brimble.com

User Tools

Site Tools

Trace:
equipment:rbpi_openwrt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
equipment:rbpi_openwrt [2024/01/12 12:04] – [Setup OpenWRT] dirkequipment:rbpi_openwrt [2024/02/09 08:10] (current) – [Setup OpenWRT] dirk
Line 29: Line 29:
   * You now have a WAN connection on the internal WiFi adapter and a LAN connection on the LAN port.   * You now have a WAN connection on the internal WiFi adapter and a LAN connection on the LAN port.
   * Now add USB WiFi card as radio1 for our WiFi access point for clients to connect to.   * Now add USB WiFi card as radio1 for our WiFi access point for clients to connect to.
-  * The Wifi card I have from a previous nonWifi Pi bundle seems compatable and may not require any extra install steps. See link below for more info if it does. 
   * From the top menu, click on the Network tab and choose Wireless.   * From the top menu, click on the Network tab and choose Wireless.
-  * If you see radio1, you are all good with the installation of the second WiFi adapter.+  * If you see radio1, you are all good with the installation of the second WiFi adapter. If not, use these steps to install drivers. 
 +    * Click System -> Software 
 +    * Click Update lists... 
 +    * when done, in the filter box type "kmod-" and then the drivers for your usb wifi card. 
 +    * For my CanaKit Raspberry Pi WiFi Wireless Adapter/Dongle (802.11 n/g/b 150 Mbps) I needed: kmod-rt2800-lib, kmod-rt2800-usb, kmod-rt2x00-lib, and kmod-rt2x00-usb 
 +    * pretty sure the 2800-lib and 2800-usb files installed the 2x00 ones as well. 
 +    * Now you should have radio1 show up under Network -> Wireless.
   * Click Edit for the OpenWrt SSID (under the radio1)   * Click Edit for the OpenWrt SSID (under the radio1)
     * Click Enable for Wireless network is disabled     * Click Enable for Wireless network is disabled
Line 38: Line 43:
     * Click Save     * Click Save
   * Click Save & Apply   * Click Save & Apply
 +Link: https://tristam.ie/2023/582/#openwrt-install
  
 ===== Setup WireGuard VPN ===== ===== Setup WireGuard VPN =====
Line 72: Line 78:
     * Persistent Keep Alive: 25     * Persistent Keep Alive: 25
     * Click Save and then Save & Apply.     * Click Save and then Save & Apply.
 +  * Also, set custom DNS again in Interfaces->WWAN if not already.
 +
 +Link: https://tristam.ie/2023/805/
  
-Link: https://www.youtube.com/watch?v=_IzyJTcnPu8 
 ===== Connect ===== ===== Connect =====
-  * plug into the LAN port (see below note for the FW4C) and navigate to 192.168.1.1 +  * Use laptop to connect to broadcasting WiFi 
-    * NOTE: OPNsense defines ports right to left as LAN, WAN but the Protectli FW4C labels them right to left as WAN, LAN. So you'll have to plug into the WAN port for this initial login and we will switch the ports in software so that the labels are matched up. +  * go to 10.28.9.1 (or whatever your LAN is
-  * log in using 'root' and the password you set during install +  * go to network/wireless and remove whatever old wifi is under radio0 
-  * go to Interfaces / Assignments and swap the LAN and WAN ports if needed (see above note) +  * click scan next to radio0 and connect to "hotel wifi
-    * once this step is complete, you'll need to plug the wire into the new LAN port and re-login +  * click Save Apply 
-===== Setup ===== +  * Should now be connected and devices connecting to your device should work (might require reboot?
-  * go to Interfaces / LAN  +  * If using a captive portal interface you need tunnel thru DNS to bypass captive portalsspecifically on port 53. To do this you need to disable "DNS rebinding protection" (this option is ON by defaultbefore you can do this.
-    * make sure it is enabled and locked +
-    * config type Static IPv4 +
-    * set IPv4 address to your desire (10.23.79.1/24 for me) +
-    * upstream gateway is auto-detect +
-    * Save/Apply +
-  * go to Interfaces / WAN  +
-    * make sure it is enabled and locked +
-    * block private and bogon networks +
-    * config type DHCP (for CenturyLink at least) +
-    * Save/Apply +
-===== Setting up with CenturyLink Quantum Fiber ===== +
-  * This service provider requires traffic from the ONT to go to a router set to VLAN 201 +
-  * go to Interfaces / Other Types / VLAN +
-  * create new by clicking on the "+" +
-    * Device: vlan01 +
-    * Parent: igc0 (the address of the WAN port) +
-    * VLAN tag: 201 +
-    * VLAN priority: Best Effort +
-    * Description: Internet +
-    * Save +
-  * go to Interfaces / Assignments +
-    * change WAN to the new vlan01 that you just created +
-    * Save/Apply/Reboot(?+
-  * Plug line from internet into WAN port. +
-===== Firewall/NAT ===== +
-==== Port Forwarding ==== +
-  * go to Firewall / NAT / Port Forward +
-  * create new rule by clicking on the "+" +
-    * Interface: WAN +
-    * Protocol: TCP +
-    * Source Advanced should all be "any" +
-    * Destination: WAN address +
-    * Destination port range: select outside port (example: 80 or 443) +
-    * Redirect target IP: Single host or Network / internal IP address of the server (10.23.79.4) +
-    * Redirect target port: (other) / internal server port (example: 180 or 1443) +
-    * Description: whatever +
-    * NAT reflection: Enabled +
-    * Filter rule association: Add associated filter rule +
-    * Save/Apply +
-  * repeat for other forwarded ports +
-    * Port Forwarding rules if unraid/ Nginx:<code>80      Both  10.23.79.X  180   HTTP tomcat +
-443     Both  10.23.79.X  1443  HTTPS tomcat +
-22      Both  10.23.79.X        SSH brimble</code> +
-    * Port Forwarding rules if standalone:<code>80      Both  10.23.79.X  HTTP tomcat +
-443     Both  10.23.79.X  HTTPS +
-22      Both  10.23.79.X  SSH brimble +
-32400   Both  10.23.79.X  Plex</code> +
-  * Hairpin NAT: +
-    * go to Firewall Settings / Advanced +
-    * Check "Automatic outbound NAT for Reflection" +
-    * Save / Apply +
- +
-==== Wireguard VPN ==== +
-=== Create Instance and Peers === +
-  * go to System / Firmware / Plugins and install os-wireguard +
-  * go to VPN / WireGuard / Settings / Instances +
-  * create new instance by clicking on the "++
-    * Enabled: check +
-    * Name: WG1 +
-    * click the gear to create a Public/Private key pair +
-      * we will call this public key "MAINPUBLIC" for rest of tutorial +
-    * Listen port: 51820 +
-    * Tunnel address: pick a subnet not used elsewhere (10.23.0.1/24) +
-    * Save/Apply +
-  * go to VPN / WireGuard / Settings / General and enable WireGuard +
-  * go to VPN / WireGuard / Settings / Peers +
-  * create new peer by clicking on the "+" +
-    * Enabled: check +
-    * Name: iPhone / Macbook / whatever +
-    * Public key: PEERPUBLIC (put in the key created when you setup the client... see below) +
-    * Allowed IPs: something on the subnet configured above (10.23.0.11/32) +
-    * Instances: select above instance (WG1) +
-    * Save/Apply +
-  * go to VPN / WireGuard / Settings / Instances / Edit WG1 +
-    * Add Peers into Peers drop down +
-    * Save/Apply +
-  * go to Lobby / Dashboard and restart wireguard +
-=== Create interface === +
-  * go to Interfaces / Assignments +
-  * in the drop down under new interfaceselect the WireGuard instance (wg1) +
-    * Enable: check +
-    * Description: WG1 +
-    * Save/Apply +
-  * go to Interfaces / WG1 +
-    * Enable: check +
-    * Description: WG1 +
-    * Save/Apply +
-=== Create VPN Firewall rules === +
-  * go to Firewall / Rules / WAN +
-  * create new rule by clicking on the "+" +
-    * Action: Pass +
-    * Quick: check +
-    * Interface: WAN +
-    * Direction: in +
-    * TCP/IP Version: IPv4 +
-    * Protocol: UDP +
-    * Source Invert: unchecked +
-    * Source: any +
-    * Destination Invert: unchecked +
-    * Destination: WAN address +
-    * Destination port range: from (other) 51820 to (other) 51820 +
-    * Description: allow wireguard inbound +
-    * Save/Apply +
-  * go to Firewall / Rules / [Name of interface assigned above (WG1)] +
-  * create new rule by clicking on the "+" +
-    * Action: Pass +
-    * Quick: check +
-    * Interface: WG1 +
-    * Direction: in +
-    * TCP/IP Version: IPv4 +
-    * Protocol: any +
-    * Source Invert: unchecked +
-    * Source [Name of interface assigned above NET (WG1 net)] +
-    * Destination Invert: unchecked +
-    * Destination: any +
-    * Destination port range: any +
-    * Save/Apply +
-=== Setup Clients === +
-  * This will differ based on device... principal is the same. +
-  * iPhone +
-    * Download WireGuard from app store +
-    * create new +
-      * Name: brimble.com +
-      * Generate keypair +
-        * This public key (PEERPUBLIC) will go in VPN / WireGuard / Settings / Peers / Public key box +
-      * Addresses: This will be whatever you put in the Allowed IPs box of VPN / WireGuard / Settings / Peers (10.23.0.11/32) +
-      * Listen port: Automatic +
-      * MTU: Automatic +
-      * DNS servers: 8.8.8.8, 8.8.4.4 +
-      * click Add peer +
-      * Public key: MAINPUBLIC this will be in VPN / WireGuard / Settings / Instances / Public key box +
-      * Preshared key: blank +
-      * Endpoint: the address and port of your server (brimble.com:51820) +
-      * Allowed IPs: 0.0.0.0/0 +
-      * Save +
-  * macbook +
-    * Downlaod WireGuard from app store +
-    * create new +
-      * Name: brimble.com +
-      * This public key (PEERPUBLIC) will go in VPN / WireGuard / Settings / Peers / Public key box +
-      * <code>[Interface] +
-PrivateKey = whatever is there +
-Address = This will be whatever you put in the Allowed IPs box of VPN / WireGuard / Settings / Peers (10.23.0.11/32) +
-DNS = 8.8.8.8, 8.8.4.4 +
- +
-[Peer] +
-PublicKey = MAINPUBLIC this will be in VPN / WireGuard / Settings / Instances / Public key box +
-AllowedIPs = 0.0.0.0/0 +
-Endpoint = the address and port of your server (brimble.com:51820) +
-</code> +
-  * Save +
-Link: https://docs.opnsense.org/manual/how-tos/wireguard-client.html +
-==== NAT for online gaming ==== +
-  * go to Firewall / Aliases +
-    * create new alias by clicking on the "+" +
-    * Enabled: check +
-    * Name: NintendoSwitch +
-    * Type: Host(s) +
-    * Content: IP address of Switch +
-    * Save/Apply +
-  * go to Firewall / NAT / Outbound +
-    * change mode to Hybrid so you can add manual rule +
-    * create new rule by clicking on the "+" +
-    * Interface: WAN +
-    * Protocol: any +
-    * Source address: NintendoSwitch +
-    * Static-port: check +
-    * Give it a description +
-    * Save/Apply +
- +
-Link: https://tyzbit.blog/getting-a-b-nat-type-on-the-nintendo-switch-using-opnsense +
- +
-==== Services ==== +
-  * DHCPv4 +
-    * Range Start 10.23.79.100 +
-    * Range Stop 10.23.79.245 +
-    * Save Apply +
-    * Static MAC/IP Mapping<code>brimNAS          10.23.79.4 +
-BrimUpstairsAP   10.23.79.5 +
-BrimDownstairsAP 10.23.79.6 +
- +
-</code> +
-  * DNS (System / Settings / General +
-    * 10.23.79.1 to use ISPs +
-    * 10.23.79.3 if using PiHole +
-    * 8.8.8.8 / 8.8.4.4 (or others) if hardcoding +
-  * Dynamic DNS +
-    * go to System / Firmware / Plugins and download os-ddclient +
-    * go to Services / Dynamic DNS / Settings +
-      * add new one by clicking on the "+" +
-      * Enabled +
-      * Service : easyDNS +
-      * Username : easyDNS username +
-      * Password : easyDNS token (not password). Token can be gotten from website +
-      * Hostnames: brimble.com +
-      * Check ip method: dyndns +
-      * Interface to monitor: WAN +
-      * Check ip timeout: 10 +
-      * Force SSL: checked +
-      * Save/Apply+
equipment/rbpi_openwrt.1705082640.txt.gz · Last modified: by dirk

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki