User Tools

Site Tools


doc:uci:network

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:uci:network [2013/05/13 22:01]
steven
doc:uci:network [2015/05/04 21:56] (current)
martin.blumenstingl [DSL / VDSL] wording
Line 1: Line 1:
 ====== Network configuration ====== ====== Network configuration ======
-The central network configuration is located in ''/​etc/​config/​network''​. +The central network configuration is located in the file ''/​etc/​config/​network''​. ​This configuration file is responsible for defining //switch VLANs//, //interface configurations//​ and //network routes//. After editing and saving ''/​etc/​config/​network''​ you need to execute ​<​code>​/etc/init.d/network reload</​code>​ to stop and restart the network before any changes take effectRebooting the router is not necessary.
-<​code>​ +
-config interface loopback +
-        option ifname ​  lo +
-        option proto    static +
-        option ipaddr ​  127.0.0.1 +
-        option netmask ​ 255.0.0.0+
  
-config interface lan +  ​* https://dev.openwrt.org/​browser/​branches/​attitude_adjustment/​package/​base-files/​files/​etc/​config/​network 
-        option ifname ​  ​eth0 +  ​* https://dev.openwrt.org/​browser/​trunk/​package/​base-files/​files/​etc/​config/​network
-        option type     ​bridge +
-        option proto    static +
-        option ipaddr ​  ​192.168.1.1 +
-        ​option netmask ​ 255.255.255.0+
  
-config interface wan +Feel free to inform yourself about [[doc/techref/netifd|netifd]] (Network Interface Daemon).
-        option ifname ​  ​eth0.2 +
-        option proto    pppoe +
-        option username testuser +
-        option password secret +
- +
-config switch eth0 +
-        option enable_vlan ​     1 +
- +
-config switch_vlan +
-        option device ​  ​eth0 +
-        option vlan     1 +
-        option ports    "0 1 2 3 4" +
-</​code>​ +
-This is the default configuration file for Backfire on a D-link Dir-601 Rev.A and typical example of a basic network setup. +
-This configuration file is responsible for defining //switch VLANs//, //interface configurations//​ and //network routes//. +
- +
-**''​Hint:''​** After editing and saving ''/​etc/​config/​network''​ you need to execute +
-<​code>​ +
-/etc/init.d/​network restart +
-</​code>​ +
-to stop and restart the network before any changes take effect. Rebooting the router will have the same effect but is not necessary.+
  
 ===== Sections ===== ===== Sections =====
Line 49: Line 18:
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''​ula_prefix''​ | IPv6-prefix | no | //(none)// | IPv6 ULA-Prefix for this device |+| ''​ula_prefix''​ | IPv6-prefix | no | //(none)// | IPv6 [[wp>​Unique local address|ULA]]-Prefix for this device |
  
 ==== Switch ==== ==== Switch ====
 +The ''​switch''​ section is responsible for partitioning the switch into several //VLANs// which appear as independent interfaces in the system although they share the same hardware. **Not every OpenWrt supported device (or architecture,​ like x86) has a programmable switch**, therefore this section might not be present on some platforms. Please also note, that some switches only support 4Bit-VLANs.
  
-The ''​switch''​ section is responsible for partitioning the switch into several //VLANs// which appear as independent interfaces in the system although they share the same hardware. Not every OpenWrt supported device has a programmable switch, therefore this section might not be present on some platforms. +There are currently two different configuration formats in use, one for the legacy ''/​proc/​switch/''​ API and one for the newer ''​[[doc/techref/swconfig|swconfig]]''​-based switch ​configuration.
- +
-There are currently two different configuration formats in use, one for the legacy ''/​proc/​switch/''​ API and one for the newer //swconfig// based switch ​infrastructure.+
  
 === /​proc/​switch === === /​proc/​switch ===
- +This variant is actually ​only found on Broadcom devices like the WRT54GL.
-This variant is only found on Broadcom devices like the WRT54GL.+
  
 A typical configuration for it looks like this: A typical configuration for it looks like this:
Line 72: Line 39:
  
 === swconfig === === swconfig ===
 +The newer ''​[[doc/​techref/​swconfig|swconfig]]''​-framework is intended to replace the legacy switch configuration.
  
-The newer //​swconfig//​ framework is intended to replace the legacy switch configuration. +Configuration ​for swconfig ​have a slightly ​different structure with one extra section per VLAN.
- +
-The typical filepath ​for the config is ''/​etc/​config/​network''​ +
- +
-//​Swconfig//​ based configurations ​have a different structure with one extra section per vlan.+
 The example below shows a typical configuration:​ The example below shows a typical configuration:​
 <​code>​config '​switch'​ '​eth0'​ <​code>​config '​switch'​ '​eth0'​
Line 95: Line 59:
 Common properties are defined within the ''​switch''​ section; vlan specific properties are located in additional ''​switch_vlan''​ sections linked to the ''​switch''​ section through the ''​device''​ option. Common properties are defined within the ''​switch''​ section; vlan specific properties are located in additional ''​switch_vlan''​ sections linked to the ''​switch''​ section through the ''​device''​ option.
 The complete layout is explained in the [[doc:​uci:​network::​switch|switch documentation]]. The complete layout is explained in the [[doc:​uci:​network::​switch|switch documentation]].
-==== Interfaces ==== 
  
 +
 +==== Interfaces ====
 Sections of the type ''​interface''​ declare logical networks serving as containers for IP address settings, [[doc:​uci:​network#​aliases|aliases]],​ [[doc:​uci:​network#​ipv4.routes|routes]],​ physical interface names and [[doc:​uci:​firewall#​zones|firewall rules]] - they play a central role within the OpenWrt configuration concept. Sections of the type ''​interface''​ declare logical networks serving as containers for IP address settings, [[doc:​uci:​network#​aliases|aliases]],​ [[doc:​uci:​network#​ipv4.routes|routes]],​ physical interface names and [[doc:​uci:​firewall#​zones|firewall rules]] - they play a central role within the OpenWrt configuration concept.
  
Line 119: Line 84:
 | ''​pppoa''​ | PPP over ATM - DSL connection using a builtin modem |  ''​pppd''​ + plugin ...  | | ''​pppoa''​ | PPP over ATM - DSL connection using a builtin modem |  ''​pppd''​ + plugin ...  |
 | ''​3g''​ | CDMA, UMTS or GPRS connection using an AT-style 3G modem |  ''​comgt'' ​ | | ''​3g''​ | CDMA, UMTS or GPRS connection using an AT-style 3G modem |  ''​comgt'' ​ |
 +| ''​qmi''​ | USB modems using QMI protocol |  ''​uqmi'' ​ |
 +| ''​ncm''​ | USB modems using NCM protocol |  ''​comgt-ncm''​ + ?  |
 +| ''​hnet''​ | Self-managing home network (HNCP) |  ''​hnet-full'' ​ |
 | ''​pptp''​ | Connection via PPtP VPN |  ?  | | ''​pptp''​ | Connection via PPtP VPN |  ?  |
-| ''​6in4''​ | IPv6-in-IPv4 tunnel ​for use with Tunnel Brokers like HE.net |  ?  |+| ''​6in4''​ | IPv6-in-IPv4 tunnel ​forSuppresses DHCP-assigned default gateway if set to 0.0.0.0 ​use with Tunnel Brokers like HE.net |  ?  | 
 +| ''​aiccu''​ | Anything-in-anything tunnel ​ |  ''​aiccu'' ​ |
 | ''​6to4''​ | Stateless IPv6 over IPv4 transport |  ?  | | ''​6to4''​ | Stateless IPv6 over IPv4 transport |  ?  |
-| ''​none''​ | Unspecified protocol |  -  |+| ''​6rd''​ | IPv6 rapid deployment |  ''​6rd'' ​ | 
 +| ''​dslite''​ | Dual-Stack Lite |  ''​ds-lite'' ​ | 
 +| ''​l2tp''​ | PPP over L2TP Pseudowire Tunnel |  ''​xl2tpd'' ​ | 
 +| ''​relay''​ | relayd pseudo-bridge |  ''​relayd'' ​ | 
 +| ''​gre'',​ ''​gretap''​ | GRE over IPv4 |  ''​gre''​ + ''​kmod-gre'' ​ | 
 +| ''​grev6'',​ ''​grev6tap''​ | GRE over IPv6 |  ''​gre''​ + ''​kmod-gre6'' ​ | 
 +| ''​none''​ | Unspecified protocol, therefore all the other interface settings will be ignored (like disabling the configuration) ​|  -  |
  
 Depending on the used //interface protocol// several other options may be required for a complete interface declaration. Depending on the used //interface protocol// several other options may be required for a complete interface declaration.
 The corresponding options for each protocol are listed below. Options marked as "​yes"​ in the "​Required"​ column //must// be defined in the interface section if the corresponding protocol is used, options marked as "​no"​ //may// be defined but can be omitted as well. The corresponding options for each protocol are listed below. Options marked as "​yes"​ in the "​Required"​ column //must// be defined in the interface section if the corresponding protocol is used, options marked as "​no"​ //may// be defined but can be omitted as well.
 +
 +:!: In openwrt 12.09, if an interface section has no protocol defined (not even ''​none''​ ), the other settings are completely ignored. The result is that, if the interface section is mentioning a physical network interface (i.e. eth0), this will be down even if a cable is connected (with proto '​none'​ the interface is up). (could be that more testing is needed) ​
  
 === Options valid for all protocol types === === Options valid for all protocol types ===
Line 131: Line 108:
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
 | ''​ifname''​ | interface name(s) | yes(*) | //(none)// | Physical interface name to assign to this section, list of interfaces if type bridge is set.\\ //(*) This option may be empty or missing if only a wireless interface references this network or if the protocol type is ''​pptp'',​ ''​pppoa''​ or ''​6in4''//​ | | ''​ifname''​ | interface name(s) | yes(*) | //(none)// | Physical interface name to assign to this section, list of interfaces if type bridge is set.\\ //(*) This option may be empty or missing if only a wireless interface references this network or if the protocol type is ''​pptp'',​ ''​pppoa''​ or ''​6in4''//​ |
-| ''​type''​ | string | no | //(none)// | If set to "​bridge",​ a bridge containing the given //ifnames// is created |+| ''​type''​ | string | no | //(none)// | If set to "​bridge",​ a bridge containing the given //ifnames// is created\\ [[https://​forum.openwrt.org/​viewtopic.php?​pid=203784#​p203784|Wlan interface names are not predictable,​ therfore you cannot reference them directly in the network config]] ​|
 | ''​stp''​ | boolean | no | ''​0''​ | Only valid for type "​bridge",​ enables the Spanning Tree Protocol | | ''​stp''​ | boolean | no | ''​0''​ | Only valid for type "​bridge",​ enables the Spanning Tree Protocol |
 +| ''​bridge_empty''​ | boolean | no | ''​0''​ | Only valid for type "​bridge",​ enables creating empty bridges |
 +| ''​igmp_snooping''​ | boolean | no | ''​1''​ | Only valid for type "​bridge",​ sets the multicast_snooping kernel setting for a bridge |
 | ''​macaddr''​ | mac address | no | //(none)// | Override MAC address of this interface | | ''​macaddr''​ | mac address | no | //(none)// | Override MAC address of this interface |
 | ''​mtu''​ | number | no | //(none)// | Override the default MTU on this interface | | ''​mtu''​ | number | no | //(none)// | Override the default MTU on this interface |
 | ''​auto''​ | boolean | no | ''​0''​ for proto ''​none'',​ else ''​1''​ | Specifies whether to bring up interface on boot | | ''​auto''​ | boolean | no | ''​0''​ for proto ''​none'',​ else ''​1''​ | Specifies whether to bring up interface on boot |
-| ''​accept_ra''​ | boolean | no | ''​1''​ for protocol ''​dhcp'',​ else ''​0''​ | Specifies whether to accept IPv6 Router Advertisements on this interface (On Attitude Adjustment and earlier versions) | +| ''​ipv6''​ | boolean | no | ''​1''​ | Specifies whether to enable (1) or disable (0) IPv6 on this interface (Barrier Breaker and later only) | 
-| ''​send_rs''​ | boolean | no | ''​1''​ for protocol ''​static'',​ else ''​0''​ | Specifies whether to send Router Solicitations on this interface (On Attitude Adjustment and earlier versions) |+| ''​accept_ra''​ | boolean | no | ''​1''​ for protocol ''​dhcp'',​ else ''​0''​ | **deprecated:​** ​Specifies whether to accept IPv6 Router Advertisements on this interface (On Attitude Adjustment ​12.09 and earlier versions) | 
 +| ''​send_rs''​ | boolean | no | ''​1''​ for protocol ''​static'',​ else ''​0''​ | **deprecated:​** ​Specifies whether to send Router Solicitations on this interface (On Attitude Adjustment ​12.09 and earlier versions) ​
 +| ''​enabled''​ | boolean | no | ''​1'' ​ | enable or disable the interface section ​|
  
 === Protocol "​static"​ === === Protocol "​static"​ ===
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''​ipaddr''​ | ip address | yes, if no ''​ip6addr''​ is set | //(none)// | IP address |+| ''​ipaddr''​ | ip address | yes, if no ''​ip6addr''​ is set| //(none)// | IP address. [openwrt 12.09] It could be a list of ipaddr , that is: several ipaddresses will be assigned to the interface. If, instead of a list, several ipaddr are specified as options, only the last is applied. ​|
 | ''​netmask''​ | netmask | yes, if no ''​ip6addr''​ is set | //(none)// | Netmask | | ''​netmask''​ | netmask | yes, if no ''​ip6addr''​ is set | //(none)// | Netmask |
 | ''​gateway''​ | ip address | no | //(none)// | Default gateway | | ''​gateway''​ | ip address | no | //(none)// | Default gateway |
Line 148: Line 129:
 | ''​ip6addr''​ | ipv6 address | yes, if no ''​ipaddr''​ is set | //(none)// | Assign given IPv6 address to this interface (CIDR notation) | | ''​ip6addr''​ | ipv6 address | yes, if no ''​ipaddr''​ is set | //(none)// | Assign given IPv6 address to this interface (CIDR notation) |
 | ''​ip6gw''​ | ipv6 address | no | //(none)// | Assign given IPv6 default gateway to this interface | | ''​ip6gw''​ | ipv6 address | no | //(none)// | Assign given IPv6 default gateway to this interface |
-| ''​ip6assign''​ | prefix length | no | //(none)// | Delegate a prefix of given length to this interface (Barrier Breaker and later only) | +| ''​ip6assign''​ | prefix length | no | //(none)// | Delegate a [[[[network6#​downstream.configuration.for.lan-interfaces|prefix of given length]] to this interface (Barrier Breaker and later only) | 
-| ''​ip6hint''​ | prefix hint (hex) | no | //(none)// | Hint the subprefix that should be assigned ​as hexadecimal number (Barrier Breaker and later only) |  +| ''​ip6hint''​ | prefix hint (hex) | no | //​(none)// ​| [[network6#​downstream.configuration.for.lan-interfaces|Hint the subprefix-ID]] that should be delegeted ​as hexadecimal number (Barrier Breaker and later only) |  
-| ''​ip6prefix''​ | ipv6 prefix | no | //(none)// | Routed ​IPv6 prefix for downstream ​interfaces (Barrier Breaker and later only) |+| ''​ip6prefix''​ | ipv6 prefix | no | //(none)// | IPv6 prefix ​routed here for use on other interfaces (Barrier Breaker and later only) 
 +| ''​ip6class''​ | list of strings | no | //(none)// | Define the IPv6 prefix-classes this interface will accept ​|
 | ''​dns''​ | list of ip addresses | no | //(none)// | DNS server(s) | | ''​dns''​ | list of ip addresses | no | //(none)// | DNS server(s) |
 +| ''​dns_search''​ | list of domain names | no | //(none)// | Search list for host-name lookup |
 | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use | | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use |
 +| ''​force_link''​ | integer | no | ''​0''​ | Specifies whether ip address, route, and optionally gateway are assigned to the interface regardless of the link being active ('​1'​) or only after the link has become active ('​0'​);​ in trunk since the introduction of netifd; in case of a wireless interface the default is '​1'​ for an AP and '​0'​ for a STA. |
  
 === Protocol "​dhcp"​ === === Protocol "​dhcp"​ ===
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''​gateway''​ | string | no | //(none)// | Suppresses DHCP-assigned default gateway if set to 0.0.0.0 |+| ''​<del>gateway</​del>​''​ | <del>string</​del> ​<del>no</​del> ​<del>//(none)//</​del> ​<del>Suppresses DHCP-assigned default gateway if set to 0.0.0.0</​del>​ \\ (deprecated) ​|
 | ''​broadcast''​ | boolean | no | ''​0''​ | Enable the broadcast flag in DHCP requests, required for certain ISPs, e.g. Charter with DOCSIS 3 | | ''​broadcast''​ | boolean | no | ''​0''​ | Enable the broadcast flag in DHCP requests, required for certain ISPs, e.g. Charter with DOCSIS 3 |
 | ''​hostname''​ | string | no | //(none)// | Hostname to include in DHCP requests | | ''​hostname''​ | string | no | //(none)// | Hostname to include in DHCP requests |
Line 164: Line 148:
 | ''​dns''​ | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 | | ''​dns''​ | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 |
 | ''​peerdns''​ | boolean | no | ''​1''​ | Use DHCP-provided DNS server(s) | | ''​peerdns''​ | boolean | no | ''​1''​ | Use DHCP-provided DNS server(s) |
 +| ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create a default route via the received gateway |
 | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use | | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use |
 | ''​reqopts''​ | list of strings | no | //(none)// | Specifies a list of additional DHCP options to request | | ''​reqopts''​ | list of strings | no | //(none)// | Specifies a list of additional DHCP options to request |
 +| ''​iface6rd''​ | logical interface | no | //(none)// | Logical interface template for auto-configuration of 6rd |
 +
 +**Note:** To automatically configure 6rd from dhcp you need to create an interface with ''​option auto 0''​ and put its name as the '​iface6rd'​ parameter. In addition you also need to add its name to a suitable firewall zone in /​etc/​config/​firewall.
 +
 +:!: It seems that if an interface is configured as dhcp client, at least on OpenWrt 10.03, the default route received by dhcp 
 +will be the only one listed and will remove other default route/​metrics defined for other interfaces if those interfaces comes "​before"​ the interface with dhcp in terms of "​ifname"​ values. For example:
 +<​code>​
 +config interface wan
 +    option ifname eth0
 +    option proto static
 +    ..other options..
 +    ​
 +config interface wan2
 +    option ifname eth1
 +    option proto dhcp
 +    ..other options..
 +</​code>​
 +The interface with dhcp comes after (because eth1 comes after eth0 in a lexicografical order)
 +and will overwrite the default routes set up by the interface "​wan"​. While is not true the contrary.
 +If we have:
 +<​code>​
 +config interface wan
 +    option ifname eth0
 +    option proto dhcp
 +    ..other options..
 +    ​
 +config interface wan2
 +    option ifname eth1
 +    option proto static
 +    ..other options..
 +</​code>​
 +Both default routes set up by wan and wan2 will appear in the routing table.
  
 === Protocol "​dhcpv6"​ === === Protocol "​dhcpv6"​ ===
Line 174: Line 191:
 | ''​reqaddress''​ | [try,​force,​none] | no | try | Behaviour for requesting addresses | | ''​reqaddress''​ | [try,​force,​none] | no | try | Behaviour for requesting addresses |
 | ''​reqprefix''​ | [auto,​no,​0-64] | no | auto | Behaviour for requesting prefixes (numbers denote hinted prefix length). ​ Use '​no'​ if you only want a single IPv6 address for the AP itself without a subnet for routing | | ''​reqprefix''​ | [auto,​no,​0-64] | no | auto | Behaviour for requesting prefixes (numbers denote hinted prefix length). ​ Use '​no'​ if you only want a single IPv6 address for the AP itself without a subnet for routing |
-| ''​clientid''​ | string ​| no | //system default// | Override client identifier in DHCP requests |+| ''​clientid''​ | hexstring ​| no | //system default// | Override client identifier in DHCP requests ​
 +| ''​ifaceid''​ | ipv6 addr | no | //​link-local identifier//​ | Override the interface identifier for adresses received via RA |
 | ''​dns''​ | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 | | ''​dns''​ | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 |
 | ''​peerdns''​ | boolean | no | ''​1''​ | Use DHCP-provided DNS server(s) | | ''​peerdns''​ | boolean | no | ''​1''​ | Use DHCP-provided DNS server(s) |
 +| ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route via the received gateway |
 | ''​reqopts''​ | list of numbers | no | //(none)// | Specifies a list of additional DHCP options to request | | ''​reqopts''​ | list of numbers | no | //(none)// | Specifies a list of additional DHCP options to request |
 | ''​noslaaconly''​ | boolean | no | ''​0''​ | Don't allow configuration via SLAAC (RAs) only (implied by reqprefix != no) | | ''​noslaaconly''​ | boolean | no | ''​0''​ | Don't allow configuration via SLAAC (RAs) only (implied by reqprefix != no) |
 | ''​norelease''​ | boolean | no | ''​0''​ | Don't send a RELEASE when the interface is brought down | | ''​norelease''​ | boolean | no | ''​0''​ | Don't send a RELEASE when the interface is brought down |
 | ''​ip6prefix''​ | ipv6 prefix | no | //(none)// | Use an (additional) user-provided IPv6 prefix for distribution to clients | | ''​ip6prefix''​ | ipv6 prefix | no | //(none)// | Use an (additional) user-provided IPv6 prefix for distribution to clients |
 +| ''​iface_dslite''​ | logical interface | no | //(none)// | Logical interface template for auto-configuration of DS-Lite |
 +
 +**Note:** To automatically configure ds-lite from dhcpv6 you need to create an interface with ''​option auto 0''​ and put its name as the '​iface_dslite'​ parameter. In addition you also need to add its name to a suitable firewall zone in /​etc/​config/​firewall.
  
 === Protocol "​ppp"​ (PPP over Modem) === === Protocol "​ppp"​ (PPP over Modem) ===
Line 192: Line 214:
 | ''​connect''​ | file path | no | //(none)// | Path to custom PPP connect script | | ''​connect''​ | file path | no | //(none)// | Path to custom PPP connect script |
 | ''​disconnect''​ | file path | no | //(none)// | Path to custom PPP disconnect script | | ''​disconnect''​ | file path | no | //(none)// | Path to custom PPP disconnect script |
-| ''​keepalive''​ | number | no | //(none)// | Number of connection failures ​before ​reconnect ​|+| ''​keepalive''​ | number | no | //(none)// | Number of unanswered echo requests ​before ​considering the peer dead. The interval between echo requests is 5 seconds. ​|
 | ''​demand''​ | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity | | ''​demand''​ | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity |
 | ''​defaultroute''​ | boolean | no | ''​1''​ | Replace existing default route on PPP connect | | ''​defaultroute''​ | boolean | no | ''​1''​ | Replace existing default route on PPP connect |
Line 202: Line 224:
 === Protocol "​pppoe"​ (PPP over Ethernet) === === Protocol "​pppoe"​ (PPP over Ethernet) ===
  
-:!: The package ​''​ppp-mod-pppoe''​ must be installed to use PPPoE.+:!: The packages ''​ppp'',​ ''​kmod-pppoe''​ and ''​ppp-mod-pppoe''​ must be installed to use PPPoE. 
 + 
 +<​code>​ 
 +opkg update 
 +opkg install ppp kmod-pppoe ppp-mod-pppoe 
 +</​code>​
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
Line 244: Line 271:
  
 :!: The package ''​comgt''​ must be installed to use 3G. Check [[doc:​recipes:​3gdongle]] for further help with that. :!: The package ''​comgt''​ must be installed to use 3G. Check [[doc:​recipes:​3gdongle]] for further help with that.
 +
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
Line 250: Line 278:
 | ''​apn''​ | string | yes | //(none)// | Used APN | | ''​apn''​ | string | yes | //(none)// | Used APN |
 | ''​pincode''​ | number | no | //(none)// | PIN code to unlock SIM card | | ''​pincode''​ | number | no | //(none)// | PIN code to unlock SIM card |
 +| ''​dialnumber''​ | string | no | %%*99***1#​%% | Modem dial string e.g. *99# |
 | ''​maxwait''​ | number | no | ''​20''​ | Number of seconds to wait for modem to become ready | | ''​maxwait''​ | number | no | ''​20''​ | Number of seconds to wait for modem to become ready |
 | ''​username''​ | string | no(?) | //(none)// | Username for PAP/CHAP authentication | | ''​username''​ | string | no(?) | //(none)// | Username for PAP/CHAP authentication |
Line 260: Line 289:
 | ''​ipv6''​ | boolean | no | ''​0''​ | Enable IPv6 on the PPP link | | ''​ipv6''​ | boolean | no | ''​0''​ | Enable IPv6 on the PPP link |
  
 +
 +=== Protocol "​qmi"​ (USB modems using QMI protocol) ===
 +
 +:!: The package ''​uqmi''​ must be installed to use QMI.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​device''​ | file path | yes | //(none)// | QMI device node, typically /​dev/​cdc-wdm0 |
 +| ''​apn''​ | string | yes | //(none)// | Used APN |
 +| ''​pincode''​ | number | no | //(none)// | PIN code to unlock SIM card |
 +| ''​username''​ | string | no | //(none)// | Username for PAP/CHAP authentication |
 +| ''​password''​ | string | no | //(none)// | Password for PAP/CHAP authentication |
 +| ''​auth''​ | string | no | //(none)// | Authentication type: pap, chap, both, none|
 +| ''​modes''​ | string | no | //(modem default)// | Allowed network modes, comma separated list of: all, lte, umts, gsm, cdma, td-scdma |
 +| ''​delay''​ | number | no | 0 | Seconds to wait before trying to interact with the modem (some ZTE modems require up to 30 s.)|
 +
 +=== Protocol "​ncm"​ (USB modems using NCM protocol) ===
 +
 +:!: The package ''​comgt-ncm''​ + modem specific driver must be installed to use NCM.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​device''​ | file path | yes | //(none)// | NCM device node, typically /​dev/​cdc-wdm0 or /​dev/​ttyUSB#​ |
 +| ''​apn''​ | string | yes | //(none)// | Used APN |
 +| ''​pincode''​ | number | no | //(none)// | PIN code to unlock SIM card |
 +| ''​username''​ | string | no | //(none)// | Username for PAP/CHAP authentication |
 +| ''​password''​ | string | no | //(none)// | Password for PAP/CHAP authentication |
 +| ''​auth''​ | string | no | //(none)// | Authentication type: pap, chap, both, none|
 +| ''​mode''​ | string | no | //(modem default)// | Used network mode, not every device support every mode: preferlte, preferumts, lte, umts, gsm, auto |
 +| ''​delay''​ | number | no | 0 | Seconds to wait before trying to interact with the modem (some modems require up to 30 s.)|
 +
 +=== Protocol "​hnet"​ (Self-managing home network (HNCP)) ===
 +
 +:!: The package ''​hnet-full''​ must be installed to use hnet.
 +:!: See http://​tools.ietf.org/​html/​draft-ietf-homenet-hncp for details.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​mode''​ | string | no | auto | Interface mode. One of external, guest, adhoc or hybrid. |
 +| ''​ip6assign''​ | integer | no | 64 | IPv6-prefix size to assign to this interface if internal. |
 +| ''​ip4assign''​ | integer | no | 24 | IPv4-prefix size to assign to this interface if internal. |
 +| ''​dnsname''​ | string | no | <​device-name>​ | DNS-Label to assign to interface. |
  
 === Protocol "​pptp"​ (Point-to-Point Tunneling Protocol) === === Protocol "​pptp"​ (Point-to-Point Tunneling Protocol) ===
Line 269: Line 337:
 | ''​username''​ | string | no(?) | //(none)// | Username for PAP/CHAP authentication | | ''​username''​ | string | no(?) | //(none)// | Username for PAP/CHAP authentication |
 | ''​password''​ | string | no(?) | //(none)// | Password for PAP/CHAP authentication | | ''​password''​ | string | no(?) | //(none)// | Password for PAP/CHAP authentication |
-| ''​buffering''​ | boolean | no | ''​1''​ | Enables buffering and reordering of packets, ''​0''​ disables it (''​--nobuffer''​) |+| ''​buffering''​ | boolean | no | ''​1''​ | <del>Enables buffering and reordering of packets, ''​0''​ disables it (''​--nobuffer''​)</​del>​ pptp buffering option removed in r32482 ​|
 | ''​keepalive''​ | integer | no | ? | Number of attempts to reconnect | | ''​keepalive''​ | integer | no | ? | Number of attempts to reconnect |
 +| ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create a default route over the tunnel ​ |
 +| ''​peerdns''​ | boolean | no | ''​1''​ |Use PPTP-provided DNS server(s) |
 +| ''​delegate''​ | boolean | no | ?  |Use builtin IPv6-management |
 | ''​iface''​ | string | no(?) | ''​pptp-<​vpn>''​ | Name of the physical interface. Defaults to ''​pptp-<​vpn>''​ no matter what you use | | ''​iface''​ | string | no(?) | ''​pptp-<​vpn>''​ | Name of the physical interface. Defaults to ''​pptp-<​vpn>''​ no matter what you use |
  
Line 282: Line 353:
 | ''​ip6addr''​ | IPv6 address (CIDR) | yes | //(none)// | Local IPv6 address delegated to the tunnel endpoint | | ''​ip6addr''​ | IPv6 address (CIDR) | yes | //(none)// | Local IPv6 address delegated to the tunnel endpoint |
 | ''​ip6prefix''​ | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces (Barrier Breaker and later only) | | ''​ip6prefix''​ | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces (Barrier Breaker and later only) |
 +| ''​sourcerouting''​ | boolean | no | ''​1''​ | Whether to route only packets from delegated prefixes (Barrier Breaker and later only) |
 | ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel | | ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel |
 | ''​ttl''​ | integer | no | ''​64''​ | TTL used for the tunnel interface | | ''​ttl''​ | integer | no | ''​64''​ | TTL used for the tunnel interface |
 +| ''​tos''​ | string | no | //(none)// | Type Of Service : either "​inherit"​ (the outer header inherits the value of the inner header) or an hexadecimal value (Chaos Calmer and later only) |
 | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface | | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface |
 | ''​tunnelid''​ | integer | no | //(none)// | HE.net global tunnel ID (used for endpoint update) | | ''​tunnelid''​ | integer | no | //(none)// | HE.net global tunnel ID (used for endpoint update) |
-| ''​username''​ | string | no | //(none)// | HE.net ​user ID (used for endpoint update) | +| ''​username''​ | string | no | //(none)// | HE.net ​username which you use to login into tunnelbroker,​ not the User ID shows after you have login int  ​(used for endpoint update) | 
-| ''​password''​ | string | no | //(none)// | md5sum of HE.net password (used for endpoint update) |+| ''​password''​ | string | no | //(none)// | <del>md5sum of</​del>​ HE.net password (used for endpoint update) | 
 +| ''​updatekey''​ | string | no | //(none)// | HE.net ​updatekey, overrides ​password (used for endpoint update) |
 | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use | | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use |
  
 **Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface sixbone''​ would result in an interface named ''​6in4-sixbone''​. **Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface sixbone''​ would result in an interface named ''​6in4-sixbone''​.
  
 +**Note:** HE.net has introduced updatekey as default for new tunnels in February 2014. Support added to Openwrt trunk by r39646.
 +
 +**Note:** as of r41358 **username**,​ **password** and **updatekey** are all plaintext entries.
 +
 +**Note:** although ip6prefix isn't required, sourcerouting,​ enabled by default, will prevent forwarding of packets unless ip6prefix is specified.
 +
 +=== Protocol "​aiccu"​ (Automatic IPv6 Connectivity Client Utility) ===
 +
 +:!: The package ''​aiccu''​ must be installed to use this protocol.
 +
 +:!: This protocol is avaliable for Barrier Breaker and newer versions only.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​username''​ | string | yes | //(none)// | Server username |
 +| ''​password''​ | string | yes | //(none)// | Server password |
 +| ''​protocol''​ | string | no | //(none)// | Tunnel setup protocol to use (''​tic'',​ ''​tsp'',​ ''​l2tp''​) ​ |
 +| ''​server''​ | string | no | ''​tic.sixxs.net''​ | Tunnel setup server to use |
 +| ''​ip6addr''​ | IPv6 address (CIDR) | no | //(none)// | Local IPv6 address delegated to the tunnel endpoint (not necessary) |
 +| ''​ntpsynctimeout''​ | integer | no | ''​90''​ | Wait for NTP sync that many seconds ([[https://​github.com/​openwrt/​packages/​pull/​579|available since aiccu 20070115-12]]) ​ |
 +| ''​tunnelid''​ | integer | no | //(none)// | TIC server tunnel ID |
 +| ''​ip6prefix''​ | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces |
 +| ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel |
 +| ''​sourcerouting''​ | boolean | no | ''​1''​ | Whether to route only packets from delegated prefixes |
 +| ''​tunnelid''​ | integer | no | //(none)// | TIC server tunnel ID |
 +| ''​requiretls''​ | boolean | no | ''​0''​ | Require TLS connection to TIC server|
 +| ''​nat''​ | boolean | no | ''​1''​ | Notify the user that a NAT-kind network is detected|
 +| ''​heartbeat''​ | boolean | no | ''​1''​ | Make heartbeats |
 +| ''​verbose''​ | boolean | no | ''​0''​ | Verbose logging to system log|
 +
 +**Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface sixbone''​ would result in an interface named ''​aiccu-sixbone''​.
  
 === Protocol "​6to4"​ (IPv6-in-IPv4 Tunnel) === === Protocol "​6to4"​ (IPv6-in-IPv4 Tunnel) ===
Line 301: Line 405:
 | ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel | | ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel |
 | ''​ttl''​ | integer | no | ''​64''​ | TTL used for the tunnel interface | | ''​ttl''​ | integer | no | ''​64''​ | TTL used for the tunnel interface |
 +| ''​tos''​ | string | no | //(none)// | Type Of Service : either "​inherit"​ (the outer header inherits the value of the inner header) or an hexadecimal value (Chaos Calmer and later only) |
 | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface | | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface |
 | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use | | ''​metric''​ | integer | no | ''​0''​ | Specifies the default route metric to use |
Line 315: Line 420:
  
 :!: The package ''​6rd''​ must be installed to use this protocol. :!: The package ''​6rd''​ must be installed to use this protocol.
 +
 +:!: The needed tunnel values are usually obtained via the DHCPv4 request for the WAN interface. Try that [[doc/​uci/​network6#​rd_tunnel_isp-provided_ipv6_transition|first]]. Below is only needed for hardcoding the tunnel.
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
Line 324: Line 431:
 | ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel | | ''​defaultroute''​ | boolean | no | ''​1''​ | Whether to create an IPv6 default route over the tunnel |
 | ''​ttl''​ | integer | no | ''​64''​ | TTL used for the tunnel interface | | ''​ttl''​ | integer | no | ''​64''​ | TTL used for the tunnel interface |
 +| ''​tos''​ | string | no | //(none)// | Type Of Service : either "​inherit"​ (the outer header inherits the value of the inner header) or an hexadecimal value (Chaos Calmer and later only) |
 | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface | | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface |
  
 **Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface wan6''​ would result in an interface named ''​6rd-wan6''​. **Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface wan6''​ would result in an interface named ''​6rd-wan6''​.
 +
 +**Note:** Some ISP's give you the number of bytes you should use from your WAN IP to calculate your IPv6 address. ip4prefixlen expects the //prefix// bytes of your WAN IP to calculate the IPv6 address. So if your ISP gives you 14 bytes to calculate, enter 18 (32 - 14).
  
  
Line 341: Line 451:
 | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface | | ''​mtu''​ | integer | no | ''​1280''​ | MTU used for the tunnel interface |
  
-**Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config ​interface wan6''​ would result in an interface named ''​dslite-wan6''​.+:!: ds-lite operation requires that IPv4 NAT is disabledYou should adjust your settings in /etc/config/firewall accordingly.
  
 +**Note:** This protocol type does not need an ''​ifname''​ option set in the interface section. The interface name is derived from the section name, e.g. ''​config interface wan''​ would result in an interface named ''​dslite-wan''​.
  
-=== Protocol "​l2tp"​ (L2TP Pseudowire Tunnel) === 
  
-:!: The package ''​l2tpv3tun''​ must be installed to use this protocol.\\ +=== Protocol "​l2tp"​ (PPP over L2TP Pseudowire Tunnel) === 
-:!: This protocol ​is only supported on 2.6.35 and newer kernels.+ 
 +:!: The package ''​xl2tpd''​ must be installed to use this protocol. 
 + 
 +Most options are similar to protocol ​"​ppp"​.
  
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''​localaddr''​ | IPv4 address ​| yes, if no ''​local6addr''​ is set | //(none)// | Local IPv4 endpoint ​address | +| ''​server''​ | string ​| yes | //(none)// | L2TP server to connect to (hostname or IP address
-| ''​peeraddr''​ | IPv4 address ​yes, if no ''​peer6addr''​ is set | //(none)// | Remote IPv4 endpoint address ​+| ''​username''​ | string ​| no | //(none)// | Username for PAP/CHAP authentication ​
-| ''​local6addr''​ | IPv6 address ​| yesif no ''​localaddr''​ is set | //(none)// | Local IPv6 endpoint address ​+| ''​password''​ | string ​| yes if ''​username''​ is provided ​| //(none)// | Password for PAP/CHAP authentication ​
-| ''​peer6addr''​ | IPv6 address ​yes, if no ''​peeraddr''​ is set //(none)// | Remote IPv6 endpoint address ​+| ''​ipv6''​ | bool | no | 0 | Enable IPv6 on the PPP link (IPv6CP) | 
-| ''​encap''​ | string ​| no | ''​udp''​ | L2TPv3 encapsulation modeeither ''​ip''​ or ''​udp'' ​+| ''​mtu''​ | int | no | ''​pppd'' ​default ​Maximum Transmit/​Receive Unitin bytes 
-| ''​sport''​ | port number ​| no | ''​1701''​ | L2TPv3 source port, only applicable to UDP encapsulation | +| ''​keepalive''​ | string ​| no | //​(none)// ​Number ​of unanswered echo requests before considering the peer dead. The interval between echo requests is 5 seconds. ​
-| ''​dport''​ | port number | no | ''​1701''​ | L2TPv3 destination port, only applicable to UDP encapsulation | +| ''​pppd_options''​ | string ​| no | //(none)// | Additional ​options ​to pass to ''​pppd''​ |
-| ''​tunnel_id''​ | integer | no | Next unused tunnel ID | Local L2TPv3 tunnel ID | +
-| ''​peer_tunnel_id''​ | integer | no Value of ''​tunnel_id''​ | Remote L2TPv3 tunnel ID +
-| ''​session_id''​ | integer ​| no | Next unused session ID | Local L2TPv3 session ID | +
-| ''​peer_session_id''​ | integer | no | Value of ''​session_id''​ | Remote L2TPv3 session ID | +
-| //Additionally all options ​defined for the ''​static'' ​protocol type can be specified// |||||+
  
 +The name of the physical interface will be "​l2tp-<​logical interface name>"​.
  
 === Protocol "​relay"​ (Relayd Pseudo Bridge) === === Protocol "​relay"​ (Relayd Pseudo Bridge) ===
Line 377: Line 486:
 | ''​forward_dhcp''​ | boolean | no | ''​1''​ | Enables forwarding of DHCP requests and responses, ''​0''​ disables it | | ''​forward_dhcp''​ | boolean | no | ''​1''​ | Enables forwarding of DHCP requests and responses, ''​0''​ disables it |
  
-=== Protocol "​6relay"​ (IPv6 Pseudo Bridge) === 
  
-:!: The IPv6 pseudo-bridging feature has been moved into its own configuration. See [[doc:​uci::​6relayd|6relayd configuration]].+=== Common options for GRE protocols ===
  
 +:!: The package ''​gre''​ must be installed to use GRE. Additionally,​ you need ''​kmod-gre''​ and/or ''​kmod-gre6''​.
 +
 +GRE support has been introduced in Barrier Breaker. ​ Four protocols are defined: "​gre",​ "​gretap",​ "​grev6",​ and "​grev6tap"​.
 +The name of the GRE interface will be ''​gre-<​logical interface name>''​ for "​gre"​ and "​gretap",​ and ''​grev6-<​logical interface name>''​ for "​grev6"​ and "​grev6tap"​.
 +
 +All four protocols accept the following common options:
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​mtu''​ | integer | no | 1280 | MTU |
 +| ''​ttl''​ | integer | no | 64 | TTL of the encapsulating packets |
 +| ''​tunlink''​ | logical interface name | no | //(none)// | Bind the tunnel to this interface (''​dev''​ option of "ip tunnel"​) |
 +| ''​zone''​ | zone name | no | "​wan"​ | Firewall zone to which the interface will be added |
 +| ''​tos''​ | string | no | //(none)// | Type of Service (IPv4), Traffic Class (IPv6): either "​inherit"​ (the outer header inherits the value of the inner header) or an hexadecimal value (Chaos Calmer and later only) | 
 +| ''​ikey''​ | integer | no | 0 | key for incoming packets |
 +| ''​okey''​ | integer | no | 0 | key for outgoing packets |
 +| ''​icsum''​ | boolean | no | false | require incoming checksum |
 +| ''​ocsum''​ | boolean | no | false | compute outgoing checksum |
 +| ''​iseqno''​ | boolean | no | false | require incoming packets serialisation |
 +| ''​oseqno''​ | boolean | no | false | perform outgoing packets serialisation |
 +
 +=== Protocol "​gre"​ (GRE tunnel over IPv4) ===
 +
 +The following options are supported, in addition to all common options above:
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​ipaddr''​ | IPv4 address | no | WAN IP | Local endpoint |
 +| ''​peeraddr''​ | IPv4 address | yes | //(none)// | Remote endpoint |
 +| ''​df''​ | boolean | no | true | Set "​Don'​t Fragment"​ flag on encapsulating packets |
 +
 +=== Protocol "​gretap"​ (Ethernet GRE tunnel over IPv4) ===
 +
 +The following options are supported, in addition to all common options above:
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​ipaddr''​ | IPv4 address | no | WAN IP | Local endpoint |
 +| ''​peeraddr''​ | IPv4 address | yes | //(none)// | Remote endpoint |
 +| ''​df''​ | boolean | no | true | Set "​Don'​t Fragment"​ flag on encapsulating packets |
 +| ''​network''​ | logical interface name | no | //(none)// | Logical network to which the tunnel will be added (bridged) |
 +
 +=== Protocol "​grev6"​ (GRE tunnel over IPv6) ===
 +
 +The following options are supported, in addition to all common options above:
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​ip6addr''​ | IPv6 address | no | WAN IP | Local endpoint |
 +| ''​peer6addr''​ | IPv6 address | yes | //(none)// | Remote endpoint |
 +| ''​weakif''​ | logical interface name | no | ''​lan''​ | Logical network from which to select the local endpoint if ip6addr parameter is empty and no WAN IP is available |
 +
 +=== Protocol "​grev6tap"​ (Ethernet GRE tunnel over IPv6) ===
 +
 +The following options are supported, in addition to all common options above:
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​ip6addr''​ | IPv6 address | no | WAN IP | Local endpoint |
 +| ''​peer6addr''​ | IPv6 address | yes | //(none)// | Remote endpoint |
 +| ''​weakif''​ | logical interface name | no | ''​lan''​ | Logical network from which to select the local endpoint if ip6addr is empty and no WAN IP is available |
 +| ''​network''​ | logical interface name | no | //(none)// | Logical network to which the tunnel will be added (bridged) |
 ==== ATM Bridges (Ethernet over ATM AAL5) ==== ==== ATM Bridges (Ethernet over ATM AAL5) ====
  
Line 407: Line 572:
 | ''​encaps''​ | string | no | ''​llc''​ | PPPoA encapsulation mode: '​llc'​ (LLC) or '​vc'​ (VC) | | ''​encaps''​ | string | no | ''​llc''​ | PPPoA encapsulation mode: '​llc'​ (LLC) or '​vc'​ (VC) |
 | ''​payload''​ | string | no | ''​bridged''​ | PPPoA forwarding mode: '​routed'​ or '​bridged'​ | | ''​payload''​ | string | no | ''​bridged''​ | PPPoA forwarding mode: '​routed'​ or '​bridged'​ |
 +
 +==== DSL / VDSL ====
 +
 +:!: This currently only works on devices based on [[doc/​hardware/​soc/​soc.lantiq|lantiq SoCs]].
 +
 +(V)DSL uses a special config section called ''​dsl'',​ which typically looks like this:
 +<​code>​config vdsl '​dsl'​
 +        option annex '​b'​
 +        option firmware '/​lib/​firmware/​vdsl.bin'​
 +        option tone '​bv'​
 +        option xfer_mode '​atm'</​code>​
 +
 +The ''​dsl''​ section allows the following options:
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''​annex''​ | string | yes | ''​b''​ | Specifies the Annex setting (ISP/line dependent). \\ Supported values on lantiq AMAZON and DANUBE devices: b, bdmt, b2, b2p, a, at1, alite, admt, a2, a2p, l, m, m2, m2p \\ Supported values on lantiq ARX100 "​AR9"​ and VRX200 "​VR9"​ devices: a, b, j|
 +| ''​firmware''​ | string | yes | ''/​lib/​firmware/​vdsl.bin''​ | The path to the modem'​s firmware image\\ \\ :!: **Only supported by devices with [[doc/​hardware/​soc/​soc.lantiq|lantiq SoC]].**\\ The license of the firmware forbids distributing it so you have to find it yourself.\\ A list of known firmwares and how to extract them from redistributable sources can be found here: [[https://​xdarklight.github.io/​lantiq-xdsl-firmware-info/​]] |
 +| ''​tone''​ | string | yes | ''​bv''​ | The tone mode (ISP/line dependent). Supported values: a = A43, av = A43 + V43, b = B43, bv = B43 + V43\\ :!: **Only supported by devices with ARX100 "​AR9"​ and VRX200 "​VR9"​ [[doc/​hardware/​soc/​soc.lantiq|lantiq SoC]].** |
 +| ''​xfer_mode''​ | string | yes | ''​atm''​ | The transfer mode. Supported values are: atm = Asynchronous Transfer Mode (often used for ADSL connections),​ ptm = Packet Transfer Mode (often used for VDSL connections)\\ :!: **Only supported by devices with ARX100 "​AR9"​ and VRX200 "​VR9"​ [[doc/​hardware/​soc/​soc.lantiq|lantiq SoC]].** |
 ==== Aliases ==== ==== Aliases ====
 +
 +=== Aliases: the old way ===
 +| {{:​meta:​icons:​tango:​48px-outdated.svg.png?​nolink}} | The "​config alias" approach is //​deprecated//​. it used to be needed when multiple interfaces sharing the same device where not supported. [[https://​forum.openwrt.org/​viewtopic.php?​pid=203943#​p203943|JoW]] |
  
 //Alias// sections can be used to define further IPv4 and IPv6 addresses for interfaces. //Alias// sections can be used to define further IPv4 and IPv6 addresses for interfaces.
Line 445: Line 632:
   ip addr   ip addr
  
 +:!: This "​old"​ way works, at least, for OpenWrt 10.03.1 and 12.09.
 +=== Aliases: the new way ===
 +
 +Basically create an '​interface'​ section per IP, but alias interfaces may NOT be of type bridge
 +
 +  * For non-bridged interfaces (physdev , that is physical interfaces) the ''​ifname''​ is the <​interface-of-network-for-same-phydev>​
 +  * For cases where the interface is bridged the ''​ifname''​ is br-''​base-interface'',​ where ''​base-interface''​ is the name of the primary IP's config section (e.g. for a the default lan interface config, the first alias would use ifname br-lan).
 +
 +A minimal alias definition for a bridged interface might be (for a scenario without vlans):
 +<​code>​config interface lan
 +        option '​ifname'​ '​eth0'​
 +        option '​type'​ '​bridge'​
 +        option '​proto'​ '​static'​
 +        option '​ipaddr'​ '​192.168.1.1'​
 +        option '​netmask'​ '​255.255.255.0'</​code>​
 +
 +<​code>​config interface lan2
 +       ​option '​ifname'​ '​br-lan'​
 +       ​option '​proto'​ '​static'​
 +       ​option '​ipaddr'​ '​10.0.0.1'​
 +       ​option '​netmask'​ '​255.255.255.0'</​code>​
 +
 +or for a non-bridge interface
 +<​code>​config interface lan
 +        option '​ifname'​ '​eth0'​
 +        option '​proto'​ '​static'​
 +        option '​ipaddr'​ '​192.168.1.1'​
 +        option '​netmask'​ '​255.255.255.0'</​code>​
 +
 +<​code>​config interface lan2
 +       ​option '​ifname'​ '​eth0'​
 +       ​option '​proto'​ '​static'​
 +       ​option '​ipaddr'​ '​10.0.0.1'​
 +       ​option '​netmask'​ '​255.255.255.0'</​code>​
 +
 +To see a list of interfaces you can do ''​ubus list network.interface.*''​ and to view the ip of a particular interface (the UCI name not the physical interface), do ''​ifstatus <​interface>''​ (e.g. ''​ifstatus lan2''​).
 +
 +:!: Does not work on OpenWRT 10.03.x .
 +
 +=== Aliases: notes ===
 +On openwrt 12.09, a lan interface that is first defined as dhcp interface ​
 +and then has aliases with static ip address could cause problems ​
 +in routing the lan traffic through the wan zone using the basic lan-wan forwarding provided by openwrt. ​
 +A solution is: having the basic interface with static address and aliases with dhcp protocol.
  
 ==== IPv4 Routes ==== ==== IPv4 Routes ====
Line 471: Line 702:
 | ''​metric''​ | number | no | ''​0''​ | Specifies the //route metric// to use | | ''​metric''​ | number | no | ''​0''​ | Specifies the //route metric// to use |
 | ''​mtu''​ | number | no | //interface MTU// | Defines a specific MTU for this route | | ''​mtu''​ | number | no | //interface MTU// | Defines a specific MTU for this route |
 +| ''​table''​ | routing table | no | //(none)// | Defines the table ID to use for the route. The ID can be either a numeric table index ranging from 0 to 65535 or a symbolic alias declared in /​etc/​iproute2/​rt_tables. The special aliases local (255), main (254) and default (253) are recognized as well |
 +| ''​source''​ | ip address | no | //(none)// | The preferred source address when sending to destinations covered by the target |
 +| ''​onlink''​ | boolean | no | ''​0''​ | When enabled gateway is on link even if the gateway does not match any interface prefix (Barrier Breaker and later only) |
 +| ''​type''​ | string | no | ''​unicast''​ | One of the types outlined in the Routing Types table below (Barrier Breaker and later only) |
  
 +To disable a route quickly, the option ''​enabled''​ is not available. Just rewrite the ''​route''​ config section as ''​disabled_route''​ like:
 +<​file>​
 +config '​disabled_route'​ '​name_your_route'​
 +        ...lines...
 +</​file>​
 +and it will be recognized by the uci parser but not applied by the ''/​etc/​init.d/​network''​ script.
 ==== IPv6 Routes ==== ==== IPv6 Routes ====
  
Line 495: Line 736:
 | ''​metric''​ | number | no | ''​0''​ | Specifies the //route metric// to use | | ''​metric''​ | number | no | ''​0''​ | Specifies the //route metric// to use |
 | ''​mtu''​ | number | no | //interface MTU// | Defines a specific MTU for this route | | ''​mtu''​ | number | no | //interface MTU// | Defines a specific MTU for this route |
 +| ''​table''​ | routing table | no | //(none)// | Defines the table ID to use for the route. The ID can be either a numeric table index ranging from 0 to 65535 or a symbolic alias declared in /​etc/​iproute2/​rt_tables. The special aliases local (255), main (254) and default (253) are recognized as well |
 +| ''​source''​ | ip address | no | //(none)// | The preferred source address when sending to destinations covered by the target |
 +| ''​onlink''​ | boolean | no | ''​0''​ | When enabled gateway is on link even if the gateway does not match any interface prefix (Barrier Breaker and later only) |
 +| ''​type''​ | string | no | ''​unicast''​ | One of the types outlined in the Routing Types table below (Barrier Breaker and later only) |
 +
 +=== Routing Types ===
 +
 +^ Type ^ Description ^
 +| ''​unicast''​ | the route entry describes real paths to the destinations covered by the route prefix. |
 +| ''​local''​ | the destinations are assigned to this host. The packets are looped back and delivered locally. |
 +| ''​broadcast''​ | the destinations are broadcast addresses. The packets are sent as link broadcasts. |
 +| ''​multicast''​ | a special type used for multicast routing. ​ It is not present in normal routing tables. |
 +| ''​unreachable''​ | these destinations are unreachable. Packets are discarded and the ICMP message host unreachable is generated. The local senders get an EHOSTUNREACH error. |
 +| ''​prohibit''​ | these destinations are unreachable. Packets are discarded and the ICMP message communication administratively prohibited is generated. The local senders get an EACCES error. |
 +| ''​blackhole''​ | these destinations are unreachable. Packets are discarded silently. The local senders get an EINVAL error. |
 +| ''​anycast''​ | the destinations are anycast addresses assigned to this host. They are mainly equivalent to local with one difference: such addresses are invalid when used as the source address of any packet. |
 +
  
 ==== IP rules ==== ==== IP rules ====
  
-Since OpenWrt Barrier ​Braker, netifd supports //IP rule// declarations which are required to implement policy routing. \\+Since OpenWrt Barrier ​Breaker, netifd supports //IP rule// declarations which are required to implement policy routing. \\
 IPv4 rules can be defined by declaring one or more sections of type ''​rule'',​ IPv6 rules are denoted by sections of type ''​rule6''​. Both types share the same set of defined options. IPv4 rules can be defined by declaring one or more sections of type ''​rule'',​ IPv6 rules are denoted by sections of type ''​rule6''​. Both types share the same set of defined options.
  
Line 523: Line 781:
   * ''​vpn''​ is the incoming //logical interface name//   * ''​vpn''​ is the incoming //logical interface name//
   * ''​fdca:​1234::/​64''​ is the destination subnet to match   * ''​fdca:​1234::/​64''​ is the destination subnet to match
-  * ''​prohibit''​ is a routign ​action to take+  * ''​prohibit''​ is a routing ​action to take
  
 The options below are defined for //IP rule// (''​rule''​ and ''​rule6''​) sections: The options below are defined for //IP rule// (''​rule''​ and ''​rule6''​) sections:
Line 578: Line 836:
         option '​ip6addr' ​  '​2001:​0DB8:​100:​F00:​BA3::​1'</​code>​         option '​ip6addr' ​  '​2001:​0DB8:​100:​F00:​BA3::​1'</​code>​
  
 +==== Static IP configuration with multiple dnses ====
 +<​code>​config '​interface'​ '​example'​
 +        option '​proto' ​    '​static'​
 +        option '​ifname' ​   '​eth0'​
 +        option '​ipaddr' ​   '​192.168.1.200'​
 +        option '​netmask' ​  '​255.255.255.0'​
 +        list   '​dns' ​      '​192.168.1.1'​
 +        list   '​dns' ​      '​192.168.10.1'​
 +        # the priority is: the last dns listed will be the first one
 +        # to be chosen for the name resolution.
 +</​code>​
 +
 +:!: Openwrt will use the new dns configured only after a reboot or a ''/​etc/​init.d/​dnsmasq restart''​.
 ==== Static IP configuration and default gateway with non-zero metric ==== ==== Static IP configuration and default gateway with non-zero metric ====
  
Line 633: Line 904:
         option encaps '​vc'</​code>​         option encaps '​vc'</​code>​
  
 +==== listing an interface created by software on the router, like vpn ====
 +For example, a vpn interface is normally "​tun0"​. To list it in the uci config files (and therefore in luci):
 +<​code>​
 +config interface '​tun0'​
 +        option ifname '​tun0'​
 +        option proto '​none'​
 +</​code>​
 ==== Static IPv6-in-IPv4 tunnel ==== ==== Static IPv6-in-IPv4 tunnel ====
  
Line 749: Line 1027:
         option '​forward' ​    '​ACCEPT' ​   # Important         option '​forward' ​    '​ACCEPT' ​   # Important
         option '​output' ​     '​ACCEPT'</​code>​         option '​output' ​     '​ACCEPT'</​code>​
 +
 +==== Static addressing of a GRE tunnel ====
 +
 +Create a GRE tunnel with static address 10.42.0.253/​30,​ adding it to an existing firewall zone called ''​tunnels'':​
 +
 +<​code>​
 +config interface mytunnel ​                
 +        option proto    gre            ​
 +        option zone     ​tunnels ​                               ​
 +        option peeraddr 198.51.100.42 ​          
 +                                                            ​
 +config interface mytunnel_addr ​                                                     ​
 +        option proto    static ​                                    
 +        option ifname ​  ​@mytunnel ​                            
 +        option ipaddr ​  ​10.42.0.253 ​                      
 +        option netmask ​ 255.255.255.252 ​                    
 +        # Fixes IPv6 multicast (long-standing bug in kernel).
 +        # Useful if you run Babel or OSPFv3.
 +        option ip6addr ​ '​fe80::​42/​64'​
 +</​code>​
  
 ===== Network management ===== ===== Network management =====
Line 759: Line 1057:
 In order to derive a Linux interface name like ''​eth1''​ from a logical network name like ''​wan''​ for use in scripts or tools like ''​ifconfig''​ and ''​route''​ the ''​uci''​ utility can be used as illustrated in the example below which opens port 22 on the interface. In order to derive a Linux interface name like ''​eth1''​ from a logical network name like ''​wan''​ for use in scripts or tools like ''​ifconfig''​ and ''​route''​ the ''​uci''​ utility can be used as illustrated in the example below which opens port 22 on the interface.
  
-<​code>​WANIF=$(uci -P/​var/​state get network.wan.ifname) +<​code ​bash> 
-iptables -I INPUT -i $WANIF -p tcp --dport 22 -j ACCEPT</​code>​+WANIF=$(uci -P/​var/​state get network.wan.ifname) 
 +iptables -I INPUT -i $WANIF -p tcp --dport 22 -j ACCEPT 
 +</​code>​ 
 + 
 +The uci state vars are deprecated and not used anymore for network related information [[https://​forum.openwrt.org/​viewtopic.php?​pid=203787#​p203787|Quoting jow in the forum]].\\ 
 +Use /​lib/​functions/​network.sh:​ 
 + 
 +<code bash> 
 +source /​lib/​functions/​network.sh 
 + 
 +if network_get_ipaddr addr "​wan";​ then 
 +    echo "IP is $addr"​ 
 +fi 
 +</​code>​ 
 +===== Multiple IP addresses ===== 
 +Assigning multiple ip addresses to the same interface:​ 
 +<​code>​ 
 +config interface foo 
 +  option ifname eth1 
 +  list ipaddr 10.8.0.1/​24 
 +  list ipaddr 10.9.0.1/​24 
 +  list ip6addr fdca:​abcd::​1/​64 
 +  list ip6addr fdca:​cdef::​1/​64 
 +</​code>​ 
 +Specifying multiple interfaces sharing the same device: 
 +<​code>​ 
 +config interface foo 
 +  option ifname eth1 
 +  option ipaddr 10.8.0.1 
 +  option netmask 255.255.255.0 
 +  option ip6addr fdca:​abcd::​1/​64 
 + 
 +config interface foo2 
 +  option ifname eth1 
 +  option ipaddr 10.9.0.1 
 +  option netmask 255.255.255.0 
 +  option ip6addr fdca:​cdef::​1/​64 
 +</​code>​ 
 +More info at [[https://​dev.openwrt.org/​ticket/​2829#​comment:​7]].
doc/uci/network.1368475310.txt.bz2 · Last modified: 2013/05/13 22:01 by steven