Commit 3bbd6c9a authored by nimrod's avatar nimrod
Browse files

WAP: Update the config for OpenWRT 23.05.

This is a dump of the config from a new router (Linksys MR8300) running
a new version of OpenWRT (23.05).
parent c652d688
Loading
Loading
Loading
Loading
+1 −1
Original line number Diff line number Diff line
# Wirelss Access Point

Configure a wireless access point running OpenWRT 19.07.
Configure a Linksys MR8300 running OpenWRT 23.05 as a wireless access point.
+85 −182
Original line number Diff line number Diff line
@@ -11,24 +11,27 @@ config dnsmasq
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'

config dhcp 'wan'
	option interface 'wan'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ignore '1'

config odhcpd 'odhcpd'
@@ -40,162 +43,33 @@ config odhcpd 'odhcpd'
package dropbear

config dropbear
	option Port '22'
	option RootPasswordAuth 'off'
	option PasswordAuth 'off'
	option RootPasswordAuth 'off'
	option Port '22'

package firewall

config defaults
	option syn_flood '1'
	option output 'ACCEPT'
	option forward 'REJECT'
	option input 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config include
	option path '/etc/firewall.user'

config rule
	option dest_port '22'
	option src '*'
	option name 'ssh'
	option target 'ACCEPT'
	list proto 'tcp'

package firewall-opkg

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'
	list network 'lan'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option name 'ssh'
	list proto 'tcp'
	option src '*'
	list dest_ip '192.168.3.13'
	option dest_port '22'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

package luci

config core 'main'
@@ -223,6 +97,9 @@ config internal 'ccache'
	option enable '1'

config internal 'themes'
	option Bootstrap '/luci-static/bootstrap'
	option BootstrapDark '/luci-static/bootstrap-dark'
	option BootstrapLight '/luci-static/bootstrap-light'

config internal 'apply'
	option rollback '90'
@@ -238,43 +115,52 @@ config internal 'diag'
package network

config interface 'loopback'
	option ifname 'lo'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd3a:a5ff:4867::/48'
	option ula_prefix 'fdc9:d14b:495c::/48'

config interface 'lan'
config device
	option name 'br-lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'dhcp'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'wan'
	option macaddr 'C4:41:1E:AA:03:4A'

config device 'lan_eth0_dev'
	option name 'eth0'
	option macaddr '60:38:e0:ae:19:4a'
config device
	option name 'lan1'
	option macaddr 'C4:41:1E:AA:03:4A'

config device 'wan_eth1_dev'
	option name 'eth1'
	option macaddr '60:38:e0:ae:19:49'
config device
	option name 'lan2'
	option macaddr 'C4:41:1E:AA:03:4A'

config switch
	option name 'switch0'
	option reset '1'
config device
	option name 'lan3'
	option macaddr 'C4:41:1E:AA:03:4A'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 4'
	option vid '1'
config device
	option name 'lan4'
	option macaddr 'C4:41:1E:AA:03:4A'

package nut_server
config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'

config device
	option name 'wan'
	option macaddr 'C4:41:1E:AA:03:4A'

package rpcd

config rpcd
	option socket '/var/run/ubus.sock'
	option socket '/var/run/ubus/ubus.sock'
	option timeout '30'

config login
@@ -286,11 +172,12 @@ config login
package system

config system
	option hostname 'mr8300.shore.co.il'
	option ttylogin '0'
	option log_size '64'
	option urandom_seed '0'
	option compat_version '2.0'
	option zonename 'UTC'
	option hostname 'ea6350.shore.co.il'
	option log_proto 'udp'
	option conloglevel '8'
	option cronloglevel '5'
@@ -306,7 +193,7 @@ package ubootenv
config ubootenv
	option dev '/dev/mtd7'
	option offset '0x0'
	option envsize '0x20000'
	option envsize '0x40000'
	option secsize '0x20000'

package ucitrack
@@ -314,7 +201,6 @@ package ucitrack
config network
	option init 'network'
	list affects 'dhcp'
	list affects 'radvd'

config wireless
	list affects 'network'
@@ -375,7 +261,7 @@ config uhttpd 'main'
	list listen_http '[::]:80'
	list listen_https '0.0.0.0:443'
	list listen_https '[::]:443'
	option redirect_https '1'
	option redirect_https '0'
	option home '/www'
	option rfc1918_filter '1'
	option max_requests '3'
@@ -388,10 +274,11 @@ config uhttpd 'main'
	option network_timeout '30'
	option http_keepalive '20'
	option tcp_keepalive '1'
	option ubus_prefix '/ubus'

config cert 'defaults'
	option days '730'
	option key_type 'rsa'
	option key_type 'ec'
	option bits '2048'
	option ec_curve 'P-256'
	option country 'ZZ'
@@ -403,32 +290,48 @@ package wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'platform/soc/a000000.wifi'
	option country 'IL'
	option htmode 'HT40'
	option channel '6'
	option path 'soc/40000000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel 'auto'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Shore Inc. (5ghz)'
	option encryption 'sae-mixed'
	option key '{{ wifi_password }}'
	option encryption 'psk2'
	option ssid 'Shore Inc. (2.4ghz)'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'platform/soc/a800000.wifi'
	option htmode 'VHT80'
	option country 'IL'
	option path 'platform/soc/a000000.wifi'
	option channel '11'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'Shore Inc. (2.4ghz)'
	option encryption 'sae-mixed'
	option key '{{ wifi_password }}'
	option encryption 'psk2'

config wifi-device 'radio2'
	option type 'mac80211'
	option path 'platform/soc/a800000.wifi'
	option channel '60'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid 'Shore Inc. (5ghz)'
	option encryption 'sae-mixed'
	option key '{{ wifi_password }}'