DualWAN â ïðîøèâêå AsusWRT äëÿ Asus RT-N10U/N12B1/N15U/N16/N53

[AndreyPopov]

UPD: /jffs/scripts/post-mount - ó ìåíÿ íåò ýòîãî ôàéëà, òàì òîëüêî services-start è services-stop o_O

òàì íîãî ÷åãî íåò, âåäü íå âñå íàäî ñðàçó è âñåãäà.
âîò ñïèñîê, ñòàðò êîòîðûõ ïðîïèñàí â ïðîøèâêå

Code:

** User scripts **
These are shell scripts that you can create, and which will be run when 
certain events occur.  Those scripts must be saved in /jffs/scripts/ 
(so, JFFS must be enabled and formatted).  Available scripts:

 * dhcpc-event: Called whenever a DHCP event occurs on the WAN 
                interface.  The type of event (bound, release, etc...) 
                is passed as an argument.
 * firewall-start: Firewall is started (filter rules have been applied)
                   The WAN interface will be passed as argument (for 
                   example. "eth0")
 * init-start: Right after jffs is mounted, before any of the services 
               get started
 * nat-start: nat rules (i.e. port forwards and such) have been applied 
              (nat table)
 * post-mount:  Just after a partition is mounted
 * pre-mount: Just before a partition is mounted.  Be careful with 
              this script.  This is run in a blocking call and will 
              block the mounting of the partition  for which it is 
              invoked till its execution is complete. This is done so  
              that it can be used for things like running e2fsck on the 
              partition before mounting. This script is also passed the 
              device path being mounted as an argument which can be 
              used in the script using $1.
 * qos-start: Called after both the iptables rules and tc configuration 
              are completed for QoS.
 * openvpn-event: Called whenever an OpenVPN server gets 
                  started/stopped, or an OpenVPN client connects to a 
                  remote server.  Uses the same syntax/parameters as 
                  the "up" and "down" scripts in OpenVPN.
 * services-start: Initial service start at boot
 * services-stop: Services are stopped at shutdown/reboot
 * unmount: Just before unmounting a partition.  This is a blocking 
            script, so be careful with it.  The mount point is passed 
            as an argument to the script.
 * wan-start: WAN interface just came up (includes if it went down and 
              back up).  The WAN unit number will be passed as argument 
              (0 = primary WAN)

Don't forget to set them as executable:

   chmod a+rx /jffs/scripts/*

And like any Linux script, they need to start with a shebang:

   #!/bin/sh

ýì, òàì ñòîèò äðóãîé ïðîöåññîð è óñèëåííàÿ 2T2R ðàäèî÷àñòü

CPU Model Broadcom BCM5357 chip rev 2 pkg 8
CPU Frequency 300 MHz

à ïðîøèâêà äðóãîãî ìíåíèÿ!

Àíäðåé, êàê ñàìûé áîëüøîé ãóðó çäåñü, ïîäñêàæèòå ïîæàëóéñòà
Âîçíèêëà èäåÿ ïîñòàâèòü OpenVPN â JFFS, ÷òîáû íå çàäåéñòâîâàòü nvram.
Êàê ýòî ñäåëàòü ñàìûì ïðàâèëüíûì îáðàçîì?
Òî÷íåå openvpn-êëèåíò óæå åñòü â ïðîøèâêå, çíà÷èò ÿ äîëæåí ïðîñòî çàïóñêàòü åãî ñêðèïòîì õðàíÿ êîíôèã íà jffs, òîãäà íà rt-n16 áóäåò è dual-wan è openvpn)

ñ íà÷àëà ìîæåòå ñêîïèðîâàòü êîíôèãóðàöèþ èç ïðîøèâêè. ò.å. ñäåëàòü, ñêîïèðîâàòü ôàéëû â JFFS. çíà÷åíèÿ òî õðàíÿòñÿ â nvram, í îêàæäûé ðàç ïðè ñòàðòå èç ýòèõ çíà÷åíèé ôîðìèðóþòñÿ ôàéëû. ïîïðàâèòå â íèõ ïóòè è çàïóñòèòå èç service-start ê ïðèìåðó èëè ñäåëàåòå çàäà÷ó cron.

[lokus]

ñ íà÷àëà ìîæåòå ñêîïèðîâàòü êîíôèãóðàöèþ èç ïðîøèâêè. ò.å. ñäåëàòü, ñêîïèðîâàòü ôàéëû â JFFS. çíà÷åíèÿ òî õðàíÿòñÿ â nvram, í îêàæäûé ðàç ïðè ñòàðòå èç ýòèõ çíà÷åíèé ôîðìèðóþòñÿ ôàéëû. ïîïðàâèòå â íèõ ïóòè è çàïóñòèòå èç service-start ê ïðèìåðó èëè ñäåëàåòå çàäà÷ó cron.

ñîçäàë êîíôèã â /jffs/configs/openvpn/
è ôàéë /jffs/scripts/services-start
#!/bin/sh
modprobe tun
openvpn --daemon --cd /jffs/configs/openvpn --config client.conf
OpenVPN çàïóñòèëñÿ.
Íàñêîëüêî ãðàìîòíûé ýòîò ñêðèïò?

È ïîäñêàæèòå åùå ÷òî íóæíî ïðîïèñàòü åùå è êóäà ÷òîáû ïîëó÷èòü ýôôåêò àíàëîãè÷íûé òàêèì íàñòðîéêàì â web-èíòåðôåéñå:
Firewall - "automatic"
Create NAT on tunnel (Router must be configured manually) - "yes"
Redirect Internet traffic - "NO" - èíòåðåñíî êàêèå äîëæíû áûòü íàñòðîéêè åñëè "YES"
Start with WAN - ýòî ïðîñòî services-start?

Âî îáùåì ó ìåíÿ çàðàáîòàëî ñ òàêèìè ïðàâèëàìè:
1. ip route add 172.22.0.1 dev tun0 table 100
2. ip route add 172.22.0.0/24 via 172.22.0.1 dev tun0 table 100
3. ip route add 172.22.0.1 dev tun0 table 200
4. ip route add 172.22.0.0/24 via 172.22.0.1 dev tun0 table 200
5. iptables -I INPUT -i tun0 -j ACCEPT
6. iptables -I FORWARD -i tun0 -j ACCEPT
7. iptables -I FORWARD -o tun0 -j ACCEPT
8. iptables -I OUTPUT -o tun0 -j ACCEPT
Âîçìîæíî êàêèå-òî èç ïðàâèë òóò ëèøíèå... Ïîäîçðåâàþ ÷òî ¹¹3,4 òî÷íî ëèøíèå. Íî òàê ðàáîòàåò...
Ïðàâèëüíî ëè ÿ ïîíèìàþ ÷òî èõ ñëåäóåò çàïèñûâàòü èìåííî â openvpn-event, ÷òîáû â ñëó÷àå åñëè openvpn îòâàëèòñÿ, à ïîòîì ñíîâà ïîäêëþ÷èòñÿ ïðàâèëà ñíîâà ïðèìåíèëèñü?

Òîëüêî ÷òî ïîïðîáîâàë, ïîñëå ïåðåçàãðóçêè OpenVPN-êëèåíò ïîäíÿëñÿ íî ïðàâèëà èç openvpn-event ïî÷åìó-òî íå îòðàáîòàëè((
Åñòü èäåè?

[AndreyPopov]

È ïîäñêàæèòå åùå ÷òî íóæíî ïðîïèñàòü åùå è êóäà ÷òîáû ïîëó÷èòü ýôôåêò àíàëîãè÷íûé òàêèì íàñòðîéêàì â web-èíòåðôåéñå:
Firewall - "automatic"
Create NAT on tunnel (Router must be configured manually) - "yes"
Redirect Internet traffic - "NO" - èíòåðåñíî êàêèå äîëæíû áûòü íàñòðîéêè åñëè "YES"
Start with WAN - ýòî ïðîñòî services-start?



Òîëüêî ÷òî ïîïðîáîâàë, ïîñëå ïåðåçàãðóçêè OpenVPN-êëèåíò ïîäíÿëñÿ íî ïðàâèëà èç openvpn-event ïî÷åìó-òî íå îòðàáîòàëè((
Åñòü èäåè?

À çà÷åì âàì NAT íà òóííåëå?
Ðåäèðåêò - ýòî âåñü òðàôèê áóäåò áðàòüñÿ ñ óäàëåííîãî ñåðâåðà.

OpenVPN-event íå ðàáîòàåò, ïîòîìó ÷òî îáðàáîòêà äîëæíà çàïóñêàòüñÿ ïðè ñòàðòå OpenVPN ïðîøèâêîé. À ïðàâèëà ëó÷øå çàïóñêàòü èç firewall èëè nat ñêðèïòîâ

[lokus]

À çà÷åì âàì NAT íà òóííåëå?
Ðåäèðåêò - ýòî âåñü òðàôèê áóäåò áðàòüñÿ ñ óäàëåííîãî ñåðâåðà.

OpenVPN-event íå ðàáîòàåò, ïîòîìó ÷òî îáðàáîòêà äîëæíà çàïóñêàòüñÿ ïðè ñòàðòå OpenVPN ïðîøèâêîé. À ïðàâèëà ëó÷øå çàïóñêàòü èç firewall èëè nat ñêðèïòîâ

1. À â ÷åì ðàçíèöà ìåæäó ðåäèðåêòîì èíòåðíåò òðàôèêà è íàòîì íà òóíåëå?
2. Åñëè ÿ ïðàâèëüíî ïîíèìàþ ïðàâèëà íå ñðàáîòàþò åñëè îíè çàïóñêàþòñÿ èç firewall-start, ïîñêîëüêó ñàì openvpn (ñîîòâåòñòâåííî è ip-øíèêè ñ êîòîðûìè ñâÿçàíû ïðàâèëà) çàïóñêàþòñÿ ïîçäíåå èç services-start??
ïðàâèëà âîò òàêèå:
ip route add 172.22.0.1 dev tun0 table 100
ip route add 172.22.0.0/24 via 172.22.0.1 dev tun0 table 100
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT

[AndreyPopov]

1. À â ÷åì ðàçíèöà ìåæäó ðåäèðåêòîì èíòåðíåò òðàôèêà è íàòîì íà òóíåëå?
2. Åñëè ÿ ïðàâèëüíî ïîíèìàþ ïðàâèëà íå ñðàáîòàþò åñëè îíè çàïóñêàþòñÿ èç firewall-start, ïîñêîëüêó ñàì openvpn (ñîîòâåòñòâåííî è ip-øíèêè ñ êîòîðûìè ñâÿçàíû ïðàâèëà) çàïóñêàþòñÿ ïîçäíåå èç services-start??

1. ýòî òî ÷òî íàçûâàåòñÿ "Èñïîëüçîâàòü óäàëåííûé øëþç êàê òåêóùèé" - ò.å. çàïðîñû â Èíòåðíåò îòïðàâëÿþòñÿ íå ÷åðåç âàø WAN, à îòïðàâëÿþòñÿ íà óäàëåííûé ñåðâåð, ñåðâåð òàùèò èíôó èç Èíòåðíåòà è îòïðàâëÿåò âàì - ýòî è åñòü ðåäèðåêò.

NAT íó òóíåëå îçíà÷àåò, ÷òî âñå êòî íàõîäèòñÿ â ñåòè óäàëåííîãî ñåðâåðà áóäóò âèäåòü íå âñþ âàøó ñåòü, à òîëüêî ÎÄÈÍ àäðåñ è ÷òîáû èç ñåòè ñåðâåðà äîñòó÷àòüñÿ äî íåñêîëüêèõ âàøèõ êîìïîâ ïðèäåòñÿ èçâðàùàòüñÿ.

2. firewall-start è nat-start âñåãäà ñòàðòóþò ïîñëå wan-start - âåäü â ñëó÷àå åñëè ïðîèñõîäèò ñìåíà êîíôèãóðàöèè ñåòè, ïðàâèëà-òî íàäî ïåðåñòðîèòü!

ïîòîìó äóìàþ âàì íàäî modprobe ïåðåíåñòè â init-start
çàïóñê êëèåíòà â wan-start è ïðàâèëà òóäà æå èëè â firewall-start

êñòàòè, à çà÷åì âàíóæåí äåìîí? âàì æå íå íóæåí OpenVPN ñåðâåð?

[lokus]

firewall-start è nat-start âñåãäà ñòàðòóþò ïîñëå wan-start - âåäü â ñëó÷àå åñëè ïðîèñõîäèò ñìåíà êîíôèãóðàöèè ñåòè, ïðàâèëà-òî íàäî ïåðåñòðîèòü!
ïîòîìó äóìàþ âàì íàäî modprobe ïåðåíåñòè â init-start
çàïóñê êëèåíòà â wan-start è ïðàâèëà òóäà æå èëè â firewall-start

êñòàòè, à çà÷åì âàì íóæåí äåìîí? âàì æå íå íóæåí OpenVPN ñåðâåð?

ïðåäûäóùåå ïðàâèëî â wan-start
sleep 10s
ip rule add to 192.168.68.196 table 50 prio 50
ip route add default via `nvram get wan1_gateway` dev vlan3 table 50
ó ìåíÿ ïðîïèñûâàåòñÿ äâàæäû, ïîëó÷àåòñÿ:
>ip rule
50: from all to 192.168.68.196 lookup 50
50: from all to 192.168.68.196 lookup 50
ß òàê ïîíèìàþ îíî ñðàáàòûâàåò è êîãäà ïîäíèìàåòñÿ ïåðâûé èíòåðôåéñ è êîãäà ïîäíèìàåòñÿ âòîðîé.
×òî æå áóäåò êîãäà ÿ âîò ýòî âñå òóäà ïðîïèøó:
ip route add 172.22.0.1 dev tun0 table 100
ip route add 172.22.0.0/24 via 172.22.0.1 dev tun0 table 100
ip route add 172.22.0.1 dev tun0 table 200
ip route add 172.22.0.0/24 via 172.22.0.1 dev tun0 table 200
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT
Ìîæåò êàêóþ-òî ïðîâåðêó íàäî äåëàòü íà ïðåäìåò ñóùåñòâîâàíèÿ óæå òàêèõ ïðàâèë?

ß äóìàë äåìîí ýòî ïðîñòî çàïóñê êàê ñåðâèñ, ÷òîáû áûëî íàäåæíåå.
VPN-ñåðâåð íóæåí, ïðîñòî äî íåãî ðóêè åùå íå äîøëè...

[Panamaaa]

ïîñòàâüòå è ïðîâåðüòå - ó âàñ òîæå íå äàåò èçìåíèòü ïàïêó ïî óìîë÷àíèþ?
Attachment 9907

Ñåãîäíÿ âîçèëñÿ ñ àâòîïîäêëþ÷åíèåì ñâîïà (ïîêà áåçðåçóëüòàòíî), â ñëåäñòâèå ÷åãî ïåðåóñòàíàâëèâàë ñ íóëÿ Asus Apps (MS/DM).  èòîãå âûëåçëà àíàëîãè÷íàÿ ïðîáëåìà (MS íå äà¸ò èçìåíèòü ïàïêó ïî óìîë÷àíèþ).
Ò.î. ìîæíî ñ óâåðåííîñòüþ ñêàçàòü, ÷òî äåëî íå â êàðäðèäåðå è â ìèêðîÑÄ.
Ïðîøëûé ðàç (êîãäà áàã íå ïðîÿâëÿë ñåáÿ) ÿ ñíà÷àëà óñòàíîâèë MS, à óæ ïîòîì ñòàâèë DM.  ýòîò ðàç äåëàë ðîâíî íàîáîðîò. Âîçìîæíî, â ýòîì åñòü êàêîé-òî ïîäâîõ.
Àíäðåé, óäàëîñü å¸ ðåøèòü?

[AndreyPopov]

ïðåäûäóùåå ïðàâèëî â wan-start
sleep 10s
ip rule add to 192.168.68.196 table 50 prio 50
ip route add default via `nvram get wan1_gateway` dev vlan3 table 50
ó ìåíÿ ïðîïèñûâàåòñÿ äâàæäû, ïîëó÷àåòñÿ:
>ip rule
50: from all to 192.168.68.196 lookup 50
50: from all to 192.168.68.196 lookup 50

åñòü âîçìîæíîñòü:
* wan-start: WAN interface just came up (includes if it went down and
back up). The WAN unit number will be passed as argument
(0 = primary WAN)
óêàçàòü íà êàêîé WAN òàê ñêàçàòü ðåàãèðîâàòü.
òîëüêî ÿ åùå íå ðàçáèðàëñÿ êàê è ãäå óêàçàòü èìåííî.

Ñåãîäíÿ âîçèëñÿ ñ àâòîïîäêëþ÷åíèåì ñâîïà (ïîêà áåçðåçóëüòàòíî), â ñëåäñòâèå ÷åãî ïåðåóñòàíàâëèâàë ñ íóëÿ Asus Apps (MS/DM).  èòîãå âûëåçëà àíàëîãè÷íàÿ ïðîáëåìà (MS íå äà¸ò èçìåíèòü ïàïêó ïî óìîë÷àíèþ).
Ò.î. ìîæíî ñ óâåðåííîñòüþ ñêàçàòü, ÷òî äåëî íå â êàðäðèäåðå è â ìèêðîÑÄ.
Ïðîøëûé ðàç (êîãäà áàã íå ïðîÿâëÿë ñåáÿ) ÿ ñíà÷àëà óñòàíîâèë MS, à óæ ïîòîì ñòàâèë DM.  ýòîò ðàç äåëàë ðîâíî íàîáîðîò. Âîçìîæíî, â ýòîì åñòü êàêîé-òî ïîäâîõ.
Àíäðåé, óäàëîñü å¸ ðåøèòü?

äàâàéòå ñ àâòîïîäêëþ÷åíèå ïîïðîáóåì âîñïîëüçîâàòüñÿ nvram.

nvram apps_swap_enable=1
nvram commit

íå çàíèìàëñÿ ìåäèâñåðâåðîì.

[lokus]

êñòàòè, à çà÷åì âàíóæåí äåìîí? âàì æå íå íóæåí OpenVPN ñåðâåð?

Ðàññêàæèòå ïðî äåìîí è ïî÷åìó åãî íàäî èëè íå íàäî èñïîëüçîâàòü...

[Panamaaa]

äàâàéòå ñ àâòîïîäêëþ÷åíèå ïîïðîáóåì âîñïîëüçîâàòüñÿ nvram.
nvram apps_swap_enable=1
nvram commit

Äàâàéòå. Äåëàþ ðàç:

Code:

dd if=/dev/zero of=/mnt/sda1/.swap bs=1024 count=65536
mkswap /mnt/sda1/.swap
swapon /mnt/sda1/.swap

Äåëàþ äâà:

Code:

nvram set apps_swap_enable=1
nvram set apps_swap_file=/mnt/sda1/.swap
nvram set apps_swap_size=65536
nvram commit

Ïåðåçàãðóæàþñü. SM ñòàðòóåò íîðìàëüíî, ïîñëå ñòàðòà DM - âèñÿê.
Ïî êîìàíäå free: swap 0
Âèñÿê óñïåâàþ èçáåæàòü, åñëè áûñòðåíüêî çàëåçòü ïî SSH è âûïîëíèòü swapon /mnt/sda1/.swap (ëèáî äî, ëèáî âî âðåìÿ ïóñêà DM)

[AndreyPopov]

nvram set apps_swap_file=/mnt/sda1/.swap

nvram set apps_swap_file=.swap

à ôàéë .swap ïîëîæèòå â ïàïêó asusware

[Panamaaa]

nvram set apps_swap_file=.swap
à ôàéë .swap ïîëîæèòå â ïàïêó asusware

Áèíãî, Àíäðåé! Ñïàñèáî. Çàðàáîòàëî!
Ðàáî÷èé ñïîñîá ïîäêëþ÷åíèÿ è àâòîìîíòèðîâàíèÿ ñâîïà (ñëåäóåò ó÷åñòü, ÷òî ïî óìîë÷àíèþ ðàçìåð ñâîïà ñòîèò 33000 áàéò, ïîýòîìó ñâîï íóæíî ñîçäàâàòü >=33000, íó èëè ñîîòâåòñòâåííî ìåíÿòü çíà÷åíèå apps_swap_size)

Code:

dd if=/dev/zero of=/mnt/sda1/asusware/.swap bs=1024 count=65536
mkswap /mnt/sda1/asusware/.swap
swapon /mnt/sda1/asusware/.swap

Code:

nvram set apps_swap_enable=1
nvram set apps_swap_size=65536
nvram commit

[net-slider]

Íàðîä, â ñòðîêå
dd if=/dev/zero of=/mnt/sda1/asusware/.swap bs=1024 count=65536 (ìíå íóæíî íàïèñàòü íà 256 èëè 512 ìá)
Ìîæíî ëè ïèñàòü 512000 èëè íàäî êàê-òî âûñ÷èòûâàòü?
Ñïàñèáî

UPD êàêèå ìîæåòå ïîñîâåòîâàòü ïàêåòû äëÿ çàïóñêà java ïðèëîæåíèé

[Panamaaa]

Íàðîä, â ñòðîêå
dd if=/dev/zero of=/mnt/sda1/asusware/.swap bs=1024 count=65536 (ìíå íóæíî íàïèñàòü íà 256 èëè 512 ìá)
Ìîæíî ëè ïèñàòü 512000 èëè íàäî êàê-òî âûñ÷èòûâàòü?
Ñïàñèáî

262144 áëîêà ïî 1024 áàéòà = 256Ìá
524288 áëîêîâ ïî 1024 áàéòà = 512Ìá

Code:

dd if=/dev/zero of=/mnt/sda1/asusware/.swap bs=1024 count=262144
dd if=/dev/zero of=/mnt/sda1/asusware/.swap bs=1024 count=524288

ëèáî áåç bs=1024
524288 áëîêîâ ïî 512 áàéò = 256Ìá
1048576 áëîêîâ ïî 512 áàéò = 512Ìá

Code:

dd if=/dev/zero of=/mnt/sda1/asusware/.swap count=524288
dd if=/dev/zero of=/mnt/sda1/asusware/.swap count=1048576

[ryzhov_al]

UPD êàêèå ìîæåòå ïîñîâåòîâàòü ïàêåòû äëÿ çàïóñêà java ïðèëîæåíèé

jamvm, classpath.