Differences

This shows you the differences between two versions of the page.

doc:uci:network [2013/05/13 22:01]
steven
doc:uci:network [2014/08/18 11:44] (current)
steven
Line 1: Line 1:
====== Network configuration ====== ====== Network configuration ======
-The central network configuration is located in ''/etc/config/network''. +The central network configuration is located in the file ''/etc/config/network''. This configuration file is responsible for defining //switch VLANs//, //interface configurations// and //network routes//. After editing and saving ''/etc/config/network'' you need to execute <code>/etc/init.d/network reload</code> to stop and restart the network before any changes take effect. Rebooting the router is not necessary.
-<code> +
-config interface loopback +
-        option ifname  lo +
-        option proto    static +
-        option ipaddr  127.0.0.1 +
-        option netmask  255.0.0.0+
-config interface lan +  * https://dev.openwrt.org/browser/branches/attitude_adjustment/package/base-files/files/etc/config/network 
-        option ifname  eth0 +  * https://dev.openwrt.org/browser/trunk/package/base-files/files/etc/config/network
-        option type    bridge +
-        option proto    static +
-        option ipaddr   192.168.1.1 +
-       option netmask 255.255.255.0+
-config interface wan +Feel free to inform yourself about [[doc/techref/netifd|netifd]] (Network Interface Daemon).
-        option ifname  eth0.2 +
-        option proto    pppoe +
-        option username testuser +
-        option password secret +
- +
-config switch eth0 +
-        option enable_vlan      1 +
- +
-config switch_vlan +
-        option device  eth0 +
-        option vlan    1 +
-        option ports    "0 1 2 3 4" +
-</code> +
-This is the default configuration file for Backfire on a D-link Dir-601 Rev.A and typical example of a basic network setup. +
-This configuration file is responsible for defining //switch VLANs//, //interface configurations// and //network routes//. +
- +
-**''Hint:''** After editing and saving ''/etc/config/network'' you need to execute +
-<code> +
-/etc/init.d/network restart +
-</code> +
-to stop and restart the network before any changes take effect. Rebooting the router will have the same effect but is not necessary.+
===== Sections ===== ===== Sections =====
Line 49: Line 18:
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''ula_prefix'' | IPv6-prefix | no | //(none)// | IPv6 ULA-Prefix for this device |+| ''ula_prefix'' | IPv6-prefix | no | //(none)// | IPv6 [[wp>Unique local address|ULA]]-Prefix for this device |
==== Switch ==== ==== Switch ====
 +The ''switch'' section is responsible for partitioning the switch into several //VLANs// which appear as independent interfaces in the system although they share the same hardware. Not every OpenWrt supported device has a programmable switch, therefore this section might not be present on some platforms. Please also note, that some switches only support 4Bit-VLANs.
-The ''switch'' section is responsible for partitioning the switch into several //VLANs// which appear as independent interfaces in the system although they share the same hardware. Not every OpenWrt supported device has a programmable switch, therefore this section might not be present on some platforms. +There are currently two different configuration formats in use, one for the legacy ''/proc/switch/'' API and one for the newer ''[[doc/techref/swconfig|swconfig]]''-based switch configuration.
- +
-There are currently two different configuration formats in use, one for the legacy ''/proc/switch/'' API and one for the newer //swconfig// based switch infrastructure.+
=== /proc/switch === === /proc/switch ===
- +This variant is actually only found on Broadcom devices like the WRT54GL.
-This variant is only found on Broadcom devices like the WRT54GL.+
A typical configuration for it looks like this: A typical configuration for it looks like this:
Line 72: Line 39:
=== swconfig === === swconfig ===
 +The newer ''[[doc/techref/swconfig|swconfig]]''-framework is intended to replace the legacy switch configuration.
-The newer //swconfig// framework is intended to replace the legacy switch configuration. +Configuration for swconfig have a slightly different structure with one extra section per VLAN.
- +
-The typical filepath for the config is ''/etc/config/network'' +
- +
-//Swconfig// based configurations have a different structure with one extra section per vlan.+
The example below shows a typical configuration: The example below shows a typical configuration:
<code>config 'switch' 'eth0' <code>config 'switch' 'eth0'
Line 95: Line 59:
Common properties are defined within the ''switch'' section; vlan specific properties are located in additional ''switch_vlan'' sections linked to the ''switch'' section through the ''device'' option. Common properties are defined within the ''switch'' section; vlan specific properties are located in additional ''switch_vlan'' sections linked to the ''switch'' section through the ''device'' option.
The complete layout is explained in the [[doc:uci:network::switch|switch documentation]]. The complete layout is explained in the [[doc:uci:network::switch|switch documentation]].
-==== Interfaces ==== 
 +
 +==== Interfaces ====
Sections of the type ''interface'' declare logical networks serving as containers for IP address settings, [[doc:uci:network#aliases|aliases]], [[doc:uci:network#ipv4.routes|routes]], physical interface names and [[doc:uci:firewall#zones|firewall rules]] - they play a central role within the OpenWrt configuration concept. Sections of the type ''interface'' declare logical networks serving as containers for IP address settings, [[doc:uci:network#aliases|aliases]], [[doc:uci:network#ipv4.routes|routes]], physical interface names and [[doc:uci:firewall#zones|firewall rules]] - they play a central role within the OpenWrt configuration concept.
Line 119: Line 84:
| ''pppoa'' | PPP over ATM - DSL connection using a builtin modem |  ''pppd'' + plugin ...  | | ''pppoa'' | PPP over ATM - DSL connection using a builtin modem |  ''pppd'' + plugin ...  |
| ''3g'' | CDMA, UMTS or GPRS connection using an AT-style 3G modem |  ''comgt''  | | ''3g'' | CDMA, UMTS or GPRS connection using an AT-style 3G modem |  ''comgt''  |
 +| ''qmi'' | USB modems using QMI protocol |  ''uqmi''  |
 +| ''hnet'' | Self-managing home network (HNCP) | ''hnet-full'' |
| ''pptp'' | Connection via PPtP VPN |  ?  | | ''pptp'' | Connection via PPtP VPN |  ?  |
-| ''6in4'' | IPv6-in-IPv4 tunnel for use with Tunnel Brokers like HE.net |  ?  |+| ''6in4'' | IPv6-in-IPv4 tunnel forSuppresses DHCP-assigned default gateway if set to 0.0.0.0 use with Tunnel Brokers like HE.net |  ?
 +| ''aiccu'' | Anything-in-anything tunnel  |  ''aiccu'' |
| ''6to4'' | Stateless IPv6 over IPv4 transport |  ?  | | ''6to4'' | Stateless IPv6 over IPv4 transport |  ?  |
 +| ''6rd'' | IPv6 rapid deployment |  ''6rd''  |
 +| ''dslite'' | Dual-Stack Lite |  ''ds-lite''  |
 +| ''l2tp'' | PPP over L2TP Pseudowire Tunnel |  ''xl2tpd''  |
 +| ''relay'' | relayd pseudo-bridge |  ''relayd''  |
| ''none'' | Unspecified protocol |  -  | | ''none'' | Unspecified protocol |  -  |
Line 131: Line 103:
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''ifname'' | interface name(s) | yes(*) | //(none)// | Physical interface name to assign to this section, list of interfaces if type bridge is set.\\ //(*) This option may be empty or missing if only a wireless interface references this network or if the protocol type is ''pptp'', ''pppoa'' or ''6in4''// | | ''ifname'' | interface name(s) | yes(*) | //(none)// | Physical interface name to assign to this section, list of interfaces if type bridge is set.\\ //(*) This option may be empty or missing if only a wireless interface references this network or if the protocol type is ''pptp'', ''pppoa'' or ''6in4''// |
-| ''type'' | string | no | //(none)// | If set to "bridge", a bridge containing the given //ifnames// is created |+| ''type'' | string | no | //(none)// | If set to "bridge", a bridge containing the given //ifnames// is created\\ [[https://forum.openwrt.org/viewtopic.php?pid=203784#p203784|Wlan interface names are not predictable, therfore you cannot reference them directly in the network config]] |
| ''stp'' | boolean | no | ''0'' | Only valid for type "bridge", enables the Spanning Tree Protocol | | ''stp'' | boolean | no | ''0'' | Only valid for type "bridge", enables the Spanning Tree Protocol |
 +| ''bridge_empty'' | boolean | no | ''0'' | Only valid for type "bridge", enables creating empty bridges |
| ''macaddr'' | mac address | no | //(none)// | Override MAC address of this interface | | ''macaddr'' | mac address | no | //(none)// | Override MAC address of this interface |
| ''mtu'' | number | no | //(none)// | Override the default MTU on this interface | | ''mtu'' | number | no | //(none)// | Override the default MTU on this interface |
| ''auto'' | boolean | no | ''0'' for proto ''none'', else ''1'' | Specifies whether to bring up interface on boot | | ''auto'' | boolean | no | ''0'' for proto ''none'', else ''1'' | Specifies whether to bring up interface on boot |
-| ''accept_ra'' | boolean | no | ''1'' for protocol ''dhcp'', else ''0'' | Specifies whether to accept IPv6 Router Advertisements on this interface (On Attitude Adjustment and earlier versions) | +| ''accept_ra'' | boolean | no | ''1'' for protocol ''dhcp'', else ''0'' | **deprecated:** Specifies whether to accept IPv6 Router Advertisements on this interface (On Attitude Adjustment 12.09 and earlier versions) | 
-| ''send_rs'' | boolean | no | ''1'' for protocol ''static'', else ''0'' | Specifies whether to send Router Solicitations on this interface (On Attitude Adjustment and earlier versions) |+| ''send_rs'' | boolean | no | ''1'' for protocol ''static'', else ''0'' | **deprecated:** Specifies whether to send Router Solicitations on this interface (On Attitude Adjustment 12.09 and earlier versions) |
=== Protocol "static" === === Protocol "static" ===
Line 148: Line 121:
| ''ip6addr'' | ipv6 address | yes, if no ''ipaddr'' is set | //(none)// | Assign given IPv6 address to this interface (CIDR notation) | | ''ip6addr'' | ipv6 address | yes, if no ''ipaddr'' is set | //(none)// | Assign given IPv6 address to this interface (CIDR notation) |
| ''ip6gw'' | ipv6 address | no | //(none)// | Assign given IPv6 default gateway to this interface | | ''ip6gw'' | ipv6 address | no | //(none)// | Assign given IPv6 default gateway to this interface |
-| ''ip6assign'' | prefix length | no | //(none)// | Delegate a prefix of given length to this interface (Barrier Breaker and later only) | +| ''ip6assign'' | prefix length | no | //(none)// | Delegate a [[[[network6#downstream.configuration.for.lan-interfaces|prefix of given length]] to this interface (Barrier Breaker and later only) | 
-| ''ip6hint'' | prefix hint (hex) | no | //(none)// | Hint the subprefix that should be assigned as hexadecimal number (Barrier Breaker and later only) |  +| ''ip6hint'' | prefix hint (hex) | no | //(none)// | [[network6#downstream.configuration.for.lan-interfaces|Hint the subprefix-ID]] that should be delegeted as hexadecimal number (Barrier Breaker and later only) |  
-| ''ip6prefix'' | ipv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces (Barrier Breaker and later only) |+| ''ip6prefix'' | ipv6 prefix | no | //(none)// | IPv6 prefix routed here for use on other interfaces (Barrier Breaker and later only)
 +| ''ip6class'' | list of strings | no | //(none)// | Define the IPv6 prefix-classes this interface will accept |
| ''dns'' | list of ip addresses | no | //(none)// | DNS server(s) | | ''dns'' | list of ip addresses | no | //(none)// | DNS server(s) |
 +| ''dns_search'' | list of domain names | no | //(none)// | Search list for host-name lookup |
| ''metric'' | integer | no | ''0'' | Specifies the default route metric to use | | ''metric'' | integer | no | ''0'' | Specifies the default route metric to use |
 +| ''force_link'' | integer | no | ''0'' | Specifies whether ip address, route, and optionally gateway are assigned to the interface regardless of the link being active ('1') or only after the link has become active ('0'); in trunk since the introduction of netifd; in case of a wireless interface the default is '1' for an AP and '0' for a STA. |
=== Protocol "dhcp" === === Protocol "dhcp" ===
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''gateway'' | string | no | //(none)// | Suppresses DHCP-assigned default gateway if set to 0.0.0.0 |+| ''<del>gateway</del>'' | <del>string</del> | <del>no</del> | <del>//(none)//</del> | <del>Suppresses DHCP-assigned default gateway if set to 0.0.0.0</del> \\ (deprecated) |
| ''broadcast'' | boolean | no | ''0'' | Enable the broadcast flag in DHCP requests, required for certain ISPs, e.g. Charter with DOCSIS 3 | | ''broadcast'' | boolean | no | ''0'' | Enable the broadcast flag in DHCP requests, required for certain ISPs, e.g. Charter with DOCSIS 3 |
| ''hostname'' | string | no | //(none)// | Hostname to include in DHCP requests | | ''hostname'' | string | no | //(none)// | Hostname to include in DHCP requests |
Line 164: Line 140:
| ''dns'' | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 | | ''dns'' | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 |
| ''peerdns'' | boolean | no | ''1'' | Use DHCP-provided DNS server(s) | | ''peerdns'' | boolean | no | ''1'' | Use DHCP-provided DNS server(s) |
 +| ''defaultroute'' | boolean | no | ''1'' | Whether to create a default route via the received gateway |
| ''metric'' | integer | no | ''0'' | Specifies the default route metric to use | | ''metric'' | integer | no | ''0'' | Specifies the default route metric to use |
| ''reqopts'' | list of strings | no | //(none)// | Specifies a list of additional DHCP options to request | | ''reqopts'' | list of strings | no | //(none)// | Specifies a list of additional DHCP options to request |
 +| ''iface6rd'' | logical interface | no | //(none)// | Logical interface template for auto-configuration of 6rd |
 +
 +**Note:** To automatically configure 6rd from dhcp you need to create an interface with ''option auto 0'' and put its name as the 'iface6rd' parameter. In addition you also need to add its name to a suitable firewall zone in /etc/config/firewall.
=== Protocol "dhcpv6" === === Protocol "dhcpv6" ===
Line 174: Line 154:
| ''reqaddress'' | [try,force,none] | no | try | Behaviour for requesting addresses | | ''reqaddress'' | [try,force,none] | no | try | Behaviour for requesting addresses |
| ''reqprefix'' | [auto,no,0-64] | no | auto | Behaviour for requesting prefixes (numbers denote hinted prefix length).  Use 'no' if you only want a single IPv6 address for the AP itself without a subnet for routing | | ''reqprefix'' | [auto,no,0-64] | no | auto | Behaviour for requesting prefixes (numbers denote hinted prefix length).  Use 'no' if you only want a single IPv6 address for the AP itself without a subnet for routing |
-| ''clientid'' | string | no | //system default// | Override client identifier in DHCP requests |+| ''clientid'' | hexstring | no | //system default// | Override client identifier in DHCP requests
 +| ''ifaceid'' | ipv6 addr | no | //link-local identifier// | Override the interface identifier for adresses received via RA |
| ''dns'' | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 | | ''dns'' | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 |
| ''peerdns'' | boolean | no | ''1'' | Use DHCP-provided DNS server(s) | | ''peerdns'' | boolean | no | ''1'' | Use DHCP-provided DNS server(s) |
 +| ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route via the received gateway |
| ''reqopts'' | list of numbers | no | //(none)// | Specifies a list of additional DHCP options to request | | ''reqopts'' | list of numbers | no | //(none)// | Specifies a list of additional DHCP options to request |
| ''noslaaconly'' | boolean | no | ''0'' | Don't allow configuration via SLAAC (RAs) only (implied by reqprefix != no) | | ''noslaaconly'' | boolean | no | ''0'' | Don't allow configuration via SLAAC (RAs) only (implied by reqprefix != no) |
| ''norelease'' | boolean | no | ''0'' | Don't send a RELEASE when the interface is brought down | | ''norelease'' | boolean | no | ''0'' | Don't send a RELEASE when the interface is brought down |
| ''ip6prefix'' | ipv6 prefix | no | //(none)// | Use an (additional) user-provided IPv6 prefix for distribution to clients | | ''ip6prefix'' | ipv6 prefix | no | //(none)// | Use an (additional) user-provided IPv6 prefix for distribution to clients |
 +| ''iface_dslite'' | logical interface | no | //(none)// | Logical interface template for auto-configuration of DS-Lite |
 +
 +**Note:** To automatically configure ds-lite from dhcpv6 you need to create an interface with ''option auto 0'' and put its name as the 'iface_dslite' parameter. In addition you also need to add its name to a suitable firewall zone in /etc/config/firewall.
=== Protocol "ppp" (PPP over Modem) === === Protocol "ppp" (PPP over Modem) ===
Line 192: Line 177:
| ''connect'' | file path | no | //(none)// | Path to custom PPP connect script | | ''connect'' | file path | no | //(none)// | Path to custom PPP connect script |
| ''disconnect'' | file path | no | //(none)// | Path to custom PPP disconnect script | | ''disconnect'' | file path | no | //(none)// | Path to custom PPP disconnect script |
-| ''keepalive'' | number | no | //(none)// | Number of connection failures before reconnect |+| ''keepalive'' | number | no | //(none)// | Number of unanswered echo requests before considering the peer dead. The interval between echo requests is 5 seconds. |
| ''demand'' | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity | | ''demand'' | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity |
| ''defaultroute'' | boolean | no | ''1'' | Replace existing default route on PPP connect | | ''defaultroute'' | boolean | no | ''1'' | Replace existing default route on PPP connect |
Line 244: Line 229:
:!: The package ''comgt'' must be installed to use 3G. Check [[doc:recipes:3gdongle]] for further help with that. :!: The package ''comgt'' must be installed to use 3G. Check [[doc:recipes:3gdongle]] for further help with that.
 +
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
Line 260: Line 246:
| ''ipv6'' | boolean | no | ''0'' | Enable IPv6 on the PPP link | | ''ipv6'' | boolean | no | ''0'' | Enable IPv6 on the PPP link |
 +
 +=== Protocol "qmi" (USB modems using QMI protocol) ===
 +
 +:!: The package ''uqmi'' must be installed to use QMI.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''device'' | file path | yes | //(none)// | QMI device node, typically /dev/cdc-wdm0 |
 +| ''apn'' | string | yes | //(none)// | Used APN |
 +| ''pincode'' | number | no | //(none)// | PIN code to unlock SIM card |
 +| ''username'' | string | no | //(none)// | Username for PAP/CHAP authentication |
 +| ''password'' | string | no | //(none)// | Password for PAP/CHAP authentication |
 +| ''auth'' | string | no | //(none)// | Authentication type: pap, chap, both, none|
 +| ''modes'' | string | no | //(modem default)// | Allowed network modes, comma separated list of: all, lte, umts, gsm, cdma, td-scdma |
 +| ''delay'' | number | no | 0 | Seconds to wait before trying to interact with the modem (some ZTE modems require up to 30 s.)|
 +
 +=== Protocol "hnet" (Self-managing home network (HNCP)) ===
 +
 +:!: The package ''hnet-full'' must be installed to use hnet.
 +:!: See http://tools.ietf.org/html/draft-ietf-homenet-hncp for details.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''mode'' | string | no | auto | Interface mode. One of external, guest, adhoc or hybrid. |
 +| ''ip6assign'' | integer | no | 64 | IPv6-prefix size to assign to this interface if internal. |
 +| ''ip4assign'' | integer | no | 24 | IPv4-prefix size to assign to this interface if internal. |
 +| ''dnsname'' | string | no | <device-name> | DNS-Label to assign to interface. |
=== Protocol "pptp" (Point-to-Point Tunneling Protocol) === === Protocol "pptp" (Point-to-Point Tunneling Protocol) ===
Line 282: Line 293:
| ''ip6addr'' | IPv6 address (CIDR) | yes | //(none)// | Local IPv6 address delegated to the tunnel endpoint | | ''ip6addr'' | IPv6 address (CIDR) | yes | //(none)// | Local IPv6 address delegated to the tunnel endpoint |
| ''ip6prefix'' | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces (Barrier Breaker and later only) | | ''ip6prefix'' | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces (Barrier Breaker and later only) |
 +| ''sourcerouting'' | boolean | no | ''1'' | Whether to route only packets from delegated prefixes (Barrier Breaker and later only) |
| ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route over the tunnel | | ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route over the tunnel |
| ''ttl'' | integer | no | ''64'' | TTL used for the tunnel interface | | ''ttl'' | integer | no | ''64'' | TTL used for the tunnel interface |
| ''mtu'' | integer | no | ''1280'' | MTU used for the tunnel interface | | ''mtu'' | integer | no | ''1280'' | MTU used for the tunnel interface |
| ''tunnelid'' | integer | no | //(none)// | HE.net global tunnel ID (used for endpoint update) | | ''tunnelid'' | integer | no | //(none)// | HE.net global tunnel ID (used for endpoint update) |
-| ''username'' | string | no | //(none)// | HE.net user ID (used for endpoint update) | +| ''username'' | string | no | //(none)// | HE.net username which you use to login into tunnelbroker, not the User ID shows after you have login int  (used for endpoint update) | 
-| ''password'' | string | no | //(none)// | md5sum of HE.net password (used for endpoint update) |+| ''password'' | string | no | //(none)// | <del>md5sum of</del> HE.net password (used for endpoint update) | 
 +| ''updatekey'' | string | no | //(none)// | HE.net updatekey, overrides password (used for endpoint update) |
| ''metric'' | integer | no | ''0'' | Specifies the default route metric to use | | ''metric'' | integer | no | ''0'' | Specifies the default route metric to use |
**Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface sixbone'' would result in an interface named ''6in4-sixbone''. **Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface sixbone'' would result in an interface named ''6in4-sixbone''.
 +**Note:** HE.net has introduced updatekey as default for new tunnels in February 2014. Support added to Openwrt trunk by r39646.
 +
 +**Note:** as of r41358 **username**, **password** and **updatekey** are all plaintext entries.
 +
 +**Note:** although ip6prefix isn't required, sourcerouting, enabled by default, will prevent forwarding of packets unless ip6prefix is specified.
 +
 +=== Protocol "aiccu" (Automatic IPv6 Connectivity Client Utility) ===
 +
 +:!: The package ''aiccu'' must be installed to use this protocol.
 +
 +:!: This protocol is avaliable for Barrier Breaker and newer versions only.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''username'' | string | yes | //(none)// | Server username |
 +| ''password'' | string | yes | //(none)// | Server password |
 +| ''protocol'' | string | no | //(none)// | Tunnel setup protocol to use (''tic'', ''tsp'', ''l2tp'')  |
 +| ''server'' | string | no | ''tic.sixxs.net'' | Tunnel setup server to use |
 +| ''ip6addr'' | IPv6 address (CIDR) | no | //(none)// | Local IPv6 address delegated to the tunnel endpoint (not necessary) |
 +| ''ip6prefix'' | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces |
 +| ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route over the tunnel |
 +| ''sourcerouting'' | boolean | no | ''1'' | Whether to route only packets from delegated prefixes |
 +| ''tunnelid'' | integer | no | //(none)// | TIC server tunnel ID |
 +| ''requiretls'' | boolean | no | ''0'' | Require TLS connection to TIC server|
 +| ''nat'' | boolean | no | ''1'' | Notify the user that a NAT-kind network is detected|
 +| ''heartbeat'' | boolean | no | ''1'' | Make heartbeats |
 +| ''verbose'' | boolean | no | ''0'' | Verbose logging to system log|
 +
 +**Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface sixbone'' would result in an interface named ''aiccu-sixbone''.
=== Protocol "6to4" (IPv6-in-IPv4 Tunnel) === === Protocol "6to4" (IPv6-in-IPv4 Tunnel) ===
Line 327: Line 368:
**Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface wan6'' would result in an interface named ''6rd-wan6''. **Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface wan6'' would result in an interface named ''6rd-wan6''.
 +
 +**Note:** Some ISP's give you the number of bytes you should use from your WAN IP to calculate your IPv6 address. ip4prefixlen expects the //prefix// bytes of your WAN IP to calculate the IPv6 address. So if your ISP gives you 14 bytes to calculate, enter 18 (32 - 14).
Line 341: Line 384:
| ''mtu'' | integer | no | ''1280'' | MTU used for the tunnel interface | | ''mtu'' | integer | no | ''1280'' | MTU used for the tunnel interface |
-**Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface wan6'' would result in an interface named ''dslite-wan6''.+:!: ds-lite operation requires that IPv4 NAT is disabled. You should adjust your settings in /etc/config/firewall accordingly.
 +**Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface wan'' would result in an interface named ''dslite-wan''.
-=== Protocol "l2tp" (L2TP Pseudowire Tunnel) === 
-:!: The package ''l2tpv3tun'' must be installed to use this protocol.\\ +=== Protocol "l2tp" (PPP over L2TP Pseudowire Tunnel) === 
-:!: This protocol is only supported on 2.6.35 and newer kernels.+ 
 +:!: The package ''xl2tpd'' must be installed to use this protocol. 
 + 
 +Most options are similar to protocol "ppp".
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''localaddr'' | IPv4 address | yes, if no ''local6addr'' is set | //(none)// | Local IPv4 endpoint address | +| ''server'' | string | yes | //(none)// | L2TP server to connect to (hostname or IP address)
-| ''peeraddr'' | IPv4 address | yes, if no ''peer6addr'' is set | //(none)// | Remote IPv4 endpoint address +| ''username'' | string | no | //(none)// | Username for PAP/CHAP authentication
-| ''local6addr'' | IPv6 address | yes, if no ''localaddr'' is set | //(none)// | Local IPv6 endpoint address +| ''password'' | string | yes if ''username'' is provided | //(none)// | Password for PAP/CHAP authentication
-| ''peer6addr'' | IPv6 address | yes, if no ''peeraddr'' is set | //(none)// | Remote IPv6 endpoint address +| ''ipv6'' | bool | no | 0 | Enable IPv6 on the PPP link (IPv6CP) | 
-| ''encap'' | string | no | ''udp'' | L2TPv3 encapsulation mode, either ''ip'' or ''udp'' +| ''mtu'' | int | no | ''pppd'' default | Maximum Transmit/Receive Unit, in bytes
-| ''sport'' | port number | no | ''1701'' | L2TPv3 source port, only applicable to UDP encapsulation | +| ''keepalive'' | string | no | //(none)// | Number of unanswered echo requests before considering the peer dead. The interval between echo requests is 5 seconds.
-| ''dport'' | port number | no | ''1701'' | L2TPv3 destination port, only applicable to UDP encapsulation | +| ''pppd_options'' | string | no | //(none)// | Additional options to pass to ''pppd'' |
-| ''tunnel_id'' | integer | no | Next unused tunnel ID | Local L2TPv3 tunnel ID | +
-| ''peer_tunnel_id'' | integer | no | Value of ''tunnel_id'' | Remote L2TPv3 tunnel ID +
-| ''session_id'' | integer | no | Next unused session ID | Local L2TPv3 session ID | +
-| ''peer_session_id'' | integer | no | Value of ''session_id'' | Remote L2TPv3 session ID | +
-| //Additionally all options defined for the ''static'' protocol type can be specified// |||||+
 +The name of the physical interface will be "l2tp-<logical interface name>".
=== Protocol "relay" (Relayd Pseudo Bridge) === === Protocol "relay" (Relayd Pseudo Bridge) ===
Line 377: Line 419:
| ''forward_dhcp'' | boolean | no | ''1'' | Enables forwarding of DHCP requests and responses, ''0'' disables it | | ''forward_dhcp'' | boolean | no | ''1'' | Enables forwarding of DHCP requests and responses, ''0'' disables it |
-=== Protocol "6relay" (IPv6 Pseudo Bridge) === 
-:!: The IPv6 pseudo-bridging feature has been moved into its own configuration. See [[doc:uci::6relayd|6relayd configuration]].+=== Common options for GRE protocols === 
 + 
 +:!: The package ''gre'' must be installed to use GRE. 
 + 
 +GRE support has been introduced in Barrier Breaker. Four protocols are defined: "gre", "gretap", "grev6", and "grev6tap". 
 +The name of the GRE interface will be ''gre-<logical interface name>'' for "gre" and "gretap", and ''grev6-<logical interface name>'' for "grev6" and "grev6tap". 
 + 
 +All four protocols accept the following common options: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''mtu'' | integer | no | 1280 | MTU | 
 +| ''ttl'' | integer | no | 64 | TTL of the encapsulating packets | 
 +| ''tunlink'' | logical interface name | no | //(none)// | Bind the tunnel to this interface (''dev'' option of "ip tunnel") | 
 +| ''zone'' | zone name | no | "wan" | Firewall zone to which the interface will be added | 
 +| ''ikey'' | integer | no | 0 | key for incoming packets | 
 +| ''okey'' | integer | no | 0 | key for outgoing packets | 
 +| ''icsum'' | boolean | no | false | require incoming checksum | 
 +| ''ocsum'' | boolean | no | false | compute outgoing checksum | 
 +| ''iseqno'' | boolean | no | false | require incoming packets serialisation | 
 +| ''oseqno'' | boolean | no | false | perform outgoing packets serialisation | 
 + 
 +=== Protocol "gre" (GRE tunnel over IPv4) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''ipaddr'' | IPv4 address | no | WAN IP | Local endpoint | 
 +| ''peeraddr'' | IPv4 address | yes | //(none)// | Remote endpoint | 
 +| ''df'' | boolean | no | true | Set "Don't Fragment" flag on encapsulating packets | 
 + 
 +=== Protocol "gretap" (Ethernet GRE tunnel over IPv4) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''ipaddr'' | IPv4 address | no | WAN IP | Local endpoint | 
 +| ''peeraddr'' | IPv4 address | yes | //(none)// | Remote endpoint | 
 +| ''df'' | boolean | no | true | Set "Don't Fragment" flag on encapsulating packets | 
 +| ''network'' | logical interface name | no | //(none)// | Logical network to which the tunnel will be added (bridged) | 
 + 
 +=== Protocol "grev6" (GRE tunnel over IPv6) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''ip6addr'' |  |  |  |  | 
 +| ''peer6addr'' |  |  |  |  | 
 +| ''weakif'' |  |  |  |  | 
 + 
 +=== Protocol "grev6tap" (Ethernet GRE tunnel over IPv6) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''ip6addr'' |  |  |  |  | 
 +| ''peer6addr'' |  |  |  |  | 
 +| ''weakif'' |  |  |  |  | 
 +| ''network'' |  |  |  |  |
==== ATM Bridges (Ethernet over ATM AAL5) ==== ==== ATM Bridges (Ethernet over ATM AAL5) ====
Line 409: Line 507:
==== Aliases ==== ==== Aliases ====
 +| {{:meta:icons:tango:48px-outdated.svg.png?nolink}} | The "config alias" approach is //deprecated//. it used to be needed when multiple interfaces sharing the same device where not supported. [[https://forum.openwrt.org/viewtopic.php?pid=203943#p203943|JoW]] |
 +
 +===== Aliases: the old way =====
//Alias// sections can be used to define further IPv4 and IPv6 addresses for interfaces. //Alias// sections can be used to define further IPv4 and IPv6 addresses for interfaces.
They also allow combinations like DHCP on the main interface and a static IPv6 address in the alias, They also allow combinations like DHCP on the main interface and a static IPv6 address in the alias,
Line 445: Line 546:
  ip addr   ip addr
 +===== Aliases: the new way =====
 +
 +Basically create an 'interface' section per IP, but alias interfaces may NOT be of type bridge
 +
 +  * For non-bridged interfaces (physdev) the ''ifname'' is the <interface-of-network-for-same-phydev>
 +  * For cases where the interface is bridged the ''ifname'' is br-''base-interface'', where ''base-interface'' is the name of the primary IP's config section (e.g. for a the default lan interface config, the first alias would use ifname br-lan).
 +
 +A minimal alias definition for a bridged interface might be (for a scenario without vlans):
 +<code>config interface lan
 +        option 'ifname' 'eth0'
 +        option 'type' 'bridge'
 +        option 'proto' 'static'
 +        option 'ipaddr' '192.168.1.1'
 +        option 'netmask' '255.255.255.0'</code>
 +
 +<code>config interface lan2
 +      option 'ifname' 'br-lan'
 +      option 'proto' 'static'
 +      option 'ipaddr' '10.0.0.1'
 +      option 'netmask' '255.255.255.0'</code>
 +
 +or for a non-bridge interface
 +<code>config interface lan
 +        option 'ifname' 'eth0'
 +        option 'proto' 'static'
 +        option 'ipaddr' '192.168.1.1'
 +        option 'netmask' '255.255.255.0'</code>
 +
 +<code>config interface lan2
 +      option 'ifname' 'eth0'
 +      option 'proto' 'static'
 +      option 'ipaddr' '10.0.0.1'
 +      option 'netmask' '255.255.255.0'</code>
 +
 +To see a list of interfaces you can do ''ubus list network.interface.*'' and to view the ip of a particular interface (the UCI name not the physical interface), do ''ifstatus <interface>'' (e.g. ''ifstatus lan2'')
==== IPv4 Routes ==== ==== IPv4 Routes ====
Line 471: Line 607:
| ''metric'' | number | no | ''0'' | Specifies the //route metric// to use | | ''metric'' | number | no | ''0'' | Specifies the //route metric// to use |
| ''mtu'' | number | no | //interface MTU// | Defines a specific MTU for this route | | ''mtu'' | number | no | //interface MTU// | Defines a specific MTU for this route |
 +| ''table'' | routing table | no | //(none)// | Defines the table ID to use for the route. The ID can be either a numeric table index ranging from 0 to 65535 or a symbolic alias declared in /etc/iproute2/rt_tables. The special aliases local (255), main (254) and default (253) are recognized as well |
==== IPv6 Routes ==== ==== IPv6 Routes ====
Line 495: Line 632:
| ''metric'' | number | no | ''0'' | Specifies the //route metric// to use | | ''metric'' | number | no | ''0'' | Specifies the //route metric// to use |
| ''mtu'' | number | no | //interface MTU// | Defines a specific MTU for this route | | ''mtu'' | number | no | //interface MTU// | Defines a specific MTU for this route |
 +| ''table'' | routing table | no | //(none)// | Defines the table ID to use for the route. The ID can be either a numeric table index ranging from 0 to 65535 or a symbolic alias declared in /etc/iproute2/rt_tables. The special aliases local (255), main (254) and default (253) are recognized as well |
==== IP rules ==== ==== IP rules ====
Line 523: Line 661:
  * ''vpn'' is the incoming //logical interface name//   * ''vpn'' is the incoming //logical interface name//
  * ''fdca:1234::/64'' is the destination subnet to match   * ''fdca:1234::/64'' is the destination subnet to match
-  * ''prohibit'' is a routign action to take+  * ''prohibit'' is a routing action to take
The options below are defined for //IP rule// (''rule'' and ''rule6'') sections: The options below are defined for //IP rule// (''rule'' and ''rule6'') sections:
Line 759: Line 897:
In order to derive a Linux interface name like ''eth1'' from a logical network name like ''wan'' for use in scripts or tools like ''ifconfig'' and ''route'' the ''uci'' utility can be used as illustrated in the example below which opens port 22 on the interface. In order to derive a Linux interface name like ''eth1'' from a logical network name like ''wan'' for use in scripts or tools like ''ifconfig'' and ''route'' the ''uci'' utility can be used as illustrated in the example below which opens port 22 on the interface.
-<code>WANIF=$(uci -P/var/state get network.wan.ifname) +<code bash> 
-iptables -I INPUT -i $WANIF -p tcp --dport 22 -j ACCEPT</code>+WANIF=$(uci -P/var/state get network.wan.ifname) 
 +iptables -I INPUT -i $WANIF -p tcp --dport 22 -j ACCEPT 
 +</code> 
 + 
 +The uci state vars are deprecated and not used anymore for network related information [[https://forum.openwrt.org/viewtopic.php?pid=203787#p203787|Quoting jow in the forum]].\\ 
 +Use /lib/functions/network.sh: 
 + 
 +<code bash> 
 +source /lib/functions/network.sh 
 + 
 +if network_get_ipaddr addr "wan"; then 
 +    echo "IP is $addr" 
 +fi 
 +</code> 
 +===== Multiple IP addresses ===== 
 +Assigning multiple ip addresses to the same interface: 
 +<code> 
 +config interface foo 
 +  option ifname eth1 
 +  list ipaddr 10.8.0.1/24 
 +  list ipaddr 10.9.0.1/24 
 +  list ip6addr fdca:abcd::1/64 
 +  list ip6addr fdca:cdef::1/64 
 +</code> 
 +Specifying multiple interfaces sharing the same device: 
 +<code> 
 +config interface foo 
 +  option ifname eth1 
 +  option ipaddr 10.8.0.1 
 +  option netmask 255.255.255.0 
 +  option ip6addr fdca:abcd::1/64 
 + 
 +config interface foo2 
 +  option ifname eth1 
 +  option ipaddr 10.9.0.1 
 +  option netmask 255.255.255.0 
 +  option ip6addr fdca:cdef::1/64 
 +</code> 
 +More info at [[https://dev.openwrt.org/ticket/2829#comment:7]] http://pracandajr.blogspot.co.uk/.

Back to top

doc/uci/network.1368475310.txt.bz2 · Last modified: 2013/05/13 22:01 by steven