【OpenWrt】OpenWrt学习

Posted by 西维蜀黍 on 2020-07-03, Last Modified on 2021-09-21

OpenWrt 网络接口(Network Interfaces)

物理网络接口(Physical Network Interfaces)

eth0, eth8, radio0, wlan19, .. 这些符号总是代表着真实存在的网络设备。 例如: [NIC](https://en.wikipedia.org/wiki/Network interface controller), [WNIC](https://en.wikipedia.org/wiki/Wireless network interface controller) 或其他一些 Modem。当[device driver](https://en.wikipedia.org/wiki/device driver)被作为物理网络接口的驱动加载进内核,这些网络接口就可用了。

任何物理网络接口是由操作系统为用户命名的软件的网络接口,以使得操作系统配置物理网络设备并且将其集成到程序和脚本中。

虚拟网络接口(Virtual Network Interfaces)

lo, eth0:1, eth0.1, vlan2, br0, pppoe-dsl, gre0, sit0 tun0, imq0, teql0, .. are virtual network interfaces that do NOT represent an existent hardware device but are linked to one (otherwise they would be useless). Virtual network interfaces were invented to give the system administrator maximum flexibility when configuring a Linux-based operating system. A virtual network interface is generally associated with a physical network interface (eth6) or another virtual interface (eth6.9) or be stand alone such as the loopback interface lo.

Types of Virtual Network Interfaces

  • *aliases*: eth4:5, eth4:6, .. IP-aliases are an obsolete way to manage multiple IP-addresses/masks per interface. Newer tools such as iproute2 support multiple address/prefixes per interface, but aliases are still supported for backwards compatibility. Documentation/networking/alias.txt

  • *VLANs*: eth4.0, eth4.1, eth4.3, vlan0, .. are created to partition a single layer 2 network into multiple virtual ones. The drivers all participating network cards must support [IEEE 802.1Q](https://en.wikipedia.org/wiki/IEEE 802.1Q) and be configured accordingly. This standard allows for up to 4096 VLANs (12Bits).

  • *Stacked VLANs*: [IEEE 802.1ad](https://en.wikipedia.org/wiki/IEEE 802.1ad)-support was mainlined in 2013-04-19: net: vlan: add 802.1ad support Configuration is done using ip link:

    ip link add link eth0 eth0.1000 type vlan proto 802.1ad id 1000
    ip link add link eth0.1000 eth0.1000.1000 type vlan proto 802.1q id 1000
    
  • *bridgeds*: br0, br-lan are used to make multiple virtual or physical network interfaces act as if they were just one network interface (quasi the opposite of VLANs). Can also be used for VPN and bridged interfaces. The Linux Ethernet bridge can be used for connecting multiple Ethernet devices together. The connecting is fully transparent: hosts connected to one Ethernet device see hosts connected to the other Ethernet devices directly. understanding how bridge-interfaces work

  • *tunnel interfaces*: pppoe-dsl, pppoa-dsl, tun0, vpn1, used to send packets over a [tunneling protocol](https://en.wikipedia.org/wiki/tunneling protocol) such as [GRE](https://en.wikipedia.org/wiki/Generic Routing Encapsulation), IPsec [PPPoE](https://en.wikipedia.org/wiki/Point-to-point protocol over Ethernet), etc.

  • *special purpose*: imq0, teql3 used to change the order of outgoing network packets, or incoming network packet

  • *wireless operating mode virtual interfaces*: wlan0, wlan0_1, ath3, ath_monitor, .. Linux wireless subsystem: There is always one physical network interface for each WNIC called the master interface. The master interface is invisible. Then, depending on the wireless operating mode the master interface is configured to, ad-hoc (IBSS), managed , AP , WDS, mesh point, monitor, wireless virtual network interfaces with different properties are created. This is done automatically by default. When the WNIC driver is loaded, there always will be the master interface and (at least) one virtual interface!

总结

  • lo 虚拟设备端口,自身回环设备,一般指向 127.0.0.1
  • eth0 物理网卡0, eth0.1 或者 eth0.2 都是从此设备虚拟而出。
  • br-lan 虚拟设备,用于 LAN 口设备桥接(bridge),以使多个虚拟(或物理)网络接口看起来好像他们仅有一个网络接口一样。目前路由器普遍将有线 LAN 口(一般四个)和 WIFI 无线接口桥接在一个局域网 (LAN)中。可以使用 brctl show 来查看使用情况。
  • eth1 如果路由器有两块物理网卡,一般 eth1 则作为 WAN 口
  • wlan0 一般是通过 2.4G WIFI 连接的设备组成的VLAN
  • wlan1 一般是通过 5G WIFI 连接的设备组成的VLAN

可以使用如下命令来查看 br-lan 配置

$ brctl show
bridge name					bridge id					STP enabled					interfaces
br-lan					7fff.8c53c3e337c6						no		            lan2
																															wlan0
																															lan3
																															wlan1
																															lan1

br-lan = lan1 + lan2 + lan3 + wlan0 + wlan1,即将通过有线 LAN 口和无线 WIFI 连接的设备都划到同一个局域网 LAN(相互之间可以互相访问,如果配置了特殊的防火墙规则除外)。

Experiment

我们可以做个小实验,我通过网线路由器的 lan1,然后打开 YouTube 8K 视频并等待一段时间:

lan1的 RX bytes(Receive bytes)变化:

RX bytes:373973 (365.2 KiB)  TX bytes:319941 (312.4 KiB)
->
RX bytes:10928410 (10.4 MiB)  TX bytes:1316063670 (1.2 GiB)

br-lan 的 TX bytes(Transmit bytes)变化:

RX bytes:1145549 (1.0 MiB)  TX bytes:1281534 (1.2 MiB)
->
RX bytes:15108596 (14.4 MiB)  TX bytes:1327603944 (1.2 GiB)

eth0 的变化:

RX bytes:2547340 (2.4 MiB)  TX bytes:2559632 (2.4 MiB)
->
RX bytes:1349165970 (1.2 GiB)  TX bytes:1353434420 (1.2 GiB)

wan 的变化:

RX bytes:1208653 (1.1 MiB)  TX bytes:1089786 (1.0 MiB)
->
RX bytes:1313855306 (1.2 GiB)  TX bytes:16209461 (15.4 MiB)

这说明:从Youtube Server的视频流量会先到达 wan口的 RX(体现在 wan 的 RX),然后被转发到 eth0(体现在 eth0 的 RX),再被转发到 br-lan(体现在 wan 的 TX),最终到达 lan(体现在 lan1 的 TX)。


类似地,

  • 如果我通过5G WIFI连接路由器(来播放YouTube 8K),wlan0的TX就会对应增加。

  • 如果我通过lan1连接到路由器,进行大流量的TCP传输(路由器传输到连接 lan1 对应的设备):

    eth0
    RX bytes:151078628 (144.0 MiB)  TX bytes:151155830 (144.1 MiB)
    ->
    RX bytes:28786916569 (26.8 GiB)  TX bytes:417208939 (397.8 MiB)
    
    br-lan
    RX bytes:11109876 (10.5 MiB)  TX bytes:136662101 (130.3 MiB)
    ->
    RX bytes:27147493858 (25.2 GiB)  TX bytes:382216096 (364.5 MiB)
    
    lan1
    RX bytes:1342750 (1.2 MiB)  TX bytes:10436669 (9.9 MiB)
    ->
    RX bytes:28059162930 (26.1 GiB)  TX bytes:33696055 (32.1 MiB)
    

各种模式

路由器模式

路由器模式也就是最常见的无线模式,通过有线连接路由器 WAN 口至互联网,并发射无线提供局域网络。

下面设置的含义是:WAN这个VLAN和WAN6 这个VLAN在同一个DMZ。

桥接AP模式

Bridged AP is to extend your existing wired host router to have wireless capabilities. Clients connecting to OpenWRT will get an IP address from the wired host router.

即 OpenWrt 路由器只作为一个AP(不具有 NAT 和DHCP功能),通过 WIFI 连接到OpenWrt 路由器的设备由上一级路由器(在上图中,是192.168.1.1)来提供 NAT 和 DHCP 服务。

创建一个 interface

编辑 /etc/config/network,创建一个 interface,并为其设置一个IP地址,比如:

config interface swlan
        option ifname eth0
        option type bridge
        option proto static
        option ipaddr 192.168.1.2
        option netmask 255.255.255.0
        option gateway 192.168.1.1
        option dns 192.168.1.1 

This IP address must be an unused one within the network subnet of the main router. You could also change option proto static to option proto dhcp and let the main router decide the AP(Openwrt路由器)’s address, but of course from then on the access point needs a DHCP server.

如果你需要管理这个OpenWrt,可以直接访问 192.168.1.2 进入其Luci。

Disable dnsmasq

$ /etc/init.d/dnsmasq disable

虽然这一步并没有太大的意义。

Connect host router and openwrt router correctly

Ensure the host router is connected with a lan port of the openwrt, not the wan port!

Configure and enable the wireless network

In /etc/config/wireless, locate the existing wifi-iface section and change its network option to point to the newly created interface section.

config wifi-iface
        option device wifi0
        option network swlan
        option mode ap
        option ssid OpenWrt
        option encryption none

重点在于 option network swlan1,这样以后,通过 WIFI 连接到Openwrt路由器的设备将会由上一级路由器(在上图中,是192.168.1.1)来提供 NAT 和 DHCP 服务。

Enable the new wireless network.

root@OpenWrt:~# ifup wifi
root@OpenWrt:~# wifi

如果希望通过特定有线端口连接到Openwrt路由器的设备也由上一级路由器(在上图中,是192.168.1.1)来提供 NAT 和 DHCP 服务,则可以修改/etc/config/network

config interface 'swlan'
	option proto 'dhcp'
	option type 'bridge'
	option ifname 'lan2 lan3'

比如,在上面我设置了连接到 lan2 和 lan3的设备也位于 swlan中。这样以后,通过 lan2 或者 lan3 有线端口连接到Openwrt路由器的设备也由上一级路由器(在上图中,是192.168.1.1)来提供 NAT 和 DHCP 服务。

管理 OpenWrt

想要增加管理口,就要让br-lan有个特殊的地址,PC直接接入lan口,设置pc的ip为静态,并设置与ap相同的子网掩码

就可以让PC直接访问AP的管理界面

在/etc/config/network中添加alias

root@openwrt:/etc/config# cat network 
 
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
 
config interface 'lan'
        option ifname 'eth2.1'
        option type 'bridge'
        option proto 'dhcp'
        #option ipaddr '192.168.0.121'
        #option netmask '255.255.255.0'
        #option gateway '192.168.0.1'
        #option dns '192.168.0.1'
        option macaddr '00:01:42:60:3d:3c'
 
config interface 'wan'
        option ifname 'eth2.2'
        option proto 'dhcp'
        option macaddr '00:01:42:60:3d:3d'
 
 
config 'alias'  ###添加br-lan的second ip
        option 'interface' 'lan'
        option 'proto' 'static'
        option 'ipaddr' '10.0.0.7'
        option 'netmask' '255.255.255.0'
root@openwrt:/etc/config#

将pc的ip设置为10.0.0.100,子网掩码为255.255.255.0,就可以直接访问http://10.0.0.7进入ap的管理界面了!

为了防止内网中也有同样的地址,可以添加多个alias,防止出现冲突现象,不过也不用多虑,因为当你要进入管理界面时需要连网线插入lan口,而ap一般都只有一个网口,所以也就不会有冲突。

路由AP混合模式(Routed AP)

https://oldwiki.archive.openwrt.org/doc/recipes/routedap

纯AP模式(Dumb AP)

http://wiki.openwrt.org/doc/recipes/dumbap

OpenWrt 路由器推荐

https://openwrt.org/toh/views/toh_available_16128

Openwrt 华硕

https://openwrt.org/toh/start?dataflt%5BBrand*%7E%5D=asus

Reference