Differences

This shows you the differences between two versions of the page.

doc:uci:network [2013/11/01 23:21]
cshore
doc:uci:network [2014/08/27 23:37] (current)
zorun
Line 84: Line 84:
| ''pppoa'' | PPP over ATM - DSL connection using a builtin modem |  ''pppd'' + plugin ...  | | ''pppoa'' | PPP over ATM - DSL connection using a builtin modem |  ''pppd'' + plugin ...  |
| ''3g'' | CDMA, UMTS or GPRS connection using an AT-style 3G modem |  ''comgt''  | | ''3g'' | CDMA, UMTS or GPRS connection using an AT-style 3G modem |  ''comgt''  |
 +| ''qmi'' | USB modems using QMI protocol |  ''uqmi''  |
 +| ''hnet'' | Self-managing home network (HNCP) |  ''hnet-full''  |
| ''pptp'' | Connection via PPtP VPN |  ?  | | ''pptp'' | Connection via PPtP VPN |  ?  |
| ''6in4'' | IPv6-in-IPv4 tunnel forSuppresses DHCP-assigned default gateway if set to 0.0.0.0 use with Tunnel Brokers like HE.net |  ?  | | ''6in4'' | IPv6-in-IPv4 tunnel forSuppresses DHCP-assigned default gateway if set to 0.0.0.0 use with Tunnel Brokers like HE.net |  ?  |
 +| ''aiccu'' | Anything-in-anything tunnel  |  ''aiccu''  |
| ''6to4'' | Stateless IPv6 over IPv4 transport |  ?  | | ''6to4'' | Stateless IPv6 over IPv4 transport |  ?  |
 +| ''6rd'' | IPv6 rapid deployment |  ''6rd''  |
 +| ''dslite'' | Dual-Stack Lite |  ''ds-lite''  |
 +| ''l2tp'' | PPP over L2TP Pseudowire Tunnel |  ''xl2tpd''  |
 +| ''relay'' | relayd pseudo-bridge |  ''relayd''  |
 +| ''gre'', ''gretap'' | GRE over IPv4 |  ''gre'' + ''kmod-gre''  |
 +| ''grev6'', ''grev6tap'' | GRE over IPv6 |  ''gre'' + ''kmod-gre6''  |
| ''none'' | Unspecified protocol |  -  | | ''none'' | Unspecified protocol |  -  |
Line 119: Line 128:
| ''ip6class'' | list of strings | no | //(none)// | Define the IPv6 prefix-classes this interface will accept | | ''ip6class'' | list of strings | no | //(none)// | Define the IPv6 prefix-classes this interface will accept |
| ''dns'' | list of ip addresses | no | //(none)// | DNS server(s) | | ''dns'' | list of ip addresses | no | //(none)// | DNS server(s) |
 +| ''dns_search'' | list of domain names | no | //(none)// | Search list for host-name lookup |
| ''metric'' | integer | no | ''0'' | Specifies the default route metric to use | | ''metric'' | integer | no | ''0'' | Specifies the default route metric to use |
 +| ''force_link'' | integer | no | ''0'' | Specifies whether ip address, route, and optionally gateway are assigned to the interface regardless of the link being active ('1') or only after the link has become active ('0'); in trunk since the introduction of netifd; in case of a wireless interface the default is '1' for an AP and '0' for a STA. |
=== Protocol "dhcp" === === Protocol "dhcp" ===
Line 145: Line 156:
| ''reqaddress'' | [try,force,none] | no | try | Behaviour for requesting addresses | | ''reqaddress'' | [try,force,none] | no | try | Behaviour for requesting addresses |
| ''reqprefix'' | [auto,no,0-64] | no | auto | Behaviour for requesting prefixes (numbers denote hinted prefix length).  Use 'no' if you only want a single IPv6 address for the AP itself without a subnet for routing | | ''reqprefix'' | [auto,no,0-64] | no | auto | Behaviour for requesting prefixes (numbers denote hinted prefix length).  Use 'no' if you only want a single IPv6 address for the AP itself without a subnet for routing |
-| ''clientid'' | string | no | //system default// | Override client identifier in DHCP requests |+| ''clientid'' | hexstring | no | //system default// | Override client identifier in DHCP requests |
| ''ifaceid'' | ipv6 addr | no | //link-local identifier// | Override the interface identifier for adresses received via RA | | ''ifaceid'' | ipv6 addr | no | //link-local identifier// | Override the interface identifier for adresses received via RA |
| ''dns'' | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 | | ''dns'' | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 |
Line 168: Line 179:
| ''connect'' | file path | no | //(none)// | Path to custom PPP connect script | | ''connect'' | file path | no | //(none)// | Path to custom PPP connect script |
| ''disconnect'' | file path | no | //(none)// | Path to custom PPP disconnect script | | ''disconnect'' | file path | no | //(none)// | Path to custom PPP disconnect script |
-| ''keepalive'' | number | no | //(none)// | Number of connection failures before reconnect |+| ''keepalive'' | number | no | //(none)// | Number of unanswered echo requests before considering the peer dead. The interval between echo requests is 5 seconds. |
| ''demand'' | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity | | ''demand'' | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity |
| ''defaultroute'' | boolean | no | ''1'' | Replace existing default route on PPP connect | | ''defaultroute'' | boolean | no | ''1'' | Replace existing default route on PPP connect |
Line 220: Line 231:
:!: The package ''comgt'' must be installed to use 3G. Check [[doc:recipes:3gdongle]] for further help with that. :!: The package ''comgt'' must be installed to use 3G. Check [[doc:recipes:3gdongle]] for further help with that.
 +
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
Line 236: Line 248:
| ''ipv6'' | boolean | no | ''0'' | Enable IPv6 on the PPP link | | ''ipv6'' | boolean | no | ''0'' | Enable IPv6 on the PPP link |
 +
 +=== Protocol "qmi" (USB modems using QMI protocol) ===
 +
 +:!: The package ''uqmi'' must be installed to use QMI.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''device'' | file path | yes | //(none)// | QMI device node, typically /dev/cdc-wdm0 |
 +| ''apn'' | string | yes | //(none)// | Used APN |
 +| ''pincode'' | number | no | //(none)// | PIN code to unlock SIM card |
 +| ''username'' | string | no | //(none)// | Username for PAP/CHAP authentication |
 +| ''password'' | string | no | //(none)// | Password for PAP/CHAP authentication |
 +| ''auth'' | string | no | //(none)// | Authentication type: pap, chap, both, none|
 +| ''modes'' | string | no | //(modem default)// | Allowed network modes, comma separated list of: all, lte, umts, gsm, cdma, td-scdma |
 +| ''delay'' | number | no | 0 | Seconds to wait before trying to interact with the modem (some ZTE modems require up to 30 s.)|
 +
 +=== Protocol "hnet" (Self-managing home network (HNCP)) ===
 +
 +:!: The package ''hnet-full'' must be installed to use hnet.
 +:!: See http://tools.ietf.org/html/draft-ietf-homenet-hncp for details.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''mode'' | string | no | auto | Interface mode. One of external, guest, adhoc or hybrid. |
 +| ''ip6assign'' | integer | no | 64 | IPv6-prefix size to assign to this interface if internal. |
 +| ''ip4assign'' | integer | no | 24 | IPv4-prefix size to assign to this interface if internal. |
 +| ''dnsname'' | string | no | <device-name> | DNS-Label to assign to interface. |
=== Protocol "pptp" (Point-to-Point Tunneling Protocol) === === Protocol "pptp" (Point-to-Point Tunneling Protocol) ===
Line 258: Line 295:
| ''ip6addr'' | IPv6 address (CIDR) | yes | //(none)// | Local IPv6 address delegated to the tunnel endpoint | | ''ip6addr'' | IPv6 address (CIDR) | yes | //(none)// | Local IPv6 address delegated to the tunnel endpoint |
| ''ip6prefix'' | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces (Barrier Breaker and later only) | | ''ip6prefix'' | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces (Barrier Breaker and later only) |
 +| ''sourcerouting'' | boolean | no | ''1'' | Whether to route only packets from delegated prefixes (Barrier Breaker and later only) |
| ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route over the tunnel | | ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route over the tunnel |
| ''ttl'' | integer | no | ''64'' | TTL used for the tunnel interface | | ''ttl'' | integer | no | ''64'' | TTL used for the tunnel interface |
| ''mtu'' | integer | no | ''1280'' | MTU used for the tunnel interface | | ''mtu'' | integer | no | ''1280'' | MTU used for the tunnel interface |
| ''tunnelid'' | integer | no | //(none)// | HE.net global tunnel ID (used for endpoint update) | | ''tunnelid'' | integer | no | //(none)// | HE.net global tunnel ID (used for endpoint update) |
-| ''username'' | string | no | //(none)// | HE.net user ID (used for endpoint update) | +| ''username'' | string | no | //(none)// | HE.net username which you use to login into tunnelbroker, not the User ID shows after you have login int  (used for endpoint update) | 
-| ''password'' | string | no | //(none)// | md5sum of HE.net password (used for endpoint update) |+| ''password'' | string | no | //(none)// | <del>md5sum of</del> HE.net password (used for endpoint update) | 
 +| ''updatekey'' | string | no | //(none)// | HE.net updatekey, overrides password (used for endpoint update) |
| ''metric'' | integer | no | ''0'' | Specifies the default route metric to use | | ''metric'' | integer | no | ''0'' | Specifies the default route metric to use |
**Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface sixbone'' would result in an interface named ''6in4-sixbone''. **Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface sixbone'' would result in an interface named ''6in4-sixbone''.
 +**Note:** HE.net has introduced updatekey as default for new tunnels in February 2014. Support added to Openwrt trunk by r39646.
 +
 +**Note:** as of r41358 **username**, **password** and **updatekey** are all plaintext entries.
 +
 +**Note:** although ip6prefix isn't required, sourcerouting, enabled by default, will prevent forwarding of packets unless ip6prefix is specified.
 +
 +=== Protocol "aiccu" (Automatic IPv6 Connectivity Client Utility) ===
 +
 +:!: The package ''aiccu'' must be installed to use this protocol.
 +
 +:!: This protocol is avaliable for Barrier Breaker and newer versions only.
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 +| ''username'' | string | yes | //(none)// | Server username |
 +| ''password'' | string | yes | //(none)// | Server password |
 +| ''protocol'' | string | no | //(none)// | Tunnel setup protocol to use (''tic'', ''tsp'', ''l2tp'')  |
 +| ''server'' | string | no | ''tic.sixxs.net'' | Tunnel setup server to use |
 +| ''ip6addr'' | IPv6 address (CIDR) | no | //(none)// | Local IPv6 address delegated to the tunnel endpoint (not necessary) |
 +| ''ip6prefix'' | IPv6 prefix | no | //(none)// | Routed IPv6 prefix for downstream interfaces |
 +| ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route over the tunnel |
 +| ''sourcerouting'' | boolean | no | ''1'' | Whether to route only packets from delegated prefixes |
 +| ''tunnelid'' | integer | no | //(none)// | TIC server tunnel ID |
 +| ''requiretls'' | boolean | no | ''0'' | Require TLS connection to TIC server|
 +| ''nat'' | boolean | no | ''1'' | Notify the user that a NAT-kind network is detected|
 +| ''heartbeat'' | boolean | no | ''1'' | Make heartbeats |
 +| ''verbose'' | boolean | no | ''0'' | Verbose logging to system log|
 +
 +**Note:** This protocol type does not need an ''ifname'' option set in the interface section. The interface name is derived from the section name, e.g. ''config interface sixbone'' would result in an interface named ''aiccu-sixbone''.
=== Protocol "6to4" (IPv6-in-IPv4 Tunnel) === === Protocol "6to4" (IPv6-in-IPv4 Tunnel) ===
Line 324: Line 391:
-=== Protocol "l2tp" (L2TP Pseudowire Tunnel) ===+=== Protocol "l2tp" (PPP over L2TP Pseudowire Tunnel) ===
-:!: The package ''l2tpv3tun'' must be installed to use this protocol.\\ +:!: The package ''xl2tpd'' must be installed to use this protocol. 
-:!: This protocol is only supported on 2.6.35 and newer kernels.+ 
 +Most options are similar to protocol "ppp".
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''localaddr'' | IPv4 address | yes, if no ''local6addr'' is set | //(none)// | Local IPv4 endpoint address | +| ''server'' | string | yes | //(none)// | L2TP server to connect to (hostname or IP address)
-| ''peeraddr'' | IPv4 address | yes, if no ''peer6addr'' is set | //(none)// | Remote IPv4 endpoint address +| ''username'' | string | no | //(none)// | Username for PAP/CHAP authentication
-| ''local6addr'' | IPv6 address | yes, if no ''localaddr'' is set | //(none)// | Local IPv6 endpoint address +| ''password'' | string | yes if ''username'' is provided | //(none)// | Password for PAP/CHAP authentication
-| ''peer6addr'' | IPv6 address | yes, if no ''peeraddr'' is set | //(none)// | Remote IPv6 endpoint address +| ''ipv6'' | bool | no | 0 | Enable IPv6 on the PPP link (IPv6CP) | 
-| ''encap'' | string | no | ''udp'' | L2TPv3 encapsulation mode, either ''ip'' or ''udp'' +| ''mtu'' | int | no | ''pppd'' default | Maximum Transmit/Receive Unit, in bytes
-| ''sport'' | port number | no | ''1701'' | L2TPv3 source port, only applicable to UDP encapsulation | +| ''keepalive'' | string | no | //(none)// | Number of unanswered echo requests before considering the peer dead. The interval between echo requests is 5 seconds.
-| ''dport'' | port number | no | ''1701'' | L2TPv3 destination port, only applicable to UDP encapsulation | +| ''pppd_options'' | string | no | //(none)// | Additional options to pass to ''pppd'' |
-| ''tunnel_id'' | integer | no | Next unused tunnel ID | Local L2TPv3 tunnel ID | +
-| ''peer_tunnel_id'' | integer | no | Value of ''tunnel_id'' | Remote L2TPv3 tunnel ID +
-| ''session_id'' | integer | no | Next unused session ID | Local L2TPv3 session ID | +
-| ''peer_session_id'' | integer | no | Value of ''session_id'' | Remote L2TPv3 session ID | +
-| //Additionally all options defined for the ''static'' protocol type can be specified// |||||+
 +The name of the physical interface will be "l2tp-<logical interface name>".
=== Protocol "relay" (Relayd Pseudo Bridge) === === Protocol "relay" (Relayd Pseudo Bridge) ===
Line 357: Line 421:
| ''forward_dhcp'' | boolean | no | ''1'' | Enables forwarding of DHCP requests and responses, ''0'' disables it | | ''forward_dhcp'' | boolean | no | ''1'' | Enables forwarding of DHCP requests and responses, ''0'' disables it |
-=== Protocol "6relay" (IPv6 Pseudo Bridge) === 
-:!: The IPv6 pseudo-bridging feature has been moved into its own configuration. See [[doc:uci::6relayd|6relayd configuration]].+=== Common options for GRE protocols === 
 + 
 +:!: The package ''gre'' must be installed to use GRE. Additionally, you need ''kmod-gre'' and/or ''kmod-gre6''. 
 + 
 +GRE support has been introduced in Barrier Breaker. Four protocols are defined: "gre", "gretap", "grev6", and "grev6tap". 
 +The name of the GRE interface will be ''gre-<logical interface name>'' for "gre" and "gretap", and ''grev6-<logical interface name>'' for "grev6" and "grev6tap". 
 + 
 +All four protocols accept the following common options: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''mtu'' | integer | no | 1280 | MTU | 
 +| ''ttl'' | integer | no | 64 | TTL of the encapsulating packets | 
 +| ''tunlink'' | logical interface name | no | //(none)// | Bind the tunnel to this interface (''dev'' option of "ip tunnel") | 
 +| ''zone'' | zone name | no | "wan" | Firewall zone to which the interface will be added | 
 +| ''ikey'' | integer | no | 0 | key for incoming packets | 
 +| ''okey'' | integer | no | 0 | key for outgoing packets | 
 +| ''icsum'' | boolean | no | false | require incoming checksum | 
 +| ''ocsum'' | boolean | no | false | compute outgoing checksum | 
 +| ''iseqno'' | boolean | no | false | require incoming packets serialisation | 
 +| ''oseqno'' | boolean | no | false | perform outgoing packets serialisation | 
 + 
 +=== Protocol "gre" (GRE tunnel over IPv4) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''ipaddr'' | IPv4 address | no | WAN IP | Local endpoint | 
 +| ''peeraddr'' | IPv4 address | yes | //(none)// | Remote endpoint | 
 +| ''df'' | boolean | no | true | Set "Don't Fragment" flag on encapsulating packets | 
 + 
 +=== Protocol "gretap" (Ethernet GRE tunnel over IPv4) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''ipaddr'' | IPv4 address | no | WAN IP | Local endpoint | 
 +| ''peeraddr'' | IPv4 address | yes | //(none)// | Remote endpoint | 
 +| ''df'' | boolean | no | true | Set "Don't Fragment" flag on encapsulating packets | 
 +| ''network'' | logical interface name | no | //(none)// | Logical network to which the tunnel will be added (bridged) | 
 + 
 +=== Protocol "grev6" (GRE tunnel over IPv6) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''ip6addr'' |  |  |  |  | 
 +| ''peer6addr'' |  |  |  |  | 
 +| ''weakif'' |  |  |  |  | 
 + 
 +=== Protocol "grev6tap" (Ethernet GRE tunnel over IPv6) === 
 + 
 +The following options are supported, in addition to all common options above: 
 + 
 +^ Name ^ Type ^ Required ^ Default ^ Description ^ 
 +| ''ip6addr'' |  |  |  |  | 
 +| ''peer6addr'' |  |  |  |  | 
 +| ''weakif'' |  |  |  |  | 
 +| ''network'' |  |  |  |  |
==== ATM Bridges (Ethernet over ATM AAL5) ==== ==== ATM Bridges (Ethernet over ATM AAL5) ====
Line 543: Line 663:
  * ''vpn'' is the incoming //logical interface name//   * ''vpn'' is the incoming //logical interface name//
  * ''fdca:1234::/64'' is the destination subnet to match   * ''fdca:1234::/64'' is the destination subnet to match
-  * ''prohibit'' is a routign action to take+  * ''prohibit'' is a routing action to take
The options below are defined for //IP rule// (''rule'' and ''rule6'') sections: The options below are defined for //IP rule// (''rule'' and ''rule6'') sections:
Line 769: Line 889:
        option 'forward'    'ACCEPT'    # Important         option 'forward'    'ACCEPT'    # Important
        option 'output'      'ACCEPT'</code>         option 'output'      'ACCEPT'</code>
 +
 +==== Static addressing of a GRE tunnel ====
 +
 +Create a GRE tunnel with static address 10.42.0.253/30, adding it to an existing firewall zone called ''tunnels'':
 +
 +<code>
 +config interface mytunnel               
 +        option proto    gre           
 +        option zone    tunnels                               
 +        option peeraddr 198.51.100.42         
 +                                                           
 +config interface mytunnel_addr                                                     
 +        option proto    static                                   
 +        option ifname  @mytunnel                           
 +        option ipaddr  10.42.0.253                     
 +        option netmask  255.255.255.252                   
 +        # Fixes IPv6 multicast (long-standing bug in kernel).
 +        # Useful if you run Babel or OSPFv3.
 +        option ip6addr  'fe80::42/64'
 +</code>
===== Network management ===== ===== Network management =====
Line 794: Line 934:
fi fi
</code> </code>
 +===== Multiple IP addresses =====
 +Assigning multiple ip addresses to the same interface:
 +<code>
 +config interface foo
 +  option ifname eth1
 +  list ipaddr 10.8.0.1/24
 +  list ipaddr 10.9.0.1/24
 +  list ip6addr fdca:abcd::1/64
 +  list ip6addr fdca:cdef::1/64
 +</code>
 +Specifying multiple interfaces sharing the same device:
 +<code>
 +config interface foo
 +  option ifname eth1
 +  option ipaddr 10.8.0.1
 +  option netmask 255.255.255.0
 +  option ip6addr fdca:abcd::1/64
 +
 +config interface foo2
 +  option ifname eth1
 +  option ipaddr 10.9.0.1
 +  option netmask 255.255.255.0
 +  option ip6addr fdca:cdef::1/64
 +</code>
 +More info at [[https://dev.openwrt.org/ticket/2829#comment:7]] http://pracandajr.blogspot.co.uk/.

Back to top

doc/uci/network.1383344486.txt.bz2 · Last modified: 2013/11/01 23:21 by cshore