【openwrt】再设置

https://wiki.openwrt.org/zh-cn/doc/uci/network

https://wiki.openwrt.org/zh-cn/doc/uci/wireless

https://forum.openwrt.org/viewtopic.php?id=39077

 

 

Openwrt无线方面的设置

所有与无线有关的设置存放在本地文件 /etc/config/wireless中，我们可以用 vi 来编辑并修改它，这个配置文件是针对 无线设备 以及 无线网络 的。在这里需要区分理解的是，无线设备在wiki英文原文是 wireless devices ，无线网络在wiki英文原文是 wireless networks。

wireless devices 中指的是无线通讯设备相关的设置，而不单止是无线网卡的设置，wireless networks 指的是无线局域网相关的设置。

无线设置包含的部分

一个典型的无线设置文件至少应该包含两个方面的内容，即至少一个无线设备 和 至少一个与之相关的无线接口 配置。

无线设备 的设置指的是一般无线电通讯相关的参数，例如设备硬件（网卡芯片驱动程序类型），信道，频率，发射功率等；

无线接口 的设置指的是 无线设备 的工作模式，essid，无线加密方式等。

无线设备 和 无线接口 具有关联性，首先是设置好一个 无线设备 的参数，然后再设置与这个 无线设备 相关的 无线接口 参数，从而构造出一个可以有效工作的无线局域网环境。

wifi-device 配置项

wifi-device 所配置的是指设备中无线通讯硬件，很多情况中，一个设备只有一个无线通讯接口，所以只有一个 wifi-device 配置项，如果有多个无线通讯设备则会有多个 wifi-device 配置项，每个配置项用来指定不同的接口。

一个最小的 wifi-device 配置就像下面的例子，需要注意的是其中所指定的不同的芯片类型和驱动。

 

config 'wifi-device' 'wl0'
        option 'type'    'broadcom'
        option 'channel' '6'

 

• wl0 是无线网卡的内置标识符
• broadcom 表示芯片或驱动程序的类型
• 6 指定无线网卡工作的无线频道

下表列出了设备节中所有的选项。注意：并非所有的芯片或驱动程序都适用于这些选项，请参考备注以便了解详情。

常用的选项

名称	类型	Required	Default	描述
type	string	yes	(autodetected)	The type is determined on firstboot during the initial radio device detection - it is usually not required to change it. Used values are broadcom on brcm-2.4, atheros for madwifi or mac80211 for b43, ath5k and ath9k
phy	integer	no	(autodetected)	Specifies the radio phy associated to this section, it is usally autodetected and should not be changed  This option is only used for type mac80211
macaddr	MAC address	yes	(autodetected)	Specifies the radio adapter associated to this section, it is not used to change the device mac but to identify the underlying interface. The value is autodetected.  This option is only used for type mac80211
disabled	boolean	no	1	Disables the radio adapter if set to 1. Removing this option or setting it to 0 will enable the adapter
channel	integer or "auto"	yes	auto	Specifies the wireless channel to use. In station mode the value auto is allowed, in access point mode an actual channel number must be given
hwmode	string	no	(driver default)	Selects the wireless protocol to use, possible values are 11b, 11bg, 11g, 11gdt (G + dynamic turbo, madwifi only), 11gst (G turbo, broadcom only), 11a, 11adt (A + dynamic turbo, madwifi only), 11ast (A + static turbo, madwifi only), 11fh(frequency hopping), 11lrs (LRS mode, broadcom only), 11ng (11N on 2.4GHz, mac80211 only), 11na (11N on 5GHz, mac80211 only) or auto
htmode	string	no	(driver default)	Specifies the channel width in 11ng and 11na mode, possible values are: HT20 (single 20MHz channel), HT40- (2x 20MHz channels, 2. channel below) or HT40+ (2x 20MHz channels, 2. channel above).  This option is only used for type mac80211
ht_capab	string	no	(driver default)	Specifies the available capabilities of the radio. The values are autodetected.  This option is only used for type mac80211
txpower	integer	no	(driver default)	Specifies the transmission power in dBm
diversity	boolean	no	1	Enables or disables the automatic antenna selection by the driver
rxantenna	integer	no	(driver default)	Specifies the antenna for receiving, the value may be driver specific, usually it is 1 for the first and 2 for the second antenna. Specifying 0 enables automatic selection by the driver if supported. This option has no effect if diversity is enabled
txantenna	integer	no	(driver default)	Specifies the antenna for transmitting, values are identical to rxantenna
antenna	string	no	(driver default)	Selects the antenna, possible values are vertical for internal vertical polarization, horizontal for internal horizontal polarization or external to use the external antenna connector  Only used on the Ubiquity NanoStation device family instead of the rxantenna/txantenna settings.
macfilter	string	no	disable	Specifies the mac filter policy, disable to disable the filter, allow to treat it as whitelist or deny to treat it as blacklist.  Not supported for the mac80211 type yet
maclist	list of MAC addresses	no	(none)	List of MAC addresses to put into the mac filter.  Not supported for the mac80211 type yet
country	varies	no	(driver default)	Specifies the country code, affects the available channels and transmission powers. For type broadcom a two letter country code is used (EN or DE). The madwifi driver expects a numeric code.  Not supported for the mac80211 type yet (supported in trunk)
distance	integer	no	(driver default)	Distance between the ap and the furthest client in meters .  Only supported by madwifi, and the mac80211 type (in trunk)

Broadcom参数

 The options below are only used by the proprietary Broadcom driver (type broadcom).

名称	类型	Required	Default	描述
frameburst	boolean	no	0	Enables Broadcom frame bursting if supported
maxassoc	integer	no	(driver default)	Limits the maximum allowed number of associated clients
slottime	integer	no	(driver default)	Slot time in milliseconds

Madwifi参数

 The following options are only used by the Madwifi driver (type atheros).

名称	类型	是否必须	默认参数	描述
softled	boolean	no	1	Enables software based LED control in the driver
outdoor	boolean	no	0	Enables outdoor channels in the 5GHz band
regdomain	number	no	(driver default)	Overrides the regulatory domain setting

Wifi网络

A complete wireless configuration contains at least one wifi-iface section per adapter to define a wireless network on top of the hardware. Some drivers support multiple wireless networks per device:

• broadcom if the core revision is greater or equal 9 (see dmesg | grep corerev)
• madwifi always supports multiple networks
• all other drivers do *not* support multiple networks yet

A minimal example for a wifi-iface declaration is given below.

 

config 'wifi-iface'
        option 'device'     'wl0'
        option 'network'    'lan'
        option 'mode'       'ap'
        option 'ssid'       'MyWifiAP'
        option 'encryption' 'psk2'
        option 'key'        'secret passphrase'

 

• wl0 is the identifier for the underlying radio hardware
• lan specifies the network interface the wifi is attached to
• ap is the opetion mode, Access Point in this example
• MyWifiAP is the broadcasted SSID
• psk2 specifies the wireless encryption method, WPA2 PSK here
• secret passphrase is the secret WPA passphrase

常用的选项

The most common configuration option for wifi-iface sections are listed below.

名称	类型	Required	Default	描述
device	string	yes	(first device id)	Specifies the used wireless adapter, must refer to one of the defined wifi-device sections
mode	string	yes	ap	Selects the operation mode of the wireless network, ap for Access Point, sta for managed (client) mode, adhoc for Ad-Hoc, wds for static WDS and monitor for monitor mode
ssid	string	yes	OpenWrt	The broadcasted SSID of the wireless network
bssid	BSSID address	no	(driver default)	Override the BSSID of the network, only applicable in adhoc or sta mode. In wds mode specifies the BSSID of another AP to create WDS with.
hidden	boolean	no	0	Turns off SSID broadcasting if set to 1
isolate	boolean	no	0	Isolate wireless clients from each other, only applicable in ap mode.  Not supported for the mac80211 type yet
doth	boolean	no	0	Enables 802.11h support.  Not supported for the mac80211 type yet
wmm	boolean	no	0	Enables WMM (802.11e) support.  Not supported for the mac80211 type yet
network	string	yes	lan	Specifies the network interface to attach the wireless to
encryption	string	no	none	Used wireless encryption, none for an open network, wep for WEP, psk for WPA-PSK and psk2 for WPA2-PSK. See the WPA modes table for additional possible values.
key	number or string	no	(none)	Specifies the secret passphrase used for WPA PSK mode or the key index for WEP mode
key1	string	no	(none)	WEP Key #1 (selected by the index in key)
key2	string	no	(none)	WEP Key #2 (selected by the index in key)
key3	string	no	(none)	WEP Key #3 (selected by the index in key)
key4	string	no	(none)	WEP Key #4 (selected by the index in key)
ieee80211w	integer	no	0	Enables MFP (802.11w) support (0 = disabled, 1 = optional, 2 = required).  Only supported by the ath9k driver (in trunk)
ieee80211w_max_timeout	integer	no	(hostapd default)	Specifies the 802.11w Association SA Query maximum timeout.  Only supported by the ath9k driver (in trunk)
ieee80211w_retry_timeout	integer	no	(hostapd default)	Specifies the 802.11w Association SA Query retry timeout .  Only supported by the ath9k driver (in trunk)
See the WPA tables below for a full listing of WPA related options used for WPA2 Enterprise (802.1x)

Madwifi参数

 The options in the table below only work with type atheros.

名称	类型	Required	Default	描述
ar	boolean	no	0	Enables AR support
bgscan	boolean	no	0	Enables background scanning
bursting	boolean	no	0	Enables frame bursting
compression	boolean	no	0	Enables hardware compression
ff	boolean	no	0	Enables fast frames
frag	integer	no	(none)	Fragmentation threshold
mcast_rate	integer	no	(driver default)	Use a fixed multicast rate
minrate	integer	no	(driver default)	Limit the minimum rate used
maxrate	integer	no	(driver default)	Limit the maximum rate used
nosbeacon	boolean	no	0	Disables the hardware beacon timer, only applicable in Managed mode
sw_merge	boolean	no	0	Disables the hardware beacon timer, only applicable in IBSS mode
probereq	boolean	no	1	Enables probe responses (AP will not appear in wifi scans if disabled)
rate	integer	no	(driver default)	Use a fixed rate
rts	integer	no	(driver default)	Override the RTS/CTS threshold
turbo	boolean	no	0	Enables turbo mode
uapsd	boolean	no	0	Enables Unscheduled Automatic Power Save Delivery (UAPSD)
wds	boolean	no	0	Enables Lazy-WDS, only applicable in Access Point or Managed mode
wdssep	boolean	no	0	Separates WDS clients from each other
xr	boolean	no	0	Enables XR support

WPA模式

Besides the WPA mode, the encryption option also specifies the group and peer ciphers to use. To override the cipher, the value of encryption must be given in the form mode+cipher. See the listing below for possible combinations.

值	WPA版本	Ciphers
psk2+tkip+ccmp psk2+tkip+aes	WPA2 Personal (PSK)	TKIP, CCMP
psk2+tkip	WPA2 Personal (PSK)	TKIP
psk2+ccmp psk2+aes psk2	WPA2 Personal (PSK)	CCMP
psk+tkip+ccmp psk+tkip+aes	WPA Personal (PSK)	TKIP, CCMP
psk+tkip psk	WPA Personal (PSK)	TKIP
psk+ccmp psk+aes	WPA Personal (PSK)	CCMP
mixed-psk+tkip+ccmp mixed-psk+tkip+aes mixed-psk	WPA/WPA2 Personal (PSK) mixed mode	TKIP, CCMP
mixed-psk+tkip	WPA/WPA2 Personal (PSK) mixed mode	TKIP
mixed-psk+ccmp mixed-psk+aes	WPA/WPA2 Personal (PSK) mixed mode	CCMP
wpa2+tkip+ccmp wpa2+tkip+aes	WPA2 Enterprise	TKIP, CCMP
wpa2+ccmp wpa2+aes wpa2	WPA2 Enterprise	CCMP
wpa2+tkip	WPA2 Enterprise	TKIP
wpa+tkip+ccmp wpa+tkip+aes	WPA Enterprise	TKIP, CCMP
wpa+ccmp wpa+aes	WPA Enterprise	CCMP
wpa+tkip wpa	WPA Enterprise	TKIP
mixed-wpa+tkip+ccmp mixed-wpa+tkip+aes mixed-wpa	WPA/WPA2 Enterprise mixed mode	TKIP, CCMP
mixed-wpa+tkip	WPA/WPA2 Enterprise mixed mode	TKIP
mixed-wpa+ccmp mixed-wpa+aes	WPA/WPA2 Enterprise mixed mode	CCMP

WPA Enterprise (Access Point)

Listing of Access Point related options for WPA Enterprise.

名称	Default	描述
server	(none)	RADIUS server to handle client authentication
port	1812	RADIUS server port
key	(none)	Shared RADIUS secret
The options below are not supported by the Broadcom nas authenticator
nasid	(none)	NAS ID to use for RADIUS athentication requests
wpa_group_rekey	600	WPA Group Cipher rekeying interval in seconds
ieee80211d	0	Enables IEEE 802.11d ("World Mode") if set to 1

WPA Enterprise (Client)

Listing of Client related options for WPA Enterprise.

 At the time of writing only the madwifi driver supports WPA Enterprise in client mode.

名称	Default	描述
eap_type	(none)	Defines the EAP protocol to use, possible values are tls for EAP-TLS and peap or ttls for EAP-PEAP
auth	MSCHAPV2	Defines the phase 2 authentication method to use, only applicable if eap_type is peap or ttls
identity	(none)	EAP identity to send during authentication
password	(none)	Password to send during EAP authentication
ca_cert	(none)	Specifies the path the CA certificate used for authentication
priv_key	(none)	Specifies the path to the private key file used for authentication, only applicable if eap_type is set to tls
priv_key_pwd	(none)	Password to unlock the private key file, only works in conjunction with priv_key

配置WiFi加密

Howto setup wireless encryption with OpenWrt Kamikaze. You can do the same from within the LuCI WebUI (Network > Wifi) if you prefer a GUI.

生成Key

To generate a random password for your key you can use the pwgen program. pwgen is available for most Linux distributions and is also packaged for OpenWrt Kamikaze. Run it with e.g. pwgen --secret 13 1 - this generates one password with a length of 13 letters/numbers.

WPA加密

 

Broadcom的WiFi

Broadcom的无线芯片必须安装NAS的包。

 

root@OpenWrt:~# opkg install nas

 

Atheros WiFi

For Atheros wireless chips install the hostapd package if your run in AP mode.

 

root@OpenWrt:~# opkg install hostapd

 

TIP: If you only need WPA (PSK) encryption you can install the hostapd-mini package which does not depend on the zlib and libopenssl packages.

If you have a Atheros wireless and run it in client-mode you have to install the wpa-supplicant package instead of hostapd.

 

root@OpenWrt:~# opkg install wpa-supplicant

 

配置WPA (PSK)

使用UCI配置的WPA（PSK）的加密。

 

root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=psk
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key="your_password"
root@OpenWrt:~# uci commit wireless
root@OpenWrt:~# wifi

 For the key only letters (upper and lower case) and numbers are allowed. The length must be between 8 and 63 characters.

 

配置WPA2 (PSK)

使用UCI配置的WPA2（PSK）的加密。

 

root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=psk2
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key="your_password"
root@OpenWrt:~# uci commit wireless
root@OpenWrt:~# wifi

 

 For the key only letters (upper and lower case) and numbers are allowed. The length must be between 8 and 63 characters.

---

Configuration is also possible via direct editing of /etc/config/wireless:

 

	option encryption   psk
	option key	    "your_password"

 

See the uci文档 for information on configuration files in general and the sections above for a full outline of the wifi config file in particular.

---

WEP加密(不推荐)

为WEP密钥格式的一些注意事项：

• The format for the WEP key for the key1 option is HEX

If you wish to use raw hex keys then you can skip to the UCI commands paragraph below. Raw hex keys have 10 hex digits (0..9, a..f) for 64-bit WEP keys and 26 hex digits for 128-bit WEP keys.

如果你不想使用原始的十六进制键然后按照下面的说明。

• The length of a 64bit WEP key must be exact 5 characters
• The length of a 128bit WEP key must be exact 13 characters
• Allowed characters are letters (upper and lower case) and numbers

生成一个64位的WEP密钥：

 

root@OpenWrt:~# echo -n 'awerf' | hexdump -e '5/1 "%02x" "\n"'
6177657266

 

生成一个128位的WEP密钥：

 

root@OpenWrt:~# echo -n 'xdhdkkewioddd' | hexdump -e '13/1 "%02x" "\n"'
786468646b6b6577696f646464

 

现在，在UCI中使用你刚才生成的16进制的WEP密钥来设置加密。

 

root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=wep
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key1="786468646b6b6577696f646464"
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key=1
root@OpenWrt:~# uci commit wireless
root@OpenWrt:~# wifi

 

您可以配置最多四个WEP密钥。

启用/重启/关闭 无线接口

在 Openwrt下要 启用/重启/关闭 无线接口是使用命令 "wifi"来完成的。

启动无线接口：不带参数直接在命令行运行 wifi 命令；

如果修改了无线的配置，我们需要重新启动无线接口使配置生效，同样是不带参数直接在命令行下运行 wifi 命令；

如果需要关闭无线装置，加上" down "参数使用 "wifi down"

大多数情况下新安装的 Openwrt 是默认关闭无线接口的。

重新生成配置

To rebuild the configuration file, e.g. after installing a new wireless driver, remove the existing wireless configuration (if any) and use the wifi detect command with stdout redirected to the /etc/config/wireless file:

 

root@OpenWrt:~# rm -f /etc/config/wireless; wifi detect > /etc/config/wireless



---------------------------------

网络设置

OpenWrt的网络配置文件是/etc/config/network，它负责交换芯片VLAN、网络接口和路由的配置。

此文件在编辑和保存之后需要执行

/etc/init.d/network reload

命令，目的是为了在变更生效前，停止和重启网络。但是，路由器没必要执行重启操作。 *https://dev.openwrt.org/browser/branches/attitude_adjustment/package/base-files/files/etc/config/network *https://dev.openwrt.org/browser/trunk/package/base-files/files/etc/config/network

 

可以参考 netifd

节

下面是网络配置需要定义的节类型。通常情况下，一台路由器的最简网络配置包括至少2个interfaces(lan和wan)，如果硬件支持，还包括一个switch。

switch

switch节负责交换芯片VLAN的划分。在OpenWrt系统内部，每个VLAN都会有一个独立的interface与它对应，即便它们实际上属于同一个硬件。需要注意的是，不是所有被OpenWrt系统支持的设备都含有可编程的交换芯片，因此这个节在某些平台上不会出现。

现在有2个不同的配置格式在使用，一个是/proc/switch/的API，另一个是新的基于swconfig的switch架构。

/proc/switch

这个变种只出现在Broadcom设备上，比如WRT54GL。

一个典型的配置就像这样：

 

config 'switch' 'eth0'
        option 'vlan0' '0 1 2 3 5*'
        option 'vlan1' '4 5'

 

其中，eth0标识符指明这个节对应的交换芯片。VLAN的定义方法是显然的，一般来说，0、1、2、3是路由器LAN口，4是路由器WAN口，5表示CPU，而5*表示这个接口是trunk。更多的信息请参考 switch documentation。

swconfig

新的swconfig框架将取代老式switch配置。现在它正被一些设备如D-Link DIR-300使用。

基于Swconfig的配置是一种全新的格式，即每个VLAN都使用一个节。下面的例子说明了运行在D-Link DIR-300设备上的Kamikaze 8.09分支所使用的标准配置：

config 'switch' 'eth0'
        option 'reset' '1'
        option 'enable_vlan' '1'

config 'switch_vlan' 'eth0_1'
        option 'device' 'eth0'
        option 'vlan' '1'
        option 'ports' '0 1 2 3 5t'

config 'switch_vlan' 'eth0_2'
        option 'device' 'eth0'
        option 'vlan' '2'
        option 'ports' '4 5t'

 

通用的属性仍然在switch节定义，各VLAN相关属性定义在各自的switch_vlan节中，它们通过指定device属性使系统得悉它使用的交换芯片。完整的格式请参看switch documentation。

Interfaces

interface类型的节声明了逻辑网络接口，可以为这些接口指定IP地址、别名、物理网络接口名称、路由规则及防火墙规则。

一个最简的interface节包含以下行：

 

config 'interface' 'wan'
        option 'proto' 'dhcp'
        option 'ifname' 'eth0.1'

 

• wan 是唯一的 逻辑网络接口名称
• dhcp 指定接口协议，这里是dhcp
• eth0.1 是相关联的物理网络接口名称(用ifconfig可看到)

接口协议可以是以下之一：

协议	描述
static	静态ip
dhcp	动态ip
ppp	PPP 协议 - 拨号MODEM连接
pppoe	以太网上的PPP协议 - DSL宽带连接
pppoa	ATM上的PPP协议 - 使用内建MODEM的DSL连接
3g	使用3G上网卡的CDMA, UMTS 或 GPRS 连接
pptp	通过PPtP VPN的连接
none	不指定任何协议

针对指定协议的类型，还需要额外的选项,参看下表。在Required字段标记"yes"的选项必须在interface节中定义，标记"no"选项的可以省略。

所有协议类型的有效选项

名称	类型	必需性	默认	描述
ifname	interface name(s)	yes(*)	(none)	物理接口名称。如果type选项被设为bridge，需要指定一个接口列表. (*) This option may be empty or missing if only a wireless interface references this network
type	string	no	(none)	如果设置为"bridge"，将建立一个包含ifname所述接口的网桥
stp	boolean	no	0	启用生成树协议，只对网桥有效
macaddr	mac address	no	(none)	指定接口MAC地址
mtu	number	no	(none)	指定接口最大传输单元(MTU)
auto	boolean	no	0 for proto none, else 1	指定是否在引导成功后打开这个接口

"static"协议

名称	类型	必需性	默认	描述
ipaddr	ip address	yes, if no ip6addr is set	(none)	IP地址
netmask	netmask	yes, if no ip6addr is set	(none)	子网掩码
gateway	ip address	no	(none)	默认路由
bcast	ip address	no	(none)	广播地址 (不设置会自动生成)
ip6addr	ipv6 address	yes, if no ipaddr is set	(none)	为接口指派给定的IPv6 地址 (CIDR notation)
ip6gw	ipv6 address	no	(none)	为接口指派给定的IPv6默认网关
dns	list of ip addresses	no	(none)	DNS服务器（1个或多个）

"dhcp"协议

名称	类型	必需性	默认	描述
gateway	string	no	(none)	如果设置为0.0.0.0，将设置DHCP协议获取的默认网关
dns	list of ip addresses	no	(none)	指定DNS服务器（1个或多个）

"ppp" (Modem上的PPP)协议

 要使用PPP，必须安装ppp软件包。

名称	类型	必需性	默认	描述
device	file path	yes	(none)	MODEM设备节点
username	string	no(?)	(none)	用于PAP/CHAP认证的用户名
password	string	no(?)	(none)	用于PAP/CHAP authentication的密码
connect	file path	no	(none)	自定义PPP连接脚本路径
disconnect	file path	no	(none)	自定义PPP断开连接脚本路径
keepalive	number	no	(none)	Number of connection failures before reconnect
demand	number	no	(none)	Number of seconds to wait before closing the connection due to inactivity
defaultroute	boolean	no	1	Replace existing default route on PPP connect
peerdns	boolean	no	1	Use peer-assigned DNS server(s)
dns	list of ip addresses	no	(none)	Override peer-assigned DNS server(s)
ipv6	boolean	no	0	为PPP连接启用IPv6
pppd_options	string	no	(none)	传递给pppd守护进程的额外命令行参数

"pppoe" (以太网的PPP)协议

 要使用PPPoE，必须安装ppp-mod-pppoe软件包.

名称	类型	必需性	默认	描述
username	string	no(?)	(none)	用于PAP/CHAP认证的用户名
password	string	no(?)	(none)	用于PAP/CHAP认证的密码
connect	file path	no	(none)	自定义PPP连接脚本路径
disconnect	file path	no	(none)	自定义PPP断开连接脚本路径
keepalive	number	no	(none)	Number of connection failures before reconnect
demand	number	no	(none)	Number of seconds to wait before closing the connection due to inactivity
defaultroute	boolean	no	1	Replace existing default route on PPP connect
peerdns	boolean	no	1	Use peer-assigned DNS server(s)
dns	list of ip addresses	no	(none)	Override peer-assigned DNS server(s)
ipv6	boolean	no	0	为PPP连接启用IPv6
pppd_options	string	no	(none)	传递给pppd守护进程的额外命令行参数

"pppoa" (ATM上的PPP)协议

 要使用PPPoA，必须安装 ppp-mod-pppoa 软件包.

名称	类型	必需性	默认	描述
unit	number	yes	(none)	br2684 interface number
vci	number	no	35	PPPoA VCI
vpi	number	no	8	PPPoA VPI
atmdev	number	no	(none)	ATM PVC number
encaps	string	no	llc	PPPoA encapsulation mode: 'llc' (LLC) or 'vc' (VC)
payload	string	no	bridged	PPPoA forwarding mode: 'routed' or 'bridged'
username	string	no(?)	(none)	用于PAP/CHAP认证的用户名
password	string	no(?)	(none)	用于PAP/CHAP认证的密码
connect	file path	no	(none)	自定义PPP连接脚本路径
disconnect	file path	no	(none)	自定义PPP断开连接脚本路径
keepalive	number	no	(none)	Number of connection failures before reconnect
demand	number	no	(none)	Number of seconds to wait before closing the connection due to inactivity
defaultroute	boolean	no	1	Replace existing default route on PPP connect
peerdns	boolean	no	1	Use peer-assigned DNS server(s)
dns	list of ip addresses	no	(none)	Override peer-assigned DNS server(s)
ipv6	boolean	no	0	为PPP连接启用IPv6
pppd_options	string	no	(none)	传递给pppd守护进程的额外命令行参数

"3g" (PPP over EV-DO, CDMA, UMTS or GRPS)协议

 要使用3G，必须安装 comgt 软件包.

名称	类型	必需性	默认	描述
device	file path	yes	(none)	Modem设备节点
service	string	yes	gprs	3G设备类型: evdo, cdma, umts 或 gprs
apn	string	yes	(none)	Used APN
pincode	number	no	(none)	解锁SIM卡的PIN码
maxwait	number	no	20	等待Modem就绪的时间（秒）
username	string	no(?)	(none)	用于PAP/CHAP认证的用户名
password	string	no(?)	(none)	用于PAP/CHAP认证的密码
keepalive	number	no	(none)	Number of connection failures before reconnect
demand	number	no	(none)	Number of seconds to wait before closing the connection due to inactivity
defaultroute	boolean	no	1	Replace existing default route on PPP connect
peerdns	boolean	no	1	Use peer-assigned DNS server(s)
dns	list of ip addresses	no	(none)	Override peer-assigned DNS server(s)
ipv6	boolean	no	0	为PPP连接启用IPv6

"pptp" (Point-to-Point Tunneling Protocol)协议

 要使用PPtP，必须安装 pptp 软件包.

名称	类型	必需性	默认	默认
server	ip address	yes	(none)	远程PPtP服务器
ipproto	string	no	dhcp	建立PPtP隧道前用来获取IP连通性的协议
username	string	no(?)	(none)	用于PAP/CHAP认证的用户名
password	string	no(?)	(none)	用于PAP/CHAP认证的密码
Additionally all options defined for the corresponding ipproto can be specified

别名

Alias sections can be used to define further IPv4 and IPv6 addresses for interfaces. They also allow combinations like DHCP on the main interface and a static IPv6 address in the alias, for example to deploy IPv6 on wan while keeping normal internet connectivity. Each interface can have multiple aliases attached to it.

别名最小的声明包含以下行：

 

config 'alias'
        option 'interface' 'lan'
        option 'proto' 'static'
        option 'ipaddr' '10.0.0.1'
        option 'netmask' '255.255.255.0'

 

• lan is the logical interface name of the parent interface
• static is the alias interface protocol
• 10.0.0.1 specifies the alias ip address
• 255.255.255.0 specifies the alias netmask

At the time of writing, only the static protocol type is allowed for aliases. Defined options for alias sections are listed below.

名称	类型	必需性	默认	描述
interface	string	yes	(none)	Specifies the logical interface name of the parent (or master) interface this alias is belonging to, must refer to one of the defined interface sections
proto	string	yes	(none)	Specifies the alias interface protocol
ipaddr	ip address	yes, if no ip6addris set	(none)	IP address
netmask	netmask	yes, if no ip6addris set	(none)	Netmask
gateway	ip address	no	(none)	Default gateway
bcast	ip address	no	(none)	Broadcast address (autogenerated if not set)
ip6addr	ipv6 address	yes, if no ipaddris set	(none)	IPv6 address (CIDR notation)
ip6gw	ipv6 address	no	(none)	IPv6 default gateway
dns	list of ip addresses	no	(none)	DNS server(s)

IPv4 Routes

It is possible to define arbitary IPv4 routes on specific interfaces using route sections. As for aliases, multiple sections can be attached to an interface.

一个minimial的例子类似如下:

 

config 'route'
        option 'interface' 'lan'
        option 'target' '172.16.123.0'
        option 'netmask' '255.255.255.0'

 

• lan is the logical interface name of the parent interface
• 172.16.123.0 is the network address of the route
• 255.255.255.0 specifies the route netmask

Legal options for IPv4 routes are:

名称	类型	必需	默认	描述
interface	string	yes	(none)	Specifies the logical interface name of the parent (or master) interface this route is belonging to, must refer to one of the defined interface sections
target	ip address	yes	(none)	Network address
netmask	netmask	no	(none)	Route netmask. If ommitted, 255.255.255.255 is assumed which makes target a host address
gateway	ip address	no	(none)	Network gateway. If ommitted, the gateway from the parent interface is taken, if set to 0.0.0.0 no gateway will be specified for the route
metric	number	no	0	Specifies the route metric to use

IPv6路由

IPv6 routes可指定定义一个或多个route6的sections.

一个minimial的例子类似如下:

 

config 'route6'
        option 'interface' 'lan'
        option 'target' '2001:0DB8:100:F00:BA3::1/64'
        option 'gateway' '2001:0DB8:99::1'

 

• lan is the logical interface name of the parent interface
• 2001:0DB8:100:F00:BA3::1/64 is the routed IPv6 subnet in CIDR notation
• 2001:0DB8:99::1 specifies the IPv6 gateway for this route

Legal options for IPv6 routes are:

名称	类型	必要	默认	描述
interface	string	yes	(none)	Specifies the logical interface name of the parent (or master) interface this route is belonging to, must refer to one of the defined interface sections
target	ipv6 address	yes	(none)	IPv6 network address
gateway	ipv6 address	no	(none)	IPv6 gateway. If ommitted, the gateway from the parent interface is taken
metric	number	no	0	Specifies the route metric to use

例子

下面是特殊的，非标准接口配置的几个例子。

Bridge without IP

 

config 'interface' 'example'
        option 'type'    'bridge'
        option 'proto'   'none'
        option 'ifname'  'eth0 eth1'
        option 'auto'    '1'

 

DHCP without default gateway

 

config 'interface' 'example'
        option 'proto'   'dhcp'
        option 'ifname'  'eth0'
        option 'gateway' '0.0.0.0'

 

DHCP及IPv6

 

config 'interface' 'example'
        option 'proto'     'dhcp'
        option 'ifname'    'eth0'

config 'alias'
        option 'interface' 'example'
        option 'proto'     'static'
        option 'ip6addr'   '2001:0DB8:100:F00:BA3::1'

 

静态IP配置和默认网关与非零十进制

 

config 'interface' 'example'
        option 'proto'     'static'
        option 'ifname'    'eth0'
        option 'ipaddr'    '192.168.1.200'
        option 'netmask'   '255.255.255.0'
        option 'dns'       '192.168.1.1'

config 'route'
        option 'interface' 'example'
        option 'target'    '0.0.0.0'
        option 'netmask'   '0.0.0.0'
        option 'gateway'   '192.168.1.1'
        option 'metric'    '100'

 

PPtP-over-PPPoE internet connection

config 'interface' 'wan' option 'proto' 'pppoe' option 'ifname' 'eth1' option 'username' 'user' option 'password' 'pass' option 'timeout' '10' config 'interface' 'vpn' option 'proto' 'pptp' option 'ifname' 'vpn' option 'username' 'vpnuser' option 'password' 'vpnpass' option 'server' 'vpn.example.org'

 Additionally the "wan" firewall zone must include both interfaces in /etc/config/firewall:

config 'zone' option 'name' 'wan' option 'network' 'wan vpn' option 'input' 'REJECT' option 'forward' 'REJECT' option 'output' 'ACCEPT' option 'masq' '1'

 

----------------------------------------------------------

Due I'm seeing a lot of confusion to make a repeater with OpenWRT, I will put the 2 modes available, with its configs.
I hope its easy to understand.
Of course, first install the latest Trunk version of OpenWrt:
http://downloads.openwrt.org/snapshots/trunk/
Working in Atheros hardware and Attitude Adjustment. I don't know if it works on other hardware or OpenWrt versions.

MODE 1: BRIDGED REPEATER

Both wireless networks will be the same network, DHCP addresses wil be given by the main router, all computers will see each other.

First connect the router to internet, by connecting an ethernet cable between the openwrt's router WAN port and the main router.
Install Relayd

opkg update 
opkg install relayd
/etc/init.d/relayd enable

.
.
/etc/config/wireless

config wifi-device 'radio0'
        #blahblah (default settings)
    option channel '1'         #Match with the main wireless network channel
    option disabled '0'

config wifi-iface
    option ssid 'MainWirelessNetwork'
    option encryption 'psk'        # Set wep, psk or psk2 for WEP, WPA or WPA2
    option device 'radio0'
    option mode 'sta'
    option network 'wwan'
    option key 'MainRouterWirelessPassword'

config wifi-iface
    option device 'radio0'
    option mode 'ap'
    option ssid 'RepeaterWirelessNetwork'
    option encryption 'psk'
    option key 'RepeaterWirelessPassword'
    option network 'lan'

.
.
/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.10.1'
    option gateway '192.168.1.1'   # Your main router's IP
    option netmask '255.255.255.0'
    option dns     '192.168.1.1'

config interface 'wwan'
    option proto 'static'
    option ipaddr '192.168.1.254' #match you main router network 192.168.x.254
    option netmask '255.255.255.0' 
    option gateway '192.168.1.1'   #your main router's IP

config 'interface' 'stabridge' 
    option 'proto' 'relay' 
    option 'network' 'lan wwan' 
    option ipaddr '192.168.1.254' #Same IP as in WWAN

.
.
/etc/config/dhcp

config dhcp lan
    option interface    lan
    option start     100
    option limit    150
    option leasetime    12h
    option ignore    1

config dhcp wan
    option interface    wan
    option ignore    1

 

As we want to make all the same network, we can disable the firewall:

/etc/init.d/firewall stop
/etc/init.d/firewall disable

Update 04/09/2015
Some users had trouble accesing shared services. This should fix them (thanks panni!):

panni wrote:

Install igmpproxy:

opkg install igmpproxy

Then edit the file /etc/config/igmpproxy
Make it look like this:

config igmpproxy
    option quickleave 1

config phyint
    option network wwan
    option direction upstream
    list altnet 192.168.0.0/24

config phyint
    option network lan
    option direction downstream
    list altnet 192.168.0.0/24

 

MODE 2: REPEATER, DIFFERENT NETWORK

Repeater's clients will be able to see Main Network's devices, but not vice versa.
Addresses in the Repeater network are managed by the repeater.

Nothing has to be downloaded, the stock openwrt is enought. This is the easiest and simplest way of making a repeater

/etc/config/wireless

config wifi-device 'radio0'
    #blahblah (default settings)
    option disabled '0'
    option channel '1'       #Match with the main wireless network channel

config wifi-iface
    option ssid 'MainWirelessNetwork'
    option encryption 'psk'        # Set wep, psk or psk2 for WEP, WPA or WPA2
    option device 'radio0'
    option mode 'sta'
    option network 'wwan'
    option key 'MainRouterWirelessPassword'

config wifi-iface
    option device 'radio0'

    option mode 'ap'
    option ssid 'RepeaterWirelessNetwork'
    option encryption 'psk'
    option key 'RepeaterWirelessPassword'
    option network 'lan'

.
.
/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.10.1'    #set to different range of your main router's network""
    option netmask '255.255.255.0'

config interface 'wwan'
    option proto 'dhcp'

.
.
/etc/config/dhcp

config dhcp lan
    option interface    lan
    option start     100
    option limit    150
    option leasetime    12h
    option ignore    0

config dhcp wan
    option interface    wan
    option ignore    1

.
.
/etc/config/firewall

config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option network 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option network 'wan wwan'

config forwarding
    option src 'lan'
    option dest 'wan'

Once internet is running, its easy to install LuCi to get the nice web interface:

opkg update
opkg install luci

AND, IF YOU INSTALLED RELAYD
opkg install luci-proto-relay

I have tested both and they work. I think this are the easiest configs for making a repeater.

Edit the files manually with the VI editor.
If you don't know how to use it, check this:
---------------------------------------------------------------------------
vi editor small tutorial
Let's edit "network" file

vi network

Now, navigate with the arrow keys to the line you want to read, modify, etc.
To start writing first type "i" (command to insert).
Now you can write, delete, etc as usual.
To exit the insert mode press "ESC".
To delete an entire line, press "d" twice.
Finally, to save the file press "Z" twice. Yes it must be UPPERCASE
If you screwed your file and want to discard changes press control+z to close without saving.

 

Regards