Differences

This shows you the differences between two versions of the page.

doc:recipes:guest-wlan [2014/07/31 12:08]
kronick network and ssid names swapped
doc:recipes:guest-wlan [2014/11/27 00:08] (current)
giner fix script: remove newline
Line 9: Line 9:
  * [[http://jwalanta.blogspot.com/2012/03/multiple-ssid-on-openwrt-with-bandwidth.html|Limiting bandwidth of the guest connection]]   * [[http://jwalanta.blogspot.com/2012/03/multiple-ssid-on-openwrt-with-bandwidth.html|Limiting bandwidth of the guest connection]]
-===== Configuration =====+===== Configuration manually =====
The changes below assume an OpenWrt default configuration, the relevant files are: The changes below assume an OpenWrt default configuration, the relevant files are:
Line 254: Line 254:
**Also note:** The ''downlink'' and ''uplink'' limits are //reversed// from what one might expect, as the data is flowing in the opposite direction from wshaper's usual (wan) interface. **Also note:** The ''downlink'' and ''uplink'' limits are //reversed// from what one might expect, as the data is flowing in the opposite direction from wshaper's usual (wan) interface.
 +
 +===== Configuration by shell script =====
 +
 +  * Here is an example of a shell script with minimal settings required to setup guest wifi. You need to reboot router when script finishes.
 +<code bash>
 +#!/bin/sh
 +
 +# This is supposed to be run on openwrt
 +
 +# Written by Stanislav German-Evtushenko, 2014
 +# Based on http://wiki.openwrt.org/doc/uci/firewall
 +
 +# Configure guest network
 +uci delete network.guest
 +uci set network.guest=interface
 +uci set network.guest.proto=static
 +uci set network.guest.ipaddr=192.168.101.21
 +uci set network.guest.netmask=255.255.255.0
 +
 +# Configure guest Wi-Fi
 +uci delete wireless.guest
 +uci set wireless.guest=wifi-iface
 +uci set wireless.guest.device=radio0
 +uci set wireless.guest.mode=ap
 +uci set wireless.guest.network=guest
 +uci set wireless.guest.ssid=openwireless.org
 +uci set wireless.guest.encryption=none
 +
 +# Configure DHCP for guest network
 +uci delete dhcp.guest
 +uci set dhcp.guest=dhcp
 +uci set dhcp.guest.interface=guest
 +uci set dhcp.guest.start=50
 +uci set dhcp.guest.limit=200
 +uci set dhcp.guest.leasetime=1h
 +
 +# Configure firewall for guest network
 +## Configure guest zone
 +uci delete firewall.guest_zone
 +uci set firewall.guest_zone=zone
 +uci set firewall.guest_zone.name=guest
 +uci set firewall.guest_zone.network=guest
 +uci set firewall.guest_zone.input=REJECT
 +uci set firewall.guest_zone.forward=REJECT
 +uci set firewall.guest_zone.output=ACCEPT
 +## Allow Guest -> Internet
 +uci delete firewall.guest_forwarding
 +uci set firewall.guest_forwarding=forwarding
 +uci set firewall.guest_forwarding.src=guest
 +uci set firewall.guest_forwarding.dest=wan
 +## Allow DNS Guest -> Router
 +uci delete firewall.guest_rule_dns
 +uci set firewall.guest_rule_dns=rule
 +uci set firewall.guest_rule_dns.name='Allow DNS Queries'
 +uci set firewall.guest_rule_dns.src=guest
 +uci set firewall.guest_rule_dns.dest_port=53
 +uci set firewall.guest_rule_dns.proto=udp
 +uci set firewall.guest_rule_dns.target=ACCEPT
 +## Allow DHCP Guest -> Router
 +uci delete firewall.guest_rule_dhcp
 +uci set firewall.guest_rule_dhcp=rule
 +uci set firewall.guest_rule_dhcp.name='Allow DHCP request'
 +uci set firewall.guest_rule_dhcp.src=guest
 +uci set firewall.guest_rule_dhcp.src_port=68
 +uci set firewall.guest_rule_dhcp.dest_port=67
 +uci set firewall.guest_rule_dhcp.proto=udp
 +uci set firewall.guest_rule_dhcp.target=ACCEPT
 +
 +uci commit
 +</code>
 +  * OPTIONAL: The following script installs and configures traffic shaper.
 +<code bash>
 +#!/bin/sh
 +
 +opkg install wshaper
 +uci delete wshaper.settings
 +uci set wshaper.settings=wshaper
 +uci set wshaper.settings.network=guest
 +uci set wshaper.settings.uplink=2000
 +uci set wshaper.settings.downlink=500
 +/etc/init.d/wshaper enable
 +/etc/init.d/wshaper start
 +
 +# Applying settings on ifup (missing from wshaper package: https://github.com/openwrt/packages/issues/565)
 +echo -e '#!/bin/sh\n\n[ "$ACTION" = ifup ] && /etc/init.d/wshaper enabled && /etc/init.d/wshaper start || exit 0' > /etc/hotplug.d/iface/10-wshaper
 +</code>
===== Apply changes ===== ===== Apply changes =====

Back to top

doc/recipes/guest-wlan.1406801322.txt.bz2 · Last modified: 2014/07/31 12:08 by kronick