====== Network configuration ======
The central network configuration is located in ''/etc/config/network''. This configuration is responsible for defining //switch VLANs//, //interface configurations// and //network routes//.
**''Hint:''** After editing ''/etc/config/network'' you need to execute
/etc/init.d/network restart
to make your new configuration take effect. There is no need to reboot the router.
===== Sections =====
Below is an overview of the section types that may be defined in the network configuration.
A minimal network configuration for a router usually consists of at least two //interfaces// (''lan'' and ''wan'') and a //switch// section if applicable.
==== Switch ====
The ''switch'' section is responsible for partitionating the switch into several //VLANs// which appear as independant interfaces in the system although they share the same hardware. Not every OpenWrt supported device has a programmable switch, therefore this section might not be present on some platforms.
There are currently two different configuration formats in use, one for the legacy ''/proc/switch/'' API and one for the newer //swconfig// based switch infrastructure.
=== /proc/switch ===
This variant is only found on Broadcom devices like the WRT54GL.
A typical configuration for it looks like this:
config 'switch' 'eth0'
option 'vlan0' '0 1 2 3 5*'
option 'vlan1' '4 5'
The ''eth0'' identifier specifies the switch the section is belonging to.
VLANs are defined by ''vlan#'' options with ''#'' being the VLAN number.
For further information refer to the [[doc:uci:network::switch|switch documentation]].
=== swconfig ===
The newer //swconfig// framework is intended to replace the legacy switch configuration.
The typical filepath for the config is ''/etc/config/network''
//Swconfig// based configurations have a different structure with one extra section per vlan.
The example below shows a typical configuration:
config 'switch' 'eth0'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan' 'eth0_1'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '0 1 2 3 5t'
config 'switch_vlan' 'eth0_2'
option 'device' 'eth0'
option 'vlan' '2'
option 'ports' '4 5t'
Common properties are defined within the ''switch'' section, vlan specific properties are located in additional ''switch_vlan'' sections linked to the ''switch'' section through the ''device'' option.
The complete layout is explained in the [[doc:uci:network::switch|switch documentation]].
==== Interfaces ====
Sections of the type ''interface'' declare logical networks serving as container for ip address settings, [[doc:uci:network#aliases|aliases]], [[doc:uci:network#ipv4.routes|routes]], physical interface names and [[doc:uci:firewall#zones|firewall rules]] - they play a central role within the OpenWrt configuration concept.
A minimal interface declaration consists of the following lines:
config 'interface' 'wan'
option 'proto' 'dhcp'
option 'ifname' 'eth0.1'
* ''wan'' is a unique //logical interface name//
* ''dhcp'' specifies the //interface protocol//, DHCP in this example
* ''eth0.1'' is the //physical interface// associated with this section
The //interface protocol// may be one of the following:
^ Protocol ^ Description ^ Program ^
| ''static'' | Static configuration with fixed address and netmask | ''ip''/''ifconfig'' |
| ''dhcp'' | Address and netmask are assigned by DHCP | ''udhcpc'' (Busybox) |
| ''ppp'' | PPP protocol - dialup modem connections | ''pppd'' |
| ''pppoe'' | PPP over Ethernet - DSL broadband connection | ''pppd'' + ''plugin rp-pppoe.so'' |
| ''pppoa'' | PPP over ATM - DSL connection using a builtin modem | ''pppd'' + plugin ... |
| ''3g'' | CDMA, UMTS or GPRS connection using an AT-style 3G modem | ''comgt'' |
| ''pptp'' | Connection via PPtP VPN | ? |
| ''6in4'' | IPv6-in-IPv4 tunnel for use with Tunnel Brokers like HE.net | ? |
| ''6to4'' | Stateless IPv6 over IPv4 transport | ? |
| ''none'' | Unspecified protocol | - |
Depending on the used //interface protocol// several other options may be required for a complete interface declaration.
The corresponding options for each protocol are listed below. Options marked as "yes" in the "Required" column //must// be defined in the interface section if the corresponding protocol is used, options marked as "no" //may// be defined but can be omitted as well.
=== Options valid for all protocol types ===
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''ifname'' | interface name(s) | yes(*) | //(none)// | Physical interface name to assign to this section, list of interfaces if type bridge is set.\\ //(*) This option may be empty or missing if only a wireless interface references this network or if the protocol type is ''pptp'', ''pppoa'' or ''6in4''// |
| ''type'' | string | no | //(none)// | If set to "bridge", a bridge containing the given //ifnames// is created |
| ''stp'' | boolean | no | ''0'' | Only valid for type "bridge", enables the Spanning Tree Protocol |
| ''macaddr'' | mac address | no | //(none)// | Override MAC address of this interface |
| ''mtu'' | number | no | //(none)// | Override the default MTU on this interface |
| ''auto'' | boolean | no | ''0'' for proto ''none'', else ''1'' | Specifies whether to bring up interface on boot |
| ''accept_ra'' | boolean | no | ''1'' for protocol ''dhcp'', else ''0'' | Specifies whether to accept IPv6 Router Advertisements on this interface |
| ''send_rs'' | boolean | no | ''1'' for protocol ''static'', else ''0'' | Specifies whether to send Router Solicitations on this interface |
=== Protocol "static" ===
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''ipaddr'' | ip address | yes, if no ''ip6addr'' is set | //(none)// | IP address |
| ''netmask'' | netmask | yes, if no ''ip6addr'' is set | //(none)// | Netmask |
| ''gateway'' | ip address | no | //(none)// | Default gateway |
| ''broadcast'' | ip address | no | //(none)// | Broadcast address (autogenerated if not set) |
| ''ip6addr'' | ipv6 address | yes, if no ''ipaddr'' is set | //(none)// | Assign given IPv6 address to this interface (CIDR notation) |
| ''ip6gw'' | ipv6 address | no | //(none)// | Assign given IPv6 default gateway to this interface |
| ''dns'' | list of ip addresses | no | //(none)// | DNS server(s) |
| ''metric'' | integer | no | ''0'' | Specifies the default route metric to use |
=== Protocol "dhcp" ===
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''gateway'' | string | no | //(none)// | Supresses DHCP-assigned default gateway if set to 0.0.0.0 |
| ''broadcast'' | boolean | no | ''0'' | Enable the broadcast flag in DHCP requests, required for certain ISPs, e.g. Charter with DOCSIS 3 |
| ''hostname'' | string | no | //(none)// | Hostname to include in DHCP requests |
| ''clientid'' | string | no | //system default// | Override client identifier in DHCP requests |
| ''vendorclass'' | string | no | //system default// | Override the vendor class in DHCP requests |
| ''dns'' | list of ip addresses | no | //(none)// | Override DHCP-assigned DNS server(s) |
| ''metric'' | integer | no | ''0'' | Specifies the default route metric to use |
| ''reqopts'' | list of strings | no | //(none)// | Specifies a list of additional DHCP options to request |
=== Protocol "ppp" (PPP over Modem) ===
:!: The package ''ppp'' must be installed to use PPP.
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''device'' | file path | yes | //(none)// | Modem device node |
| ''username'' | string | no(?) | //(none)// | Username for PAP/CHAP authentication |
| ''password'' | string | no(?) | //(none)// | Password for PAP/CHAP authentication |
| ''connect'' | file path | no | //(none)// | Path to custom PPP connect script |
| ''disconnect'' | file path | no | //(none)// | Path to custom PPP disconnect script |
| ''keepalive'' | number | no | //(none)// | Number of connection failures before reconnect |
| ''demand'' | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity |
| ''defaultroute'' | boolean | no | ''1'' | Replace existing default route on PPP connect |
| ''peerdns'' | boolean | no | ''1'' | Use peer-assigned DNS server(s) |
| ''dns'' | list of ip addresses | no | //(none)// | Override peer-assigned DNS server(s) |
| ''ipv6'' | boolean | no | ''0'' | Enable IPv6 on the PPP link |
| ''pppd_options'' | string | no | //(none)// | Additional command line arguments to pass to the pppd daemon |
=== Protocol "pppoe" (PPP over Ethernet) ===
:!: The package ''ppp-mod-pppoe'' must be installed to use PPPoE.
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''username'' | string | no(?) | //(none)// | Username for PAP/CHAP authentication |
| ''password'' | string | no(?) | //(none)// | Password for PAP/CHAP authentication |
| ''ac'' | string | no | //(none)// | Specifies the Access Concentrator to connect to. If unset, ''pppd'' uses the first discovered one |
| ''service'' | string | no | //(none)// | Specifies the Service Name to connect to, If unset, ''pppd'' uses the first discovered one |
| ''connect'' | file path | no | //(none)// | Path to custom PPP connect script |
| ''disconnect'' | file path | no | //(none)// | Path to custom PPP disconnect script |
| ''keepalive'' | number | no | //(none)// | Number of connection failures before reconnect |
| ''demand'' | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity |
| ''defaultroute'' | boolean | no | ''1'' | Replace existing default route on PPP connect |
| ''peerdns'' | boolean | no | ''1'' | Use peer-assigned DNS server(s) |
| ''dns'' | list of ip addresses | no | //(none)// | Override peer-assigned DNS server(s) |
| ''ipv6'' | boolean | no | ''0'' | Enable IPv6 on the PPP link |
| ''pppd_options'' | string | no | //(none)// | Additional command line arguments to pass to the pppd daemon |
=== Protocol "pppoa" (PPP over ATM AAL5) ===
:!: The package ''ppp-mod-pppoa'' must be installed to use PPPoA.
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''vci'' | number | no | ''35'' | PPPoA VCI |
| ''vpi'' | number | no | ''8'' | PPPoA VPI |
| ''atmdev'' | number | no | ''0'' | Specifies the ATM adapter number starting with 0. Most systems only have one ATM device and do not need this option |
| ''encaps'' | string | no | ''llc'' | PPPoA encapsulation mode: 'llc' (LLC) or 'vc' (VC) |
| ''username'' | string | no(?) | //(none)// | Username for PAP/CHAP authentication |
| ''password'' | string | no(?) | //(none)// | Password for PAP/CHAP authentication |
| ''connect'' | file path | no | //(none)// | Path to custom PPP connect script |
| ''disconnect'' | file path | no | //(none)// | Path to custom PPP disconnect script |
| ''keepalive'' | number | no | //(none)// | Number of connection failures before reconnect |
| ''demand'' | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity |
| ''defaultroute'' | boolean | no | ''1'' | Replace existing default route on PPP connect |
| ''peerdns'' | boolean | no | ''1'' | Use peer-assigned DNS server(s) |
| ''dns'' | list of ip addresses | no | //(none)// | Override peer-assigned DNS server(s) |
| ''ipv6'' | boolean | no | ''0'' | Enable IPv6 on the PPP link |
| ''pppd_options'' | string | no | //(none)// | Additional command line arguments to pass to the pppd daemon |
=== Protocol "3g" (PPP over EV-DO, CDMA, UMTS or GRPS) ===
:!: The package ''comgt'' must be installed to use 3G. Check [[doc:recipes:3gdongle]] for further help with that.
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''device'' | file path | yes | //(none)// | Modem device node |
| ''service'' | string | yes | ''umts'' | 3G service type: ''cdma''/''evdo'', ''umts''/''umts_only''/''gprs_only'' (...._only options limited to Novatel & Option cards and dongles) |
| ''apn'' | string | yes | //(none)// | Used APN |
| ''pincode'' | number | no | //(none)// | PIN code to unlock SIM card |
| ''maxwait'' | number | no | ''20'' | Number of seconds to wait for modem to become ready |
| ''username'' | string | no(?) | //(none)// | Username for PAP/CHAP authentication |
| ''password'' | string | no(?) | //(none)// | Password for PAP/CHAP authentication |
| ''keepalive'' | number | no | //(none)// | Number of connection failures before reconnect |
| ''demand'' | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity |
| ''defaultroute'' | boolean | no | ''1'' | Replace existing default route on PPP connect |
| ''peerdns'' | boolean | no | ''1'' | Use peer-assigned DNS server(s) |
| ''dns'' | list of ip addresses | no | //(none)// | Override peer-assigned DNS server(s) |
| ''ipv6'' | boolean | no | ''0'' | Enable IPv6 on the PPP link |
=== Protocol "pptp" (Point-to-Point Tunneling Protocol) ===
:!: The package ''pptp'' must be installed to use PPtP. There is a separate Howto for this: [[doc:howto:vpn.client.pptp]]. You need to have another section to configure the "parent" device, and you might need to add "" to your "wan" zone in the firewall ( being the "logical interface name" of this section).
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''server'' | ip address | yes | //(none)// | Remote PPtP server |
| ''username'' | string | no(?) | //(none)// | Username for PAP/CHAP authentication |
| ''password'' | string | no(?) | //(none)// | Password for PAP/CHAP authentication |
| ''buffering'' | boolean | no | ''1'' | Enables buffering and reordering of packets, ''0'' disables it (''--nobuffer'') |
| ''keepalive'' | integer | no | ? | Number of attempts to reconnect |
| ''iface'' | string | no(?) | ''pptp-'' | Name of the physical interface. Defaults to ''pptp-'' no matter what you use |
=== Protocol "6in4" (IPv6-in-IPv4 Tunnel) ===
:!: The package ''6in4'' must be installed to use this protocol.
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''ipaddr'' | IPv4 address | no | Current WAN IPv4 address | Local IPv4 endpoint address |
| ''peeraddr'' | IPv4 address | yes | //(none)// | Remote IPv4 endpoint address |
| ''ip6addr'' | IPv6 address (CIDR) | yes | //(none)// | Local IPv6 address delegated to the tunnel endpoint |
| ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route over the tunnel |
| ''ttl'' | integer | no | ''64'' | TTL used for the tunnel interface |
| ''mtu'' | integer | no | ''1280'' | MTU used for the tunnel interface |
| ''wan_device'' | string | no | //(none)// | Interface from where client IPv4 endpoint address is derived (used for endpoint update)|
| ''tunnelid'' | integer | no | //(none)// | HE.net global tunnel ID (used for endpoint update) |
| ''username'' | string | no | //(none)// | HE.net user ID (used for endpoint update) |
| ''password'' | string | no | //(none)// | HE.net password (used for endpoint update) |
| ''metric'' | integer | no | ''0'' | Specifies the default route metric to use |
**Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface sixbone'' would result in an interface named ''6in4-sixbone''.
=== Protocol "6to4" (IPv6-in-IPv4 Tunnel) ===
:!: The package ''6to4'' must be installed to use this protocol.
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''ipaddr'' | IPv4 address | no | Current WAN IPv4 address | Local IPv4 endpoint address |
| ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route over the tunnel |
| ''ttl'' | integer | no | ''64'' | TTL used for the tunnel interface |
| ''mtu'' | integer | no | ''1280'' | MTU used for the tunnel interface |
| ''adv_interface'' | string | no | ''lan'' | The //logical interface name// of the network the subnet should be advertised on. Multiple interface names can be given. |
| ''adv_subnet'' | hex number | no | ''1'' | A subnet ID between ''1'' and ''FFFF'' which selects the advertised /64 prefix from the mapped 6to4 space. The subnet ID is incremented by 1 for every interface specified in ''adv_interface''. |
| ''adv_valid_lifetime'' | integer | no | ''300'' | Overrides the advertised valid prefix lifetime, in seconds (see also [[doc:uci:radvd#prefix|radvd prefix options]]) |
| ''adv_preferred_lifetime'' | integer | no | ''120'' | Overrides the advertised preferred prefix lifetime, in seconds (see also [[doc:uci:radvd#prefix|radvd prefix options]]) |
| ''metric'' | integer | no | ''0'' | Specifies the default route metric to use |
**Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface wan6'' would result in an interface named ''6to4-wan6''. \\
**Note:** If [[doc:uci:radvd|radvd]] is installed an enabled, the 6to4 scripts will add a temporary prefix and interface declaration to the //radvd// uci configuration and perform a daemon restart if required.
=== Protocol "l2tp" (L2TP Pseudowire Tunnel) ===
:!: The package ''l2tpv3tun'' must be installed to use this protocol.\\
:!: This protocol is only supported on 2.6.35 and newer kernels.
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''localaddr'' | IPv4 address | yes, if no ''local6addr'' is set | //(none)// | Local IPv4 endpoint address |
| ''peeraddr'' | IPv4 address | yes, if no ''peer6addr'' is set | //(none)// | Remote IPv4 endpoint address |
| ''local6addr'' | IPv6 address | yes, if no ''localaddr'' is set | //(none)// | Local IPv6 endpoint address |
| ''peer6addr'' | IPv6 address | yes, if no ''peeraddr'' is set | //(none)// | Remote IPv6 endpoint address |
| ''encap'' | string | no | ''udp'' | L2TPv3 encapsulation mode, either ''ip'' or ''udp'' |
| ''sport'' | port number | no | ''1701'' | L2TPv3 source port, only applicable to UDP encapsulation |
| ''dport'' | port number | no | ''1701'' | L2TPv3 destination port, only applicable to UDP encapsulation |
| ''tunnel_id'' | integer | no | Next unused tunnel ID | Local L2TPv3 tunnel ID |
| ''peer_tunnel_id'' | integer | no | Value of ''tunnel_id'' | Remote L2TPv3 tunnel ID |
| ''session_id'' | integer | no | Next unused session ID | Local L2TPv3 session ID |
| ''peer_session_id'' | integer | no | Value of ''session_id'' | Remote L2TPv3 session ID |
| //Additionally all options defined for the ''static'' protocol type can be specified// |||||
=== Protocol "relay" (Relayd Pseudo Bridge) ===
:!: The package ''relayd'' must be installed to use this protocol.
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''network'' | list of //logical interface names// | yes | //(none)// | Specifies the networks between which traffic is relayed |
| ''gateway'' | IPv4 address | no | //(network default)// | Override the gateway address sent to clients within DHCP responses |
| ''expiry'' | integer | no | ''30'' | Host expiry timeout in seconds |
| ''retry'' | integer | no | ''5'' | Number of ARP ping retries before a host is considered dead |
| ''table'' | integer | no | ''16800'' | Table ID for automatically added routes |
| ''forward_bcast'' | boolean | no | ''1'' | Enables forwarding of broadcast traffic, ''0'' disables it |
| ''forward_dhcp'' | boolean | no | ''1'' | Enables forwarding of DHCP requests and responses, ''0'' disables it |
==== ATM Bridges (Ethernet over ATM AAL5) ====
:!: The package ''br2684ctl'' must be installed to use Ethernet over AAL5.
ATM bridges use a special config section called ''atm-bridge''.
Each ''atm-bridge'' section maps the specified ATM curcuit an ''atm#'' pseudo ethernet device which can
be used for example in conjunction with ''pppoe'' to establish a DSL connection to the ISP.
A typical bridge section looks like this:
config atm-bridge
option unit '0'
option vpi '8'
option vci '35'
* Unit ''0'' will let ''br2684ctl'' create a ''nas0'' pseudo device
* VPI ''0'' and VCI ''35'' specifies the circuit to bridge. Those values are ISP dependant.
The ''atm-bridge'' section allows the following options:
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''unit'' | number | yes | ''0'' | Specifies the br2684 interface number. If ommitted, ''0'' is assumed which would result in a ''nas0'' pseudo interface. |
| ''vci'' | number | no | ''35'' | PPPoA VCI |
| ''vpi'' | number | no | ''8'' | PPPoA VPI |
| ''atmdev'' | number | no | ''0'' | Specifies the ATM adapter number starting with 0. Most systems only have one ATM device and do not need this option |
| ''encaps'' | string | no | ''llc'' | PPPoA encapsulation mode: 'llc' (LLC) or 'vc' (VC) |
| ''payload'' | string | no | ''bridged'' | PPPoA forwarding mode: 'routed' or 'bridged' |
==== Aliases ====
//Alias// sections can be used to define further IPv4 and IPv6 addresses for interfaces.
They also allow combinations like DHCP on the main interface and a static IPv6 address in the alias,
for example to deploy IPv6 on wan while keeping normal internet connectivity.
Each interface can have multiple aliases attached to it.
A minimal alias declaration consists of the following lines:
config 'alias'
option 'interface' 'lan'
option 'proto' 'static'
option 'ipaddr' '10.0.0.1'
option 'netmask' '255.255.255.0'
* ''lan'' is the //logical interface name// of the parent interface
* ''static'' is the //alias interface protocol//
* ''10.0.0.1'' specifies the //alias ip address//
* ''255.255.255.0'' specifies the //alias netmask//
At the time of writing, only the ''static'' protocol type is allowed for aliases.
Defined options for ''alias'' sections are listed below.
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''interface'' | string | yes | //(none)// | Specifies the //logical interface name// of the parent (or master) interface this alias is belonging to, must refer to one of the defined ''interface'' sections |
| ''proto'' | string | yes | //(none)// | Specifies the //alias interface protocol// |
| ''ipaddr'' | ip address | yes, if no ''ip6addr'' is set | //(none)// | IP address |
| ''netmask'' | netmask | yes, if no ''ip6addr'' is set | //(none)// | Netmask |
| ''gateway'' | ip address | no | //(none)// | Default gateway |
| ''broadcast'' | ip address | no | //(none)// | Broadcast address (autogenerated if not set) |
| ''ip6addr'' | ipv6 address | yes, if no ''ipaddr'' is set | //(none)// | IPv6 address (CIDR notation) |
| ''ip6gw'' | ipv6 address | no | //(none)// | IPv6 default gateway |
| ''dns'' | list of ip addresses | no | //(none)// | DNS server(s) |
| ''layer'' | integer | no | ''3'' | Selects the interface to attach to for stacked protocols (tun over bridge over eth, ppp over eth or similar).\\ 3: attach to layer 3 interface (//tun*//, //ppp*// if parent is layer 3 else fallback to 2)\\ 2: attach to layer 2 interface (//br-*// if parent is bridge else fallback to layer 1)\\ 1: attach to layer 1 interface (//eth*//, //wlan*//) |
==== IPv4 Routes ====
It is possible to define arbitary //IPv4 routes// on specific interfaces using ''route'' sections. As for //aliases//, multiple sections can be attached to an interface.
A minimial example looks like this:
config 'route'
option 'interface' 'lan'
option 'target' '172.16.123.0'
option 'netmask' '255.255.255.0'
* ''lan'' is the //logical interface name// of the parent interface
* ''172.16.123.0'' is the //network address// of the route
* ''255.255.255.0'' specifies the //route netmask//
Legal options for //IPv4 routes// are:
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''interface'' | string | yes | //(none)// | Specifies the //logical interface name// of the parent (or master) interface this route is belonging to, must refer to one of the defined ''interface'' sections |
| ''target'' | ip address | yes | //(none)// | Network address |
| ''netmask'' | netmask | no | //(none)// | Route netmask. If ommitted, ''255.255.255.255'' is assumed which makes ''target'' a //host address// |
| ''gateway'' | ip address | no | //(none)// | Network gateway. If ommitted, the ''gateway'' from the parent interface is taken, if set to ''0.0.0.0'' no gateway will be specified for the route |
| ''metric'' | number | no | ''0'' | Specifies the //route metric// to use |
| ''mtu'' | number | no | //interface MTU// | Define a specific MTU for this route |
==== IPv6 Routes ====
//IPv6 routes// can be specified as well by defining one or more ''route6'' sections.
A minimial example looks like this:
config 'route6'
option 'interface' 'lan'
option 'target' '2001:0DB8:100:F00:BA3::1/64'
option 'gateway' '2001:0DB8:99::1'
* ''lan'' is the //logical interface name// of the parent interface
* ''2001:0DB8:100:F00:BA3::1/64'' is the routed //IPv6 subnet// in CIDR notation
* ''2001:0DB8:99::1'' specifies the //IPv6 gateway// for this route
Legal options for //IPv6 routes// are:
^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''interface'' | string | yes | //(none)// | Specifies the //logical interface name// of the parent (or master) interface this route is belonging to, must refer to one of the defined ''interface'' sections |
| ''target'' | ipv6 address | yes | //(none)// | IPv6 network address |
| ''gateway'' | ipv6 address | no | //(none)// | IPv6 gateway. If ommitted, the ''gateway'' from the parent interface is taken |
| ''metric'' | number | no | ''0'' | Specifies the //route metric// to use |
| ''mtu'' | number | no | //interface MTU// | Define a specific MTU for this route |
===== Examples =====
Below are a few examples for special, non-standard interface configurations.
==== Bridge without IP ====
config 'interface' 'example'
option 'type' 'bridge'
option 'proto' 'none'
option 'ifname' 'eth0 eth1'
option 'auto' '1'
==== DHCP without default gateway ====
config 'interface' 'example'
option 'proto' 'dhcp'
option 'ifname' 'eth0'
option 'gateway' '0.0.0.0'
==== DHCP and IPv6 ====
config 'interface' 'example'
option 'proto' 'dhcp'
option 'ifname' 'eth0'
config 'alias'
option 'interface' 'example'
option 'proto' 'static'
option 'ip6addr' '2001:0DB8:100:F00:BA3::1'
==== Static IP configuration and default gateway with non-zero metric ====
config 'interface' 'example'
option 'proto' 'static'
option 'ifname' 'eth0'
option 'ipaddr' '192.168.1.200'
option 'netmask' '255.255.255.0'
option 'dns' '192.168.1.1'
config 'route'
option 'interface' 'example'
option 'target' '0.0.0.0'
option 'netmask' '0.0.0.0'
option 'gateway' '192.168.1.1'
option 'metric' '100'
==== PPtP-over-PPPoE internet connection ====
config 'interface' 'wan'
option 'proto' 'pppoe'
option 'ifname' 'eth1'
option 'username' 'user'
option 'password' 'pass'
option 'timeout' '10'
config 'interface' 'vpn'
option 'proto' 'pptp'
option 'ifname' 'vpn'
option 'username' 'vpnuser'
option 'password' 'vpnpass'
option 'server' 'vpn.example.org'
:!: Additionally the "wan" firewall zone must include both interfaces in ''/etc/config/firewall'':
config 'zone'
option 'name' 'wan'
option 'network' 'wan vpn' # Important
option 'input' 'REJECT'
option 'forward' 'REJECT'
option 'output' 'ACCEPT'
option 'masq' '1'
==== Static IPv6-in-IPv4 tunnel ====
The example below illustrates a static tunnel configuration for the Hurricane Electric (he.net) broker.
Option ''ipaddr'' specifies the local IPv4 address, ''peeraddr'' is the broker IPv4 address and ''ip6addr'' the local IPv6 address routed via the tunnel.
config 'interface' 'henet'
option 'proto' '6in4'
option 'ipaddr' '178.24.115.19'
option 'peeraddr' '216.66.80.30'
option 'ip6addr' '2001:0DB8:1f0a:1359::2/64'
:!: To apply IPv6 firewall rules to the tunnel interface, add it to the "wan" zone in ''/etc/config/firewall'':
config 'zone'
option 'name' 'wan'
option 'network' 'wan henet' # Important
option 'input' 'REJECT'
option 'forward' 'REJECT'
option 'output' 'ACCEPT'
option 'masq' '1'
:!: If you define a new, dedicated [[doc/uci/firewall#zones|zone]] just for the tunnel interface,
make sure to set ''option conntrack 1'' in order to [[doc/uci/firewall#note.on.connection.tracking.notrack|force enabling connection tracking]],
otherwise [[doc/uci/firewall#forwardings|unidirectional forwarding rules]] will not work.
==== Dynamic IPv6-in-IPv4 tunnel (HE.net only) ====
The example below illustrates a dynamic tunnel configuration for the Hurricane Electric (he.net) broker with enabled IP update.
The local IPv4 address is automatically determined and tunnelid, username and password are provided for IP update.
config 'interface' 'henet'
option 'proto' '6in4'
option 'peeraddr' '216.66.80.30'
option 'ip6addr' '2001:0DB8:1f0a:1359::2/64'
option 'tunnelid' '12345'
option 'username' '098f6bcd4621d373cade4e832627b4f6'
option 'password' 'secret'
:!: To apply IPv6 firewall rules to the tunnel interface, add it to the "wan" firewall zone, see example above for details.
==== L2TPv3 Pseudowire bridged to LAN ====
This example establishes a Pseudowire Tunnel and bridges it to the LAN ports. The existing lan interface is reused with protocol ''l2tp'' instead of ''static''.
config 'interface' 'lan'
option 'proto' 'l2tp'
option 'type' 'bridge'
option 'ifname' 'eth0'
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'
option 'localaddr' '178.24.154.19'
option 'peeraddr' '89.44.33.61'
option 'encap' 'udp'
option 'sport' '4000'
option 'dport' '5410'
==== Relay between LAN and Wireless Station ====
This example setups a ''relayd'' pseudo bridge between a wireless client network and LAN, so that it works similar to the Broadcom Bridged Client mode.
Wireless configuration (excerpt):
config wifi-iface
option 'device' 'radio0'
option 'mode' 'sta'
option 'ssid' 'Some Wireless Network'
option 'encryption' 'psk2'
option 'key' '12345678'
option 'network' 'wwan'
Network configuration (excerpt):\\
:!: Note that the LAN subnet must be different from the one used by wireless network's DHCP.
config 'interface' 'lan'
option 'ifname' 'eth0.1'
option 'proto' 'static'
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'
config 'interface' 'wwan'
option 'proto' 'dhcp'
config 'interface' 'stabridge'
option 'proto' 'relay'
option 'network' 'lan wwan'
In contrast to true bridging, traffic forwarded in this manner is affected by firewall rules, therfore both the wireless client network and the lan network should be covered by the same LAN firewall zone with forward policy set to accept to allow traffic flow between both interfaces:
config 'zone'
option 'name' 'lan'
option 'network' 'lan wwan' # Important
option 'input' 'ACCEPT'
option 'forward' 'ACCEPT' # Important
option 'output' 'ACCEPT'
===== Network management =====
The complete network configuration can be re-applied by running ''/etc/init.d/network restart''. Individual interfaces can be brought up with ''ifup //name//'' or down with ''ifdown //name//'' where //name// corresponds to the //logical interface name// of the corresponding ''config interface'' section. An ''ifup'' implies a prior ''ifdown'' so there is no need to invoke both when reloading an interface.
Note that wireless interfaces are managed externally and ''ifup'' may break the relation to existing bridges. In such a case it is required to run ''wifi up'' after ''ifup'' in order to re-establish the bridge connection.
===== Determining Linux interface names =====
In order to derive a Linux interface name like ''eth1'' from a logical network name like ''wan'' for use in scripts or tools like ''ifconfig'' and ''route'' the ''uci'' utility can be used like illustrated in the ''iptables'' example below which opens port 22 on the interface.
WANIF=$(uci -P/var/state get network.wan.ifname)
iptables -I INPUT -i $WANIF -p tcp --dport 22 -j ACCEPT