I have OpenWRT installed on some of my routers and to add additional storage for settings as well as programs that might be installed on the router and maybe logs, OpenWRT recommends you plug storage into it and use an overlayfs. I also have a SBC where I just mount an external drive overtop of my home directory on boot to store the home directory externally off of the SD Card that the bootloader and OS are installed on; since the storage on the external drive is more reliable than the SD Card, despite running slower. What is the difference between these two strategies? They are both basically Single Board computers with Linux, and when the external drive fails to mount, in both cases we're left with a directory full of the content of the original directory, where the drive would have been mounted before. The only think I can think of that is different, is that the settings directory for OpenWRT (/etc) is being mounted on the external drive, where this is not the case on the SBC.

Thanks to the command "cpuinfo", I've noticed that the "System type" is MediaTek MT7620, "cpu model" is MIPS 24KEc V5.0, so that I downloaded this package > bash_4.3.39-1_ramips_24kec.ipk from Index of /chaos_calmer/15.05/ramips/mt7620/packages/packages/ So I believe that I have got the correct package for my machine, but I can't install it, I use opkg install /path/to/bash_4.3.39-1_ramips_24kec.ipk, sure the path is right, and I got > Unknown package 'bash'. > > Collected errors: > > * pkg_hash_fetch_best_installation_candidate: Packages for bash found, but incompatible with the architectures configured > > * opkg_install_cmd: Cannot install package bash. From the report, I don't think I need to install something else first (Am I wrong?), and I have no idea how to solve this problem. UPDATE: The machine runs Pandorabox R2 14.09, with Luci Trunk (0.12+svn-r1024), I have also tried using bash_4.2-5_ramips_24kec.ipk from Index of /barrier_breaker/14.07/ramips/mt7620a/packages/packages/ and Index of /barrier_breaker/14.07/ramips/mt7620n/packages/packages/ I got the same report. If I am not wrong, the version of firmware of OpenWrt should be 14.07, that's the base of Pandorabox R2 14.09.

I run dnsmasq on a server (specifically OpenWrt) to act as both DHCP and DNS. OpenWrt DHCP configuration /etc/config/dhcp: option readethers '1' list address '/my-phone.lan/172.28.79.133' Which is equivalent to running: dnsmasq --read-ethers --address='/my-phone.lan/172.28.79.133' nslookup works and resolves the name to IP correctly. I set this in /etc/ethers: 00:c7:11:b4:19:1a my-phone.lan From dnsmasq manpage: > **-Z, --read-ethers** > Read /etc/ethers for information about hosts for the DHCP server. The format of /etc/ethers is a hardware address, followed > by either a hostname or dotted-quad IP address. When read by dnsmasq > these lines have exactly the same effect as --dhcp-host options > containing the same information. /etc/ethers is re-read when dnsmasq > receives SIGHUP. IPv6 addresses are NOT read from /etc/ethers. When my phone connects to the network, it does not receive the DHCP lease 172.28.79.133. But if I don't use dnsmasq --address and instead set it in /etc/hosts: 172.28.79.133 my-phone.lan It works and my phone does receive the correct DHCP lease. Why is that?

I'm running Chaos Calmer 15.05 (openwrt firmware) in a TPLINK WDR3600 and I'm trying to install SANE + HPLIP in order to get scanner over lan network. I installed sane-libs and sane-daemon + dependencies from official distribuition feed (for Chaos Calmer) and because HPLIP is not available for Chaos Calmer, I had to install HPLIP for 14.07 in third distribuition url , I don't know if the error below is because of this "version", but.... Well... Using sane-find-scanner I get scanner found out by the system, and scanimage -L returns me: > device > `hpaio:/usb/HP_LaserJet_Professional_M1132_MFP?serial=000000000SS17TR2PR1a' > is a Hewlett-Packard HP_LaserJet_Professional_M1132_MFP all-in-one Although scanimage -T returns: > scanimage: open of device > hpaio:/usb/HP_LaserJet_Professional_M1132_MFP?serial=000000000SS17TR2PR1a > failed: Error during device I/O Can someone help me? PS: Sane is returning me error: root@OpenWrt:~# saned -d [saned] main: starting debug mode (level 2) [saned] saned (AF-indep+IPv6) from sane-backends 1.0.25 starting up [saned] do_bindings: bind failed: Address already in use [saned] do_bindings: [1] bind failed: Address already in use [saned] do_bindings: couldn't bind an address. Exiting. [saned] FATAL ERROR; bailing out, waiting for children... [saned] bail_out: all children exited

I’m attempting to add support for using Sublime Text and TextMate with files on the router: https://packagecontrol.io/packages/RemoteSubl . Essentially, the script needs to be added to the /usr/local/bin directory: curl -o /usr/local/bin/rmate https://raw.githubusercontent.com/aurora/rmate/master/rmate sudo chmod +x /usr/local/bin/rmate Unfortunately, the /usr/local/bin directory doesn’t exist (nor is it on the PATH): # echo $PATH /usr/bin:/usr/sbin:/bin:/sbin Is there a recommended location for user-related scripts, such that they are on the PATH?

I'm trying to mount 1[MB] of flash as JFFS2 FS in openwrt environment, using 128[MB] NAND flash (4 bit ECC). I'm using the following sequence - flash_eraseall -j dev/mtd6 mount -t jffs2 -o noatime /dev/mtdblock6 /NAME_OF_MOUNT After running this sequence, it seems mounting completed and I can access, read and write to the mounted area. The problem begins when I reboot the system, during the boot following message appears: jffs2: mtd->read(0x800 bytes from 0x60000) returned ECC error jffs2: notice: (667) read_dnode: wrong data CRC in data node at 0x00060000: read 0xf7a2ee2c, calculated 0x2f2a8b04 I have also tried to create nvm.jffs2 file using mkfs.jffs2 and burn it to requested partition - but the issue still occured. I will appreciate any ideas or thoughts. Thank you all in advanced!

My home topology: router1 (192.168.1.1) - D-Link dsl2540u server with static IP available from Internet (ADSL via ppoe). 4 LAN ports. ---------- router2 (192.168.1.2) - D-Link DIR-300 with OpenWRT. Plays role of WiFi access point. 4 LAN ports + WAN port.

							 Home PC (connects to router1 via DHCP)
							|				   			
internet ------ router1-----
                            |
							 router2 (OpenVPN server on OpenWRT)

On router1 I set up NAT Virtual Servers and can connect to my router via SSH or OpenVPN (tcp on 443 port) OpenVPN server works fine and all traffic goes via tun interface after connection. OpenVPN server config (if matter):

--script-security 2
mode		server
dev               tun
port              443
proto             tcp

server            10.0.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.1.1" # Change this to your router's LAN IP Address
push "route 192.168.1.0 255.255.255.0" # Change this to your network

client-config-dir ccd
client-to-client
tls-server
dh                /etc/openvpn/dh2048.pem
ca                /etc/openvpn/CA_cert.pem
cert              /etc/openvpn/certs/server.pem
key               /etc/openvpn/keys/server.pem
crl-verify        /etc/openvpn/crl/crl.pem
tls-auth          /etc/openvpn/ta.key 0
#comp-lzo
keepalive         10 120
tun-mtu           1500
mssfix            1450
persist-key
persist-tun
verb              3
log /var/log/openvpn.log

My goal is OpenVPN tunnel with Internet from my home router1. At now I can connect to OpenVPN server but all traffic that goes via tunnel does not reach Internet. Firewall rules on router2 (OpenWRT):

iptables -t nat -A prerouting_wan -p tcp --dport 443 -j ACCEPT
iptables -A input_wan -p tcp --dport 443 -j ACCEPT

iptables -t nat -A prerouting_lan -p tcp --dport 443 -j ACCEPT
iptables -A input_lan -p tcp --dport 443 -j ACCEPT


iptables -I INPUT -i tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT

It's definitely a problem with routing but I have no enough knowledges to solve it.

I'm just wondering what is the equivalent of apt-get upgrade apt upgrade yum update with OpenWRT or LEDE?

I'am using Arduino Yun and i want mount rootfs over NFS. I downloaded openwrt sources, build the project and then copied the generated rootfs from build_dir/target-mips_34kc_musl-1.1.15/root-ar71xx under /home/user/srv/nfs/root-ar71xx in the uboot prompt the command line i used is : setenv bootargs root=/dev/nfs rw nfsroot=192.168.1.1:/home/user/srv/nfs/root-ar71xx ip=192.168.1.2:192.168.1.1:192.168.1.1:255.255.255.0::off; bootm uboot environement variables: ar7240> printenv bootcmd=bootm 0x9fea0000 bootdelay=4 baudrate=115200 ethaddr=0xb4:0x21:0x8a:0x00:0x00:0x10 ipaddr=192.168.1.2 serverip=192.168.1.1 stdin=serial stdout=serial stderr=serial ethact=eth0 bootargs=root=/dev/nfs rw nfsroot=192.168.1.1:/home/user/srv/nfs/root-ar71xx ip=192.168.1.2:192.168.1.1:192.168.1.1:255.255.255.0::off Environment size: 319/65532 bytes But i got : ## Booting image at 81000000 ... Bad Magic Number I read in [this link](http://lists.denx.de/pipermail/u-boot/2006-May/014983.html) , that there is a kind of encapsulation for the kernel in order to be "known" by U-Boot. Is it the same thing for the rootfs I have another question but it's not very related to the topic: After building the project i have several binaries (24) under bin/ar71xx/: openwrt-ar71xx-generic-wzr-hp-ag300h-squashfs-tftp.bin openwrt-ar71xx-generic-tl-mr11u-v1-squashfs-sysupgrade.bin openwrt-ar71xx-generic-wzr-hp-g300nh2-squashfs-factory.bin ... I expect only one kernel image what all these images are supposed to do ? Thanks in advance. **EDIT**: I change the cmd line to : setenv bootargs root=/dev/nfs rw nfsroot=192.168.1.1:/home/bou6/srv /nfs/root-ar71xx ip=192.168.1.2:192.168.1.1:192.168.1.1:255.255.255.0::off; bootm 0x9fea0000 and i don"t have Bad Magic Number anymore, but still questions: 1- How can we know the load address of the kernel 2- I noticed even though the ethernet cable is not branched the kernel continue to use the default file system flashed on the Yun, is there a method to desactivate this.

Previously I was using wpad-openssl, with this line in my wpa_supplicant.conf, openssl_ciphers=DEFAULT@SECLEVEL=0 Now I want to move to mbedtls, how do I port that line? Without it I'm getting MTLS: invalid tls_disable_tlsv* params; ignoring 10g-2: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected MTLS: mbedtls_ssl_handshake: SSL - A fatal alert message was received from our peer (-0x7780)

I followed this guide for creating an OpenWrt VM and was successfully able to spin up a machine. What I would like however is to possibly be able to create a machine using customized architecture using my own bin file I was able to convert a factory bin to a vdi in a similar way as in the guide and used the same OS setup (Linux 2.6) However when I try to use the machine it fails to boot unlike before I'm not sure if it is possible to create a VM in Vbox this way, but it would save a lot of time in testing before moving to the actual hardware. Even having limited functionality would be immensely time saving

I have openWrt installed on a TP-Link TL-WA901N/ND v3. I don't have luci package installed because I don't have enough space, so I can only do thing via cli. What I'm trying to achieve is to create a mon0 interface at startup and run tcpdump on it. I've created a file in /etc/init.d and named it monitor. The monitor file contains the following #!/bin/sh /etc/rc.common #to start after /etc/init.d/network is started and stop after it stopped START=99 STOP=1 start(){ #tried with and without the following two lines include /lib/network scan_interfaces iw phy phy0 interface add mon0 type monitor ifconfig mon0 up echo "mon0 is up!" } stop(){ ifconfig mon0 down iw mon0 del echo "mon0 is down!" } then I run the following /etc/init.d/monitor enable and in /etc/rc.d I can see S99monitor and K1monitor but when I reboot, I can't see the mon0 interface created when I do ifconfig. This works if I manually start it with /etc/init.d/monitor start I've also tried adding the command above to /etc/rc.local but nothing changed. What am I doing wrong?

I have downloaded OpenWRT files for PC from OpenWRT site . I have installed DHCP and TFTP (in my LAN) and can boot (other) kernels from them. Now I want to boot these OpenWRT files. I wrote in PXE config DEFAULT minimallinux SAY Now booting Minimal Linux... LABEL minimallinux MENU LABEL Minimal Linux KERNEL vmlinuz INITRD rootfs-squashfs.img.gz It boots, loads kernel, then loads image, then starts boot printouts and finaly crashes with kernel panic and reboots VFS:Cannot open root device "(null)" or unknown-block(0,0): error-6 Please append a correct "root=" boot option; here are the available partitions: Kernel panic - not syncing: VFS: Unable to mount root fs on unknown un-blokc(0,0) I also tried KERNEL vmlinuz APPEND initrd=rootfs-squashfs.img.gz boot=live toram=rootfs-squashfs.img.gz and some other combinations but failed. Any hints appreciated :)

I'm creating a L3-Switch that modifies packets by redirecting some of them to local app. My goal is to send them further to the same MAC as before. Short "why": zero-conf device to connect with to any ethernet network, portable, does proxying. Switch is organized as ethernet bridge (br-lan) between eth0 and eth1. It is assumed by default that gateway for br-lan clients lies through eth0. Question: Let's say that packet comes from eth1 on the way to eth0 and gets redirected to local app. After that app has output and destination IP of the original packet has changed. L3 tries to route packet to new destination, but it doesn't have any default gateways (And it shouldn't, because it's switch!). Assuming I know the MAC address of default gateway, how to I force packet to go out through eth0 to specific MAC address? Technically I'm not trying to do anything "illegal" in terms of network. I want to kick the packet out of eth0 and all I'm "missing" is destination MAC, but I can retrieve it from the original packet. I know for sure that destination IP isn't local, therefore it would be sent to default gateway anyway using it's MAC address. So it's a question of implementation. I was trying to modify destination MAC at bridge -t NAT OUTPUT by doing this: > ebtables -t nat -A OUTPUT -p ipv4 --ip-proto tcp --ip-src 192.168.1.251 -j dnat --to-dst 04:61:e7:d2:e2:09 But that didn't help. (Assuming 04:61:e7:d2:e2:09 is default gateway MAC and 192.168.1.251 is one of the clients just to test this theory) Actual implementation is on OpenWRT, so available packages might be limited. **How did I get to that problem:** More information on the local app: it's ss-redir from here, binds to 0.0.0.0:port => https://github.com/shadowsocks/shadowsocks-libev Added use cases to the [Device]: Expectation: We have 3 PC-clients connected to a regular switch. After bringing [Device] and connecting it to regular switch and reconnecting PC-clients to [Device], PC-clients gain [Result] without configuring the device. 2)From the "outside" every PC-client should be accessible for all protocols in the network, whatever they are (RDP, NetBIOS for naming resolution, file sharing, or whatever local admin decides to do). 3)They should have internet access via default gateway as always, except proxying tcp via SS for particular destination ipset (which is always through the very same gateway) Under assumption that these use cases require device not having any IP/MAC knowledge of the existing network from the start(because office users won't config anything by themselves), I'm trying to make "proxying bridge" that works like a switch, intercepting packets and sends them out to eth0(WAN) after local app redirection. The problem is the after redirection packet needs to be sent on its way. I'm investigating "auto-reconfig on the fly idea" with a MAC-snat/dnat, but stuck with the problem that packet won't go to eth0 after being generated locally even if I can specify Default Gateway MAC-addr in ebtables as destination.

How to generate SSHFP records for a Dropbear instance at OpenWrt? I have **dropbearconvert** and **openssh-keygen** installed, but nothing works. Always invalid format or similar errors. There are two host key files available: /etc/dropbear/dropbear_dss_host_key /etc/dropbear/dropbear_rsa_host_key Any ideas how to get a SSHFP record?

While cross compiling OpenWRT, I have I have replaced OpenWRT's toolchain with toolchain i686 architecture. But, I am getting below mentioned error: make: Leaving directory `/home/hclintel/pankaj/fresh/trunk/build_dir/target-i386_i486_musl-1.1.10/linux-x86_generic/linux-3.18.18' ./scripts/gcc-version.sh: line 25: i686-cm-linux-gcc: command not found ./scripts/gcc-version.sh: line 26: i686-cm-linux-gcc: command not found make: Entering directory `/home/hclintel/pankaj/fresh/trunk/build_dir/target-i386_i486_musl-1.1.10/linux-x86_generic/linux-3.18.18' arch/x86/Makefile:114: stack-protector enabled but compiler support broken Makefile:657: Cannot use CONFIG_CC_STACKPROTECTOR_REGULAR: -fstack-protector not supported by compiler make: i686-cm-linux-gcc: Command not found CHK include/config/kernel.release CHK include/generated/uapi/linux/version.h CHK include/generated/utsrelease.h CC kernel/bounds.s /bin/sh: 1: i686-cm-linux-gcc: not found make: *** [kernel/bounds.s] Error 127 make: *** [prepare0] Error 2 make: Leaving directory `/home/hclintel/pankaj/fresh/trunk/build_dir/target-i386_i486_musl-1.1.10/linux-x86_generic/linux-3.18.18' make: *** [/home/hclintel/pankaj/fresh/trunk/build_dir/target-i386_i486_musl-1.1.10/linux-x86_generic/linux-3.18.18/.modules] Error 2 make: Leaving directory `/home/hclintel/pankaj/fresh/trunk/target/linux/x86' make: *** [compile] Error 2 make: Leaving directory `/home/hclintel/pankaj/fresh/trunk/target/linux' make: *** [target/linux/compile] Error 2 make: Leaving directory `/home/hclintel/pankaj/fresh/trunk' make: *** [/home/hclintel/pankaj/fresh/trunk/staging_dir/target-i386_i486_musl-1.1.10/stamp/.target_compile] Error 2 make: Leaving directory `/home/hclintel/pankaj/fresh/trunk' make: *** [world] Error 2 hclintel@hclintel-ThinkCentre-M73:~/pankaj/fresh/trunk$ When I run echo $PATH, then I get below mentioned result: /home/hclintel/bin:/usr/lib/lightdm/lightdm:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games I think I need to modify path in configuration file but I am not able to find the right place to modify path.

I have an OpenWrt router, I want to disable password authentication on SSH, so that one can only authenticate with keys. This is easily achieved by following the guide in the documentation, however, I want to only disable password authentication on the WAN interface, is this possible?

# Goal # I'd like to have two LANs: lan0 and lan1. lan0 is unencrypted traffic; lan1 will be an always-active VPN. I haven't configured the VPN, so it's currently just a second unencrypted network. I'm hoping to configure it as such: # Symptoms # Unfortunately, lan1 (named LAN1_INTERFACE in the configuration files) isn't working. - can't join WiFi network: - lan1 interface (LAN1_INTERFACE) doesn't have an IP addres: I suspect that the firewall isn't properly configured. What am I missing? Do I have any other issues that need to be addressed? # Configuration files # /etc/config/network: config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fd22:91e8:0e0f::/48' config interface 'wan' option ifname 'eth1.201' option proto 'pppoe' option username 'user_name' option password 'password' option ipv6 '0' option _orig_ifname 'eth1' option _orig_bridge 'false' option mtu '1492' config interface 'lan' option ifname 'eth0' option force_link '1' option type 'bridge' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' option _orig_ifname 'eth0 wlan0' option _orig_bridge 'true' config interface 'lan1_interface' option ifname 'eth2' option force_link '1' option type 'bridge' option proto 'static' option ipaddr '192.168.2.1' option netmask '255.255.255.0' option _orig_ifname 'eth2 wlan1' option _orig_bridge 'true' config interface 'vpn_interface' option ifname 'tun0' option proto 'none' config switch option name 'switch0' option reset '1' option enable_vlan '1' config switch_vlan option device 'switch0' option vlan '1' option ports '0 1 2 3 5' option vid '1' config switch_vlan option device 'switch0' option vlan '2' option ports '4 6' option vid '2' /etc/config/wireless: config wifi-device 'radio0' option type 'mac80211' option channel '36' option hwmode '11a' option path 'platform/soc/soc:pcie-controller/pci0000:00/0000:00:02.0/0000:02:00.0' option htmode 'VHT80' option disabled '0' option txpower '23' option country 'US' config wifi-iface option device 'radio0' option mode 'ap' option disabled '0' option encryption 'psk2+tkip+aes' option key 'password' option network 'lan' option ssid 'Router' config wifi-device 'radio1' option type 'mac80211' option channel '11' option country 'US' option hwmode '11g' option path 'platform/soc/soc:pcie-controller/pci0000:00/0000:00:01.0/0000:01:00.0' option htmode 'HT20' option disabled '0' option txpower '19' config wifi-iface option device 'radio1' option mode 'ap' option disabled '0' option encryption 'psk2+tkip+aes' option key 'password' option network 'lan1_interface' option ssid 'Router [VPN]' /etc/config/dhcp: config dnsmasq option domainneeded '1' option boguspriv '1' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option expandhosts '1' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' option localservice '1' option nonwildcard '0' option domain 'lan' option port '5353' option dhcpscript '/etc/resolver/dhcp_host_domain_ng.py' config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option dhcpv6 'server' option ra 'server' option ra_management '1' list dhcp_option '6,192.168.1.1' config dhcp 'wan' option interface 'wan' option ignore '1' config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' config dhcp 'lan1_interface' option start '100' option leasetime '12h' option limit '150' option interface 'lan1_interface' list dhcp_option '6,192.168.2.1' /etc/config/firewall: config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' # # includes # config include option path '/etc/firewall.user' config include option path '/usr/share/firewall/turris' option reload '1' config include option path '/etc/firewall.d/with_reload/firewall.include.sh' option reload '1' config include option path '/etc/firewall.d/without_reload/firewall.include.sh' option reload '0' config include 'miniupnpd' option type 'script' option path '/usr/share/miniupnpd/firewall.include' option family 'any' option reload '1' # # zones # config zone option name 'wan' option network 'wan wan6' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' config zone option name 'vpn_zone' option network 'vpn_interface' option input 'REJECT' option forward 'REJECT' option output 'ACCEPT' option masq '1' option mtu_fix '1' config zone option name 'lan' option network 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' config zone option name 'lan1_zone' option network 'lan1_interface' option output 'ACCEPT' option input 'ACCEPT' option forward 'ACCEPT' # # fowarding # config forwarding option dest 'wan' option src 'lan' config forwarding option dest 'vpn_zone' option src 'lan1_zone' config forwarding option dest 'wan' option src 'lan1_zone' # # IPv4 rules # config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT' # # IPv6 rules # config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fe80::/10' option src_port '547' option dest_ip 'fe80::/10' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' # # rules # config rule option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT' config rule option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT' config rule option target 'ACCEPT' option proto 'tcp udp' option dest_port '5353' option name 'Allow Guest DNS Access' option src 'lan1_zone' config rule option target 'ACCEPT' option proto 'udp' option dest_port '67-68' option name 'Allow Guest DHCP Access' option src 'lan1_zone' ** edit ** Router: [Turris Omnia](https://omnia.turris.cz/en/) Should the second LAN's dhcp_option really be '6,192.168.2.1' or '6,192.168.1.1'? I don't understand what the 6 does, either.

I am trying to create my first openwrt package. I have a Golang captive portal software that I use and would like to compile it into openwrt. I think this part is pretty straightforward and simple for me. How do I get that binary into a fully functioning openwrt program with possibly a menu for configurations? I have tried to follow helloworld but it seems to do everything from source viewpoint.

I would like to have access from wan through ssh to my openwrt router. I did the following: - Go to the Network / Firewall / Traffic Rules. - Scroll down to the “Open ports on router” section. - Enter a name for this rule, e.g. “Allow-SSH-WAN”. - Set “Protocol” to “TCP”. - Enter “22” as the “External Port”. - Click “Add”. - Click “Save and Apply”. Unfortunately ssh root@myWANip does not answer. What did I miss?