Table of Contents
After the devs kissed and made up LEDE and OpenWRT reunified under the OpenWRT name and made a new major release v18. After a few months allowing things to settle down and stabilise I opted to switch back. This time I plumped for the community build provided by dc502wrt as it had a fair few things bundled in which might make my life easier.
Backup
I made a backup of the current installation from LuCi and also opted to make a back up of /etc/
before doing anything and copied it to my main server.
- snippet.bash
cd /etc tar czvf /tmp/lede_etc_20190427.tar.gz *
The main reason is that it contained all of my configurations such as static IP address' which I wanted to retain. I was less bothered about the configuration of OpenVPN or Adblock as I hadn't used the former and the later didn't seem to work and I was going to fix it under the new install.
Upgrade
As I was going to a community version I opted to not retain any settings, under LuCi this is a tick box but since I was performing this at the command line I use the -n
flag…
- snippet.bash
cd /tmp sysupgrade -n -v <img.bin>
NB I downloaded the bin
image file from the website and scp'd it to the router.
This worked but I couldn't connect to my ISP, despite using the correct settings. I uploaded the backup I'd made from LuCi and all was good again with the world.
Trouble Shooting and Configuration
DNS
Restoring the backup restored a lot of settings I had made previously under LEDE such as configuring dropbear to use port 418
for SSH and mounting my USB drive. However it didn't install a user account, and on initially following my previous method I couldn't download Packages.gz
from dc502wrt.org as wget errored out with 4
. My mobile devices could connect to the internet fine but had faulty internet connections, I couldn't git pull
from my Raspberry Pi's and MPD no longer played the BBC Radio playlists.
This was done to conflicts in DNS provision, I'd somehow got WAN configured to use my ISPs DNS servers (network.wan.peerdns='1'
) and also had from my previous configuration dnsmasq configured to use Cloudflare servers (under dhcp.@dnsmasq[0].server
). Disabling peerdns and removing the dnsmasq servers and instead adding them to network.wan.dns
solved the problem (see here for uci commands.
Adding User
Slight tweak to previous commands as the user directory under /home/
was not automatically created and I copied ~/.terminfo
over from my server so I could SSH in from kitty
- snippet.bash
opkg update opkg install shadow-useradd shadow-userdel sudo shadow-su shadow-common shadow-groupadd shadow-groupdel shadow-groupmod shadow-groups shadow-utils mkdir -p /home/[newuser]/.terminfo /home/[newuser]/.ssh chown -R [newuser]:[newuser] /home/[newuser] useradd -m -G wheel -s /bin/ash [newuser] passwd [newuser]
I then copied the terminfo and public SSH key over from the server (forgetting initially that dropbear under OpenWRT doesn't support ed25519 and then copying over the RSA key)…
- snippet.bash
scp /usr/share/terminfo/${TERM:0:1}/$TERM 192.168.1.1:~/.terminfo/${TERM:0:1} scp ~/.ssh/id_rsa.pub 192.168.1.1:~/.ssh/authorized_keys
USB Drive
This is already mounted in the same place but I needed to recreate the symlinks under /home/neil/
- snippet.bash
ln -s /mnt/usb/pics ~/pics ln -s /mnt/usb/music ~/music ln -s /mnt/usb/video ~/video ln -s /mnt/usb/ref ~/ref
Securing DNS
TODO : Secure DNS