User Tools

Site Tools


doc:uci:network

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:uci:network [2013/02/12 09:32]
steven
doc:uci:network [2014/12/18 16:43] (current)
pier4r [Aliases: the new way]
Line 1: Line 1:
 ====== Network configuration ====== ====== Network configuration ======
-The central network configuration is located in ''/​etc/​config/​network''​. +The central network configuration is located in the file ''/​etc/​config/​network''​. ​This configuration file is responsible for defining //switch VLANs//, //interface configurations//​ and //network routes//. After editing and saving ''/​etc/​config/​network''​ you need to execute ​<​code>​/etc/init.d/network reload</​code>​ to stop and restart the network before any changes take effectRebooting the router is not necessary.
-<​code>​ +
-config interface loopback +
-        option ifname ​  lo +
-        option proto    static +
-        option ipaddr ​  127.0.0.1 +
-        option netmask ​ 255.0.0.0+
  
-config interface lan +  ​* https://dev.openwrt.org/​browser/​branches/​attitude_adjustment/​package/​base-files/​files/​etc/​config/​network 
-        option ifname ​  ​eth0 +  ​* https://dev.openwrt.org/​browser/​trunk/​package/​base-files/​files/​etc/​config/​network
-        option type     ​bridge +
-        option proto    static +
-        option ipaddr ​  ​192.168.1.1 +
-        ​option netmask ​ 255.255.255.0+
  
-config interface wan +Feel free to inform yourself about [[doc/techref/netifd|netifd]] (Network Interface Daemon).
-        option '​ifname'​ '​eth0.2'​ +
-        option '​proto'​ '​pppoe'​ +
-        option '​username'​ '​szabozsolt-em'​ +
-        option '​password'​ '​M3IuWBt4'​ +
- +
-config switch eth0 +
-        option enable_vlan ​     1 +
- +
-config switch_vlan +
-        option device ​  ​eth0 +
-        option vlan     1 +
-        option ports    "0 1 2 3 4" +
-</​code>​ +
-This is the default configuration file for Backfire on a D-link Dir-601 Rev.A and typical example of a basic network setup. +
-This configuration file is responsible for defining //switch VLANs//, //interface configurations//​ and //network routes//. +
- +
-**''​Hint:''​** After editing and saving ''/​etc/​config/​network''​ you need to execute +
-<​code>​ +
-/etc/init.d/​network restart +
-</​code>​ +
-to stop and restart the network before any changes take effect. Rebooting the router will have the same effect but is not necessary.+
  
 ===== Sections ===== ===== Sections =====
Line 49: Line 18:
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''​ula_prefix''​ | IPv6-prefix | no | //(none)// | IPv6 ULA-Prefix for this device |+| ''​ula_prefix''​ | IPv6-prefix | no | //(none)// | IPv6 [[wp>​Unique local address|ULA]]-Prefix for this device |
  
 ==== Switch ==== ==== Switch ====
 +The ''​switch''​ section is responsible for partitioning the switch into several //VLANs// which appear as independent interfaces in the system although they share the same hardware. Not every OpenWrt supported device has a programmable switch, therefore this section might not be present on some platforms. Please also note, that some switches only support 4Bit-VLANs.
  
-The ''​switch''​ section is responsible for partitioning the switch into several //VLANs// which appear as independent interfaces in the system although they share the same hardware. Not every OpenWrt supported device has a programmable switch, therefore this section might not be present on some platforms. +There are currently two different configuration formats in use, one for the legacy ''/​proc/​switch/''​ API and one for the newer ''​[[doc/techref/swconfig|swconfig]]''​-based switch ​configuration.
- +
-There are currently two different configuration formats in use, one for the legacy ''/​proc/​switch/''​ API and one for the newer //swconfig// based switch ​infrastructure.+
  
 === /​proc/​switch === === /​proc/​switch ===
- +This variant is actually ​only found on Broadcom devices like the WRT54GL.
-This variant is only found on Broadcom devices like the WRT54GL.+
  
 A typical configuration for it looks like this: A typical configuration for it looks like this:
Line 72: Line 39:
  
 === swconfig === === swconfig ===
 +The newer ''​[[doc/​techref/​swconfig|swconfig]]''​-framework is intended to replace the legacy switch configuration.
  
-The newer //​swconfig//​ framework is intended to replace the legacy switch configuration. +Configuration ​for swconfig ​have a slightly ​different structure with one extra section per VLAN.
- +
-The typical filepath ​for the config is ''/​etc/​config/​network''​ +
- +
-//​Swconfig//​ based configurations ​have a different structure with one extra section per vlan.+
 The example below shows a typical configuration:​ The example below shows a typical configuration:​
 <​code>​config '​switch'​ '​eth0'​ <​code>​config '​switch'​ '​eth0'​
Line 95: Line 59:
 Common properties are defined within the ''​switch''​ section; vlan specific properties are located in additional ''​switch_vlan''​ sections linked to the ''​switch''​ section through the ''​device''​ option. Common properties are defined within the ''​switch''​ section; vlan specific properties are located in additional ''​switch_vlan''​ sections linked to the ''​switch''​ section through the ''​device''​ option.
 The complete layout is explained in the [[doc:​uci:​network::​switch|switch documentation]]. The complete layout is explained in the [[doc:​uci:​network::​switch|switch documentation]].
-==== Interfaces ==== 
  
 +
 +==== Interfaces ====
 Sections of the type ''​interface''​ declare logical networks serving as containers for IP address settings, [[doc:​uci:​network#​aliases|aliases]],​ [[doc:​uci:​network#​ipv4.routes|routes]],​ physical interface names and [[doc:​uci:​firewall#​zones|firewall rules]] - they play a central role within the OpenWrt configuration concept. Sections of the type ''​interface''​ declare logical networks serving as containers for IP address settings, [[doc:​uci:​network#​aliases|aliases]],​ [[doc:​uci:​network#​ipv4.routes|routes]],​ physical interface names and [[doc:​uci:​firewall#​zones|firewall rules]] - they play a central role within the OpenWrt configuration concept.
  
Line 119: Line 84:
 | ''​pppoa''​ | PPP over ATM - DSL connection using a builtin modem |  ''​pppd''​ + plugin ...  | | ''​pppoa''​ | PPP over ATM - DSL connection using a builtin modem |  ''​pppd''​ + plugin ...  |
 | ''​3g''​ | CDMA, UMTS or GPRS connection using an AT-style 3G modem |  ''​comgt'' ​ | | ''​3g''​ | CDMA, UMTS or GPRS connection using an AT-style 3G modem |  ''​comgt'' ​ |
 +| ''​qmi''​ | USB modems using QMI protocol |  ''​uqmi'' ​ |
 +| ''​hnet''​ | Self-managing home network (HNCP) |  ''​hnet-full'' ​ |
 | ''​pptp''​ | Connection via PPtP VPN |  ?  | | ''​pptp''​ | Connection via PPtP VPN |  ?  |
-| ''​6in4''​ | IPv6-in-IPv4 tunnel ​for use with Tunnel Brokers like HE.net |  ?  |+| ''​6in4''​ | IPv6-in-IPv4 tunnel ​forSuppresses DHCP-assigned default gateway if set to 0.0.0.0 ​use with Tunnel Brokers like HE.net |  ?  | 
 +| ''​aiccu''​ | Anything-in-anything tunnel ​ |  ''​aiccu'' ​ |
 | ''​6to4''​ | Stateless IPv6 over IPv4 transport |  ?  | | ''​6to4''​ | Stateless IPv6 over IPv4 transport |  ?  |
 +| ''​6rd''​ | IPv6 rapid deployment |  ''​6rd'' ​ |
 +| ''​dslite''​ | Dual-Stack Lite |  ''​ds-lite'' ​ |
 +| ''​l2tp''​ | PPP over L2TP Pseudowire Tunnel |  ''​xl2tpd'' ​ |
 +| ''​relay''​ | relayd pseudo-bridge |  ''​relayd'' ​ |
 +| ''​gre'',​ ''​gretap''​ | GRE over IPv4 |  ''​gre''​ + ''​kmod-gre'' ​ |
 +| ''​grev6'',​ ''​grev6tap''​ | GRE over IPv6 |  ''​gre''​ + ''​kmod-gre6'' ​ |
 | ''​none''​ | Unspecified protocol |  -  | | ''​none''​ | Unspecified protocol |  -  |
  
Line 131: Line 105:
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
 | ''​ifname''​ | interface name(s) | yes(*) | //(none)// | Physical interface name to assign to this section, list of interfaces if type bridge is set.\\ //(*) This option may be empty or missing if only a wireless interface references this network or if the protocol type is ''​pptp'',​ ''​pppoa''​ or ''​6in4''//​ | | ''​ifname''​ | interface name(s) | yes(*) | //(none)// | Physical interface name to assign to this section, list of interfaces if type bridge is set.\\ //(*) This option may be empty or missing if only a wireless interface references this network or if the protocol type is ''​pptp'',​ ''​pppoa''​ or ''​6in4''//​ |
-| ''​type''​ | string | no | //(none)// | If set to "​bridge",​ a bridge containing the given //ifnames// is created |+| ''​type''​ | string | no | //(none)// | If set to "​bridge",​ a bridge containing the given //ifnames// is created\\ [[https://​forum.openwrt.org/​viewtopic.php?​pid=203784#​p203784|Wlan interface names are not predictable,​ therfore you cannot reference them directly in the network config]] ​|
 | ''​stp''​ | boolean | no | ''​0''​ | Only valid for type "​bridge",​ enables the Spanning Tree Protocol | | ''​stp''​ | boolean | no | ''​0''​ | Only valid for type "​bridge",​ enables the Spanning Tree Protocol |
 +| ''​bridge_empty''​ | boolean | no | ''​0''​ | Only valid for type "​bridge",​ enables creating empty bridges |
 +| ''​igmp_snooping''​ | boolean | no | ''​1''​ | Only valid for type "​bridge",​ sets the multicast_snooping kernel setting for a bridge |
 | ''​macaddr''​ | mac address | no | //(none)// | Override MAC address of this interface | | ''​macaddr''​ | mac address | no | //(none)// | Override MAC address of this interface |
 | ''​mtu''​ | number | no | //(none)// | Override the default MTU on this interface | | ''​mtu''​ | number | no | //(none)// | Override the default MTU on this interface |
 | ''​auto''​ | boolean | no | ''​0''​ for proto ''​none'',​ else ''​1''​ | Specifies whether to bring up interface on boot | | ''​auto''​ | boolean | no | ''​0''​ for proto ''​none'',​ else ''​1''​ | Specifies whether to bring up interface on boot |
-| ''​accept_ra''​ | boolean | no | ''​1''​ for protocol ''​dhcp'',​ else ''​0''​ | Specifies whether to accept IPv6 Router Advertisements on this interface | +| ''​ipv6''​ | boolean | no | ''​1''​ | Specifies whether to enable (1) or disable (0) IPv6 on this interface (Barrier Braker and later only) | 
-| ''​send_rs''​ | boolean | no | ''​1''​ for protocol ''​static'',​ else ''​0''​ | Specifies whether to send Router Solicitations on this interface |+| ''​accept_ra''​ | boolean | no | ''​1''​ for protocol ''​dhcp'',​ else ''​0''​ | **deprecated:​** ​Specifies whether to accept IPv6 Router Advertisements on this interface ​(On Attitude Adjustment 12.09 and earlier versions) ​
 +| ''​send_rs''​ | boolean | no | ''​1''​ for protocol ''​static'',​ else ''​0''​ | **deprecated:​** ​Specifies whether to send Router Solicitations on this interface ​(On Attitude Adjustment 12.09 and earlier versions) ​|
  
 === Protocol "​static"​ === === Protocol "​static"​ ===
Line 148: Line 125:
 | ''​ip6addr''​ | ipv6 address | yes, if no ''​ipaddr''​ is set | //(none)// | Assign given IPv6 address to this interface (CIDR notation) | | ''​ip6addr''​ | ipv6 address | yes, if no ''​ipaddr''​ is set | //(none)// | Assign given IPv6 address to this interface (CIDR notation) |
 | ''​ip6gw''​ | ipv6 address | no | //(none)// | Assign given IPv6 default gateway to this interface | | ''​ip6gw''​ | ipv6 address | no | //(none)// | Assign given IPv6 default gateway to this interface |
-| ''​ip6assign''​ | prefix length | no | //(none)// | Delegate a prefix of given length to this interface (Barrier Breaker and later only) | +| ''​ip6assign''​ | prefix length | no | //(none)// | Delegate a [[[[network6#​downstream.configuration.for.lan-interfaces|prefix of given length]] to this interface ​(Barrier Breaker and later only) | 
-| ''​ip6prefix''​ | ipv6 prefix | no | //(none)// | Routed ​IPv6 prefix for downstream ​interfaces (Barrier Breaker and later only) |+| ''​ip6hint''​ | prefix hint (hex) | no | //(none)// | [[network6#​downstream.configuration.for.lan-interfaces|Hint the subprefix-ID]] that should be delegeted as hexadecimal number ​(Barrier Breaker and later only) |  
 +| ''​ip6prefix''​ | ipv6 prefix | no | //(none)// | IPv6 prefix ​routed here for use on other interfaces (Barrier Breaker and later only) 
 +| ''​ip6class''​ | list of strings | no | //(none)// | Define the IPv6 prefix-classes this interface will accept ​|
 | ''​dns''​ | list of ip addresses | no | //(none)// | DNS server(s) | | ''​dns''​ | list of ip addresses | no | //(none)// | DNS server(s) |
 +| ''​dns_search''​ | list of domain names | no | //(none)// | Search list for host-name lookup |
 | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use | | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use |
 +| ''​force_link''​ | integer | no | ''​0''​ | Specifies whether ip address, route, and optionally gateway are assigned to the interface regardless of the link being active ('​1'​) or only after the link has become active ('​0'​);​ in trunk since the introduction of netifd; in case of a wireless interface the default is '​1'​ for an AP and '​0'​ for a STA. |
  
 === Protocol "​dhcp"​ === === Protocol "​dhcp"​ ===
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''​gateway''​ | string | no | //(none)// | Suppresses DHCP-assigned default gateway if set to 0.0.0.0 |+| ''​<del>gateway</​del>​''​ | <del>string</​del> ​<del>no</​del> ​<del>//(none)//</​del> ​<del>Suppresses DHCP-assigned default gateway if set to 0.0.0.0</​del>​ \\ (deprecated) ​|
 | ''​broadcast''​ | boolean | no | ''​0''​ | Enable the broadcast flag in DHCP requests, required for certain ISPs, e.g. Charter with DOCSIS 3 | | ''​broadcast''​ | boolean | no | ''​0''​ | Enable the broadcast flag in DHCP requests, required for certain ISPs, e.g. Charter with DOCSIS 3 |
 | ''​hostname''​ | string | no | //(none)// | Hostname to include in DHCP requests | | ''​hostname''​ | string | no | //(none)// | Hostname to include in DHCP requests |
Line 163: Line 144:
 | ''​dns''​ | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 | | ''​dns''​ | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 |
 | ''​peerdns''​ | boolean | no | ''​1''​ | Use DHCP-provided DNS server(s) | | ''​peerdns''​ | boolean | no | ''​1''​ | Use DHCP-provided DNS server(s) |
 +| ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create a default route via the received gateway |
 | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use | | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use |
 | ''​reqopts''​ | list of strings | no | //(none)// | Specifies a list of additional DHCP options to request | | ''​reqopts''​ | list of strings | no | //(none)// | Specifies a list of additional DHCP options to request |
 +| ''​iface6rd''​ | logical interface | no | //(none)// | Logical interface template for auto-configuration of 6rd |
 +
 +**Note:** To automatically configure 6rd from dhcp you need to create an interface with ''​option auto 0''​ and put its name as the '​iface6rd'​ parameter. In addition you also need to add its name to a suitable firewall zone in /​etc/​config/​firewall.
  
 === Protocol "​dhcpv6"​ === === Protocol "​dhcpv6"​ ===
Line 172: Line 157:
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
 | ''​reqaddress''​ | [try,​force,​none] | no | try | Behaviour for requesting addresses | | ''​reqaddress''​ | [try,​force,​none] | no | try | Behaviour for requesting addresses |
-| ''​reqprefix''​ | [auto,​no,​0-64] | no | auto | Behaviour for requesting prefixes (numbers denote hinted prefix length) | +| ''​reqprefix''​ | [auto,​no,​0-64] | no | auto | Behaviour for requesting prefixes (numbers denote hinted prefix length).  Use '​no'​ if you only want a single IPv6 address for the AP itself without a subnet for routing ​
-| ''​clientid''​ | string ​| no | //system default// | Override client identifier in DHCP requests |+| ''​clientid''​ | hexstring ​| no | //system default// | Override client identifier in DHCP requests ​
 +| ''​ifaceid''​ | ipv6 addr | no | //​link-local identifier//​ | Override the interface identifier for adresses received via RA |
 | ''​dns''​ | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 | | ''​dns''​ | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 |
 | ''​peerdns''​ | boolean | no | ''​1''​ | Use DHCP-provided DNS server(s) | | ''​peerdns''​ | boolean | no | ''​1''​ | Use DHCP-provided DNS server(s) |
 +| ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route via the received gateway |
 | ''​reqopts''​ | list of numbers | no | //(none)// | Specifies a list of additional DHCP options to request | | ''​reqopts''​ | list of numbers | no | //(none)// | Specifies a list of additional DHCP options to request |
 | ''​noslaaconly''​ | boolean | no | ''​0''​ | Don't allow configuration via SLAAC (RAs) only (implied by reqprefix != no) | | ''​noslaaconly''​ | boolean | no | ''​0''​ | Don't allow configuration via SLAAC (RAs) only (implied by reqprefix != no) |
 +| ''​norelease''​ | boolean | no | ''​0''​ | Don't send a RELEASE when the interface is brought down |
 | ''​ip6prefix''​ | ipv6 prefix | no | //(none)// | Use an (additional) user-provided IPv6 prefix for distribution to clients | | ''​ip6prefix''​ | ipv6 prefix | no | //(none)// | Use an (additional) user-provided IPv6 prefix for distribution to clients |
 +| ''​iface_dslite''​ | logical interface | no | //(none)// | Logical interface template for auto-configuration of DS-Lite |
 +
 +**Note:** To automatically configure ds-lite from dhcpv6 you need to create an interface with ''​option auto 0''​ and put its name as the '​iface_dslite'​ parameter. In addition you also need to add its name to a suitable firewall zone in /​etc/​config/​firewall.
  
 === Protocol "​ppp"​ (PPP over Modem) === === Protocol "​ppp"​ (PPP over Modem) ===
Line 190: Line 181:
 | ''​connect''​ | file path | no | //(none)// | Path to custom PPP connect script | | ''​connect''​ | file path | no | //(none)// | Path to custom PPP connect script |
 | ''​disconnect''​ | file path | no | //(none)// | Path to custom PPP disconnect script | | ''​disconnect''​ | file path | no | //(none)// | Path to custom PPP disconnect script |
-| ''​keepalive''​ | number | no | //(none)// | Number of connection failures ​before ​reconnect ​|+| ''​keepalive''​ | number | no | //(none)// | Number of unanswered echo requests ​before ​considering the peer dead. The interval between echo requests is 5 seconds. ​|
 | ''​demand''​ | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity | | ''​demand''​ | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity |
 | ''​defaultroute''​ | boolean | no | ''​1''​ | Replace existing default route on PPP connect | | ''​defaultroute''​ | boolean | no | ''​1''​ | Replace existing default route on PPP connect |
Line 242: Line 233:
  
 :!: The package ''​comgt''​ must be installed to use 3G. Check [[doc:​recipes:​3gdongle]] for further help with that. :!: The package ''​comgt''​ must be installed to use 3G. Check [[doc:​recipes:​3gdongle]] for further help with that.
 +
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
Line 258: Line 250:
 | ''​ipv6''​ | boolean | no | ''​0''​ | Enable IPv6 on the PPP link | | ''​ipv6''​ | boolean | no | ''​0''​ | Enable IPv6 on the PPP link |
  
 +
 +=== Protocol "​qmi"​ (USB modems using QMI protocol) ===
 +
 +:!: The package ''​uqmi''​ must be installed to use QMI.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​device''​ | file path | yes | //(none)// | QMI device node, typically /​dev/​cdc-wdm0 |
 +| ''​apn''​ | string | yes | //(none)// | Used APN |
 +| ''​pincode''​ | number | no | //(none)// | PIN code to unlock SIM card |
 +| ''​username''​ | string | no | //(none)// | Username for PAP/CHAP authentication |
 +| ''​password''​ | string | no | //(none)// | Password for PAP/CHAP authentication |
 +| ''​auth''​ | string | no | //(none)// | Authentication type: pap, chap, both, none|
 +| ''​modes''​ | string | no | //(modem default)// | Allowed network modes, comma separated list of: all, lte, umts, gsm, cdma, td-scdma |
 +| ''​delay''​ | number | no | 0 | Seconds to wait before trying to interact with the modem (some ZTE modems require up to 30 s.)|
 +
 +=== Protocol "​hnet"​ (Self-managing home network (HNCP)) ===
 +
 +:!: The package ''​hnet-full''​ must be installed to use hnet.
 +:!: See http://​tools.ietf.org/​html/​draft-ietf-homenet-hncp for details.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​mode''​ | string | no | auto | Interface mode. One of external, guest, adhoc or hybrid. |
 +| ''​ip6assign''​ | integer | no | 64 | IPv6-prefix size to assign to this interface if internal. |
 +| ''​ip4assign''​ | integer | no | 24 | IPv4-prefix size to assign to this interface if internal. |
 +| ''​dnsname''​ | string | no | <​device-name>​ | DNS-Label to assign to interface. |
  
 === Protocol "​pptp"​ (Point-to-Point Tunneling Protocol) === === Protocol "​pptp"​ (Point-to-Point Tunneling Protocol) ===
Line 280: Line 297:
 | ''​ip6addr''​ | IPv6 address (CIDR) | yes | //(none)// | Local IPv6 address delegated to the tunnel endpoint | | ''​ip6addr''​ | IPv6 address (CIDR) | yes | //(none)// | Local IPv6 address delegated to the tunnel endpoint |
 | ''​ip6prefix''​ | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces (Barrier Breaker and later only) | | ''​ip6prefix''​ | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces (Barrier Breaker and later only) |
 +| ''​sourcerouting''​ | boolean | no | ''​1''​ | Whether to route only packets from delegated prefixes (Barrier Breaker and later only) |
 | ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel | | ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel |
 | ''​ttl''​ | integer | no | ''​64''​ | TTL used for the tunnel interface | | ''​ttl''​ | integer | no | ''​64''​ | TTL used for the tunnel interface |
 +| ''​tos''​ | string | no | //(none)// | Type Of Service : either "​inherit"​ (the outer header inherits the value of the inner header) or an hexadecimal value (Chaos Calmer and later only) |
 | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface | | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface |
-| ''​wan_device''​ | string | no | //(none)// | Interface from where client IPv4 endpoint address is derived (used for endpoint update)| 
 | ''​tunnelid''​ | integer | no | //(none)// | HE.net global tunnel ID (used for endpoint update) | | ''​tunnelid''​ | integer | no | //(none)// | HE.net global tunnel ID (used for endpoint update) |
-| ''​username''​ | string | no | //(none)// | HE.net ​user ID (used for endpoint update) | +| ''​username''​ | string | no | //(none)// | HE.net ​username which you use to login into tunnelbroker,​ not the User ID shows after you have login int  ​(used for endpoint update) | 
-| ''​password''​ | string | no | //(none)// | md5sum of HE.net password (used for endpoint update) |+| ''​password''​ | string | no | //(none)// | <del>md5sum of</​del>​ HE.net password (used for endpoint update) | 
 +| ''​updatekey''​ | string | no | //(none)// | HE.net ​updatekey, overrides ​password (used for endpoint update) |
 | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use | | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use |
  
 **Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface sixbone''​ would result in an interface named ''​6in4-sixbone''​. **Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface sixbone''​ would result in an interface named ''​6in4-sixbone''​.
  
 +**Note:** HE.net has introduced updatekey as default for new tunnels in February 2014. Support added to Openwrt trunk by r39646.
 +
 +**Note:** as of r41358 **username**,​ **password** and **updatekey** are all plaintext entries.
 +
 +**Note:** although ip6prefix isn't required, sourcerouting,​ enabled by default, will prevent forwarding of packets unless ip6prefix is specified.
 +
 +=== Protocol "​aiccu"​ (Automatic IPv6 Connectivity Client Utility) ===
 +
 +:!: The package ''​aiccu''​ must be installed to use this protocol.
 +
 +:!: This protocol is avaliable for Barrier Breaker and newer versions only.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​username''​ | string | yes | //(none)// | Server username |
 +| ''​password''​ | string | yes | //(none)// | Server password |
 +| ''​protocol''​ | string | no | //(none)// | Tunnel setup protocol to use (''​tic'',​ ''​tsp'',​ ''​l2tp''​) ​ |
 +| ''​server''​ | string | no | ''​tic.sixxs.net''​ | Tunnel setup server to use |
 +| ''​ip6addr''​ | IPv6 address (CIDR) | no | //(none)// | Local IPv6 address delegated to the tunnel endpoint (not necessary) |
 +| ''​ntpsynctimeout''​ | integer | no | ''​90''​ | Wait for NTP sync that many seconds ([[https://​github.com/​openwrt/​packages/​pull/​579|available since aiccu 20070115-12]]) ​ |
 +| ''​tunnelid''​ | integer | no | //(none)// | TIC server tunnel ID |
 +| ''​ip6prefix''​ | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces |
 +| ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel |
 +| ''​sourcerouting''​ | boolean | no | ''​1''​ | Whether to route only packets from delegated prefixes |
 +| ''​tunnelid''​ | integer | no | //(none)// | TIC server tunnel ID |
 +| ''​requiretls''​ | boolean | no | ''​0''​ | Require TLS connection to TIC server|
 +| ''​nat''​ | boolean | no | ''​1''​ | Notify the user that a NAT-kind network is detected|
 +| ''​heartbeat''​ | boolean | no | ''​1''​ | Make heartbeats |
 +| ''​verbose''​ | boolean | no | ''​0''​ | Verbose logging to system log|
 +
 +**Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface sixbone''​ would result in an interface named ''​aiccu-sixbone''​.
  
 === Protocol "​6to4"​ (IPv6-in-IPv4 Tunnel) === === Protocol "​6to4"​ (IPv6-in-IPv4 Tunnel) ===
Line 300: Line 349:
 | ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel | | ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel |
 | ''​ttl''​ | integer | no | ''​64''​ | TTL used for the tunnel interface | | ''​ttl''​ | integer | no | ''​64''​ | TTL used for the tunnel interface |
 +| ''​tos''​ | string | no | //(none)// | Type Of Service : either "​inherit"​ (the outer header inherits the value of the inner header) or an hexadecimal value (Chaos Calmer and later only) |
 | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface | | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface |
-| ''​adv_interface''​ | string | no | ''​lan''​ | The //logical interface name// of the network the subnet should be advertised on. Multiple interface names can be given. | 
-| ''​adv_subnet''​ | hex number | no | ''​1''​ | A subnet ID between ''​1''​ and ''​FFFF''​ which selects the advertised /64 prefix from the mapped 6to4 space. The subnet ID is incremented by 1 for every interface specified in ''​adv_interface''​. ​ | 
-| ''​adv_valid_lifetime''​ | integer | no | ''​300''​ | Overrides the advertised valid prefix lifetime, in seconds (see also [[doc:​uci:​radvd#​prefix|radvd prefix options]]) | 
-| ''​adv_preferred_lifetime''​ | integer | no | ''​120''​ | Overrides the advertised preferred prefix lifetime, in seconds (see also [[doc:​uci:​radvd#​prefix|radvd prefix options]]) | 
 | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use | | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use |
 +| ''​adv_interface''​ | string | no | ''​lan''​ | (deprecated) The //logical interface name// of the network the subnet should be advertised on. Multiple interface names can be given. |
 +| ''​adv_subnet''​ | hex number | no | ''​1''​ | (deprecated) A subnet ID between ''​1''​ and ''​FFFF''​ which selects the advertised /64 prefix from the mapped 6to4 space. The subnet ID is incremented by 1 for every interface specified in ''​adv_interface''​. ​ |
 +| ''​adv_valid_lifetime''​ | integer | no | ''​300''​ | (deprecated) Overrides the advertised valid prefix lifetime, in seconds (see also [[doc:​uci:​radvd#​prefix|radvd prefix options]]) |
 +| ''​adv_preferred_lifetime''​ | integer | no | ''​120''​ | (deprecated) Overrides the advertised preferred prefix lifetime, in seconds (see also [[doc:​uci:​radvd#​prefix|radvd prefix options]]) |
  
 **Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface wan6''​ would result in an interface named ''​6to4-wan6''​. \\ **Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface wan6''​ would result in an interface named ''​6to4-wan6''​. \\
-**Note:** If [[doc:​uci:​radvd|radvd]] is installed and enabled, the 6to4 scripts will add a temporary prefix and interface declaration to the //radvd// uci configuration and perform a daemon restart if required.+**Note:** If [[doc:​uci:​radvd|radvd]] is installed and enabled, the 6to4 scripts will add a temporary prefix and interface declaration to the //radvd// uci configuration and perform a daemon restart if required. ​(deprecated)
  
  
-=== Protocol "l2tp" (L2TP Pseudowire Tunnel) ===+=== Protocol "6rd" (IPv6 rapid deployment) ===
  
-:!: The package ''​l2tpv3tun''​ must be installed to use this protocol.\\ +:!: The package ''​6rd''​ must be installed to use this protocol.
-:!: This protocol is only supported on 2.6.35 and newer kernels.+
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''​localaddr''​ | IPv4 address | yes, if no ''​local6addr'' ​is set //​(none)// ​| Local IPv4 endpoint address | +| ''​peeraddr''​ | IPv4 address | yes no | 6rd - Gateway ​ | 
-| ''​peeraddr''​ | IPv4 address ​| yes, if no ''​peer6addr'' ​is set //​(none)// ​Remote IPv4 endpoint address ​+''​ipaddr''​ | IPv4 address | no | Current WAN IPv4 address ​| Local IPv4 endpoint address | 
-| ''​local6addr''​ | IPv6 address ​yes, if no ''​localaddr'' ​is set //​(none)// ​Local IPv6 endpoint address ​+| ''​ip6prefix''​ | IPv6 prefix (without length) ​| yes no | 6rd-IPv6 Prefix | 
-| ''​peer6addr''​ | IPv6 address ​yes, if no ''​peeraddr'' ​is set | //(none)// | Remote IPv6 endpoint address ​+''​ip6prefixlen''​ | IPv6 prefix length | yes no | 6rd-IPv6 Prefix length ​
-| ''​encap''​ | string ​| no | ''​udp''​ | L2TPv3 encapsulation modeeither ​''​ip'' ​or ''​udp''​ | +| ''​ip4prefixlen''​ | IPv6 prefix length ​| no | 0 | IPv4 common prefix | 
-| ''​sport''​ | port number ​| no | ''​1701''​ | L2TPv3 source port, only applicable to UDP encapsulation ​+''​defaultroute''​ | boolean ​no | ''​1''​ | Whether to create an IPv6 default route over the tunnel ​
-| ''​dport''​ | port number ​| no | ''​1701''​ | L2TPv3 destination port, only applicable ​to UDP encapsulation ​+| ''​ttl''​ | integer ​| no ''​64'' ​| TTL used for the tunnel interface | 
-| ''​tunnel_id''​ | integer | no | Next unused tunnel ID Local L2TPv3 ​tunnel ​ID +| ''​tos''​ | string | no | //(none)// | Type Of Service : either "​inherit"​ (the outer header inherits the value of the inner header) or an hexadecimal value (Chaos Calmer and later only) 
-| ''​peer_tunnel_id''​ | integer | no | Value of ''​tunnel_id''​ | Remote L2TPv3 ​tunnel ​ID +| ''​mtu''​ | integer ​| no | ''​1280''​ | MTU used for the tunnel interface | 
-| ''​session_id''​ | integer ​no Next unused session ID Local L2TPv3 session ID + 
-| ''​peer_session_id''​ | integer ​| no | Value of ''​session_id''​ | Remote L2TPv3 session ID | +**Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section namee.g. ''​config interface wan6'' ​would result in an interface named ''​6rd-wan6''​
-| //Additionally all options defined ​for the ''​static'' ​protocol type can be specified// |||||+ 
 +**Note:** Some ISP's give you the number of bytes you should use from your WAN IP to calculate your IPv6 address. ip4prefixlen expects the //prefix// bytes of your WAN IP to calculate the IPv6 address. So if your ISP gives you 14 bytes to calculate, enter 18 (32 - 14). 
 + 
 + 
 +=== Protocol "​dslite"​ (Dual-Stack Lite) === 
 + 
 +:!: The package ''​ds-lite''​ must be installed to use this protocol. 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''​peeraddr''​ | IPv6 address | yes | no | DS-Lite AFTR address  ​
 +| ''​ip6addr''​ | IPv6 address ​| no | Current WAN IPv6 address | Local IPv6 endpoint address | 
 +| ''​tunlink''​ | Logical Interface | no | Current WAN interface | Tunnel base interface ​
 +| ''​defaultroute''​ | boolean ​| no | ''​1''​ | Whether ​to create an IPv6 default route over the tunnel ​
 +| ''​ttl''​ | integer | no | ''​64'' ​TTL used for the tunnel ​interface ​
 +| ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel ​interface ​| 
 + 
 +:!: ds-lite operation requires that IPv4 NAT is disabled. You should adjust your settings in /​etc/​config/​firewall accordingly. 
 + 
 +**Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface wan''​ would result in an interface named ''​dslite-wan''​. 
 + 
 + 
 +=== Protocol "​l2tp"​ (PPP over L2TP Pseudowire Tunnel) === 
 + 
 +:!: The package ''​xl2tpd''​ must be installed to use this protocol. 
 + 
 +Most options are similar to protocol "​ppp"​. 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''​server''​ | string ​yes //​(none)// ​L2TP server to connect to (hostname or IP address) ​
 +| ''​username''​ | string ​| no | //(none)// | Username for PAP/CHAP authentication | 
 +''​password''​ | string ​yes if ''​username''​ is provided ​| //(none)// | Password ​for PAP/CHAP authentication | 
 +| ''​ipv6''​ | bool | no | 0 | Enable IPv6 on the PPP link (IPv6CP) | 
 +''​mtu'' ​| int | no | ''​pppd''​ default | Maximum Transmit/​Receive Unit, in bytes | 
 +| ''​keepalive''​ | string | no | //(none)// | Number of unanswered echo requests before considering the peer dead. The interval between echo requests is 5 seconds. ​| 
 +''​pppd_options'' ​string | no | //(none)// | Additional options to pass to ''​pppd'' ​|
  
 +The name of the physical interface will be "​l2tp-<​logical interface name>"​.
  
 === Protocol "​relay"​ (Relayd Pseudo Bridge) === === Protocol "​relay"​ (Relayd Pseudo Bridge) ===
Line 344: Line 428:
 | ''​forward_dhcp''​ | boolean | no | ''​1''​ | Enables forwarding of DHCP requests and responses, ''​0''​ disables it | | ''​forward_dhcp''​ | boolean | no | ''​1''​ | Enables forwarding of DHCP requests and responses, ''​0''​ disables it |
  
-=== Protocol "​6relay"​ (IPv6 Pseudo Bridge) === 
  
-:!: The IPv6 pseudo-bridging feature ​has been moved into its own configurationSee [[doc:uci::6relayd|6relayd configuration]].+=== Common options for GRE protocols === 
 + 
 +:!: The package ''​gre''​ must be installed to use GRE. Additionally,​ you need ''​kmod-gre''​ and/or ''​kmod-gre6''​. 
 + 
 +GRE support ​has been introduced in Barrier Breaker Four protocols are defined"​gre",​ "​gretap",​ "​grev6",​ and "​grev6tap"​. 
 +The name of the GRE interface will be ''​gre-<​logical interface name>''​ for "​gre"​ and "​gretap",​ and ''​grev6-<​logical interface name>''​ for "​grev6"​ and "​grev6tap"​. 
 + 
 +All four protocols accept the following common options: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''​mtu''​ | integer | no | 1280 | MTU | 
 +| ''​ttl''​ | integer | no | 64 | TTL of the encapsulating packets | 
 +| ''​tunlink''​ | logical interface name | no | //(none)// | Bind the tunnel to this interface (''​dev''​ option of "ip tunnel"​) | 
 +| ''​zone''​ | zone name | no | "​wan"​ | Firewall zone to which the interface will be added | 
 +| ''​tos''​ | string | no | //(none)// | Type of Service (IPv4), Traffic Class (IPv6)either "​inherit"​ (the outer header inherits the value of the inner header) or an hexadecimal value (Chaos Calmer and later only) |  
 +| ''​ikey''​ | integer | no | 0 | key for incoming packets | 
 +| ''​okey''​ | integer | no | 0 | key for outgoing packets | 
 +| ''​icsum''​ | boolean | no | false | require incoming checksum | 
 +| ''​ocsum''​ | boolean | no | false | compute outgoing checksum | 
 +| ''​iseqno''​ | boolean | no | false | require incoming packets serialisation | 
 +| ''​oseqno''​ | boolean | no | false | perform outgoing packets serialisation | 
 + 
 +=== Protocol "​gre"​ (GRE tunnel over IPv4) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''​ipaddr''​ | IPv4 address | no | WAN IP | Local endpoint | 
 +| ''​peeraddr''​ | IPv4 address | yes | //(none)// | Remote endpoint | 
 +| ''​df''​ | boolean | no | true | Set "​Don'​t Fragment"​ flag on encapsulating packets | 
 + 
 +=== Protocol "​gretap"​ (Ethernet GRE tunnel over IPv4) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''​ipaddr''​ | IPv4 address | no | WAN IP | Local endpoint | 
 +| ''​peeraddr''​ | IPv4 address | yes | //(none)// | Remote endpoint | 
 +| ''​df''​ | boolean | no | true | Set "​Don'​t Fragment"​ flag on encapsulating packets | 
 +| ''​network''​ | logical interface name | no | //(none)// | Logical network to which the tunnel will be added (bridged) | 
 + 
 +=== Protocol "​grev6"​ (GRE tunnel over IPv6) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''​ip6addr''​ | IPv6 address | no | WAN IP | Local endpoint | 
 +| ''​peer6addr''​ | IPv6 address | yes | //(none)// | Remote endpoint | 
 +| ''​weakif''​ | logical interface name | no | ''​lan''​ | Logical network from which to select the local endpoint if ip6addr parameter is empty and no WAN IP is available | 
 + 
 +=== Protocol "​grev6tap"​ (Ethernet GRE tunnel over IPv6) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''​ip6addr''​ | IPv6 address | no | WAN IP | Local endpoint | 
 +| ''​peer6addr''​ | IPv6 address | yes | //(none)// | Remote endpoint | 
 +| ''​weakif''​ | logical interface name | no | ''​lan''​ | Logical network from which to select the local endpoint if ip6addr is empty and no WAN IP is available | 
 +| ''​network''​ | logical interface name | no | //(none)// | Logical network to which the tunnel will be added (bridged) ​|
  
 ==== ATM Bridges (Ethernet over ATM AAL5) ==== ==== ATM Bridges (Ethernet over ATM AAL5) ====
Line 376: Line 517:
 ==== Aliases ==== ==== Aliases ====
  
 +| {{:​meta:​icons:​tango:​48px-outdated.svg.png?​nolink}} | The "​config alias" approach is //​deprecated//​. it used to be needed when multiple interfaces sharing the same device where not supported. [[https://​forum.openwrt.org/​viewtopic.php?​pid=203943#​p203943|JoW]] |
 +
 +===== Aliases: the old way =====
 //Alias// sections can be used to define further IPv4 and IPv6 addresses for interfaces. //Alias// sections can be used to define further IPv4 and IPv6 addresses for interfaces.
 They also allow combinations like DHCP on the main interface and a static IPv6 address in the alias, They also allow combinations like DHCP on the main interface and a static IPv6 address in the alias,
Line 412: Line 556:
   ip addr   ip addr
  
 +===== Aliases: the new way =====
 +
 +Basically create an '​interface'​ section per IP, but alias interfaces may NOT be of type bridge
 +
 +  * For non-bridged interfaces (physdev , that is physical interfaces) the ''​ifname''​ is the <​interface-of-network-for-same-phydev>​
 +  * For cases where the interface is bridged the ''​ifname''​ is br-''​base-interface'',​ where ''​base-interface''​ is the name of the primary IP's config section (e.g. for a the default lan interface config, the first alias would use ifname br-lan).
 +
 +A minimal alias definition for a bridged interface might be (for a scenario without vlans):
 +<​code>​config interface lan
 +        option '​ifname'​ '​eth0'​
 +        option '​type'​ '​bridge'​
 +        option '​proto'​ '​static'​
 +        option '​ipaddr'​ '​192.168.1.1'​
 +        option '​netmask'​ '​255.255.255.0'</​code>​
 +
 +<​code>​config interface lan2
 +       ​option '​ifname'​ '​br-lan'​
 +       ​option '​proto'​ '​static'​
 +       ​option '​ipaddr'​ '​10.0.0.1'​
 +       ​option '​netmask'​ '​255.255.255.0'</​code>​
 +
 +or for a non-bridge interface
 +<​code>​config interface lan
 +        option '​ifname'​ '​eth0'​
 +        option '​proto'​ '​static'​
 +        option '​ipaddr'​ '​192.168.1.1'​
 +        option '​netmask'​ '​255.255.255.0'</​code>​
 +
 +<​code>​config interface lan2
 +       ​option '​ifname'​ '​eth0'​
 +       ​option '​proto'​ '​static'​
 +       ​option '​ipaddr'​ '​10.0.0.1'​
 +       ​option '​netmask'​ '​255.255.255.0'</​code>​
 +
 +To see a list of interfaces you can do ''​ubus list network.interface.*''​ and to view the ip of a particular interface (the UCI name not the physical interface), do ''​ifstatus <​interface>''​ (e.g. ''​ifstatus lan2''​)
  
 ==== IPv4 Routes ==== ==== IPv4 Routes ====
Line 438: Line 617:
 | ''​metric''​ | number | no | ''​0''​ | Specifies the //route metric// to use | | ''​metric''​ | number | no | ''​0''​ | Specifies the //route metric// to use |
 | ''​mtu''​ | number | no | //interface MTU// | Defines a specific MTU for this route | | ''​mtu''​ | number | no | //interface MTU// | Defines a specific MTU for this route |
 +| ''​table''​ | routing table | no | //(none)// | Defines the table ID to use for the route. The ID can be either a numeric table index ranging from 0 to 65535 or a symbolic alias declared in /​etc/​iproute2/​rt_tables. The special aliases local (255), main (254) and default (253) are recognized as well |
 +| ''​source''​ | ip address | no | //(none)// | The preferred source address when sending to destinations covered by the target |
 +| ''​onlink''​ | boolean | no | ''​0''​ | When enabled gateway is on link even if the gateway does not match any interface prefix (Barrier Braker and later only) |
 +| ''​type''​ | string | no | ''​unicast''​ | One of the types outlined in the Routing Types table below (Barrier Braker and later only) |
 +
 ==== IPv6 Routes ==== ==== IPv6 Routes ====
  
Line 461: Line 645:
 | ''​metric''​ | number | no | ''​0''​ | Specifies the //route metric// to use | | ''​metric''​ | number | no | ''​0''​ | Specifies the //route metric// to use |
 | ''​mtu''​ | number | no | //interface MTU// | Defines a specific MTU for this route | | ''​mtu''​ | number | no | //interface MTU// | Defines a specific MTU for this route |
 +| ''​table''​ | routing table | no | //(none)// | Defines the table ID to use for the route. The ID can be either a numeric table index ranging from 0 to 65535 or a symbolic alias declared in /​etc/​iproute2/​rt_tables. The special aliases local (255), main (254) and default (253) are recognized as well |
 +| ''​source''​ | ip address | no | //(none)// | The preferred source address when sending to destinations covered by the target |
 +| ''​onlink''​ | boolean | no | ''​0''​ | When enabled gateway is on link even if the gateway does not match any interface prefix (Barrier Braker and later only) |
 +| ''​type''​ | string | no | ''​unicast''​ | One of the types outlined in the Routing Types table below (Barrier Braker and later only) |
 +
 +=== Routing Types ===
 +
 +^ Type ^ Description ^
 +| ''​local''​ |  |
 +| ''​broadcast''​ |  |
 +| ''​anycast''​ |  |
 +| ''​multicast''​ |  |
 +| ''​unicast''​ |  |
 +
 +==== IP rules ====
 +
 +Since OpenWrt Barrier Braker, netifd supports //IP rule// declarations which are required to implement policy routing. \\
 +IPv4 rules can be defined by declaring one or more sections of type ''​rule'',​ IPv6 rules are denoted by sections of type ''​rule6''​. Both types share the same set of defined options.
 +
 +A simple IPv4 rule may look like:
 +
 +<​code>​config rule
 + option mark   '​0xFF'​
 +        option in     '​lan'​
 + option dest   '​172.16.0.0/​16'​
 + option lookup '​100'</​code>​
 +
 +  * ''​0xFF''​ is a [[http://​www.tldp.org/​HOWTO/​Adv-Routing-HOWTO/​lartc.netfilter.html|fwmark]] to be matched
 +  * ''​lan''​ is the incoming //logical interface name//
 +  * ''​172.16.0.0/​16''​ is the destination subnet to match
 +  * ''​100''​ is the routing table ID to use for the matched traffic
 +
 +Similary, an IPv6 rule looks like:
 +
 +<​code>​config rule6
 +        option in     '​vpn'​
 + option dest   '​fdca:​1234::/​64'​
 + option action '​prohibit'</​code>​
 +
 +  * ''​vpn''​ is the incoming //logical interface name//
 +  * ''​fdca:​1234::/​64''​ is the destination subnet to match
 +  * ''​prohibit''​ is a routing action to take
 +
 +The options below are defined for //IP rule// (''​rule''​ and ''​rule6''​) sections:
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​in''​ | string | no | //(none)// | Specifies the incoming //logical interface name// |
 +| ''​out''​ | string | no | //(none)// | Specifies the outgoing //logical interface name// |
 +| ''​src''​ | ip subnet | no | //(none)// | Specifies the source subnet to match (CIDR notation) |
 +| ''​dest''​ | ip subnet | no | //(none)// | Specifies the destination subnet to match (CIDR notation) |
 +| ''​tos''​ | integer | no | //(none)// | Specifies the TOS value to match in IP headers |
 +| ''​mark''​ | mark/mask | no | //(none)// | Specifies the //fwmark// and optionally its mask to match, e.g. ''​0xFF''​ to match mark 255 or ''​0x0/​0x1''​ to match any even mark value |
 +| ''​invert''​ | boolean | no | ''​0''​ | If set to ''​1'',​ the meaning of the match options is inverted |
 +| ''​priority''​ | integer | no | //​(incrementing)//​ | Controls the order of the IP rules, by default the priority is auto-assigned so that they are processed in the same order they'​re declared in the config file |
 +| ''​lookup''​ | routing table | at least one of | //(none)// | The rule target is a table lookup, the ID can be either a numeric table index ranging from ''​0''​ to ''​65535''​ or a symbolic alias declared in ''/​etc/​iproute2/​rt_tables''​. The special aliases ''​local''​ (''​255''​),​ ''​main''​ (''​254''​) and ''​default''​ (''​253''​) are recognized as well |
 +| ''​goto''​ | rule index | ::: | ::: | The rule target is a jump to another rule specified by its ''​priority''​ value |
 +| ''​action''​ | string | ::: | ::: | The rule target is one of the routing actions outlined in the table below |
 +
 +=== Routing Actions ===
 +
 +^ Action ^ Description ^
 +| ''​prohibit''​ | When reaching the rule, respond with //ICMP prohibited//​ messages and abort route lookup |
 +| ''​unreachable''​ | When reaching the rule, respond with //ICMP unreachable//​ messages and abort route lookup |
 +| ''​blackhole''​ | When reaching the rule, drop packet and abort route lookup |
 +| ''​throw''​ | Stop lookup in the current routing table even if a default route exists |
  
 ===== Examples ===== ===== Examples =====
Line 532: Line 781:
         option '​output' ​   '​ACCEPT'​         option '​output' ​   '​ACCEPT'​
         option '​masq' ​     '​1'</​code>​         option '​masq' ​     '​1'</​code>​
 +
 +==== PPPoA ADSL internet connection ====
 +
 +<​code>​config adsl-device '​adsl'​
 +        option fwannex '​a'​
 +        option annex '​a'​
 +
 +config interface '​wan'​
 +        option proto '​pppoa'​
 +        option username '​jbloggs@plusdsl.net'​
 +        option password '​XXXXXXXXX'​
 +        option vpi '​0'​
 +        option vci '​38'​
 +        option encaps '​vc'</​code>​
 +
 ==== Static IPv6-in-IPv4 tunnel ==== ==== Static IPv6-in-IPv4 tunnel ====
  
Line 648: Line 912:
         option '​forward' ​    '​ACCEPT' ​   # Important         option '​forward' ​    '​ACCEPT' ​   # Important
         option '​output' ​     '​ACCEPT'</​code>​         option '​output' ​     '​ACCEPT'</​code>​
 +
 +==== Static addressing of a GRE tunnel ====
 +
 +Create a GRE tunnel with static address 10.42.0.253/​30,​ adding it to an existing firewall zone called ''​tunnels'':​
 +
 +<​code>​
 +config interface mytunnel ​                
 +        option proto    gre            ​
 +        option zone     ​tunnels ​                               ​
 +        option peeraddr 198.51.100.42 ​          
 +                                                            ​
 +config interface mytunnel_addr ​                                                     ​
 +        option proto    static ​                                    
 +        option ifname ​  ​@mytunnel ​                            
 +        option ipaddr ​  ​10.42.0.253 ​                      
 +        option netmask ​ 255.255.255.252 ​                    
 +        # Fixes IPv6 multicast (long-standing bug in kernel).
 +        # Useful if you run Babel or OSPFv3.
 +        option ip6addr ​ '​fe80::​42/​64'​
 +</​code>​
  
 ===== Network management ===== ===== Network management =====
Line 658: Line 942:
 In order to derive a Linux interface name like ''​eth1''​ from a logical network name like ''​wan''​ for use in scripts or tools like ''​ifconfig''​ and ''​route''​ the ''​uci''​ utility can be used as illustrated in the example below which opens port 22 on the interface. In order to derive a Linux interface name like ''​eth1''​ from a logical network name like ''​wan''​ for use in scripts or tools like ''​ifconfig''​ and ''​route''​ the ''​uci''​ utility can be used as illustrated in the example below which opens port 22 on the interface.
  
-<​code>​WANIF=$(uci -P/​var/​state get network.wan.ifname) +<​code ​bash> 
-iptables -I INPUT -i $WANIF -p tcp --dport 22 -j ACCEPT</​code>​+WANIF=$(uci -P/​var/​state get network.wan.ifname) 
 +iptables -I INPUT -i $WANIF -p tcp --dport 22 -j ACCEPT 
 +</​code>​ 
 + 
 +The uci state vars are deprecated and not used anymore for network related information [[https://​forum.openwrt.org/​viewtopic.php?​pid=203787#​p203787|Quoting jow in the forum]].\\ 
 +Use /​lib/​functions/​network.sh:​ 
 + 
 +<code bash> 
 +source /​lib/​functions/​network.sh 
 + 
 +if network_get_ipaddr addr "​wan";​ then 
 +    echo "IP is $addr"​ 
 +fi 
 +</​code>​ 
 +===== Multiple IP addresses ===== 
 +Assigning multiple ip addresses to the same interface:​ 
 +<​code>​ 
 +config interface foo 
 +  option ifname eth1 
 +  list ipaddr 10.8.0.1/​24 
 +  list ipaddr 10.9.0.1/​24 
 +  list ip6addr fdca:​abcd::​1/​64 
 +  list ip6addr fdca:​cdef::​1/​64 
 +</​code>​ 
 +Specifying multiple interfaces sharing the same device: 
 +<​code>​ 
 +config interface foo 
 +  option ifname eth1 
 +  option ipaddr 10.8.0.1 
 +  option netmask 255.255.255.0 
 +  option ip6addr fdca:​abcd::​1/​64 
 + 
 +config interface foo2 
 +  option ifname eth1 
 +  option ipaddr 10.9.0.1 
 +  option netmask 255.255.255.0 
 +  option ip6addr fdca:​cdef::​1/​64 
 +</​code>​ 
 +More info at [[https://​dev.openwrt.org/​ticket/​2829#​comment:​7]].
doc/uci/network.1360657967.txt.bz2 · Last modified: 2013/02/12 09:32 by steven