Reconfiguring OpenWrt as dummy access point22. Jan '17

After installing OpenWrt on TP-Link WDR3600/4300 or Archer C7 following script can be used to convert the machine to a dummy access point which does not serve DHCP, but just bridges wireless and wired ports on the device.

Guest wireless network is also enabled and it's tagged as VLAN 156 on the ethernet ports.

# Disable DHCP servers
/etc/init.d/odhcpd disable
/etc/init.d/dnsmasq disable

# Remove all firewall rules
uci delete firewall.@zone[2]
uci delete firewall.@zone[1]
uci delete firewall.@zone[0]
uci delete firewall.@forwarding[0]
for j in $(seq 0 20); do uci delete firewall.@rule[0]; done

# Remove WAN interface
uci delete network.wan
uci delete network.wan6

# Reconfigure DHCP client for bridge over LAN and WAN ports
uci delete network.lan.ipaddr
uci delete network.lan.netmask
uci delete network.lan.ip6assign
uci delete network.globals.ula_prefix
uci delete network.@switch_vlan[1]
uci set network.lan.proto=dhcp
uci set network.lan.ipv6=0
uci set network.lan.ifname='eth0 eth1'
uci set network.lan.stp=1

# Disable switch tagging and bridge all ports
uci set network.@switch[0].enable_vlan=0
uci set network.@switch_vlan[0].ports='0 1 2 3 4 5 6'

# Enable wireless
uci delete wireless.radio0.disabled
uci delete wireless.radio1.disabled

# Radio ordering differs among models
case $(uci get wireless.radio0.hwmode) in
  11a) uci rename wireless.radio0=radio5ghz;;
  11g) uci rename wireless.radio0=radio2ghz;;
case $(uci get wireless.radio1.hwmode) in
  11a) uci rename wireless.radio1=radio5ghz;;
  11g) uci rename wireless.radio1=radio2ghz;;

# Reset virtual SSID-s
uci delete wireless.@wifi-iface[1]
uci delete wireless.@wifi-iface[0]
for band in 2ghz 5ghz; do
uci set wireless.lan$band=wifi-iface
uci set wireless.lan$band.mode=ap
uci set wireless.lan$band.device=radio$band
uci set wireless.lan$band.encryption=psk2
uci set wireless.lan$band.ssid=KoodurProtected
uci set wireless.lan$band.key='salakala'
uci set wireless.lan$

# Generate unique hostname based on wireless MAC
uci set system.@system[0].hostname=tp-link-$(cat /sys/class/net/wlan1/address | cut -d : -f 4- | sed -e 's/://g')
uci set network.lan.hostname=$(uci get system.@system[0].hostname)

# Commit changes
uci commit

# Skip following to keep guests network disabled

# Create bridge for guests
uci set network.guest=interface
uci set network.guest.proto='static'
uci set network.guest.address=''
uci set network.guest.type='bridge'
uci set network.guest.ifname='eth0.156 eth1.156' # tag id 156 for guest network
uci set network.guest.ipaddr=''
uci set network.guest.ipv6=0
uci set network.guest.stp=1

# Add guest SSID-s
for band in 2ghz 5ghz; do
uci set wireless.guest$band=wifi-iface
uci set wireless.guest$band.mode=ap
uci set wireless.guest$band.device=radio$band
uci set wireless.guest$band.encryption=none
uci set wireless.guest$band.ssid=KoodurPublic
uci set wireless.guest$

uci commit

For lazy people convenience hack for adding SSH keys:

# Create script for fetching SSH keys once interface goes up
cat > /etc/hotplug.d/iface/update-ssh-authorized-keys << EOF
wget -O /etc/dropbear/authorized_keys.part
mv /etc/dropbear/authorized_keys.part /etc/dropbear/authorized_keys

opkg update
opkg install openssl-util nano htop
TP-Link OpenWrt