OpenWRT on a NanoStation M2 with IPv6
Contents
Warning: this page is very old. A lot of bits are probably not relevant anymore.
Hardware: NanoStation M2
- Runs Linux by default (AirOS)
- Atheros wifi, supports 802.11n
- Power over ethernet
The official reseller for UBNT in Canada is www.ubnt.ca. See there M2 product page for more information. In Québec, Converbit.ca also has good deals and is near Montréal.
The instructions below may apply to other types of routers. Your mileage may vary.
Summary
We are going to configure an AP for file sharing between neighbors. It will have its own subnet (for better privacy) and IPv6 (for fun). It will not directly route to the Internet for IPv4 (NAT can be done on the main router anyway).
Download the firmware
OpenWRT 10.03.1 backfire for ar71xx ubnt nano m: squashfs (recommended) or trunk
Save the file locally on a computer which will connect to the AP in order to flash it.
Flashing the device
Connect a computer directly into the AP with an ethernet cable (using the PoE injector, or using a PoE switch).
On the computer, disable the network-manager (Linux) and manually configure the network interface:
# ifconfig eth0:ap 192.168.1.123
Immediately after powering the AP, press the “reset” button (located near the “main” network jack). When the AP is ready, its network LEDs will flash in an alternating pattern.
Make sure the AP is plugged into a reliable power source so that the flashing procedure is not interrupted.
From the computer, send the firmware using tftp:
$ tftp 192.168.1.20
tftp> binary
tftp> put openwrt-ar71xx-ubnt-nano-m-squashfs-factory.bin
Wait at least 5-10 minutes. The AP should reboot by itself.
Initial configuration
By default, OpenWRT uses 192.168.1.1, so use the same network configuration as above for the next steps.
Telnet into the router:
$ telnet 192.168.1.1
Enable ssh by setting a password on the device:
openwrt# passwd
Configure the network:
openwrt# vi /etc/config/network
In my case, the AP is not my main router, so I am assigning it an IP using DHCP from my main network:
config interface lan
option ifname eth0
option type bridge
option proto dhcp
Reboot for the settings to become effective:
openwrt# reboot
The AP is now available on its new address, by ssh:
$ ssh root@192.168.42.4
A web interface is also available, ex: http://192.168.42.4.
Wireless network configuration
Enable the wifi interface by commenting out the line “option disabled 1” in /etc/config/wireless :
config wifi-device radio0
[...]
# REMOVE THIS LINE TO ENABLE WIFI:
# option disabled 1
config wifi-iface
option device radio0
option network lan
option mode ap
option ssid librenet-change-this
option encryption none
You will also want to change the SSID and the encryption mode. Then reboot the router.
Reference: http://wiki.openwrt.org/doc/uci/network
IPv6
Assuming your local (upstream) network already supports IPv6:
root@OpenWrt:~# opkg update
root@OpenWrt:~# opkg install kmod-ipv6 radvd ip kmod-ip6tables ip6tables
The was interface will auto-configure itself if your upstream network has radvd:
root@OpenWrt:~# ping ipv6.google.com
PING ipv6.google.com (2001:4860:800b::93): 56 data bytes
64 bytes from 2001:4860:800b::93: seq=0 ttl=53 time=57.845 ms
At this point, we only have IPv6 on the AP itself, we cannot route it yet for our own wifi subnet.
Separate the wifi and lan on the AP
Used this to separate the wifi and lan, since the AP is acting weird and using the lan as an uplink: http://wiki.openwrt.org/doc/recipes/routedap
File /etc/config/network (adding the “wifi” interface, and settings eth0 to dhcp, because my main dhcp server gives the AP a static IP and DNS servers):
config interface loopback
option ifname lo
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
# this is in fact.. the wan/uplink. it will get 192.168.42.4
config interface lan
option ifname eth0
option proto dhcp
config interface wan
option ifname eth1
option proto dhcp
config interface wifi
option proto static
option ipaddr 192.168.50.1
option netmask 255.255.255.0
option ip6addr '2001:470:b1e2:50::1/64'
File /etc/config/wireless (the “option network wifi” is the main change):
config wifi-iface
option device radio0
option network wifi
option mode ap
option ssid librenet-m2-sud
option encryption none
For the file /etc/config/firewall, see the main howto from the openwrt wiki (see above).
Routing
Enable routing in /etc/sysctl.conf :
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
Enable routing in iptables, in file /etc/firewall.user (there is probably a cleaner way of doing this?) :
iptables -P FORWARD ACCEPT
ip6tables -P FORWARD ACCEPT
Provide automatic configuration on IPv6 by installing radvd
opkg install radvd
Configuration file is /etc/radvd.conf
interface wlan0
{
AdvSendAdvert on;
MaxRtrAdvInterval 30;
prefix 2001:470:b1e2:50::1/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
AdvValidLifetime 300;
AdvPreferredLifetime 120;
};
};
Start the service:
/etc/init.d/radvd start
Testing: network routing (ipv4 + ipv6)
- my main network is 192.168.42.x, and in IPv6 is 2001:470:b1e2::/48
- AP configured to use 192.168.50.1, and in IPv6 received automatically 2001:470:b1e2:42:215:6dff:fe71:37ea/64 using stateless configuration (radvd)
Added a static route entry on my main router:
ip route add 192.168.50.0/24 via 192.168.42.4 dev eth1
For IPv6:
ip -6 route add 2001:470:b1e2:50::1/64 via 2001:470:b1e2:42:215:6dff:fe71:37ea dev eth1
Splash page: nodogsplash
Install the package:
root@OpenWrt:~# opkg install nodogsplash
The configuration file is in /etc/nodogsplash/nodogsplash.conf
GatewayInterface wlan0
FirewallRuleSet authenticated-users {
FirewallRule block to 192.168.0.0/16
FirewallRule block to 10.0.0.0/8
# Serveur de fichiers
FirewallRule allow tcp port 80 to 172.16.42.2
# respectivement: DNS, http, https, ssh
FirewallRule allow tcp port 53
FirewallRule allow udp port 53
FirewallRule allow tcp port 80
FirewallRule allow tcp port 443
FirewallRule allow tcp port 22
}
FirewallRuleSet preauthenticated-users
{
# DNS
FirewallRule allow tcp port 53
FirewallRule allow udp port 53
# Splash page
FirewallRule allow tcp port 80 to 172.16.42.1
}
GatewayName librenet-m2-sud
RedirectURL http://partage.m2.bidon.ca/
TrafficControl yes
UploadLimit 128
On peut modifier le html de la splash page dans /etc/nodogsplash/htdocs/
vnstat: stats de bande passante
See: http://wiki.openwrt.org/doc/howto/vnstat
To generate graphs:
# vnstati image generation script.
# Source: http://code.google.com/p/x-wrt/source/browse/trunk/package/webif/files/www/cgi-bin/webif/graphs-vnstat.sh
WWW_D=/tmp/www/vnstat # output images to here
LIB_D=/var/lib/vnstat # db location
BIN=/usr/bin/vnstati # which vnstati
outputs="s h d t m" # what images to generate
# Sanity checks
[ -d "$WWW_D" ] || mkdir -p "$WWW_D" # make the folder if it dont exist.
# You might want to setup a link if it dont exist.
# [ -L /www/vnstat ] || ln -sf /www/vnstat /tmp/www/
# End of config changes
interfaces="$(ls -1 $LIB_D)"
if [ -z "$interfaces" ]; then
echo "No database found, nothing to do."
echo "A new database can be created with the following command: "
echo " vnstat -u -i eth0"
exit 0
else
for interface in $interfaces; do
for output in $outputs; do
$BIN -${output} -i $interface -o $WWW_D/vnstat_${interface}_${output}.png
done
done
fi
exit 1
QoS
root@OpenWrt:~# opkg install qos-scripts root@OpenWrt:~# /etc/init.d/qos enable root@OpenWrt:~# /etc/init.d/qos start
Configuration file in /etc/config/qos. The default configuration limit to 50ko/sec down, 15kb/sec up.
2011-07-08: conflicts with nodogsplash… workaround not found yet -ML
REferences
- Hardware support with OpenWRT: http://wiki.openwrt.org/toh/ubiquiti/nanostation (not very up to date)
- IPv6: http://wiki.openwrt.org/doc/howto/ipv6
- iw commands: [http://wiki.openwrt.org/doc/howto/wireless.utilities](openwrt: wireless utilities)
Author Mathieu Lu
LastMod 2021-05-23