Podrška #13917
Zatvoren
router-wan-sa-1.bring.out.ba: wrt54GL, kamikaze, 192.168.45.254
0%
Opis
wrt54GL, kamikaze, 192.168.45.254
Fajlovi
Povezani tiketi 2 (0 otvoreno — 2 zatvorenih)
Izmjenjeno od Ernad Husremović prije više od 17 godina
http://router-wan-sa-1.bring.out.ba/cgi-bin/webif/status-interfaces.sh
wan:- 00:1D:7E:55:69:5E
Izmjenjeno od Ernad Husremović prije više od 17 godina
- System/Settings
- time zone (Prag/CzechRepublic) - posix string: CET-1CEST,M3.5.0,M10.5.0/3
- hostname - router-wan-sa-1
Izmjenjeno od Ernad Husremović prije više od 17 godina
network route preko uci
root@OpenWrt:/etc/config# uci set network.nsbihnet=route root@OpenWrt:/etc/config# uci set network.nsbihnet.interface=wan root@OpenWrt:/etc/config# uci set network.nsbihnet.target=195.222.33.151 root@OpenWrt:/etc/config# uci commit
rezultat je da u /etc/config/network dobijem novi zapis
config 'route' 'nsbihnet'
option 'target' '195.222.33.151'
option 'interface' 'wan'
isti efekat dobijem i da u vi-u dodam ovaj zapis
Izmjenjeno od Ernad Husremović prije više od 17 godina
root@OpenWrt:/etc/config# uci set openvpn.general.mode=server
root@OpenWrt:/etc/config# uci set openvpn.general.port=1194
root@OpenWrt:/etc/config# uci commit
prekopirao sa router-sa
/etc/openvpn, /etc/openvpn/clients
/etc/init.d/openvpn restart
evo radi izgleda
Jan 1 02:01:07 OpenWrt daemon.notice openvpn[8296]: OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] [EPOLL] built on Apr 8 2008 Jan 1 02:01:09 OpenWrt daemon.notice openvpn[8296]: TUN/TAP device tun0 opened Jan 1 02:01:09 OpenWrt daemon.notice openvpn[8296]: /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500 Jan 1 02:01:10 OpenWrt daemon.notice openvpn[8325]: UDPv4 link local (bound): [undef]:1194 Jan 1 02:01:10 OpenWrt daemon.notice openvpn[8325]: UDPv4 link remote: [undef] Jan 1 02:01:10 OpenWrt daemon.notice openvpn[8325]: Initialization Sequence Completed
root@OpenWrt:/etc/openvpn# ps ax | grep openvpn
8325 root 4168 S openvpn --writepid /var/run/openvpn.pid --daemon --co
Izmjenjeno od Ernad Husremović prije više od 17 godina
mislim da će biti problem sa openvpn klijentima kada zamjenimo router (svi će prijaviti da se radi o novom host-u)
da li možemo zavarati ga tako što ćemo prekopirati ključeve sa sc_linksys_1
root@sc_linksys_1:/etc/dropbear$ ls -l -rw-r--r-- 1 root root 804 Jul 23 2007 authorized_keys -rw------- 1 root root 459 Jan 1 2000 dropbear_dss_host_key -rw------- 1 root root 427 Jan 1 2000 dropbear_rsa_host_key
Izmjenjeno od Ernad Husremović prije više od 17 godina
ovo radi, tako da sam prekopirao sa router-sa ključeve
napraviću dropbear.tar.gz arhivu
hernad@nmraka-1:~/admin/router-wan-sa-1/dropbear$ scp root@192.168.45.254:/etc/dropbear/* . hernad@nmraka-1:~/admin/router-wan-sa-1/dropbear$ cd .. hernad@nmraka-1:~/admin/router-wan-sa-1$ tar cvfz dropbear_router_wan_sa.tar.gz dropbear dropbear/ dropbear/archive.sigma-com.net.key dropbear/dropbear_rsa_host_key dropbear/authorized_keys dropbear/dropbear_dss_host_key hernad@nmraka-1:~/admin/router-wan-sa-1$ gpg -c dropbear_router_wan_sa.tar.gz hernad@nmraka-1:~/admin/router-wan-sa-1$ ls dropbear dropbear_router_wan_sa.tar.gz dropbear_router_wan_sa.tar.gz.gpg
Izmjenjeno od Ernad Husremović prije više od 17 godina
hm izgleda da uopšte nije flash (uci) varijable restorirao ?!?
Izmjenjeno od Ernad Husremović prije više od 17 godina
ovaj backup baš i ne vrijedi ...
sa xwrt-om podesio wifi (wep ključ, wds sa router-om stan-sa, radio channel = 1), mrežne parametre lan (*.45.254, name server)
stanje file systema je:
Filesystem Size Used Available Use% Mounted on none 7.0M 44.0k 6.9M 1% /tmp /dev/mtdblock/4 576.0k 372.0k 204.0k 65% /jffs mini_fo:/jffs 2.6M 2.6M 0 100% /
Izmjenjeno od Ernad Husremović prije više od 17 godina
radi shfsmount-a trebam:
root@router-wan-sa-1:/etc/dropbear# mkdir /mnt/1
prebaciću dropbear ključeve
hernad@nmraka-1:~/admin/router-wan-sa-1/dropbear$ scp * root@192.168.45.254:/etc/dropbear/ archive.sigma-com.net.key 100% 427 0.4KB/s 00:00 authorized_keys 100% 1200 1.2KB/s 00:00 dropbear_dss_host_key 100% 459 0.5KB/s 00:00 dropbear_rsa_host_key 100% 427 0.4KB/s 00:00
pa reboot-ovati router sa mi ssh server radi sa ovim ključevima
Izmjenjeno od Ernad Husremović prije više od 17 godina
pošto je nmraka-1 u /etc/dropbear/authorized_keys imam publickey pristup sa njega
hernad@nmraka-1:~$ ssh root@router-wan-sa-1.bring.out.ba
Izmjenjeno od Ernad Husremović prije više od 17 godina
shfsmount
root@router-wan-sa-1:~# uci set fstab.shfs=boot root@router-wan-sa-1:~# uci set fstab.shfs.dir=/data/router-wan-sa-1 root@router-wan-sa-1:~# uci set fstab.shfs.host=archive.sigma-com.net root@router-wan-sa-1:~# uci set fstab.shfs.user=root root@router-wan-sa-1:~# uci commit
Izmjenjeno od Ernad Husremović prije više od 17 godina
nakon restart-a nemam mount-a, ručno pokušavam publickey ssh pristup
root@router-wan-sa-1:~# ssh -y -i /etc/dropbear/archive.sigma-com.net.key root@archive.sigma-com.net
idem sad reboot-ati
Izmjenjeno od Ernad Husremović prije više od 17 godina
dobijam ovu poruku
Jan 1 00:00:45 : Host 'archive.sigma-com.net' key accepted unconditionally. Jan 1 00:00:45 : (fingerprint md5 39:01:83:80:a6:2f:b7:ab:5f:6d:c0:55:3d:53:85:ac) Jan 1 00:00:57 : root�@archive.sigma-com.net's password: root�@archive.sigma-com.net's pas...
kad vidim u /etc/config/fstab da stvarno stoji root+neki ludi znak, ručno izbacio i sada radi
Izmjenjeno od Ernad Husremović prije više od 17 godina
- Fajl uci_export.gpg uci_export.gpg dodano
prebaciću stanje flash varijabli
root@router-wan-sa-1:~# uci export > /tmp/uci_export
Izmjenjeno od Ernad Husremović prije više od 17 godina
ovaj backup xwrt-om, izgleda nije ni završio kako treba (arhiva je oštećena), ponoviću ga sada
Izmjenjeno od Ernad Husremović prije više od 17 godina
- Fajl config.tgz.gpg config.tgz.gpg dodano
Izmjenjeno od Ernad Husremović prije više od 17 godina
- Fajl obrisano (
config.tgz)
Izmjenjeno od Ernad Husremović prije više od 17 godina
mislim da je sada sve ok, idem ponovo ispočetka:
- instaliram posljednju verziju opewrt image-a
root@router-wan-sa-1:/tmp# mtd -r write openwrt-brcm-2.4-squashfs.trx linux Unlocking linux ... Writing from openwrt-brcm-2.4-squashfs.trx to linux ... [w] Rebooting ... Connection to router-wan-sa-1.bring.out.ba closed by remote host. Connection to router-wan-sa-1.bring.out.ba closed.
- prilazim inicijaliziranom router-u
hernad@nmraka-1:~$ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:1b:38:75:dd:65 brd ff:ff:ff:ff:ff:ff inet 192.168.45.96/24 brd 192.168.45.255 scope global eth0 inet 192.168.1.33/24 scope global eth0 inet6 fe80::21b:38ff:fe75:dd65/64 scope link valid_lft forever preferred_lft forever hernad@nmraka-1:~$ ip route show 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.33 192.168.45.0/24 dev eth0 proto kernel scope link src 192.168.45.96 169.254.0.0/16 dev eth0 scope link metric 1000 default via 192.168.45.1 dev eth0 - setujem ultrasecure password preko xwrt-a
Changing password for root New password: Retype password: Password for root changed by root
- xwrt: System / backup&restore
config - 3 .. prikazuje otpakivanje .. reboot-a system
- router-u prilazim sa 192.168.45.254 znači parametri restorirani
http://router-wan-sa-1.bring.out.ba/cgi-bin/webif/info.sh
- ostaje da dropbear parametre restoriram1
hernad@nmraka-1:~/admin/router-wan-sa-1/dropbear$ scp * root@192.168.45.254:/etc/dropbear/ archive.sigma-com.net.key 100% 427 0.4KB/s 00:00 authorized_keys 100% 1200 1.2KB/s 00:00 dropbear_dss_host_key 100% 459 0.5KB/s 00:00 dropbear_rsa_host_key 100% 427 0.4KB/s 00:00
- pravim /mnt/1, pa ponovo restartujem router
mkdir /mnt/1
- nakon restarta međutim mount /mnt/1 se nije desio, ručno pokušao
root@router-wan-sa-1:~# /etc/init.d/custom-user-startup start Host 'archive.sigma-com.net' key accepted unconditionally. (fingerprint md5 39:01:83:80:a6:2f:b7:ab:5f:6d:c0:55:3d:53:85:ac) => mount ok
- nakon restarta, router se nešto "koči" 30-tak sekundi, ali je sada shfsmount ok
root@router-wan-sa-1:~# mount rootfs on / type rootfs (rw) /dev/root on /rom type squashfs (ro) none on /dev type devfs (rw) none on /proc type proc (rw) none on /tmp type tmpfs (rw,nosuid,nodev) none on /dev/pts type devpts (rw) /dev/mtdblock/4 on /jffs type jffs2 (rw) mini_fo:/jffs on / type mini_fo (rw) none on /mnt/1 type shfs (rw)
- instalirao /mnt/1/etc/router-wan-sa-1, te podesio externi custom-user-startup
root@router-wan-sa-1:~# cat /mnt/1/etc/init.d/custom-user-startup #!/bin/sh . /etc/functions.sh #echo "hello world" > /tmp/test_ext_custom config_cb() { if [ "$1" == "system" ] ; then SECTION=$2 fi } config_load system echo $SECTION config_get HOSTNAME $SECTION hostname . /mnt/1/etc/${HOSTNAME}.fw
1 Ovaj korak mi se čini nepotrebnim izgleda da je restore i ovo restoirao
Izmjenjeno od Ernad Husremović prije više od 17 godina
freezone sam podesio iz xwrt-a ali mi jedna stvar izgleda nedostaje ifname, pa sam to ručno dodao
/etc/config/network
config 'interface' 'freezone'
option 'ifname' 'eth0.1' <<<<<<<<<<<
option 'proto' 'pppoe'
option 'username' 'hsamrae@bihnet'
option 'password' '910frametrue2004'
option 'defaultroute' '0'
option 'ppp_redial' 'persist'
Izmjenjeno od Ernad Husremović prije više od 17 godina
idem podesiti route, jedino mi nije jasno šta staviti za network.<route>.gateway u uputstvu piše da je to mandatory, a ne kontam zašto mi treba ako navedem interface, pokušaću bez toga:
root@router-wan-sa-1:/etc/config# uci set network.nsbihnet=route root@router-wan-sa-1:/etc/config# uci set network.nsbihnet.interface=wan root@router-wan-sa-1:/etc/config# uci set network.nsbihnet.target=195.222.33.151root@router-wan-sa-1:/etc/config# uci set network.ubuntuba=route root@router-wan-sa-1:/etc/config# uci set network.ubuntubu.interface=freezone uci: Entry not found root@router-wan-sa-1:/etc/config# uci set network.ubuntuba.interface=freezone root@router-wan-sa-1:/etc/config# uci set network.ubuntuba.target=80.65.85.0 root@router-wan-sa-1:/etc/config# uci set network.ubuntuba.netmask=255.255.255.0root@router-wan-sa-1:/etc/config# uci set network.rfreezone=route root@router-wan-sa-1:/etc/config# uci set network.rfreezone.interface=freezone root@router-wan-sa-1:/etc/config# uci set network.rfreezone.target=195.222.0.0 root@router-wan-sa-1:/etc/config# uci set network.rfreezone.netmask=255.255.0.0 root@router-wan-sa-1:/etc/config# uci set network.rbihnetex1=route root@router-wan-sa-1:/etc/config# uci set network.rbihnetex1.interface=wan root@router-wan-sa-1:/etc/config# uci set network.rbihnetex1.target=195.222.33.0root@router-wan-sa-1:/etc/config# uci set network.rbihnetex1.netmask=255.255.255.0 root@router-wan-sa-1:/etc/config# uci commit
Izmjenjeno od Ernad Husremović prije više od 17 godina
- Fajl config.tgz.gpg config.tgz.gpg dodano
Izmjenjeno od Ernad Husremović prije više od 17 godina
sada ću sve ponoviti sa posljednjim verzijama openwrt image-a i config.tgz-a
pažljivo pratio restore pa vidio da mi backupira /etc/dropbear tako da je korak 6 suvišan, u gornjem uputstvu
Izmjenjeno od Ernad Husremović prije više od 17 godina
- Fajl archive.sigma-com.net_router-wan-sa-1.tar.gz.gpg archive.sigma-com.net_router-wan-sa-1.tar.gz.gpg dodano
e sada je instaliranje zaista 5 minuta posla :)
na archive.sigma-com.net (mrežnom serveru) nalazi se:- firewall
- init.d/custom-user-startup skripta
- openvpn podešenja
Izmjenjeno od Ernad Husremović prije više od 17 godina
- Status promijenjeno iz Dodijeljeno u Zatvoreno
danas oko 2 izvršio sam zamjenu router-a, to ću na poseban ticket statviti