Podrška #13917
Zatvoren
router-wan-sa-1.bring.out.ba: wrt54GL, kamikaze, 192.168.45.254
0%
Opis
wrt54GL, kamikaze, 192.168.45.254
Fajlovi
Povezani tiketi 2 (0 otvoreno — 2 zatvorenih)
Izmjenjeno od Ernad Husremović prije oko 17 godina
http://router-wan-sa-1.bring.out.ba/cgi-bin/webif/status-interfaces.sh
wan:- 00:1D:7E:55:69:5E
Izmjenjeno od Ernad Husremović prije oko 17 godina
- System/Settings
- time zone (Prag/CzechRepublic) - posix string: CET-1CEST,M3.5.0,M10.5.0/3
- hostname - router-wan-sa-1
Izmjenjeno od Ernad Husremović prije oko 17 godina
network route preko uci
root@OpenWrt:/etc/config# uci set network.nsbihnet=route root@OpenWrt:/etc/config# uci set network.nsbihnet.interface=wan root@OpenWrt:/etc/config# uci set network.nsbihnet.target=195.222.33.151 root@OpenWrt:/etc/config# uci commit
rezultat je da u /etc/config/network dobijem novi zapis
config 'route' 'nsbihnet'
option 'target' '195.222.33.151'
option 'interface' 'wan'
isti efekat dobijem i da u vi-u dodam ovaj zapis
Izmjenjeno od Ernad Husremović prije oko 17 godina
root@OpenWrt:/etc/config# uci set openvpn.general.mode=server
root@OpenWrt:/etc/config# uci set openvpn.general.port=1194
root@OpenWrt:/etc/config# uci commit
prekopirao sa router-sa
/etc/openvpn, /etc/openvpn/clients
/etc/init.d/openvpn restart
evo radi izgleda
Jan 1 02:01:07 OpenWrt daemon.notice openvpn[8296]: OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] [EPOLL] built on Apr 8 2008 Jan 1 02:01:09 OpenWrt daemon.notice openvpn[8296]: TUN/TAP device tun0 opened Jan 1 02:01:09 OpenWrt daemon.notice openvpn[8296]: /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500 Jan 1 02:01:10 OpenWrt daemon.notice openvpn[8325]: UDPv4 link local (bound): [undef]:1194 Jan 1 02:01:10 OpenWrt daemon.notice openvpn[8325]: UDPv4 link remote: [undef] Jan 1 02:01:10 OpenWrt daemon.notice openvpn[8325]: Initialization Sequence Completed
root@OpenWrt:/etc/openvpn# ps ax | grep openvpn
8325 root 4168 S openvpn --writepid /var/run/openvpn.pid --daemon --co
Izmjenjeno od Ernad Husremović prije oko 17 godina
mislim da će biti problem sa openvpn klijentima kada zamjenimo router (svi će prijaviti da se radi o novom host-u)
da li možemo zavarati ga tako što ćemo prekopirati ključeve sa sc_linksys_1
root@sc_linksys_1:/etc/dropbear$ ls -l -rw-r--r-- 1 root root 804 Jul 23 2007 authorized_keys -rw------- 1 root root 459 Jan 1 2000 dropbear_dss_host_key -rw------- 1 root root 427 Jan 1 2000 dropbear_rsa_host_key
Izmjenjeno od Ernad Husremović prije oko 17 godina
ovo radi, tako da sam prekopirao sa router-sa ključeve
napraviću dropbear.tar.gz arhivu
hernad@nmraka-1:~/admin/router-wan-sa-1/dropbear$ scp root@192.168.45.254:/etc/dropbear/* . hernad@nmraka-1:~/admin/router-wan-sa-1/dropbear$ cd .. hernad@nmraka-1:~/admin/router-wan-sa-1$ tar cvfz dropbear_router_wan_sa.tar.gz dropbear dropbear/ dropbear/archive.sigma-com.net.key dropbear/dropbear_rsa_host_key dropbear/authorized_keys dropbear/dropbear_dss_host_key hernad@nmraka-1:~/admin/router-wan-sa-1$ gpg -c dropbear_router_wan_sa.tar.gz hernad@nmraka-1:~/admin/router-wan-sa-1$ ls dropbear dropbear_router_wan_sa.tar.gz dropbear_router_wan_sa.tar.gz.gpg
Izmjenjeno od Ernad Husremović prije oko 17 godina
hm izgleda da uopšte nije flash (uci) varijable restorirao ?!?
Izmjenjeno od Ernad Husremović prije oko 17 godina
ovaj backup baš i ne vrijedi ...
sa xwrt-om podesio wifi (wep ključ, wds sa router-om stan-sa, radio channel = 1), mrežne parametre lan (*.45.254, name server)
stanje file systema je:
Filesystem Size Used Available Use% Mounted on none 7.0M 44.0k 6.9M 1% /tmp /dev/mtdblock/4 576.0k 372.0k 204.0k 65% /jffs mini_fo:/jffs 2.6M 2.6M 0 100% /
Izmjenjeno od Ernad Husremović prije oko 17 godina
radi shfsmount-a trebam:
root@router-wan-sa-1:/etc/dropbear# mkdir /mnt/1
prebaciću dropbear ključeve
hernad@nmraka-1:~/admin/router-wan-sa-1/dropbear$ scp * root@192.168.45.254:/etc/dropbear/ archive.sigma-com.net.key 100% 427 0.4KB/s 00:00 authorized_keys 100% 1200 1.2KB/s 00:00 dropbear_dss_host_key 100% 459 0.5KB/s 00:00 dropbear_rsa_host_key 100% 427 0.4KB/s 00:00
pa reboot-ovati router sa mi ssh server radi sa ovim ključevima
Izmjenjeno od Ernad Husremović prije oko 17 godina
pošto je nmraka-1 u /etc/dropbear/authorized_keys imam publickey pristup sa njega
hernad@nmraka-1:~$ ssh root@router-wan-sa-1.bring.out.ba
Izmjenjeno od Ernad Husremović prije oko 17 godina
shfsmount
root@router-wan-sa-1:~# uci set fstab.shfs=boot root@router-wan-sa-1:~# uci set fstab.shfs.dir=/data/router-wan-sa-1 root@router-wan-sa-1:~# uci set fstab.shfs.host=archive.sigma-com.net root@router-wan-sa-1:~# uci set fstab.shfs.user=root root@router-wan-sa-1:~# uci commit
Izmjenjeno od Ernad Husremović prije oko 17 godina
nakon restart-a nemam mount-a, ručno pokušavam publickey ssh pristup
root@router-wan-sa-1:~# ssh -y -i /etc/dropbear/archive.sigma-com.net.key root@archive.sigma-com.net
idem sad reboot-ati
Izmjenjeno od Ernad Husremović prije oko 17 godina
dobijam ovu poruku
Jan 1 00:00:45 : Host 'archive.sigma-com.net' key accepted unconditionally. Jan 1 00:00:45 : (fingerprint md5 39:01:83:80:a6:2f:b7:ab:5f:6d:c0:55:3d:53:85:ac) Jan 1 00:00:57 : root�@archive.sigma-com.net's password: root�@archive.sigma-com.net's pas...
kad vidim u /etc/config/fstab da stvarno stoji root+neki ludi znak, ručno izbacio i sada radi
Izmjenjeno od Ernad Husremović prije oko 17 godina
- Fajl uci_export.gpg uci_export.gpg dodano
prebaciću stanje flash varijabli
root@router-wan-sa-1:~# uci export > /tmp/uci_export
Izmjenjeno od Ernad Husremović prije oko 17 godina
ovaj backup xwrt-om, izgleda nije ni završio kako treba (arhiva je oštećena), ponoviću ga sada
Izmjenjeno od Ernad Husremović prije oko 17 godina
- Fajl config.tgz.gpg config.tgz.gpg dodano
Izmjenjeno od Ernad Husremović prije oko 17 godina
mislim da je sada sve ok, idem ponovo ispočetka:
- instaliram posljednju verziju opewrt image-a
root@router-wan-sa-1:/tmp# mtd -r write openwrt-brcm-2.4-squashfs.trx linux Unlocking linux ... Writing from openwrt-brcm-2.4-squashfs.trx to linux ... [w] Rebooting ... Connection to router-wan-sa-1.bring.out.ba closed by remote host. Connection to router-wan-sa-1.bring.out.ba closed.
- prilazim inicijaliziranom router-u
hernad@nmraka-1:~$ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:1b:38:75:dd:65 brd ff:ff:ff:ff:ff:ff inet 192.168.45.96/24 brd 192.168.45.255 scope global eth0 inet 192.168.1.33/24 scope global eth0 inet6 fe80::21b:38ff:fe75:dd65/64 scope link valid_lft forever preferred_lft forever hernad@nmraka-1:~$ ip route show 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.33 192.168.45.0/24 dev eth0 proto kernel scope link src 192.168.45.96 169.254.0.0/16 dev eth0 scope link metric 1000 default via 192.168.45.1 dev eth0 - setujem ultrasecure password preko xwrt-a
Changing password for root New password: Retype password: Password for root changed by root
- xwrt: System / backup&restore
config - 3 .. prikazuje otpakivanje .. reboot-a system
- router-u prilazim sa 192.168.45.254 znači parametri restorirani
http://router-wan-sa-1.bring.out.ba/cgi-bin/webif/info.sh
- ostaje da dropbear parametre restoriram1
hernad@nmraka-1:~/admin/router-wan-sa-1/dropbear$ scp * root@192.168.45.254:/etc/dropbear/ archive.sigma-com.net.key 100% 427 0.4KB/s 00:00 authorized_keys 100% 1200 1.2KB/s 00:00 dropbear_dss_host_key 100% 459 0.5KB/s 00:00 dropbear_rsa_host_key 100% 427 0.4KB/s 00:00
- pravim /mnt/1, pa ponovo restartujem router
mkdir /mnt/1
- nakon restarta međutim mount /mnt/1 se nije desio, ručno pokušao
root@router-wan-sa-1:~# /etc/init.d/custom-user-startup start Host 'archive.sigma-com.net' key accepted unconditionally. (fingerprint md5 39:01:83:80:a6:2f:b7:ab:5f:6d:c0:55:3d:53:85:ac) => mount ok
- nakon restarta, router se nešto "koči" 30-tak sekundi, ali je sada shfsmount ok
root@router-wan-sa-1:~# mount rootfs on / type rootfs (rw) /dev/root on /rom type squashfs (ro) none on /dev type devfs (rw) none on /proc type proc (rw) none on /tmp type tmpfs (rw,nosuid,nodev) none on /dev/pts type devpts (rw) /dev/mtdblock/4 on /jffs type jffs2 (rw) mini_fo:/jffs on / type mini_fo (rw) none on /mnt/1 type shfs (rw)
- instalirao /mnt/1/etc/router-wan-sa-1, te podesio externi custom-user-startup
root@router-wan-sa-1:~# cat /mnt/1/etc/init.d/custom-user-startup #!/bin/sh . /etc/functions.sh #echo "hello world" > /tmp/test_ext_custom config_cb() { if [ "$1" == "system" ] ; then SECTION=$2 fi } config_load system echo $SECTION config_get HOSTNAME $SECTION hostname . /mnt/1/etc/${HOSTNAME}.fw
1 Ovaj korak mi se čini nepotrebnim izgleda da je restore i ovo restoirao
Izmjenjeno od Ernad Husremović prije oko 17 godina
freezone sam podesio iz xwrt-a ali mi jedna stvar izgleda nedostaje ifname, pa sam to ručno dodao
/etc/config/network
config 'interface' 'freezone'
option 'ifname' 'eth0.1' <<<<<<<<<<<
option 'proto' 'pppoe'
option 'username' 'hsamrae@bihnet'
option 'password' '910frametrue2004'
option 'defaultroute' '0'
option 'ppp_redial' 'persist'
Izmjenjeno od Ernad Husremović prije oko 17 godina
idem podesiti route, jedino mi nije jasno šta staviti za network.<route>.gateway u uputstvu piše da je to mandatory, a ne kontam zašto mi treba ako navedem interface, pokušaću bez toga:
root@router-wan-sa-1:/etc/config# uci set network.nsbihnet=route root@router-wan-sa-1:/etc/config# uci set network.nsbihnet.interface=wan root@router-wan-sa-1:/etc/config# uci set network.nsbihnet.target=195.222.33.151root@router-wan-sa-1:/etc/config# uci set network.ubuntuba=route root@router-wan-sa-1:/etc/config# uci set network.ubuntubu.interface=freezone uci: Entry not found root@router-wan-sa-1:/etc/config# uci set network.ubuntuba.interface=freezone root@router-wan-sa-1:/etc/config# uci set network.ubuntuba.target=80.65.85.0 root@router-wan-sa-1:/etc/config# uci set network.ubuntuba.netmask=255.255.255.0root@router-wan-sa-1:/etc/config# uci set network.rfreezone=route root@router-wan-sa-1:/etc/config# uci set network.rfreezone.interface=freezone root@router-wan-sa-1:/etc/config# uci set network.rfreezone.target=195.222.0.0 root@router-wan-sa-1:/etc/config# uci set network.rfreezone.netmask=255.255.0.0 root@router-wan-sa-1:/etc/config# uci set network.rbihnetex1=route root@router-wan-sa-1:/etc/config# uci set network.rbihnetex1.interface=wan root@router-wan-sa-1:/etc/config# uci set network.rbihnetex1.target=195.222.33.0root@router-wan-sa-1:/etc/config# uci set network.rbihnetex1.netmask=255.255.255.0 root@router-wan-sa-1:/etc/config# uci commit
Izmjenjeno od Ernad Husremović prije oko 17 godina
- Fajl config.tgz.gpg config.tgz.gpg dodano
Izmjenjeno od Ernad Husremović prije oko 17 godina
sada ću sve ponoviti sa posljednjim verzijama openwrt image-a i config.tgz-a
pažljivo pratio restore pa vidio da mi backupira /etc/dropbear tako da je korak 6 suvišan, u gornjem uputstvu
Izmjenjeno od Ernad Husremović prije oko 17 godina
- Fajl archive.sigma-com.net_router-wan-sa-1.tar.gz.gpg archive.sigma-com.net_router-wan-sa-1.tar.gz.gpg dodano
e sada je instaliranje zaista 5 minuta posla :)
na archive.sigma-com.net (mrežnom serveru) nalazi se:- firewall
- init.d/custom-user-startup skripta
- openvpn podešenja
Izmjenjeno od Ernad Husremović prije oko 17 godina
- Status promijenjeno iz Dodijeljeno u Zatvoreno
danas oko 2 izvršio sam zamjenu router-a, to ću na poseban ticket statviti