Some of you may know me as arokh from the old OpenWrt community. Anyways, got a new router and decided to get up to date with latest master As always, my goal is to offer a useful set of features that works out of the box.
- Based on latest git
- LuCI web interface with rosy theme
- Pre-configured wireless with SSID OpenWrt and password "changemenow" (root pw is the same)
- Built with GCC 8.3 and -O2 optimization
- Unlocked 00 (world) domain all channels available
- https-dns-proxy (not used by default)
- UPnP, DDNS, SQM, luci-app-statistics
- OpenVPN and IPsec IKEv2 (strongSwan) pre-configured and ready to go (instructions below)
- UPnP / DLNA working over OpenVPN/IPsec through the use of multicast routing with smcroute
- Isolated guest network that gets routed through Tor network (SSID OpenWrt Tor)
- USB auto mounting and F2FS, exFAT, NTFS and EXT filesystem support
- NFS kernel server with V4 support
- Full wpad
Cloudflare's 184.108.40.206 is used by default. If you'd like to use your ISP's DNS servers instead execute this command:
# uci set dhcp.@dnsmasq.noresolv='0' && set network.wan.peerdns='1' && uci commit
Instructions for VPN
At first boot, a CA is created under /etc/CA, then certificates for "phone", "laptop" and "workstation" are generated for you.
OpenVPN is configured to access your external IP address at udp port 1194 and fallback tcp 1194. Ready to go .ovpn files are found under /www/vpn which can be accessed like this:
To use IKEv2 on iOS, import the following:
Then set up an IKEv2 VPN, use your external IP address as server/remoteid and "phone" as localid. Then choose certificate and select the one you imported already.
The script /usr/sbin/vpn.sh can be used to create new certificates or re-generate the CA if you so wish.
PS: If there is no WAN connection at first boot, the VPN certificates won't be generated and will have to be done manually with the mentioned script.
Builds can be found here: https://drive.google.com/open?id=1zUJ4HHPEYh1ecIhF7vlwAb9V3vs9nvDE
My github: https://github.com/escalade/LEDE/tree/escalade
My builds are provided as is. They should be flashed cleanly (sysupgrade -n or use factory image with tftp).
You can clone my repo and build yourself using the profiles/ipq806x file as a config template. If you are targetting a different device you will also need to change TARGET_OPTIMIZATION in the config.