' '0xff@example.org'
option 'phone' ''
option 'note' ''
config 'public' 'community'
option 'name' 'FunkFeuer-Wien'
option 'homepage' 'https://funkfeuer.at'
</pre>
Also create the file <code>/etc/config/profile_FunkFeuer-Wien</code> with the following content:
<pre>
config 'community' 'profile'
option 'name' 'FunkFeuer-Wien'
option 'homepage' 'http://wien.funkfeuer.at'
</pre>
=== OLSRD ===
For OLSRD (IPv4) create the file <code>/etc/config/olsrd</code>:
<pre>
config olsrd
option IpVersion '4'
option FIBMetric 'flat'
option LinkQualityLevel '2'
option OlsrPort '698'
option Willingness '3'
option LinkQualityAlgorithm 'etx_ff'
option NatThreshold '1.0'
# set to your nodes primary funkfeuer IP
option MainIp '111.222.333.444'
config InterfaceDefaults
option Mode 'mesh'
option Ip4Broadcast '255.255.255.255'
option HelloValidityTime '125.0'
option TcValidityTime '500.0'
option MidInterval '25.0'
option MidValidityTime '500.0'
option HnaInterval '25.0'
option HnaValidityTime '500.0'
config LoadPlugin
option library 'olsrd_jsoninfo'
option ignore '0'
option accept '127.0.0.1'
config LoadPlugin
option library 'olsrd_nameservice'
option ignore '0'
config LoadPlugin
option library 'olsrd_txtinfo'
option ignore '0'
option accept '127.0.0.1'
config Interface
option ignore '0'
option interface '0xff_eth0'
option Mode 'mesh'
</pre>
duplicate the interface section for every OLSR interface you have and edit the IP address in MainIp to match the main IPv4 address of the node.
All the interfaces should be in the same firewall zone (usually WAN or a separate Funkfeuer zone).
This firewall zone needs to have a rule set, that allows forward to itself (so in Firewall -> Traffic Rules create a new rule with accept forward from WAN to WAN with any protocol if you are using the WAN zone for Funkfeuer).
Having the same IPv4 address on all Funkfeuer interfaces should work, the current OpenWrt stable with the current OLSRD version seems to have this non-working right now though so having ine IPv4 address per interface is currently required (tested with OpenWrt 22.03.0 and OLSRD version 1e771b4d31e36f9ffd0a04c3f8f83abb803ec309)
=== OLSRD2 ===
For OLSRD2 you'll have to add your node's IPv6 address to the <code>lo</code> interface. To do this add the following line to the <code>config interface 'loopback'</code> section in <code>/etc/config/network</code>: <code>option ip6addr '2a02:61:0:ff:dead:beef:dead:beef/128'</code> (obviously you'll have to replace the address with your node address that you can get from the [https://portal.funkfeuer.at/wien/ redeemer]).
Also add <code>option ip6prefix '2a02:61:d2c:1::/64'</code> to it (with your node userblock address range), to have an IPv6 prefix available on the device.
Then write the follwing content to <code>/etc/config/olsrd2</code>:
<pre>
config global
option 'failfast' 'no'
option 'pidfile' '/var/run/olsrd2.pid'
option 'lockfile' '/var/lock/olsrd2'
config log
option 'syslog' 'true'
option 'stderr' 'true'
# option 'file' '/var/log/olsrd2.log'
# option 'info' 'all'
# option 'debug' 'all'
config telnet
option 'port' '2009'
config olsrv2
list 'originator' '-fe80::/112'
list 'originator' '-2a02:61:0:ee:1::0/80'
list 'originator' '-2a02:60::0/32'
list 'originator' '-0.0.0.0/0'
list 'originator' '-::1/128'
list 'originator' 'default_accept'
# the first /64 subnet of your nodeid/userblock range for the node, if you want to have an IPv6 prefix available for users in the LAN network
# list 'lan' '2a02:61:d2c:1::/64'
config interface
option 'ifname' 'loopback'
list 'bindto' '-0.0.0.0/0'
list 'bindto' '-::1/128'
list 'bindto' 'default_accept'
config interface
option 'ifname' '0xff_eth0'
list 'bindto' '-0.0.0.0/0'
list 'bindto' '-::1/128'
list 'bindto' 'default_accept'
</pre>
Duplicate the last interface block for every Funkfeuer interface you have.
=== System Settings ===
Please set the hostname to the FQDN of your node (for example <code>erx.konst8.wien.funkfeuer.at</code>).
Also set a strong (!) password for the root account of the device.

Version vom 31. März 2023, 13:38 Uhr

Currently there is no easy wizard for setting up OLSR on OpenWrt. This guide shall serve as a base for those that feel komfortable with building their own OpenWrt Systems (or have someone build it for them) and have basic knowledge of SSH and a Linux shell.

This guide is written for a router without Wifi. If you plan on doing routing on a device with Wifi, you'll need some additional packages for Wifi support.

OpenWrt System

To get the Freifunk status page, you'll need to activate the Freifunk package feed. To do this, copy feeds.conf.default to feeds.conf and add the following line: src-git freifunk https://github.com/freifunk/openwrt-packages.git

Apart from the default packages for your target, you'll want to install the following packages:

  • luci
  • alternatively: luci-ssl-openssl (for TLS on Webinterface)
  • optional: luci-app-acme (for TLS on Webinterface)
  • luci-app-olsr
  • luci-app-olsr-services
  • luci-app-olsrd2
  • optional: luci-app-sqm (if you want to use smart queue management for NAT)
  • optional: luci-app-unbound (if you want your own DNS resolver)
  • optional: luci-app-openvpn (for use with tunnelserver)
  • optional: openvpn-openssl (for use with tunnelserver)
  • freifunk-common
  • luci-mod-freifunk
  • olsrd
  • olsrd-mod-arprefresh
  • olsrd-mod-jsoninfo
  • olsrd-mod-nameservice
  • olsrd-mod-txtinfo
  • oonf-olsrd2
  • oonf-init-scripts
  • oonf-olsrd2-lan_import
  • oonf-olsrd2-dlep_router
  • oonf-olsrd2-lan
  • optional: ethtool-full (for ethernet connection debugging)
  • optional: iperf3 (for performance debugging)
  • optional: tcpdump (for general network debugging)
  • optional: vim (or any other text editor. Per default OpenWrt comes with a very minimal vi implementation by BusyBox)
  • optional: netdata (will suck quite a lot of RAM and storage space but can be handy for debugging)

All the following files can be added build time by putting them into a new directory in the OpenWrt build tree called files.

netdata

If you installed Netdata, you can secure it using the following configuration in etc/netdata/netdata.conf:

[global]
	update every = 2
	memory deduplication (ksm) = no
	debug log = syslog
	error log = syslog
	access log = none
	run as user = root

[web]
	allow connections from = localhost 10.* 192.168.* 172.16.* 172.17.* 172.18.* 172.19.* 172.20.* 172.21.* 172.22.* 172.23.* 172.24.* 172.25.* 172.26.* 172.27.* 172.28.* 172.29.* 172.30.* 172.31.*
	allow dashboard from = localhost 10.* 192.168.* 172.16.* 172.17.* 172.18.* 172.19.* 172.20.* 172.21.* 172.22.* 172.23.* 172.24.* 172.25.* 172.26.* 172.27.* 172.28.* 172.29.* 172.30.* 172.31.*

[plugins]
	cgroups = no
	apps = no
	charts.d = no
	fping = no
	node.d = no
	python.d = no

[health]
	enabled = no

[plugin:proc]
	ipc = no

disable unnecessary services per default

We don't need dlep_proxy, dlep_radio and olsrd6 so disable it per default by creating the file /etc/uci-defaults/99_disable_stuff:

#!/bin/sh

/etc/init.d/dlep_proxy disable
/etc/init.d/dlep_radio disable
/etc/init.d/olsrd6 disable

exit 0

and giving the file execute permissions.

If you have installed the packages on a pre compiled OpenWrt installation, disable the services by simply running the three commands in the file manually.

Freifunk Status Page

To configure the data on the Freifunk status page that unauthenticated users will see, create the file /etc/config/freifunk with the following content (edit at least the nickname to contain a valid Funkfeuer nick):

package 'freifunk'

config 'public' 'contact'
	option 'nickname' ''
	option 'name' ''
	option 'mail' '0xff@example.org'
	option 'phone' ''
	option 'note' ''

config 'public' 'community'
	option 'name' 'FunkFeuer-Wien'
	option 'homepage' 'https://funkfeuer.at'

Also create the file /etc/config/profile_FunkFeuer-Wien with the following content:

config 'community' 'profile'
	option 'name' 'FunkFeuer-Wien'
	option 'homepage' 'http://wien.funkfeuer.at'

OLSRD

For OLSRD (IPv4) create the file /etc/config/olsrd:

config olsrd
	option IpVersion '4'
	option FIBMetric 'flat'
	option LinkQualityLevel '2'
	option OlsrPort '698'
	option Willingness '3'
	option LinkQualityAlgorithm 'etx_ff'
	option NatThreshold '1.0'
	# set to your nodes primary funkfeuer IP
	option MainIp '111.222.333.444'

config InterfaceDefaults
	option Mode 'mesh'
	option Ip4Broadcast '255.255.255.255'
	option HelloValidityTime '125.0'
	option TcValidityTime '500.0'
	option MidInterval '25.0'
	option MidValidityTime '500.0'
	option HnaInterval '25.0'
	option HnaValidityTime '500.0'

config LoadPlugin
	option library 'olsrd_jsoninfo'
	option ignore '0'
	option accept '127.0.0.1'

config LoadPlugin
	option library 'olsrd_nameservice'
	option ignore '0'

config LoadPlugin
	option library 'olsrd_txtinfo'
	option ignore '0'
	option accept '127.0.0.1'

config Interface
	option ignore '0'
	option interface '0xff_eth0'
	option Mode 'mesh'

duplicate the interface section for every OLSR interface you have and edit the IP address in MainIp to match the main IPv4 address of the node.

All the interfaces should be in the same firewall zone (usually WAN or a separate Funkfeuer zone). This firewall zone needs to have a rule set, that allows forward to itself (so in Firewall -> Traffic Rules create a new rule with accept forward from WAN to WAN with any protocol if you are using the WAN zone for Funkfeuer).

Having the same IPv4 address on all Funkfeuer interfaces should work, the current OpenWrt stable with the current OLSRD version seems to have this non-working right now though so having ine IPv4 address per interface is currently required (tested with OpenWrt 22.03.0 and OLSRD version 1e771b4d31e36f9ffd0a04c3f8f83abb803ec309)

OLSRD2

For OLSRD2 you'll have to add your node's IPv6 address to the lo interface. To do this add the following line to the config interface 'loopback' section in /etc/config/network: option ip6addr '2a02:61:0:ff:dead:beef:dead:beef/128' (obviously you'll have to replace the address with your node address that you can get from the redeemer). Also add option ip6prefix '2a02:61:d2c:1::/64' to it (with your node userblock address range), to have an IPv6 prefix available on the device.

Then write the follwing content to /etc/config/olsrd2:

config global
	option 'failfast'	'no'
	option 'pidfile'	'/var/run/olsrd2.pid'
	option 'lockfile'	'/var/lock/olsrd2'

config log
	option 'syslog'		'true'
	option 'stderr'		'true'
#	option 'file'		'/var/log/olsrd2.log'
#	option 'info'		'all'
#	option 'debug'		'all'

config telnet
	option 'port' '2009'

config olsrv2
	list 'originator' '-fe80::/112'
	list 'originator' '-2a02:61:0:ee:1::0/80'
	list 'originator' '-2a02:60::0/32'
	list 'originator' '-0.0.0.0/0'
	list 'originator' '-::1/128'
	list 'originator' 'default_accept'
	# the first /64 subnet of your nodeid/userblock range for the node, if you want to have an IPv6 prefix available for users in the LAN network
	# list 'lan' '2a02:61:d2c:1::/64'

config interface
	option 'ifname' 'loopback'
	list 'bindto' '-0.0.0.0/0'
	list 'bindto' '-::1/128'
	list 'bindto' 'default_accept'

config interface
	option 'ifname' '0xff_eth0'
	list 'bindto' '-0.0.0.0/0'
	list 'bindto' '-::1/128'
	list 'bindto' 'default_accept'

Duplicate the last interface block for every Funkfeuer interface you have.

System Settings

Please set the hostname to the FQDN of your node (for example erx.konst8.wien.funkfeuer.at). Also set a strong (!) password for the root account of the device.