LEDE: Unterschied zwischen den Versionen

Aus Vosp.freesn.de
Zur Navigation springen Zur Suche springen
← Zum vorherigen Versionsunterschied
F (Diskussion | Beiträge)
Bürokraten
3.134 Bearbeitungen
F (Diskussion | Beiträge)
Bürokraten
3.134 Bearbeitungen
Keine Bearbeitungszusammenfassung
 
(3 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
Router: [[Openwrt]] | [[LEDE]] | [[Libre Mesh]] | [[qMp]]
= Befehle =
= Befehle =
<source lang=bash>
<source lang=bash>
Zeile 66: Zeile 68:
=== Block Files von irgenwelchen ... ===
=== Block Files von irgenwelchen ... ===
  http://someonewhocares.org/hosts/
  http://someonewhocares.org/hosts/
=VPN =
==Anleitungen==
https://blog.doenselmann.com/openvpn-server-auf-openwrt-router-betreiben/
http://www.kammerath.net/openwrt-mit-openvpn-client.html
https://www.portunity.de/access/wiki/OpenVPN-Tunnel_(IPv4)_auf_einem_OpenWRT_Router_einrichten_(Anleitung)
<source lang=bash>
ssh root@192.168.1.1
opkg update
opkg install openvpn-openssl
</source>
Alternative zur folgenden config über gui mit paket luci-app-openvpn
=== riseup openvpn client auf den openwrt einrichten ===
* /etc/openvpn/[https://riseup.net/security/network-security/riseup-ca/RiseupCA.pem RiseupCA.pem]
<source lang=bash>
-----BEGIN CERTIFICATE-----
MIIF2jCCA8KgAwIBAgIIVogyQTSIzc8wDQYJKoZIhvcNAQELBQAwgYYxGDAWBgNV
BAMTD1Jpc2V1cCBOZXR3b3JrczEYMBYGA1UEChMPUmlzZXVwIE5ldHdvcmtzMRAw
DgYDVQQHEwdTZWF0dGxlMQswCQYDVQQIEwJXQTELMAkGA1UEBhMCVVMxJDAiBgkq
hkiG9w0BCQEWFWNvbGxlY3RpdmVAcmlzZXVwLm5ldDAiGA8yMDE2MDEwMjIwMjU0
MFoYDzIwMjYwMzMwMjAyNjAxWjCBhjEYMBYGA1UEAxMPUmlzZXVwIE5ldHdvcmtz
MRgwFgYDVQQKEw9SaXNldXAgTmV0d29ya3MxEDAOBgNVBAcTB1NlYXR0bGUxCzAJ
BgNVBAgTAldBMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYVY29sbGVjdGl2
ZUByaXNldXAubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2VV
uoz4xqeB1ROIwXBRaj0prOqEFX89A7+2rslGRfjM8NPHyBLGleoHTK3DPwadtQeg
ulaEOAjM5EMXTEX/o9H46L6h729HUWPCwVssvvOjyxTyGJDf7Ihd/Ab7ODtlJSyc
g31aXMioA5pGz5QnS3VGz4nE9+NL+jobc/NbhaacsEPR/7xO7meRNu/1S+YiHK1y
BSVrfap3XItlcNHDGNQkPyyJbS3pAS1lQs2HCBTzcFCamCkDOC7cRh9wZ4GH8U2f
2s0mDD5zhRpheNW4gFBtGpqHiRXv7WJW612aaXzKQQoIq2loGNvOpnyBPKL3jjUT
Rxv5IzWMV0nAofMCy25u/S4J65uSEd9mLNXFJ3rl+cFaybcOUXktTbS7bZy6cMyf
/gO28bEXIWr5WfZf8jCbPyOVfExZquG3aS+0YPWmIJCheXQzgiwplZy93oND1GGQ
f+1R2F7GPwNXQdefv2xm7PTWhHbSWHHmeY89qYED+yFJrX5ChoFoBbYs1lMmdU/C
2MnQBFtvcVockXFAUONyMKiq8ZP6sQ1lu0rO9Bvkhx55sJLZOmjN3g4S1K97PbbI
5DzHKcR0JQSt8ZtCY/MuMbwvlNYo98bFWvlfKET0KPtogNNH0PNfJmStKR8jWGjE
HnUNXo7YDfK90iEKTjLz2K5CYzH5Dm6iYJNaaykCAwEAAaNGMEQwEgYDVR0TAQH/
BAgwBgEB/wIBADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTGek7ebtq2Ibm+
2K6je1IMobvEkzANBgkqhkiG9w0BAQsFAAOCAgEAO2B3jnL+8LeoRkc282qUpHyu
xYj0Qd68l0CJ0FjfA2OCR/6h1W4gZVH+fTd/mhgrNXj28GRT53JEh1jdRC7ENTXu
W9O8I9gCbWQ6V4nkZ9lpq8UEmKTFGnngVu8VCmSDF+y0kFuEtmt0jyd2UkJfC/vy
Gh78OCHEdGAeOTYHXamiuA9Z7wMuncPjP476gSW2kfWTdxV25ad4tT5dA5d42xDm
YE2UKzHeB9amOmvyh08LPD0idT5oROCIHsHBhQC9oltJXO5j6GyHRg88C1inyv6R
xk+w9ek4wSBpoJg5t3hdbZr3JTUsuu4WPtAET0fMQpJC+niaBbegwtvdLZFM+d8x
ead3ZpMO+XrpazDFGtdPTQdi5EIYmr2RL9eTeQbVPwMB9TgFpBXP+iYIuTpNo8jn
8zS4EcPRmz6PQJVK4zkHczfvquyU9RuOwEgb8qN4tSNxF0Z94uSVUoXCG9WZLf8q
MfsGesYiR/qLnLn3MfAyWm3OVOUvGzczDE2T8VvY7rXc2+8ra5aK0TNAgEz9ey6D
/dGzM1JCCe1A08s+2+eRX//pmqmOCoGrY7zwIVS2T249h6iIMM9yT0C3ZXRoTnVN
osyidOkVuQr0YK6shJ0WaK4F1MktdjOZKPoIc9QLw+TrSU2hfyla36T0bNWMC/TJ
YtxDI+d1jIFZ7zMmts4=
-----END CERTIFICATE-----
</source>
==== openvpn starten mit Passwortabfrage ====
'''start befehl'''
<source lang=bash>
openvpn --client --dev tun --auth-user-pass --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem
</source>
==== openvpn starten mit Passwortdatei ====
/etc/openvpn/riseup_auth.txt 
<source lang=bash>
user
secret
</source>
'''start befehl'''
<source lang=bash>
openvpn --client --dev tun --auth-user-pass /etc/openvpn/riseup_auth.txt  --remote vpn.riseup.net 1194 --keysize 256 --auth SHA256 --cipher AES-256-CBC --ca /etc/openvpn/RiseupCA.pem
</source>
==== openvpn starten mit configfile ====
/etc/openvpn/riseup2.ovpn
<source lang=bash>
client
dev tun
auth-user-pass /etc/openvpn/riseup_auth.txt
remote vpn.riseup.net 1194
keysize 256
auth SHA256
cipher AES-256-CBC
ca /etc/openvpn/RiseupCA.pem
#
auth-nocache
#
remote-cert-tls server
script-security 2
persist-tun
persist-key
#route-noexec
#route-up /etc/openvpn/ruvpnrouteadd.sh
</source>
'''start befehl'''
<source lang=bash>
openvpn /etc/openvpn/riseup2.ovpn
</source>
==== openvpn starten mit /etc/init.d/openvpn ====
'''/etc/config/openvpn'''
<source lang=bash>
config openvpn cryptn_vpn
        # Set to 1 to enable this instance:
        option enable 1
        # Include OpenVPN configuration
        option config /etc/openvpn/riseup2.ovpn
</source>
'''start befehl'''
<source lang=bash>
/etc/init.d/openvpn start
/etc/init.d/openvpn restart
/etc/init.d/openvpn stop
</source>
=== Netzwerkeinstellungen auf openwrt für openvpn ===
'''/etc/config/network'''
<source lang=bash>
# ....
config interface 'ncvpn'
        option proto 'dhcp'
        option ifname 'tun0'
        option hostname 'LEde'
</source>
''' start befehle '''
/etc/init.d/network restart
'''/etc/config/firewall'''
<source lang=bash>
# ....
config rule
        option name 'Allow-OpenVPN-Inbound'
        option target 'ACCEPT'
        option src '*'
        option proto 'udp'
        option dest_port '1194'
config zone
        option name 'newzone'
        option forward 'REJECT'
        option output 'ACCEPT'
        option input 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'ncvpn'
config forwarding
        option dest 'newzone'
        option src 'lan'
</source>
''' start befehle '''
/etc/init.d/firewall restart


= Hardware =
= Hardware =

Aktuelle Version vom 20. April 2020, 09:10 Uhr

Router: Openwrt | LEDE | Libre Mesh | qMp

Befehle

# Netzwerkkonifguration anzeigen
uci show network
uci show wireless
uci show firewall

# routen ausgeben
ip route

# wlan  scannen
iwinfo wlan0 scan
iwinfo

iw wlan0 info
iw wlan0 scan dump
iw wlan0 mpp dump
iw wlan0 mpath dump
iw wlan0 station dump
iw wlan0 survey dump

# Netzwerkprogramm iftop
opkg install iftop
iftop

Installation

Installatioin auf TL-WR1043ND v4.x

wget http://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-factory.bin
wget http://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin

# sysupgrade alternativ beim ersten mal factory.bin nutzen
scp lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin root@192.168.10.1:/tmp/
ssh root@192.168.10.1
sysupgrade  -n lede-17.01.2-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin

Adblock

opkg install adblock
opkg install luci-app-adblock

Manuell

https://blog.doenselmann.com/werbung-direkt-auf-openwrt-router-blocken/

Direkt vom Router

wget --no-check-certificate https://gist.githubusercontent.com/teffalump/7227752/raw/af7d3d365426731015e99698a93e1a072a7da4ba/adblock.sh

mit opkg

https://github.com/openwrt/packages/tree/master/net/adblock/files

speziell z.B Windows updates

https://github.com/crazy-max/WindowsSpyBlocker
https://yro.slashdot.org/story/15/08/26/225239/how-to-keep-microsofts-nose-out-of-your-personal-data-in-windows-10

Block Files von irgenwelchen ...

http://someonewhocares.org/hosts/

Hardware

Ubiquiti Unifi | AP AC Lite

  • Firmware durch Lede erseztzen
    • Anschluss des AP AC LITE an einen Router
nmap  -sP 192.168.1.1/24
Nmap scan report for 192.168.1.104
Host is up (-0.095s latency).
MAC Address: F0:9F:C2:7C:2F:C8 (Ubiquiti Networks)

ssh ubnt@192.168.1.104

pw: ubnt

    • Download:
https://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/
  • ubnt-unifiac-lite-squashfs-sysupgrade.bin


    • Image kopieren
scp lede-17.01.2-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin  ubnt@192.168.1.104:/tmp/
ssh  ubnt@192.168.1.104:/tmp/

BZ.v3.4.14#

    • Beide Befehle hintereinander ausführen!!!
mtd write /tmp/lede-17.01.2-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin  kernel0
mtd -r write /tmp/lede-17.01.2-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin kernel1

Die Verbindung wird unterbrochen Login in Lede: 

ssh root@192.168.1.1
Abgerufen von „https://vosp.freesn.de/index.php?title=LEDE&oldid=5655