A brief taste of OpenWRT / Bypass gateway configuration based on RAVPower-WD009 portable routing file treasure

Foreword

Recently, due to personal needs, an OpenWRT device is needed to implement some functions. Therefore, this article is mainly for your own reference for later maintenance/frustration. After all, OpenWRT will stay in a corner as long as it is configured (and will be restarted at most). If there is any problem later, you will want to toss and restore it. It’s a bit troublesome to remember a lot of details.

Requirements analysis

Some functions that the equipment needs to have:

Perform intranet device management/service access from the external network
Daily storage/key backup from intranet
24-hour standby, low power consumption download
VUnderstanding CapitalismPLong Live CommunismN【Under Construction】

Equipment on hand

Due to the wallet problem of [Garbage Man Poor], I did not choose to purchase a new device, but started with the existing equipment. I happened to have an idle device on hand, RAVPower-WD009 Portable Router File Treasure (the brand RAVPower may be familiar, and its main products It’s a power supply, I don’t know why this device is produced). I originally bought it because it has many functions, good looks, and supports USB-C charging. I can no longer find this thing on the official website.

It uses MediaTek MT7628NN hard routing solution, the specific parameters are as follows:

CPU: Single-core 32-bit 580MHz MIPS24KEc architecture
RAM: 64MB
ROM: 16MB Flash
Wireless: MT7610E radio frequency chip, WIFI5
Wired:: 100M Ethernet port x 1
Expansion capabilities: SD card slot x 1, USB-A 2.0 x 1
Others: Can be used as a power bank, supports USB-C charging

The point is that OpenWRT officially supports this device, which means that I can join the open source community without having to face the official RAV-FileHub client (which is actually OK, but not very good). The device can be used automatically. A higher degree of definition can better meet the changing needs of users.

Some operations and knowledge related to the equipment are officially given. I will record them here.

Enter TFTP mode: The device runs any firmware. When it is turned off, press and hold the reset button to turn it on, and release the power button until the globe light is always on (and release the reset button at the same time). This mode allows firmware update operations
OpenWRT reset operation: The device runs OpenWRT firmware. When the device is powered on, press and hold the reset button until the globe light starts flashing, and wait for the device to automatically restart. After reset, the device will be in [factory state], wireless is turned off by default, and only network cables can be used to connect. The default background address is 192.168.1.1

Home network topology diagram

The specific equipment and parameters are as follows:

Smart gateway (optical modem + routing + gateway/main routing)
Wired: one fiber optic port, one Gigabit WAN port, four Gigabit LAN ports
Wireless: 2.4GHz Master
Bypass gateway (the protagonist of this article)
Wired: One WAN/LAN port
Wireless: Dual-mode 2.4GHz/5GHz Master/Client
Desktop workstation (main machine)
Wired: One Gigabit network port

Under normal circumstances, if the performance of the device is strong enough and the interfaces are sufficient, it can actually be used as the main router. At this time, all wired/wireless network services in the above figure are provided by the main router, and the performance at this time is the best. The devices are in full-duplex mode

Since RAVPower-WD009 cannot be used as a main router, it can be used as a bypass gateway and attached to an existing network to provide expanded functions. There are two ways to use the bypass gateway function:

By configuring the main route, all device traffic passes through the bypass gateway. This mode has higher requirements for the bypass gateway, and the overall network speed is also limited by the bypass gateway.
By modifying the gateway configuration of the Internet terminal, you can freely choose whether the traffic should pass through the bypass gateway. This mode is more flexible and this article uses this mode.

In various scenarios, Internet traffic distribution should be as follows:

The main route has wired access to the external network: uplink traffic directly reaches the main route, and downlink traffic directly reaches the device.
The main router wirelessly accesses the external network: uplink traffic directly reaches the main router, and downlink traffic directly reaches the device.
Bypass gateway capitalist access to the external network: upstream traffic passes through the bypass gateway and then is sent to the main router. Downstream traffic does not pass through the bypass gateway and is sent directly to the device.
The bypass gateway wirelessly accesses intranet services (intranet services are provided by the bypass gateway): uplink traffic directly reaches the bypass gateway, and downlink traffic directly reaches the device
The bypass gateway wirelessly accesses intranet services (intranet services are provided by the bypass gateway): upstream traffic directly reaches the bypass gateway, and then reaches the main route through the bypass gateway. After the downlink traffic reaches the main route, it is forwarded to the bypass gateway, and then forward to device

Bypass gateway configuration

OpenWRT firmware selection

The latest version when the article was published: 23.05 (crash after flashing)
Select flash version: 22.03.5
For more firmware related information, please go to the OpenWRT official support page.

OpenWRT firmware flashing

The device enters TFTP mode, the PC is connected to the device through a network cable, the PC is configured with IPv4 (the parameters are as follows, address 10.10.10.x, subnet mask 255.255.255.0, gateway 10.10.10.1, remember to restore after updating), enter 10.10 in the browser .10.128 to enter the TFTP firmware update interface. There are only two operations in the interface to upload firmware/firmware update, upload OpenWRT firmware, and perform firmware update operations. After the update is completed, the device will automatically restart and enter the factory state.

Bypass gateway configuration process

Based on the default factory state of OpenWRT, the main route IP is 192.168.1.1, the subnet mask is 255.255.255.0/network segment 192.168.1.x.

The PC is only connected to the device through a network cable (do not connect to other networks through wireless network cards, etc.), and no other configurations are required for IPv4 (note that this configuration has been changed in TFTP mode. If access is inaccessible, restore the IP/DNS to obtain it automatically). Visit 192.168 .1.1, enter the OpenWRT console LUCI graphical interface
Enter the network-interface configuration interface and configure the LAN as the following parameters
General settings: The IP acquisition protocol is a static address, and the IP address is 192.168.1.x (x=2~254, this address is the gateway’s own access address, be careful not to conflict with the IP of other devices), For example, 192.168.1.8; the subnet mask is 255.255.255.0 (make sure it is on the same network segment as your main route); the default gateway address is 192.168.1.1 (usually the IP address of the main route); the broadcast address is 192.168.1.255
Advanced settings: Use a custom DNS server with the server address 192.168.1.1 (use the main route to act as a DNS server)
DHCP Server: Check Ignore this interface (do not provide DHCP service on this interface to avoid conflict with the main routing IP allocation policy). In IPv6 settings, there are three options: RA service, DHCPv6, and NDP agent. All set to disabled
Enter the network-firewall configuration interface and configure the following parameters
General settings: Turn off SYN-flood defense and turn off LAN-related IP dynamic camouflage (if you cannot access the Internet normally after turning it off, you can re-enable it)
Restart the device and connect the bypass gateway LAN port and the main router LAN port with a network cable.

Use of bypass gateway

The following operations need to be performed after connecting to the device IP through SSH. The operations are basically installing function plug-ins, changing configuration files, etc.

Preliminary work

Domestic source replacement

# Replace domestic sources
sed -i 's_downloads.openwrt.org_mirrors.tuna.tsinghua.edu.cn/openwrt_' /etc/opkg/distfeeds.conf
# Update domestic sources
opkg update

Chinese culture support

opkg install luci-i18n-base-zh-cn luci-i18n-opkg-zh-cn luci-i18n-firewall-zh-cn

Add SD card slot support

opkg install kmod-sdhci kmod-sdhci-mt7620

Add USB storage support

opkg install kmod-usb-core kmod-usb-storage kmod-usb-storage-uas kmod-usb2

Add multiple file system support

opkg install kmod-fs-ext4 e2fsprogs swap-utils kmod-fs-exfat exfat-mkfs ntfs-3g kmod-fs-vfat kmod-fs-msdos

Add storage device partition/mount tool

opkg install fdisk block-mount

Storage expansion (when inserting SD card)

# [This operation will format the SD card and divide it into two partitions]
# SD card /dev/mmcblk0
# swap partition (expanded memory) /dev/mmcblk0p1
# ext4 partition (extended external memory) /dev/mmcblk0p2

# Manually partition the SD device
fdisk /dev/mmcblk0

# Format the swap partition and enable the swap partition
mkswap /dev/mmcblk0p1
swapon /dev/mmcblk0p1

# Format ext4 partition and remount /overlay
mkfs.ext4 /dev/mmcblk0p2
mount /dev/mmcblk0p2 /mnt ; tar -c /overlay -cvf - . | tar -c /mnt -xf - ; umount /mnt
mount /dev/mmcblk0p2 /overlay

# Configure mounting information to start at boot
block detect > /etc/config/fstab
sed -i s/option$'\t'enabled$'\t''0'/option$'\t'enabled$'\t''1'/ /etc/config/fstab

Daily storage/key backup

Install Syncthing, an open source and free distributed file synchronization tool. It can synchronize files in specified folders (such as photo albums, work files, etc.) when the mobile phone is in an intranet environment.

The remote device in the picture represents the mobile phone, and the folder represents the folder that needs to be synchronized.

Software Installation

opkg install syncthing

After the installation is completed, Syncthing will have the problem of being unable to start automatically. Many tutorials on the Internet directly delete the official init.d script and rewrite a new startup script. But in fact, the problem is very simple.

# Just modify one line in the official startup script of /etc/init.d/syncthing
vim /etc/init.d/syncthing

# The following content is operated in the editing state
[ "$enabled" -gt 0 ] || return 0 # Just comment out this line. It should be caused by some backward-compatible configuration.

# Restart the application and boot it up
/etc/init.d/syncthing enable & amp; & amp; /etc/init.d/syncthing restart

PC accesses port 8384 of the bypass gateway, which can be managed through the background

Device IP:8384

Intranet penetration

Use the dynamic domain name service provided by DDNSTO remote control to achieve intranet penetration

Software Installation

# Download the script and run it. If the default script makes an error, you can execute my modified command
cd /tmp; wget --no-check-certificate http://fw.koolcenter.com/binary/ddnsto/openwrt/install_ddnsto.sh; cd ..
# normal operation
ash /tmp/install_ddnsto.sh
# Installation error running
sed -i 's/$?/"1"/' /tmp/install_ddnsto.sh & amp; & ash /tmp/install_ddnsto.sh

Software usage
You can refer to the DDNSTO official tutorial, which is very detailed.

24 hours standby downloader

Remote downloading can be achieved with the help of the well-established download tools Aria2 + AriaNG and DDNSTO intranet penetration.

Software Installation

opkg install aria2 ariang

Software usage
There are already many aria2 + ariang configuration tutorials on the Internet. Just use them with DDNSTO’s aria2 configuration tutorial.

Directory