My OpenWRT Packages & Plugins & Tips & Tricks - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Saturday, April 17, 2021

My OpenWRT Packages & Plugins & Tips & Tricks

This post is to collect some of packages using on my OpenWRT router. The list is still adding. Once more packages tested and used, they will be added in this post for future reference. 



Terminal integration in LUCI: luci-app-ttyd




This package intigrates ttyd in LUCI. Two packages to install, ttyd and luci-app-ttyd. 





luci-theme-argon

Argon is a clean HTML5 theme for LuCI. Users may setup their own favorite logins, including beautiful pics and customized mp4 videos.

Github address: https://github.com/jerrykuku/luci-theme-argon

You will have to use TTYD to do installation. 

For openwrt official 19.07 Snapshots LuCI master

opkg install luci-compat
wget --no-check-certificate https://github.com/jerrykuku/luci-theme-argon/releases/download/v2.2.5/luci-theme-argon_2.2.5-20200914_all.ipk
opkg install luci-theme-argon*.ipk





DNS based ad/abuse domain blocking - Adblock

Getting rid of annoying ads, trackers and other abuse sites (like facebook) is simple: block them with your OpenWRT router. Adblock on OpenWrt uses DNS to block Ads by becoming your first-hop DNS server, and returning IP address not found when the queried for the address of the an Ads server. 



Some installed packages and enabled feature to get ADBlock working:
- adblock - luci-app-adblock - curl/wget/uclient-fetch - Enable DNS Reporting - tcpdump /tcpdump-mini



Github : https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md



vlmcsd - KMS server


Github project: https://github.com/cokebar/openwrt-vlmcsd

Install following two packages 

You will need to find right architecture ipk file for your OpenWRT system. All pre-compiled ipk files can be found from: https://github.com/cokebar/openwrt-vlmcsd/tree/gh-pages

You will need to click the ipk link then go to download page:




vlmcsd_svn1113-1_x86_64.ipk download address: 
https://github.com/cokebar/openwrt-vlmcsd/raw/gh-pages/vlmcsd_svn1113-1_x86_64.ipk

vlmcsd_svn1113-1_i386_pentium4.ipk download address:
https://github.com/cokebar/openwrt-vlmcsd/raw/gh-pages/vlmcsd_svn1113-1_i386_pentium4.ipk


Activate Windows steps:

1. Open Command Prompt or Powershell, type: slmgr /upk, unload Windows existing product key

2. if it is win 10 pro version, enter: slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX

(Please find you key from following list or search online)



Windows VL KMS Product Key list:

Win10专业版KMS: W269N-WFGWX-YVC9B-4J6C9-T83GX

Win10企业版KMS: NPPR9-FWDCX-D2C8J-H872K-2YT43

Win10LTSB版KMS: DCPHK-NFMTC-H88MJ-PFHPY-QJ4BJ

Win10家庭版KMS: TX9XD-98N7V-6WMQ6-BX7FG-H8Q99

Win10教育版KMS: NW6C2-QMPVW-D7KKK-3GKT6-VCFB2

Win7专业版KMS: FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4

Win7企业版KMS: 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH

3. Enter : slmgr /skms 192.168.2.4(Your OpenWRT vlmcsd server address)

4. Activate : slmgr /ato



OFFICE Activation steps:

1. locate your office folder. 

If you are using OFFICE 2016 32B,the folder directory is :

C:\Program Files (x86)\Microsoft Office\Office16

open the folder directory, you will find this file : OSPP.VBS

If you are using OFFICE 2016 64B ,the folder directory is :

C:\Program Files\Microsoft Office\Office16

2. From powershell, 
cd “C:\Program Files (x86)\Microsoft Office\Office16”(your office folder directory)

3. enter: cscript ospp.vbs /sethst:192.168.2.4(Your OpenWRT vlmcsd server address)

4. activate your office: cscript ospp.vbs /act



C:\Windows\system32>slmgr /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43

C:\Windows\system32>slmgr /skms 192.168.2.4

C:\Windows\system32>slmgr /ato

C:\Windows\system32>


DDNS for CloudFlare


Install packages
  1. Login to you router
  2. Go to [System] -> [Software]
  3. In {Actions} tab, click the <Update lists> button
  4. Install the following package
    • luci-app-ddns
    • ddns-scripts_cloudflare.com-v4

Settings for CloudFlare

Creating a DNS A record for ddns.51sec.eu.org

  1. Login to your CloudFlare account
  2. Go to your domain, in my example it will be ‘myabc.com’
  3. Go to [DNS]
  4. Click <+Add record>
  5. In {Type} field select:
    • A
  6. In {Name} field input:
    • ddns
  7. In {IPv4 address} field input a random IP first, for example, 8.8.8.8
  8. Change Proxy Status from Proxied to DNS Only
  9. Click <Save> button


Copy your global API key:
  1. Go to [My Profile]
  2. Go to {API Tokens} tab
  3. Go to {API Keys} section
  4. Click the <View> button at {Global API Key}
  5. Copy that API key and it will in used in the next section

Add DDNS entry in OpenWRT

  1. Go to [Services] -> [Dynamic DNS]
  2. In section {Overview} -> {Basic} tab
  3. In drop down menu {DDNS Service provider [IPv4]}:
    • cloudflare.com-v4
  4. Go to input field and input
    • ddns.51sec.eu.org
  5. Click <Add> button and it will go into the details page
  6. Ensure {Enabled} field:
    • Marked with tick
  7. In {Lookup Hostname} input field:
    • ddns.51sec.eu.org
  8. In {IP address version} select:
    • IPv4-Address
  9. In {Domain} field in put your domain with a @ character:
  10. In {Username} field:
  11. In {Password} field:
    • The Global API Key from CloudFlare
  12. In section {Overview} -> {Advanced Settings} tab
  13. In {URL to detect [IPv4]} field
    • http://checkip.dyndns.com
  14. In {Event Network [IPv4]} field
    • wan or lan , depending on which port is used for externa traffic
  15. Click <Save & Apply> button


YouTube Videos






OpemWRT Image Download








OpenWRT Command Line

OpenWRT comes with a program called uci, or Unified Configuration Interface. This utility allows you to temporary or permanently modify the system configuration files in the /etc/config/ directory. Also allows for easy scripting.

The syntax is broken into three parts. The first two are mandatory with the [arguments] field being optional depending on the [option]

uci options commands arguments

[commands] is also broken down into three parts: file.section.option. Section can be called by their name, such as lan, wan as in /etc/config/network or wifi0 in /etc/config/wireless. Sections that do not have names can be called their position in the array of sections. An example of this is wireless.@wifi-iface[0].ssid

To view a configuration file such as /etc/config/network:

uci export network

Making or adding a new value to a section, in this case the default gatway, is easy as typing:

uci set network.lan.gateway=10.168.1.1
OR
uci set network.@interface[1].gateway=10.168.1.1

To add and delete options use uci add or uci delete:

uci delete wireless.@wifi-iface[0].encryption

It is also possible to set DHCP options, such as the gateway or DNS servers to push to clients. Refer to this website to find the DHCP option codes.

uci add_list network.lan.dhcp_option="3,10.168.1.1"

When done making changes you must run:

uci commit [configuration]
example: uci commit network

It is possible to change the behavior of startup services.

root@OpenWRT:~#/etc/init.d/network
Syntax /etc/init.d/network [command]
Available commands:
start Start the service
stop Stop the service
restart Restart the service
reload Reload configuration files (or restart if that fails)
enable Enable service autostart
disable Disable service autostart


Resetting Root Password


If you have forgotten the root password or if the root password no longer works, you have to use the Failsafe Mode and Factory Reset.

From there, you don't have to reset the whole configuration. Note that fail safe mode does not require a password for authentication of root (!)

You only have to mount the root file system and set a new password with passwd and then trigger a restart. In fail safe mode, passwd will not ask for the old password (that you may have forgotten):

root@(none):~# mount_root
switching to jffs2 overlay
root@(none):/rom/root# passwd
Changing password for root
New password:
Retype password:
passwd: password for root changed by root
root@(none):/rom/root# reboot -f

note: https://openwrt.org/docs/guide-user/troubleshooting/root_password_reset



References




No comments:

Post a Comment