☰
Current Page
Main Menu
Home
Home
Editing
WDR3600
Edit
Preview
h1
h2
h3
Keybinding
default
vim
emacs
Markup
Markdown
Plain Text
Pod
RDoc
reStructuredText
AsciiDoc
BibTeX
Creole
MediaWiki
Org-mode
Textile
Help 1
Help 1
Help 1
Help 2
Help 3
Help 4
Help 5
Help 6
Help 7
Help 8
Autosaved text is available. Click the button to restore it.
Restore Text
--- title: WDR3600 --- Implements : [Perimeter Router][1], [Mobile Router][2] Hostname : router0, router1 Make : TP-Link Model : [WDR3600][3] Hardware Version : 1.4 Replaces : [WRT54GL][4] Software : [OpenWRT][5] [14.07][6], 15.05.1 Purchased : 2014-05-02 [£49 from Amazon][7], 2014-05-21 £47 from eBuyer Arrived : 2014-05-07, 2014-05-24 [[_TOC_]] # [OpenWRT][17][?][17] * Blocked by version conflicts * Needs a new image flashed config 'interface' 'wan6' option proto '6in4' option ip6addr '2001:470:1f08:xxxx::2/64' # the IPv6 tunnel option mtu '1424' # the IPv6 tunnel MTU (optional) option peeraddr '216.66.80.26' # the IPv4 tunnel endpoint option ip6prefix '2001:470:xxxx::/48' # routed prefix (required!) ## configuration options below are only valid for HEnet tunnels. ignore them ## for other tunnel providers. option tunnelid '123456' # HE.net tunnel id option username 'username' # HE.net username, which you use to login into tunnelbroker, not the User ID shows after you have login in. option password 'password' # HE.net password if there is no updatekey for tunnel option updatekey 'updatekey' # HE.net updatekey instead of password, default for new tunnels ## [IPv6][18] local # Alternative to tunnel broker config interface wan6 option proto 'static' option ip6prefix '2001:470:xxxx::/48' config interface lan option proto 'static' option ip6assign '64' option ip6hint 'c0a8' ## Ad Block Link : <http://homepage.ruhr-uni-bochum.de/Jan.Holthuis/misc/adblock-on-your-openwrt-router/> GitHub : <https://gist.github.com/Holzhaus/ed4ac1675a57f11c3057> Allow googleadservices. ## VPN Troubleshooting VPN concentrator sees multiple (NATted) IPs for a client so kicks it off. ### Conntrack Monitoring while ((true)) ; do cat /proc/net/nf_conntrack | grep -o 'ESTABLISHED.\*${SRC\_IP}.\*${DEST\_IP}.*packets=' ; sleep 2 ; echo '--' ; done [[$[Get Code]]][22] ### Force connections over a single interface `/etc/config/mwan3`: config rule 'vpn' option dest_ip 'vpn.BLAH.BLAH' option proto 'all' option use_policy 'adsl_only' ## conntrack tuning `net.netfilter.nf_conntrack_max` : 32768 `net.netfilter.nf_conntrack_tcp_timeout_established` : 7440 ### nf\_conntrack\_max and hashsize Mainline kernel `nf_conntrack_max` default derives from the amount of system RAM but OpenWRT (15.05) uses a fixed 16384. Doubling `nf_conntrack_max` requires also doubling the nf_conntrack hashsize parameter. The sysctl is readonly: sysctl net.netfilter.nf\_conntrack\_buckets [[$[Get Code]]][23] Hashsize can be set dynamically in `/sys/module/nf_conntrack/parameters/hashsize` Persist it in `/etc/modules.d/nf-conntrack` by appending the parameters to the module name: nf_conntrack hashsize=4096 ### nf\_conntrack\_tcp\_timeout\_established OpenWRT default is [7440s ~=2 hours][24], derived from [rfc-5382 NAT Behavioral Requirements for TCP][25]. Generally best to leave this as 2h4m. sysctl -w net.netfilter.nf\_conntrack\_tcp\_timeout\_established=7440 [[$[Get Code]]][26] ## DoS Attack Mitigation Attack filled up the conntrack table. Reduce conntrack timeout. # sysctl -w net.netfilter.nf\_conntrack\_tcp\_timeout\_established=600 [[$[Get Code]]][28] And block the whole of MTN Nigeria `/etc/config/firewall` config rule option enabled '1' option src 'wan' option dest 'lan' option name 'block nigerian dos' option src_ip '197.210.0.0/16' option target 'DROP' Just remember to unblock in later. [1]: PerimeterRouter [2]: MobileRouter [3]: WDR3600 [4]: WRT54GL [5]: /Tech/OpenWRT [6]: http://wiki.openwrt.org/toh/tp-link/tl-wdr3600 [7]: http://www.amazon.co.uk/TP-Link-TL-WDR3600-Wireless-Gigabit-300Mbps/dp/B008QBAXI4/ [18]: IPv6 [22]: WDR3600?action=sourceblock&num=1 [23]: WDR3600?action=sourceblock&num=2 [24]: https://github.com/openwrt-mirror/openwrt/blob/master/package/base-files/files/etc/sysctl.conf [25]: https://tools.ietf.org/html/rfc5382#section-5 [26]: WDR3600?action=sourceblock&num=3 [28]: WDR3600?action=sourceblock&num=4 <!-- vim: filetype=markdown -->
Uploading file...
Sidebar
# SideBar * [Home][1] * [Projects][2] * * * <!-- --> * [Code][3] * [Tech][4] * [Network][5] * [MediaCentre][6] * [UAV][7] * * * <!-- --> * [Travel][8] * [Music][9] * [Horse Riding][10] * [Study][11] * [Games][12] * [Other Activities][13] * * * <!-- --> * [Car][14] * [House][15] * [Watch][16] * [Clothing][17] * [Miscellany][18] * * * [1]: /Home [2]: /Projects [3]: /Code/Code [4]: /Tech/Tech [5]: /Network/Network [6]: /MediaCentre/MediaCentre [7]: /UAV/UAV [8]: /Travel/Travel [9]: /Music/Music [10]: /HorseRiding/HorseRiding [11]: /Study/Study [12]: /Games/Games [13]: /Do/Do [14]: /Car/Car [15]: /House/House [16]: /Watch/Watch [17]: /Clothing/Clothing [18]: /Miscellany/Miscellany <!-- vim: filetype=markdown -->
Edit message:
Cancel