ubus call system board
{
"kernel": "4.14.209",
"hostname": "openwrt",
"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
"model": "TP-Link Archer A7 v5",
"board_name": "tplink,archer-a7-v5",
"release": {
"distribution": "OpenWrt",
"version": "19.07.5",
"revision": "r11257-5090152ae3",
"target": "ath79/generic",
"description": "OpenWrt 19.07.5 r11257-5090152ae3"
}
}
UCI Export Network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd0b:32c3:1cc3::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.0.1'
option ip6assign '64'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'd8:07:b6:f8:ab:c5'
config interface 'wan6'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix '56'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'wwan'
option proto 'dhcp'
config interface 'WAN'
option ifname 'eth0.2'
option proto 'dhcp'
config interface 'WAN6wired'
option ifname 'eth0.2'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix '56'
UCI Export Wireless (using 5 GHz radio facing hotspot ISP as WAN)
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option htmode 'VHT80'
option channel 'auto'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'platform/ahb/18100000.wmac'
option htmode 'HT20'
option channel 'auto'
config wifi-iface 'wifinet1'
option ssid 'HOT-SPOT-ISP'
option device 'radio0'
option mode 'sta'
option password 'hotspot_isp_802.1x_password'
option encryption 'wpa2'
option eap_type 'ttls'
option anonymous_identity 'xanonymous-ttls@hotspotisp.com'
option identity 'hospotlogin@domain.com'
option auth 'PAP'
option network 'wwan wan6'
config wifi-iface 'wifinet2'
option encryption 'psk2'
option device 'radio1'
option mode 'ap'
option network 'lan'
option key 'local_LAN_password'
option ssid 'home_SSID'
UCI Export DHCP
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option ra 'relay' // followed OpenWRT IPv6 Relay Guide
option dhcpv6 'relay'
option ndp 'relay'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option dhcpv6 'relay'
option ra 'relay'
option ndp 'relay'
config dhcp 'wan6'
option dhcpv6 'relay'
option ra 'relay'
option ndp 'relay'
option master '1'
option interface 'wan6'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
UCI Export Firewall (Note, I ended up removing all IPv6 rules as well manually via ip6tables)
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan6 wwan WAN WAN6wired'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
list icmp_type 'destination-unreachable'
list icmp_type 'echo-reply'
list icmp_type 'echo-request'
list icmp_type 'neighbour-advertisement'
list icmp_type 'neighbour-solicitation'
list icmp_type 'packet-too-big'
list icmp_type 'router-advertisement'
list icmp_type 'router-solicitation'
list icmp_type 'time-exceeded'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
/etc/firewall.user //this is empty
IPv6 Addresses (Relay Mode)
root@openwrt:~# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::da07:b6ff:fef8:abc4/64 scope link
valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd0b:32c3:1cc3::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::da07:b6ff:fef8:abc4/64 scope link
valid_lft forever preferred_lft forever
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::da07:b6ff:fef8:abc5/64 scope link
valid_lft forever preferred_lft forever
9: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2xxxx:xxxx:xxxx:5e7:da07:b6ff:fef8:abc3/64 scope global dynamic
valid_lft 1303sec preferred_lft 1303sec
inet6 fe80::da07:b6ff:fef8:abc3/64 scope link
valid_lft forever preferred_lft forever
11: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::da07:b6ff:fef8:abc4/64 scope link
valid_lft forever preferred_lft forever
_
IPv6 Route Info (Relay Mode)
root@openwrt:~# ip -6 ro li tab all
default from 2xxxx:xxxx:xxxx:5e7::/64 via fe80::f63e:9dff:fe03:63bc dev wlan0 metric 512
2xxxx:xxxx:xxxx:5e7:6d53:3ca8:38ca:afcc dev br-lan metric 1024
2xxxx:xxxx:xxxx:5e7:d21f:7eec:15bf:5c02 dev br-lan metric 1024
2xxxx:xxxx:xxxx:ea7c:825:991c:4bce:c559 dev br-lan metric 1024 // this is a different /64 prefix, not sure where it came from
2xxxx:xxxx:xxxx:ea7c:5006:51de:647:52ab dev br-lan metric 1024
2xxxx:xxxx:xxxx:ea7c:64bb:47c2:a155:dddb dev br-lan metric 1024
2xxxx:xxxx:xxxx:ea7c:690c:1ccf:287b:e12e dev br-lan metric 1024
2xxxx:xxxx:xxxx:ea7c:7624:9fff:fe00:2f19 dev br-lan metric 1024
2xxxx:xxxx:xxxx:ea7c:fd51:5715:961a:e681 dev br-lan metric 1024
2xxxx:xxxx:xxxx:ea7c:fdf9:dd60:8942:b534 dev br-lan metric 1024
fd0b:32c3:1cc3:0:eeb5:faff:fe0e:1a97 dev br-lan metric 1024
fd0b:32c3:1cc3::/64 dev br-lan metric 1024
unreachable fd0b:32c3:1cc3::/48 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev wlan1 metric 256
local ::1 dev lo table local metric 0
anycast 2xxxx:xxxx:xxxx:5e7:: dev wlan0 table local metric 0
local 2xxxx:xxxx:xxxx:5e7:da07:b6ff:fef8:abc3 dev wlan0 table local metric 0
anycast fd0b:32c3:1cc3:: dev br-lan table local metric 0
local fd0b:32c3:1cc3::1 dev br-lan table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev eth0.2 table local metric 0
anycast fe80:: dev wlan0 table local metric 0
anycast fe80:: dev wlan1 table local metric 0
local fe80::da07:b6ff:fef8:abc3 dev wlan0 table local metric 0
local fe80::da07:b6ff:fef8:abc4 dev eth0 table local metric 0
local fe80::da07:b6ff:fef8:abc4 dev br-lan table local metric 0
local fe80::da07:b6ff:fef8:abc4 dev wlan1 table local metric 0
local fe80::da07:b6ff:fef8:abc5 dev eth0.2 table local metric 0
ff00::/8 dev br-lan table local metric 256
ff00::/8 dev eth0 table local metric 256
ff00::/8 dev eth0.2 table local metric 256
ff00::/8 dev wlan0 table local metric 256
ff00::/8 dev wlan1 table local metric 256
root@openwrt:~# ip -6 ru
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo lookup unspec 12
4200000006: from all iif br-lan lookup unspec 12
4200000009: from all iif wlan0 lookup unspec 12
4200000009: from all iif wlan0 lookup unspec 12
Resolv Stuff
root@openwrt:~# ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx 1 root root 16 Dec 6 07:31 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 32 Feb 9 22:26 /tmp/resolv.conf
-rw-r--r-- 1 root root 136 Feb 16 10:44 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface wan6
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
# Interface wwan
nameserver 8.8.8.8
head: /tmp/resolv.*/*: No such file or directory
root@openwrt:~#