I made a backup of the current installation from LuCi and also opted to make a back up of /etc/ before doing anything and copied it to my main server.

snippet.bash

cd /etc
tar czvf /tmp/lede_etc_20190427.tar.gz *

The main reason is that it contained all of my configurations such as static IP address' which I wanted to retain. I was less bothered about the configuration of OpenVPN or Adblock as I hadn't used the former and the later didn't seem to work and I was going to fix it under the new install.

As I was going to a community version I opted to not retain any settings, under LuCi this is a tick box but since I was performing this at the command line I use the -n flag…

snippet.bash

cd /tmp
sysupgrade -n -v <img.bin>

NB I downloaded the bin image file from the website and scp'd it to the router.

This worked but I couldn't connect to my ISP, despite using the correct settings. I uploaded the backup I'd made from LuCi and all was good again with the world.

Restoring the backup restored a lot of settings I had made previously under LEDE such as configuring dropbear to use port 418 for SSH and mounting my USB drive. However it didn't install a user account, and on initially following my previous method I couldn't download Packages.gz from dc502wrt.org as wget errored out with 4. My mobile devices could connect to the internet fine but had faulty internet connections, I couldn't git pull from my Raspberry Pi's and MPD no longer played the BBC Radio playlists.

This was done to conflicts in DNS provision, I'd somehow got WAN configured to use my ISPs DNS servers (network.wan.peerdns='1') and also had from my previous configuration dnsmasq configured to use Cloudflare servers (under dhcp.@dnsmasq[0].server). Disabling peerdns and removing the dnsmasq servers and instead adding them to network.wan.dns solved the problem (see here for uci commands.

Slight tweak to previous commands as the user directory under /home/ was not automatically created and I copied ~/.terminfo over from my server so I could SSH in from kitty

snippet.bash

opkg update
opkg install shadow-useradd shadow-userdel sudo shadow-su shadow-common shadow-groupadd shadow-groupdel shadow-groupmod shadow-groups shadow-utils
mkdir -p /home/[newuser]/.terminfo /home/[newuser]/.ssh
chown -R [newuser]:[newuser] /home/[newuser]
useradd -m -G wheel -s /bin/ash [newuser]
passwd [newuser]

I then copied the terminfo and public SSH key over from the server (forgetting initially that dropbear under OpenWRT doesn't support ed25519 and then copying over the RSA key)…

snippet.bash

scp /usr/share/terminfo/${TERM:0:1}/$TERM 192.168.1.1:~/.terminfo/${TERM:0:1}
scp ~/.ssh/id_rsa.pub 192.168.1.1:~/.ssh/authorized_keys

This is already mounted in the same place but I needed to recreate the symlinks under /home/neil/

snippet.bash

ln -s /mnt/usb/pics ~/pics
ln -s /mnt/usb/music ~/music
ln -s /mnt/usb/video ~/video
ln -s /mnt/usb/ref ~/ref

TODO : Secure DNS

• dcr02wrt.org
• OpenWrt Forum : Davidc502

• Auto apply latest package updates on OpenWrt (LEDE Project)
• Okpg upgrade safeguards? - For Developers - OpenWrt Forum
• What is DNS Privacy and how to set it up for OpenWRT | Torsten's Thoughtcrimes