☰
Current Page
Main Menu
Home
Home
Editing WDR3600
Edit
Preview
H1
H2
H3
default
Set your preferred keybinding
default
vim
emacs
markdown
Set this page's format to
Markdown
Plain Text
Pod
RDoc
reStructuredText
Rendering unavailable for
AsciiDoc
BibTeX
Creole
MediaWiki
Org-mode
Textile
Help 1
Help 1
Help 1
Help 2
Help 3
Help 4
Help 5
Help 6
Help 7
Help 8
Autosaved text is available. Click the button to restore it.
Restore Text
--- title: WDR3600 --- Implements : [Perimeter Router][1], [Mobile Router][2] Hostname : router0, router1 Make : TP-Link Model : [WDR3600][3] Hardware Version : 1.4 Replaces : [WRT54GL][4] Software : [OpenWRT][5] [14.07][6], 15.05.1 Purchased : 2014-05-02 [£49 from Amazon][7], 2014-05-21 £47 from eBuyer Arrived : 2014-05-07, 2014-05-24 [[_TOC_]] # OpenWRT 23 * on the limit for the WDR3600 flash size * custom image built using [OpenWRT Firmware Selector](https://firmware-selector.openwrt.org/) > base-files busybox ca-bundle collectd collectd-mod-conntrack collectd-mod-cpu collectd-mod-interface collectd-mod-memory collectd-mod-network dnsmasq-full dropbear firewall4 fstools kmod-gpio-button-hotplug kmod-nft-offload libc libgcc libustream-mbedtls logd mtd mwan3 netifd nftables nut-server nut-driver-usbhid-ups odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail sqm-scripts swconfig uboot-envtools uci uclient-fetch urandom-seed urngd wireguard-tools kmod-usb2 kmod-usb-ledtrig-usbport luci luci-app-mwan3 luci-app-nut luci-app-sqm luci-proto-wireguard * moved to nftables * policy-based routing with mwan3 * [WireGuard](https://www.wireguard.com/) VPN support * nfsets populated by dnsmasq are synced to ipsets for mwan3 with a script # OpenWRT 19 * reconfigured from clean etc # OpenWRT 17 * Blocked by version conflicts * Needs a new image flashed ``` config 'interface' 'wan6' option proto '6in4' option ip6addr '2001:470:1f08:xxxx::2/64' # the IPv6 tunnel option mtu '1424' # the IPv6 tunnel MTU (optional) option peeraddr '216.66.80.26' # the IPv4 tunnel endpoint option ip6prefix '2001:470:xxxx::/48' # routed prefix (required!) ## configuration options below are only valid for HEnet tunnels. ignore them ## for other tunnel providers. option tunnelid '123456' # HE.net tunnel id option username 'username' # HE.net username, which you use to login into tunnelbroker, not the User ID shows after you have login in. option password 'password' # HE.net password if there is no updatekey for tunnel option updatekey 'updatekey' # HE.net updatekey instead of password, default for new tunnels ``` ## [IPv6][18] local # Alternative to tunnel broker config interface wan6 option proto 'static' option ip6prefix '2001:470:xxxx::/48' config interface lan option proto 'static' option ip6assign '64' option ip6hint 'c0a8' ## Ad Block Link : <http://homepage.ruhr-uni-bochum.de/Jan.Holthuis/misc/adblock-on-your-openwrt-router/> GitHub : <https://gist.github.com/Holzhaus/ed4ac1675a57f11c3057> Allow googleadservices. ## VPN Troubleshooting VPN concentrator sees multiple (NATted) IPs for a client so kicks it off. ### Conntrack Monitoring while ((true)) ; do cat /proc/net/nf_conntrack | grep -o 'ESTABLISHED.\*${SRC\_IP}.\*${DEST\_IP}.*packets=' ; sleep 2 ; echo '--' ; done ### Force connections over a single interface `/etc/config/mwan3`: config rule 'vpn' option dest_ip 'vpn.BLAH.BLAH' option proto 'all' option use_policy 'adsl_only' ## conntrack tuning `net.netfilter.nf_conntrack_max` : 32768 `net.netfilter.nf_conntrack_tcp_timeout_established` : 7440 ### nf\_conntrack\_max and hashsize Mainline kernel `nf_conntrack_max` default derives from the amount of system RAM but OpenWRT (15.05) uses a fixed 16384. Doubling `nf_conntrack_max` requires also doubling the `nf_conntrack` hashsize parameter. The sysctl is readonly: sysctl net.netfilter.nf_conntrack_buckets Hashsize can be set dynamically in `/sys/module/nf_conntrack/parameters/hashsize` Persist it in `/etc/modules.d/nf-conntrack` by appending the parameters to the module name: nf_conntrack hashsize=4096 ### nf\_conntrack\_tcp\_timeout\_established OpenWRT default is [7440s ~=2 hours][24], derived from [rfc-5382 NAT Behavioral Requirements for TCP][25]. Generally best to leave this as 2h4m. sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=7440 ## DoS Attack Mitigation Attack filled up the conntrack table. Reduce conntrack timeout. sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=600 And block the whole of MTN Nigeria `/etc/config/firewall` config rule option enabled '1' option src 'wan' option dest 'lan' option name 'block nigerian dos' option src_ip '197.210.0.0/16' option target 'DROP' Just remember to unblock in later. [1]: PerimeterRouter [2]: MobileRouter [3]: WDR3600 [4]: WRT54GL [5]: /Tech/OpenWRT [6]: http://wiki.openwrt.org/toh/tp-link/tl-wdr3600 [7]: http://www.amazon.co.uk/TP-Link-TL-WDR3600-Wireless-Gigabit-300Mbps/dp/B008QBAXI4/ [18]: IPv6 [24]: https://github.com/openwrt-mirror/openwrt/blob/master/package/base-files/files/etc/sysctl.conf [25]: https://tools.ietf.org/html/rfc5382#section-5 <!-- vim: filetype=markdown -->
Uploading file...
Sidebar
# SideBar * [Home][1] * [Projects][2] * * * <!-- --> * [Code][3] * [Tech][4] * [Network][5] * [MediaCentre][6] * [UAV][7] * * * <!-- --> * [Travel][8] * [Music][9] * [Horse Riding][10] * [Study][11] * [Games][12] * [Other Activities][13] * * * <!-- --> * [Car][14] * [House][15] * [Watch][16] * [Clothing][17] * [Miscellany][18] * * * [1]: /Home [2]: /Projects [3]: /Code/Code [4]: /Tech/Tech [5]: /Network/Network [6]: /MediaCentre/MediaCentre [7]: /UAV/UAV [8]: /Travel/Travel [9]: /Music/Music [10]: /HorseRiding/HorseRiding [11]: /Study/Study [12]: /Games/Games [13]: /Do/Do [14]: /Car/Car [15]: /House/House [16]: /Watch/Watch [17]: /Clothing/Clothing [18]: /Miscellany/Miscellany <!-- vim: filetype=markdown -->
Edit message:
Cancel