【openwrt】再設置

https://wiki.openwrt.org/zh-cn/doc/uci/network

https://wiki.openwrt.org/zh-cn/doc/uci/wireless

https://forum.openwrt.org/viewtopic.php?id=39077

 

 

Openwrt無線方面的設置

所有與無線有關的設置存放在本地文件 /etc/config/wireless中，我們可以用 vi 來編輯並修改它，這個配置文件是針對 無線設備 以及 無線網絡 的。在這里需要區分理解的是，無線設備在wiki英文原文是 wireless devices ，無線網絡在wiki英文原文是 wireless networks。

wireless devices 中指的是無線通訊設備相關的設置，而不單止是無線網卡的設置，wireless networks 指的是無線局域網相關的設置。

無線設置包含的部分

一個典型的無線設置文件至少應該包含兩個方面的內容，即至少一個無線設備 和 至少一個與之相關的無線接口 配置。

無線設備 的設置指的是一般無線電通訊相關的參數，例如設備硬件（網卡芯片驅動程序類型），信道，頻率，發射功率等；

無線接口 的設置指的是 無線設備 的工作模式，essid，無線加密方式等。

無線設備 和 無線接口 具有關聯性，首先是設置好一個 無線設備 的參數，然后再設置與這個 無線設備 相關的 無線接口 參數，從而構造出一個可以有效工作的無線局域網環境。

wifi-device 配置項

wifi-device 所配置的是指設備中無線通訊硬件，很多情況中，一個設備只有一個無線通訊接口，所以只有一個 wifi-device 配置項，如果有多個無線通訊設備則會有多個 wifi-device 配置項，每個配置項用來指定不同的接口。

一個最小的 wifi-device 配置就像下面的例子，需要注意的是其中所指定的不同的芯片類型和驅動。

 

config 'wifi-device' 'wl0'
        option 'type'    'broadcom'
        option 'channel' '6'

 

• wl0 是無線網卡的 內置標識符
• broadcom 表示 芯片或驅動程序的類型
• 6 指定無線網卡工作的 無線頻道

下表列出了設備節中所有的選項。注意：並非所有的芯片或驅動程序都適用於這些選項，請參考備注以便了解詳情。

常用的選項

名稱	類型	Required	Default	描述
type	string	yes	(autodetected)	The type is determined on firstboot during the initial radio device detection - it is usually not required to change it. Used values are broadcom on brcm-2.4, atheros for madwifi or mac80211 for b43, ath5k and ath9k
phy	integer	no	(autodetected)	Specifies the radio phy associated to this section, it is usally autodetected and should not be changed  This option is only used for type mac80211
macaddr	MAC address	yes	(autodetected)	Specifies the radio adapter associated to this section, it is not used to change the device mac but to identify the underlying interface. The value is autodetected.  This option is only used for type mac80211
disabled	boolean	no	1	Disables the radio adapter if set to 1. Removing this option or setting it to 0 will enable the adapter
channel	integer or "auto"	yes	auto	Specifies the wireless channel to use. In station mode the value auto is allowed, in access point mode an actual channel number must be given
hwmode	string	no	(driver default)	Selects the wireless protocol to use, possible values are 11b, 11bg, 11g, 11gdt (G + dynamic turbo, madwifi only), 11gst (G turbo, broadcom only), 11a, 11adt (A + dynamic turbo, madwifi only), 11ast (A + static turbo, madwifi only), 11fh(frequency hopping), 11lrs (LRS mode, broadcom only), 11ng (11N on 2.4GHz, mac80211 only), 11na (11N on 5GHz, mac80211 only) or auto
htmode	string	no	(driver default)	Specifies the channel width in 11ng and 11na mode, possible values are: HT20 (single 20MHz channel), HT40- (2x 20MHz channels, 2. channel below) or HT40+ (2x 20MHz channels, 2. channel above).  This option is only used for type mac80211
ht_capab	string	no	(driver default)	Specifies the available capabilities of the radio. The values are autodetected.  This option is only used for type mac80211
txpower	integer	no	(driver default)	Specifies the transmission power in dBm
diversity	boolean	no	1	Enables or disables the automatic antenna selection by the driver
rxantenna	integer	no	(driver default)	Specifies the antenna for receiving, the value may be driver specific, usually it is 1 for the first and 2 for the second antenna. Specifying 0 enables automatic selection by the driver if supported. This option has no effect if diversity is enabled
txantenna	integer	no	(driver default)	Specifies the antenna for transmitting, values are identical to rxantenna
antenna	string	no	(driver default)	Selects the antenna, possible values are vertical for internal vertical polarization, horizontal for internal horizontal polarization or external to use the external antenna connector  Only used on the Ubiquity NanoStation device family instead of the rxantenna/txantenna settings.
macfilter	string	no	disable	Specifies the mac filter policy, disable to disable the filter, allow to treat it as whitelist or deny to treat it as blacklist.  Not supported for the mac80211 type yet
maclist	list of MAC addresses	no	(none)	List of MAC addresses to put into the mac filter.  Not supported for the mac80211 type yet
country	varies	no	(driver default)	Specifies the country code, affects the available channels and transmission powers. For type broadcom a two letter country code is used (EN or DE). The madwifi driver expects a numeric code.  Not supported for the mac80211 type yet (supported in trunk)
distance	integer	no	(driver default)	Distance between the ap and the furthest client in meters .  Only supported by madwifi, and the mac80211 type (in trunk)

Broadcom參數

 The options below are only used by the proprietary Broadcom driver (type broadcom).

名稱	類型	Required	Default	描述
frameburst	boolean	no	0	Enables Broadcom frame bursting if supported
maxassoc	integer	no	(driver default)	Limits the maximum allowed number of associated clients
slottime	integer	no	(driver default)	Slot time in milliseconds

Madwifi參數

 The following options are only used by the Madwifi driver (type atheros).

名稱	類型	是否必須	默認參數	描述
softled	boolean	no	1	Enables software based LED control in the driver
outdoor	boolean	no	0	Enables outdoor channels in the 5GHz band
regdomain	number	no	(driver default)	Overrides the regulatory domain setting

Wifi網絡

A complete wireless configuration contains at least one wifi-iface section per adapter to define a wireless network on top of the hardware. Some drivers support multiple wireless networks per device:

• broadcom if the core revision is greater or equal  9 (see  dmesg | grep corerev)
• madwifi always supports multiple networks
• all other drivers do *not* support multiple networks yet

A minimal example for a wifi-iface declaration is given below.

 

config 'wifi-iface'
        option 'device'     'wl0'
        option 'network'    'lan'
        option 'mode'       'ap'
        option 'ssid'       'MyWifiAP'
        option 'encryption' 'psk2'
        option 'key'        'secret passphrase'

 

• wl0 is the identifier for the underlying  radio hardware
• lan specifies the  network interface the wifi is attached to
• ap is the opetion mode,  Access Point in this example
• MyWifiAP is the broadcasted SSID
• psk2 specifies the wireless encryption method, WPA2 PSK here
• secret passphrase is the secret WPA passphrase

常用的選項

The most common configuration option for wifi-iface sections are listed below.

名稱	類型	Required	Default	描述
device	string	yes	(first device id)	Specifies the used wireless adapter, must refer to one of the defined wifi-device sections
mode	string	yes	ap	Selects the operation mode of the wireless network, ap for Access Point, sta for managed (client) mode, adhoc for Ad-Hoc, wds for static WDS and monitor for monitor mode
ssid	string	yes	OpenWrt	The broadcasted SSID of the wireless network
bssid	BSSID address	no	(driver default)	Override the BSSID of the network, only applicable in adhoc or sta mode. In wds mode specifies the BSSID of another AP to create WDS with.
hidden	boolean	no	0	Turns off SSID broadcasting if set to 1
isolate	boolean	no	0	Isolate wireless clients from each other, only applicable in ap mode.  Not supported for the mac80211 type yet
doth	boolean	no	0	Enables 802.11h support.  Not supported for the mac80211 type yet
wmm	boolean	no	0	Enables WMM (802.11e) support.  Not supported for the mac80211 type yet
network	string	yes	lan	Specifies the network interface to attach the wireless to
encryption	string	no	none	Used wireless encryption, none for an open network, wep for WEP, psk for WPA-PSK and psk2 for WPA2-PSK. See the WPA modes table for additional possible values.
key	number or string	no	(none)	Specifies the secret passphrase used for WPA PSK mode or the key index for WEP mode
key1	string	no	(none)	WEP Key #1 (selected by the index in key)
key2	string	no	(none)	WEP Key #2 (selected by the index in key)
key3	string	no	(none)	WEP Key #3 (selected by the index in key)
key4	string	no	(none)	WEP Key #4 (selected by the index in key)
ieee80211w	integer	no	0	Enables MFP (802.11w) support (0 = disabled, 1 = optional, 2 = required).  Only supported by the ath9k driver (in trunk)
ieee80211w_max_timeout	integer	no	(hostapd default)	Specifies the 802.11w Association SA Query maximum timeout.  Only supported by the ath9k driver (in trunk)
ieee80211w_retry_timeout	integer	no	(hostapd default)	Specifies the 802.11w Association SA Query retry timeout .  Only supported by the ath9k driver (in trunk)
See the WPA tables below for a full listing of WPA related options used for WPA2 Enterprise (802.1x)

Madwifi參數

 The options in the table below only work with type atheros.

名稱	類型	Required	Default	描述
ar	boolean	no	0	Enables AR support
bgscan	boolean	no	0	Enables background scanning
bursting	boolean	no	0	Enables frame bursting
compression	boolean	no	0	Enables hardware compression
ff	boolean	no	0	Enables fast frames
frag	integer	no	(none)	Fragmentation threshold
mcast_rate	integer	no	(driver default)	Use a fixed multicast rate
minrate	integer	no	(driver default)	Limit the minimum rate used
maxrate	integer	no	(driver default)	Limit the maximum rate used
nosbeacon	boolean	no	0	Disables the hardware beacon timer, only applicable in Managed mode
sw_merge	boolean	no	0	Disables the hardware beacon timer, only applicable in IBSS mode
probereq	boolean	no	1	Enables probe responses (AP will not appear in wifi scans if disabled)
rate	integer	no	(driver default)	Use a fixed rate
rts	integer	no	(driver default)	Override the RTS/CTS threshold
turbo	boolean	no	0	Enables turbo mode
uapsd	boolean	no	0	Enables Unscheduled Automatic Power Save Delivery (UAPSD)
wds	boolean	no	0	Enables Lazy-WDS, only applicable in Access Point or Managed mode
wdssep	boolean	no	0	Separates WDS clients from each other
xr	boolean	no	0	Enables XR support

WPA模式

Besides the WPA mode, the encryption option also specifies the group and peer ciphers to use. To override the cipher, the value of encryption must be given in the form mode+cipher. See the listing below for possible combinations.

值	WPA版本	Ciphers
psk2+tkip+ccmp psk2+tkip+aes	WPA2 Personal (PSK)	TKIP, CCMP
psk2+tkip	WPA2 Personal (PSK)	TKIP
psk2+ccmp psk2+aes psk2	WPA2 Personal (PSK)	CCMP
psk+tkip+ccmp psk+tkip+aes	WPA Personal (PSK)	TKIP, CCMP
psk+tkip psk	WPA Personal (PSK)	TKIP
psk+ccmp psk+aes	WPA Personal (PSK)	CCMP
mixed-psk+tkip+ccmp mixed-psk+tkip+aes mixed-psk	WPA/WPA2 Personal (PSK) mixed mode	TKIP, CCMP
mixed-psk+tkip	WPA/WPA2 Personal (PSK) mixed mode	TKIP
mixed-psk+ccmp mixed-psk+aes	WPA/WPA2 Personal (PSK) mixed mode	CCMP
wpa2+tkip+ccmp wpa2+tkip+aes	WPA2 Enterprise	TKIP, CCMP
wpa2+ccmp wpa2+aes wpa2	WPA2 Enterprise	CCMP
wpa2+tkip	WPA2 Enterprise	TKIP
wpa+tkip+ccmp wpa+tkip+aes	WPA Enterprise	TKIP, CCMP
wpa+ccmp wpa+aes	WPA Enterprise	CCMP
wpa+tkip wpa	WPA Enterprise	TKIP
mixed-wpa+tkip+ccmp mixed-wpa+tkip+aes mixed-wpa	WPA/WPA2 Enterprise mixed mode	TKIP, CCMP
mixed-wpa+tkip	WPA/WPA2 Enterprise mixed mode	TKIP
mixed-wpa+ccmp mixed-wpa+aes	WPA/WPA2 Enterprise mixed mode	CCMP

WPA Enterprise (Access Point)

Listing of Access Point related options for WPA Enterprise.

名稱	Default	描述
server	(none)	RADIUS server to handle client authentication
port	1812	RADIUS server port
key	(none)	Shared RADIUS secret
The options below are not supported by the Broadcom nas authenticator
nasid	(none)	NAS ID to use for RADIUS athentication requests
wpa_group_rekey	600	WPA Group Cipher rekeying interval in seconds
ieee80211d	0	Enables IEEE 802.11d ("World Mode") if set to 1

WPA Enterprise (Client)

Listing of Client related options for WPA Enterprise.

 At the time of writing only the madwifi driver supports WPA Enterprise in client mode.

名稱	Default	描述
eap_type	(none)	Defines the EAP protocol to use, possible values are tls for EAP-TLS and peap or ttls for EAP-PEAP
auth	MSCHAPV2	Defines the phase 2 authentication method to use, only applicable if eap_type is peap or ttls
identity	(none)	EAP identity to send during authentication
password	(none)	Password to send during EAP authentication
ca_cert	(none)	Specifies the path the CA certificate used for authentication
priv_key	(none)	Specifies the path to the private key file used for authentication, only applicable if eap_type is set to tls
priv_key_pwd	(none)	Password to unlock the private key file, only works in conjunction with priv_key

配置WiFi加密

Howto setup wireless encryption with OpenWrt Kamikaze. You can do the same from within the LuCI WebUI (Network > Wifi) if you prefer a GUI.

生成Key

To generate a random password for your key you can use the pwgen program. pwgen is available for most Linux distributions and is also packaged for OpenWrt Kamikaze. Run it with e.g. pwgen --secret 13 1 - this generates one password with a length of 13 letters/numbers.

WPA加密

 

Broadcom的WiFi

Broadcom的無線芯片必須安裝NAS的包。

 

root@OpenWrt:~# opkg install nas

 

Atheros WiFi

For Atheros wireless chips install the hostapd package if your run in AP mode.

 

root@OpenWrt:~# opkg install hostapd

 

TIP: If you only need WPA (PSK) encryption you can install the hostapd-mini package which does not depend on the zlib and libopenssl packages.

If you have a Atheros wireless and run it in client-mode you have to install the wpa-supplicant package instead of hostapd.

 

root@OpenWrt:~# opkg install wpa-supplicant

 

配置WPA (PSK)

使用UCI配置的WPA（PSK）的加密。

 

root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=psk
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key="your_password"
root@OpenWrt:~# uci commit wireless
root@OpenWrt:~# wifi

 For the key only letters (upper and lower case) and numbers are allowed. The length must be between 8 and 63 characters.

 

配置WPA2 (PSK)

使用UCI配置的WPA2（PSK）的加密。

 

root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=psk2
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key="your_password"
root@OpenWrt:~# uci commit wireless
root@OpenWrt:~# wifi

 

 For the key only letters (upper and lower case) and numbers are allowed. The length must be between 8 and 63 characters.

---

Configuration is also possible via direct editing of /etc/config/wireless:

 

	option encryption   psk
	option key	    "your_password"

 

See the uci文檔 for information on configuration files in general and the sections above for a full outline of the wifi config file in particular.

---

WEP加密(不推薦)

為WEP密鑰格式的一些注意事項：

• The format for the WEP key for the key1 option is HEX

If you wish to use raw hex keys then you can skip to the UCI commands paragraph below. Raw hex keys have 10 hex digits (0..9, a..f) for 64-bit WEP keys and 26 hex digits for 128-bit WEP keys.

如果你不想使用原始的十六進制鍵然后按照下面的說明。

• The length of a 64bit WEP key must be exact 5 characters
• The length of a 128bit WEP key must be exact 13 characters
• Allowed characters are letters (upper and lower case) and numbers

生成一個64位的WEP密鑰：

 

root@OpenWrt:~# echo -n 'awerf' | hexdump -e '5/1 "%02x" "\n"'
6177657266

 

生成一個128位的WEP密鑰：

 

root@OpenWrt:~# echo -n 'xdhdkkewioddd' | hexdump -e '13/1 "%02x" "\n"'
786468646b6b6577696f646464

 

現在，在UCI中使用你剛才生成的16進制的WEP密鑰來設置加密。

 

root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=wep
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key1="786468646b6b6577696f646464"
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key=1
root@OpenWrt:~# uci commit wireless
root@OpenWrt:~# wifi

 

您可以配置最多四個WEP密鑰。

啟用/重啟/關閉 無線接口

在 Openwrt下要 啟用/重啟/關閉 無線接口是使用命令 "wifi"來完成的。

啟動無線接口：不帶參數直接在命令行運行 wifi 命令；

如果修改了無線的配置，我們需要重新啟動無線接口使配置生效，同樣是不帶參數直接在命令行下運行 wifi 命令；

如果需要關閉無線裝置，加上" down "參數使用 "wifi down"

大多數情況下新安裝的 Openwrt 是默認關閉無線接口的。

重新生成配置

To rebuild the configuration file, e.g. after installing a new wireless driver, remove the existing wireless configuration (if any) and use the wifi detect command with stdout redirected to the /etc/config/wireless file:

 

root@OpenWrt:~# rm -f /etc/config/wireless; wifi detect > /etc/config/wireless



---------------------------------

網絡設置

OpenWrt的網絡配置文件是/etc/config/network，它負責交換芯片VLAN、網絡接口和路由的配置。

此文件在編輯和保存之后需要執行

/etc/init.d/network reload

命令，目的是為了在變更生效前，停止和重啟網絡。但是，路由器沒必要執行重啟操作。 * https://dev.openwrt.org/browser/branches/attitude_adjustment/package/base-files/files/etc/config/network * https://dev.openwrt.org/browser/trunk/package/base-files/files/etc/config/network

 

可以參考 netifd

節

下面是網絡配置需要定義的節類型。通常情況下，一台路由器的最簡網絡配置包括至少2個interfaces(lan和wan)，如果硬件支持，還包括一個switch。

switch

switch節負責交換芯片VLAN的划分。在OpenWrt系統內部，每個VLAN都會有一個獨立的interface與它對應，即便它們實際上屬於同一個硬件。需要注意的是，不是所有被OpenWrt系統支持的設備都含有可編程的交換芯片，因此這個節在某些平台上不會出現。

現在有2個不同的配置格式在使用，一個是/proc/switch/的API，另一個是新的基於swconfig的switch架構。

/proc/switch

這個變種只出現在Broadcom設備上，比如WRT54GL。

一個典型的配置就像這樣：

 

config 'switch' 'eth0'
        option 'vlan0' '0 1 2 3 5*'
        option 'vlan1' '4 5'

 

其中，eth0標識符指明這個節對應的交換芯片。VLAN的定義方法是顯然的，一般來說，0、1、2、3是路由器LAN口，4是路由器WAN口，5表示CPU，而5*表示這個接口是trunk。更多的信息請參考 switch documentation。

swconfig

新的swconfig框架將取代老式switch配置。現在它正被一些設備如D-Link DIR-300使用。

基於Swconfig的配置是一種全新的格式，即每個VLAN都使用一個節。下面的例子說明了運行在D-Link DIR-300設備上的Kamikaze 8.09分支所使用的標准配置：

config 'switch' 'eth0'
        option 'reset' '1'
        option 'enable_vlan' '1'

config 'switch_vlan' 'eth0_1'
        option 'device' 'eth0'
        option 'vlan' '1'
        option 'ports' '0 1 2 3 5t'

config 'switch_vlan' 'eth0_2'
        option 'device' 'eth0'
        option 'vlan' '2'
        option 'ports' '4 5t'

 

通用的屬性仍然在switch節定義，各VLAN相關屬性定義在各自的switch_vlan節中，它們通過指定device屬性使系統得悉它使用的交換芯片。完整的格式請參看switch documentation。

Interfaces

interface類型的節聲明了邏輯網絡接口，可以為這些接口指定IP地址、別名、物理網絡接口名稱、路由規則及防火牆規則。

一個最簡的interface節包含以下行：

 

config 'interface' 'wan'
        option 'proto' 'dhcp'
        option 'ifname' 'eth0.1'

 

• wan 是唯一的  邏輯網絡接口名稱
• dhcp 指定 接口協議，這里是dhcp
• eth0.1 是相關聯的 物理網絡接口名稱(用ifconfig可看到)

接口協議可以是以下之一：

協議	描述
static	靜態ip
dhcp	動態ip
ppp	PPP 協議 - 撥號MODEM連接
pppoe	以太網上的PPP協議 - DSL寬帶連接
pppoa	ATM上的PPP協議 - 使用內建MODEM的DSL連接
3g	使用3G上網卡的CDMA, UMTS 或 GPRS 連接
pptp	通過PPtP VPN的連接
none	不指定任何協議

針對指定協議的類型，還需要額外的選項,參看下表。在Required字段標記"yes"的選項必須在interface節中定義，標記"no"選項的可以省略。

所有協議類型的有效選項

名稱	類型	必需性	默認	描述
ifname	interface name(s)	yes(*)	(none)	物理接口名稱。如果type選項被設為bridge，需要指定一個接口列表. (*) This option may be empty or missing if only a wireless interface references this network
type	string	no	(none)	如果設置為"bridge"，將建立一個包含ifname所述接口的網橋
stp	boolean	no	0	啟用生成樹協議，只對網橋有效
macaddr	mac address	no	(none)	指定接口MAC地址
mtu	number	no	(none)	指定接口最大傳輸單元(MTU)
auto	boolean	no	0 for proto none, else 1	指定是否在引導成功后打開這個接口

"static"協議

名稱	類型	必需性	默認	描述
ipaddr	ip address	yes, if no ip6addr is set	(none)	IP地址
netmask	netmask	yes, if no ip6addr is set	(none)	子網掩碼
gateway	ip address	no	(none)	默認路由
bcast	ip address	no	(none)	廣播地址 (不設置會自動生成)
ip6addr	ipv6 address	yes, if no ipaddr is set	(none)	為接口指派給定的IPv6 地址 (CIDR notation)
ip6gw	ipv6 address	no	(none)	為接口指派給定的IPv6默認網關
dns	list of ip addresses	no	(none)	DNS服務器（1個或多個）

"dhcp"協議

名稱	類型	必需性	默認	描述
gateway	string	no	(none)	如果設置為0.0.0.0，將設置DHCP協議獲取的默認網關
dns	list of ip addresses	no	(none)	指定DNS服務器（1個或多個）

"ppp" (Modem上的PPP)協議

 要使用PPP，必須安裝ppp軟件包。

名稱	類型	必需性	默認	描述
device	file path	yes	(none)	MODEM設備節點
username	string	no(?)	(none)	用於PAP/CHAP認證的用戶名
password	string	no(?)	(none)	用於PAP/CHAP authentication的密碼
connect	file path	no	(none)	自定義PPP連接腳本路徑
disconnect	file path	no	(none)	自定義PPP斷開連接腳本路徑
keepalive	number	no	(none)	Number of connection failures before reconnect
demand	number	no	(none)	Number of seconds to wait before closing the connection due to inactivity
defaultroute	boolean	no	1	Replace existing default route on PPP connect
peerdns	boolean	no	1	Use peer-assigned DNS server(s)
dns	list of ip addresses	no	(none)	Override peer-assigned DNS server(s)
ipv6	boolean	no	0	為PPP連接啟用IPv6
pppd_options	string	no	(none)	傳遞給pppd守護進程的額外命令行參數

"pppoe" (以太網的PPP)協議

 要使用PPPoE，必須安裝ppp-mod-pppoe軟件包.

名稱	類型	必需性	默認	描述
username	string	no(?)	(none)	用於PAP/CHAP認證的用戶名
password	string	no(?)	(none)	用於PAP/CHAP認證的密碼
connect	file path	no	(none)	自定義PPP連接腳本路徑
disconnect	file path	no	(none)	自定義PPP斷開連接腳本路徑
keepalive	number	no	(none)	Number of connection failures before reconnect
demand	number	no	(none)	Number of seconds to wait before closing the connection due to inactivity
defaultroute	boolean	no	1	Replace existing default route on PPP connect
peerdns	boolean	no	1	Use peer-assigned DNS server(s)
dns	list of ip addresses	no	(none)	Override peer-assigned DNS server(s)
ipv6	boolean	no	0	為PPP連接啟用IPv6
pppd_options	string	no	(none)	傳遞給pppd守護進程的額外命令行參數

"pppoa" (ATM上的PPP)協議

 要使用PPPoA，必須安裝 ppp-mod-pppoa 軟件包.

名稱	類型	必需性	默認	描述
unit	number	yes	(none)	br2684 interface number
vci	number	no	35	PPPoA VCI
vpi	number	no	8	PPPoA VPI
atmdev	number	no	(none)	ATM PVC number
encaps	string	no	llc	PPPoA encapsulation mode: 'llc' (LLC) or 'vc' (VC)
payload	string	no	bridged	PPPoA forwarding mode: 'routed' or 'bridged'
username	string	no(?)	(none)	用於PAP/CHAP認證的用戶名
password	string	no(?)	(none)	用於PAP/CHAP認證的密碼
connect	file path	no	(none)	自定義PPP連接腳本路徑
disconnect	file path	no	(none)	自定義PPP斷開連接腳本路徑
keepalive	number	no	(none)	Number of connection failures before reconnect
demand	number	no	(none)	Number of seconds to wait before closing the connection due to inactivity
defaultroute	boolean	no	1	Replace existing default route on PPP connect
peerdns	boolean	no	1	Use peer-assigned DNS server(s)
dns	list of ip addresses	no	(none)	Override peer-assigned DNS server(s)
ipv6	boolean	no	0	為PPP連接啟用IPv6
pppd_options	string	no	(none)	傳遞給pppd守護進程的額外命令行參數

"3g" (PPP over EV-DO, CDMA, UMTS or GRPS)協議

 要使用3G，必須安裝 comgt 軟件包.

名稱	類型	必需性	默認	描述
device	file path	yes	(none)	Modem設備節點
service	string	yes	gprs	3G設備類型: evdo, cdma, umts 或 gprs
apn	string	yes	(none)	Used APN
pincode	number	no	(none)	解鎖SIM卡的PIN碼
maxwait	number	no	20	等待Modem就緒的時間（秒）
username	string	no(?)	(none)	用於PAP/CHAP認證的用戶名
password	string	no(?)	(none)	用於PAP/CHAP認證的密碼
keepalive	number	no	(none)	Number of connection failures before reconnect
demand	number	no	(none)	Number of seconds to wait before closing the connection due to inactivity
defaultroute	boolean	no	1	Replace existing default route on PPP connect
peerdns	boolean	no	1	Use peer-assigned DNS server(s)
dns	list of ip addresses	no	(none)	Override peer-assigned DNS server(s)
ipv6	boolean	no	0	為PPP連接啟用IPv6

"pptp" (Point-to-Point Tunneling Protocol)協議

 要使用PPtP，必須安裝 pptp 軟件包.

名稱	類型	必需性	默認	默認
server	ip address	yes	(none)	遠程PPtP服務器
ipproto	string	no	dhcp	建立PPtP隧道前用來獲取IP連通性的協議
username	string	no(?)	(none)	用於PAP/CHAP認證的用戶名
password	string	no(?)	(none)	用於PAP/CHAP認證的密碼
Additionally all options defined for the corresponding ipproto can be specified

別名

Alias sections can be used to define further IPv4 and IPv6 addresses for interfaces. They also allow combinations like DHCP on the main interface and a static IPv6 address in the alias, for example to deploy IPv6 on wan while keeping normal internet connectivity. Each interface can have multiple aliases attached to it.

別名最小的聲明包含以下行：

 

config 'alias'
        option 'interface' 'lan'
        option 'proto' 'static'
        option 'ipaddr' '10.0.0.1'
        option 'netmask' '255.255.255.0'

 

• lan is the  logical interface name of the parent interface
• static is the  alias interface protocol
• 10.0.0.1 specifies the  alias ip address
• 255.255.255.0 specifies the  alias netmask

At the time of writing, only the static protocol type is allowed for aliases. Defined options for alias sections are listed below.

名稱	類型	必需性	默認	描述
interface	string	yes	(none)	Specifies the logical interface name of the parent (or master) interface this alias is belonging to, must refer to one of the defined interface sections
proto	string	yes	(none)	Specifies the alias interface protocol
ipaddr	ip address	yes, if no ip6addris set	(none)	IP address
netmask	netmask	yes, if no ip6addris set	(none)	Netmask
gateway	ip address	no	(none)	Default gateway
bcast	ip address	no	(none)	Broadcast address (autogenerated if not set)
ip6addr	ipv6 address	yes, if no ipaddris set	(none)	IPv6 address (CIDR notation)
ip6gw	ipv6 address	no	(none)	IPv6 default gateway
dns	list of ip addresses	no	(none)	DNS server(s)

IPv4 Routes

It is possible to define arbitary IPv4 routes on specific interfaces using route sections. As for aliases, multiple sections can be attached to an interface.

一個minimial的例子類似如下:

 

config 'route'
        option 'interface' 'lan'
        option 'target' '172.16.123.0'
        option 'netmask' '255.255.255.0'

 

• lan is the  logical interface name of the parent interface
• 172.16.123.0 is the  network address of the route
• 255.255.255.0 specifies the  route netmask

Legal options for IPv4 routes are:

名稱	類型	必需	默認	描述
interface	string	yes	(none)	Specifies the logical interface name of the parent (or master) interface this route is belonging to, must refer to one of the defined interface sections
target	ip address	yes	(none)	Network address
netmask	netmask	no	(none)	Route netmask. If ommitted, 255.255.255.255 is assumed which makes target a host address
gateway	ip address	no	(none)	Network gateway. If ommitted, the gateway from the parent interface is taken, if set to 0.0.0.0 no gateway will be specified for the route
metric	number	no	0	Specifies the route metric to use

IPv6路由

IPv6 routes可指定定義一個或多個route6的sections.

一個minimial的例子類似如下:

 

config 'route6'
        option 'interface' 'lan'
        option 'target' '2001:0DB8:100:F00:BA3::1/64'
        option 'gateway' '2001:0DB8:99::1'

 

• lan is the  logical interface name of the parent interface
• 2001:0DB8:100:F00:BA3::1/64 is the routed  IPv6 subnet in CIDR notation
• 2001:0DB8:99::1 specifies the  IPv6 gateway for this route

Legal options for IPv6 routes are:

名稱	類型	必要	默認	描述
interface	string	yes	(none)	Specifies the logical interface name of the parent (or master) interface this route is belonging to, must refer to one of the defined interface sections
target	ipv6 address	yes	(none)	IPv6 network address
gateway	ipv6 address	no	(none)	IPv6 gateway. If ommitted, the gateway from the parent interface is taken
metric	number	no	0	Specifies the route metric to use

例子

下面是特殊的，非標准接口配置的幾個例子。

Bridge without IP

 

config 'interface' 'example'
        option 'type'    'bridge'
        option 'proto'   'none'
        option 'ifname'  'eth0 eth1'
        option 'auto'    '1'

 

DHCP without default gateway

 

config 'interface' 'example'
        option 'proto'   'dhcp'
        option 'ifname'  'eth0'
        option 'gateway' '0.0.0.0'

 

DHCP及IPv6

 

config 'interface' 'example'
        option 'proto'     'dhcp'
        option 'ifname'    'eth0'

config 'alias'
        option 'interface' 'example'
        option 'proto'     'static'
        option 'ip6addr'   '2001:0DB8:100:F00:BA3::1'

 

靜態IP配置和默認網關與非零十進制

 

config 'interface' 'example'
        option 'proto'     'static'
        option 'ifname'    'eth0'
        option 'ipaddr'    '192.168.1.200'
        option 'netmask'   '255.255.255.0'
        option 'dns'       '192.168.1.1'

config 'route'
        option 'interface' 'example'
        option 'target'    '0.0.0.0'
        option 'netmask'   '0.0.0.0'
        option 'gateway'   '192.168.1.1'
        option 'metric'    '100'

 

PPtP-over-PPPoE internet connection

config 'interface' 'wan' option 'proto' 'pppoe' option 'ifname' 'eth1' option 'username' 'user' option 'password' 'pass' option 'timeout' '10' config 'interface' 'vpn' option 'proto' 'pptp' option 'ifname' 'vpn' option 'username' 'vpnuser' option 'password' 'vpnpass' option 'server' 'vpn.example.org'

 Additionally the "wan" firewall zone must include both interfaces in /etc/config/firewall:

config 'zone' option 'name' 'wan' option 'network' 'wan vpn' option 'input' 'REJECT' option 'forward' 'REJECT' option 'output' 'ACCEPT' option 'masq' '1'

 

----------------------------------------------------------

Due I'm seeing a lot of confusion to make a repeater with OpenWRT, I will put the 2 modes available, with its configs.
I hope its easy to understand.
Of course, first install the latest Trunk version of OpenWrt:
http://downloads.openwrt.org/snapshots/trunk/
Working in Atheros hardware and Attitude Adjustment. I don't know if it works on other hardware or OpenWrt versions.

MODE 1: BRIDGED REPEATER

Both wireless networks will be the same network, DHCP addresses wil be given by the main router, all computers will see each other.

First connect the router to internet, by connecting an ethernet cable between the openwrt's router WAN port and the main router.
Install Relayd

opkg update 
opkg install relayd
/etc/init.d/relayd enable

.
.
/etc/config/wireless

config wifi-device 'radio0'
        #blahblah (default settings)
    option channel '1'         #Match with the main wireless network channel
    option disabled '0'

config wifi-iface
    option ssid 'MainWirelessNetwork'
    option encryption 'psk'        # Set wep, psk or psk2 for WEP, WPA or WPA2
    option device 'radio0'
    option mode 'sta'
    option network 'wwan'
    option key 'MainRouterWirelessPassword'

config wifi-iface
    option device 'radio0'
    option mode 'ap'
    option ssid 'RepeaterWirelessNetwork'
    option encryption 'psk'
    option key 'RepeaterWirelessPassword'
    option network 'lan'

.
.
/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.10.1'
    option gateway '192.168.1.1'   # Your main router's IP
    option netmask '255.255.255.0'
    option dns     '192.168.1.1'

config interface 'wwan'
    option proto 'static'
    option ipaddr '192.168.1.254' #match you main router network 192.168.x.254
    option netmask '255.255.255.0' 
    option gateway '192.168.1.1'   #your main router's IP

config 'interface' 'stabridge' 
    option 'proto' 'relay' 
    option 'network' 'lan wwan' 
    option ipaddr '192.168.1.254' #Same IP as in WWAN

.
.
/etc/config/dhcp

config dhcp lan
    option interface    lan
    option start     100
    option limit    150
    option leasetime    12h
    option ignore    1

config dhcp wan
    option interface    wan
    option ignore    1

 

As we want to make all the same network, we can disable the firewall:

/etc/init.d/firewall stop
/etc/init.d/firewall disable

Update 04/09/2015
Some users had trouble accesing shared services. This should fix them (thanks panni!):

panni wrote:

Install igmpproxy:

opkg install igmpproxy

Then edit the file /etc/config/igmpproxy
Make it look like this:

config igmpproxy
    option quickleave 1

config phyint
    option network wwan
    option direction upstream
    list altnet 192.168.0.0/24

config phyint
    option network lan
    option direction downstream
    list altnet 192.168.0.0/24

 

MODE 2: REPEATER, DIFFERENT NETWORK

Repeater's clients will be able to see Main Network's devices, but not vice versa.
Addresses in the Repeater network are managed by the repeater.

Nothing has to be downloaded, the stock openwrt is enought. This is the easiest and simplest way of making a repeater

/etc/config/wireless

config wifi-device 'radio0'
    #blahblah (default settings)
    option disabled '0'
    option channel '1'       #Match with the main wireless network channel

config wifi-iface
    option ssid 'MainWirelessNetwork'
    option encryption 'psk'        # Set wep, psk or psk2 for WEP, WPA or WPA2
    option device 'radio0'
    option mode 'sta'
    option network 'wwan'
    option key 'MainRouterWirelessPassword'

config wifi-iface
    option device 'radio0'

    option mode 'ap'
    option ssid 'RepeaterWirelessNetwork'
    option encryption 'psk'
    option key 'RepeaterWirelessPassword'
    option network 'lan'

.
.
/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.10.1'    #set to different range of your main router's network""
    option netmask '255.255.255.0'

config interface 'wwan'
    option proto 'dhcp'

.
.
/etc/config/dhcp

config dhcp lan
    option interface    lan
    option start     100
    option limit    150
    option leasetime    12h
    option ignore    0

config dhcp wan
    option interface    wan
    option ignore    1

.
.
/etc/config/firewall

config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option network 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option network 'wan wwan'

config forwarding
    option src 'lan'
    option dest 'wan'

Once internet is running, its easy to install LuCi to get the nice web interface:

opkg update
opkg install luci

AND, IF YOU INSTALLED RELAYD
opkg install luci-proto-relay

I have tested both and they work. I think this are the easiest configs for making a repeater.

Edit the files manually with the VI editor.
If you don't know how to use it, check this:
---------------------------------------------------------------------------
vi editor small tutorial
Let's edit "network" file

vi network

Now, navigate with the arrow keys to the line you want to read, modify, etc.
To start writing first type "i" (command to insert).
Now you can write, delete, etc as usual.
To exit the insert mode press "ESC".
To delete an entire line, press "d" twice.
Finally, to save the file press "Z" twice. Yes it must be UPPERCASE
If you screwed your file and want to discard changes press control+z to close without saving.

 

Regards