硬件:TP-Link WR703N
只要是可以刷OpenWRT固件的路由器,均可以实现不仅仅局限于TL-WR703N。为什么选择TL-WR703N,因为它小巧,比你想想中的还要小,另外它便宜只要99RMB。
TL-WR703N自带4MB flash memory,32MB RAM,只是用来连接VPN,基本上不需要更换Flash和RAM。
从OpenWRT官方下载 http://downloads.openwrt.org/snapshots/trunk/ar71xx/openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin 文件用于TL-WR703N从官方固件刷为openwrt固件。而openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-sysupgrade.bin 是用来对openwrt升级的。
(PS:官方下载的固件是trunk代码,每天都会更新,不保证百分之百不出问题。我曾经就刷官方固件的后,出现WIFI无法启动问题,刷了自制的固件后才恢复的)
从TL-WR703N更改为OpenWRT系统:
第一次连接OpenWRT
Use 'passwd' to set your login password
this will disable telnet and enable SSH
可以参照以下配置进行相应的修改,这样设置完openwrt就可以正常使用了,需要注意这样设置WIFI是开放式,需要加密请自行参照openwrt官方wiki进行相应修改。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
#option ifname 'eth0' # ---这个要关闭
option type 'bridge'
option proto 'static'
option ipaddr '172.13.13.1'
option netmask '255.255.255.0'
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device radio0
option type mac80211
option channel 11
option macaddr 8c:21:0a:d8:9b:bd
option hwmode 11ng
option htmode HT20
list ht_capab SHORT-GI-20
list ht_capab SHORT-GI-40
list ht_capab RX-STBC1
list ht_capab DSSS_CCK-40
# REMOVE THIS LINE TO ENABLE WIFI:
#option disabled 1 # ---默认为禁用wifi,需要把这个关闭才能启用wifi
config wifi-iface
option device radio0
option network lan
option mode ap
option ssid OpenWrt
option encryption none
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
option network 'lan'
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option network 'wan'
option input ACCEPT # ---设置为允许从wan口访问,这样方便从内网调试
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option src_port 547
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
# port redirect of remapped ssh port (22001) on wan
#config redirect
# option src wan
# option src_dport 22001
# option dest lan
# option dest_port 22
# option proto tcp
# allow IPsec/ESP and ISAKMP passthrough
#config rule
# option src wan
# option dest lan
# option protocol esp
# option target ACCEPT
#config rule
# option src wan
# option dest lan
# option src_port 500
# option dest_port 500
# option proto udp
# option target ACCEPT
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
root@OpenWrt:~# cat /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
iptables -I FORWARD -o tun0 -j ACCEPT
#iptables -t nat -A POSTROUTING -s 172.64.1.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -o br-lan -j MASQUERADE
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -t mangle -I FORWARD -o tun+ -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -I FORWARD -i tun+ -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -A OUTPUT -o tun+ -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
#iptables -I OUTPUT -o tun0 -j ACCEPT
#iptables -I INPUT -i tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -I FORWARD -o tun0 -j ACCEPT
#iptables -I FORWARD -i tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE
翻墙设置:
Cisco VPN最好的服务提供者是 @Paveo ,而OpenVPN最好的提供者是 @cosbeta ,这两种方式Openwrt都支持。
这里提供的是Cisco VPN客户端解决方案,使用vpnc连接Cisco VPN。
Cisco VPN 帐号,请自行解决。
官方固件没有自带vpnc,需要自行安装
1
2
root@OpenWrt:~# opkg update
root@OpenWrt:~# opkg install vpnc
https://w3.owind.com/pub/?s=vpnc
防止DNS污染方法,参照 http://w3.owind.com/pub/binary/2012/04/27/%e8%b7%af%e7%94%b1%e5%99%a8%e4%b8%8a%e4%bd%bf%e7%94%a8-cisco-ipsec-vpn-client/
每次vpn连接后自动更新 /tmp/resolv.conf.auto,域名会被污染。解决这问题去把 /etc/vpnc/vpnc-script 里的 /etc/resolv.conf 全部替换成 /tmp/resolv.conf.auto 即可。
vpnc进程守护,从 http://w3.owind.com/pub/binary/2012/06/02/vpncwatch-%e4%bf%ae%e6%ad%a3%ef%bc%88%e5%a4%96%ef%bc%89/ 找到相应处理器的文件下载并放到 /usr/sbin/
root@OpenWrt:~# cd /usr/sbin/
root@OpenWrt:/usr/sbin# wget http://p5.gfw.io/paveo/vpncwatch-ar
vpnc启动脚本,参照 http://wiki.openwrt.org/oldwiki/vpn.client.vpnc?s[]=vpnc,启动脚本放在 /etc/init.d/ 目录下,并授权相应执行权限。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
root@OpenWrt:~# cat /etc/init.d/vpnc
#!/bin/sh /etc/rc.common
START=75
STOP=10
start() {
mkdir -p -m777 /var/run/vpnc
vpncwatch -c twitter.com -p 80 -i 10 vpnc /etc/vpnc/config.conf >/dev/null 2>&1
}
stop() {
PID_F=/var/run/vpnc/pid
if [ -f $PID_F ]; then
PID=$(cat $PID_F)
kill $PID
while [ -d /proc/$PID ];
do
sleep 1
done
fi
}
/etc/init.d/dnsmasq restart
/tmp/log/messages
修复:
焊接TTL线
Setup serial console 115200 8n1
Enter “tpl” as soon as U-Boot announces “Autobooting in 1 seconds”
Download the original image: http://www.tp-link.com.cn/downloadfilesuploadfolder/2011930104462.rar extact to tftp folder
Setup your eth0 to 192.168.1.100, you can check detail by ‘printenv’:
setenv serverip 192.168.1.10;
setenv ipaddr 192.168.1.1;
Run blow command under U-Boot:
tftpboot 0x81000000 wr703nv1_cn_3_12_11_up(110926).bin
erase 0x9f020000 +0x3c0000
cp.b 0x81000000 0x9f020000 0x3c0000
bootm 9f020000
[1] OpenWRT Wiki官方支持硬件列表
