Reconfiguring OpenWrt as dummy access point22. Jan '17
After installing OpenWrt on TP-Link WDR3600/4300 or Archer C7 following script can be used to convert the machine to a dummy access point which does not serve DHCP, but just bridges wireless and wired ports on the device.
Guest wireless network is also enabled and it's tagged as VLAN 156 on the ethernet ports.
# Disable DHCP servers /etc/init.d/odhcpd disable /etc/init.d/dnsmasq disable # Remove all firewall rules uci delete firewall.@zone uci delete firewall.@zone uci delete firewall.@zone uci delete firewall.@forwarding for j in $(seq 0 20); do uci delete firewall.@rule; done # Remove WAN interface uci delete network.wan uci delete network.wan6 # Reconfigure DHCP client for bridge over LAN and WAN ports uci delete network.lan.ipaddr uci delete network.lan.netmask uci delete network.lan.ip6assign uci delete network.globals.ula_prefix uci delete network.@switch_vlan uci set network.lan.proto=dhcp uci set network.lan.ipv6=0 uci set network.lan.ifname='eth0 eth1' uci set network.lan.stp=1 # Disable switch tagging and bridge all ports uci set network.@switch.enable_vlan=0 uci set network.@switch_vlan.ports='0 1 2 3 4 5 6' # Enable wireless uci delete wireless.radio0.disabled uci delete wireless.radio1.disabled # Radio ordering differs among models case $(uci get wireless.radio0.hwmode) in 11a) uci rename wireless.radio0=radio5ghz;; 11g) uci rename wireless.radio0=radio2ghz;; esac case $(uci get wireless.radio1.hwmode) in 11a) uci rename wireless.radio1=radio5ghz;; 11g) uci rename wireless.radio1=radio2ghz;; esac # Reset virtual SSID-s uci delete wireless.@wifi-iface uci delete wireless.@wifi-iface for band in 2ghz 5ghz; do uci set wireless.lan$band=wifi-iface uci set wireless.lan$band.mode=ap uci set wireless.lan$band.device=radio$band uci set wireless.lan$band.encryption=psk2 uci set wireless.lan$band.ssid=KoodurProtected uci set wireless.lan$band.key='salakala' uci set wireless.lan$band.network=lan done # Generate unique hostname based on wireless MAC uci set system.@system.hostname=tp-link-$(cat /sys/class/net/wlan1/address | cut -d : -f 4- | sed -e 's/://g') uci set network.lan.hostname=$(uci get system.@system.hostname) # Commit changes uci commit # Skip following to keep guests network disabled # Create bridge for guests uci set network.guest=interface uci set network.guest.proto='static' uci set network.guest.address='0.0.0.0' uci set network.guest.type='bridge' uci set network.guest.ifname='eth0.156 eth1.156' # tag id 156 for guest network uci set network.guest.ipaddr='0.0.0.0' uci set network.guest.ipv6=0 uci set network.guest.stp=1 # Add guest SSID-s for band in 2ghz 5ghz; do uci set wireless.guest$band=wifi-iface uci set wireless.guest$band.mode=ap uci set wireless.guest$band.device=radio$band uci set wireless.guest$band.encryption=none uci set wireless.guest$band.ssid=KoodurPublic uci set wireless.guest$band.network=guest done uci commit
For lazy people convenience hack for adding SSH keys:
# Create script for fetching SSH keys once interface goes up cat > /etc/hotplug.d/iface/update-ssh-authorized-keys << EOF wget https://www.koodur.com/authorized_keys -O /etc/dropbear/authorized_keys.part mv /etc/dropbear/authorized_keys.part /etc/dropbear/authorized_keys EOF opkg update opkg install openssl-util nano htop