Config openwrt on Ubuntu

OpenWrt on ubuntu 20.04 LTS with KVM

install

You need a x86 64 bit version of OpenWrt:

Download a stable release of the openwrt-x86-64-combined-ext4.img.gz image from targets/x86/64/ folder e.g. 19.07.2.

Then, create the vm in linux with KVM.

change the opkg source into mainland

cp /etc/opkg/distfeeds.conf /etc/opkg/distfeeds.conf.bak
sed -i 's_downloads.openwrt.org_mirrors.aliyun.com/openwrt_' /etc/opkg/distfeeds.conf

opkg update
opkg install luci-i18n-base-zh-cn

setup sftp

opkg update
opkg install openssh-sftp-server
opkg install announce

clash on OpenWrt

install the dependence

opkg update
opkg install luci
opkg install luci-base
opkg install iptables
opkg install dnsmasq-full
opkg install coreutils
opkg install coreutils-nohup
opkg install bash
opkg install curl
opkg install jsonfilter
opkg install ca-certificates
opkg install ipset
opkg install ip-full
opkg install iptables-mod-tproxy
opkg install kmod-tun  #TUN模式
opkg install luci-compat

There are two dependencies: ‘‘libcap’’ and “libcap-bin” cannot be installed directly by opkg install on System Ver. 19.07.2.

You need download these two packages, ‘‘libcap’’ and “libcap-bin”. Then manually install them.

After that, download the clash and install it.

Before starting the app, go to the “global settings” - “update”, check and install the clash cores.

If the core modules are not installed automatically, upload the files to /etc/openclash/core/, and give them permission 755 or 777.

zerotier on OpenWrt

Install

opkg update
opkg install zerotier

Set up the configuration of the zerotier app, edit the file /etc/config/zerotier and join the network.

The line of option enabled and list join should be modified. It should look as

# cat /etc/config/zerotier
config zerotier 'sample_config'
	option enabled '1'
	list join 'd5e5f******a7d'

Bridge

First, get the zerotier ip by ip a and add the routes in zerotier network settings.

Then, config the firewall in openwrt “Network” - “Firewall”:

change “General Settings” - “reject” to “Forward”;
change ‘Zone =>Forwarding’: ‘lan => wan’ - ‘Masquerading’ unclick (off) to click (on).

add the iptable rules in “Custom Rules” with the device names of lan (eth0) and zerotier (ztbpanwl6z):

 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 iptables -A FORWARD -i eth0 -o ztbpanwl6z -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A FORWARD -i ztbpanwl6z -o eth0 -j ACCEPT

where -m state is deprecated and the legacy aliases are disabled in OpenWrt. You need to replace -m state with -m conntrack and --state with --ctstate.

restart the router or firewall.
```
/etc/init.d/firewall restart
```

Attention

If you break the web load page, encountering the error as:

/usr/lib/lua/luci/template.lua:97: Failed to execute template ‘sysauth’.

fix the problem by:

opkg update
opkg install luci-theme-bootstrap
rm -r /tmp/luci-*

PREVIOUSControlling NVIDIA GPU Fans and Clock remotely

NEXTConfig ssh and ufw on Ubuntu