Use OpenWRT 19.07.7 With TPLink DecoM5 V3

Here I am linking two files I compiled myself with some motivation from some nice people at the OpenWRT IRC Channel.

And thanks to the modifications made to the source code by frankveltmans @ github

The linked firmware is a fairly simple version, having LuCI but only as http service and with WPAD-Wolf or Openssl precompiled (I forgot which one) but 802.11s works. I think the factory.bin file has the same things as the sysupgrade, but I’m not sure. I installed both anyway.

If you need any other packages precompiled in the firmware let me know, as all the sources and stuff are on the server anyway and it’s fairly easy to recompile.

To install you will need to follow these instructions:

https://service-provider.tp-link.com/nl/events/502/

Make sure you change the filename of squashfs-factory to M5v1_tp_recovery.bin or else the router will not take it. The sysupgrade one you can then later add through LuCI. There the name does not matter.

https://ha.lc/openwrt-ipq40xx-generic-tp-link_deco-m5-eu-v3.0-squashfs-factory.bin

https://ha.lc/openwrt-ipq40xx-generic-tp-link_deco-m5-eu-v3.0-squashfs-sysupgrade.bin

Good Luck!

Openvpn expired certificates

Taken from here:

https://buger.dread.cz/openvpn-expired-certificates.html

On 18.08.2020

Thank you man, very useful.

OpenVPN – expired certificates

2018-11-13 00:00 | tags: linuxvpnopenvpn

Server certificates

CA certificate

In case that CA certificate (lets name it ca.crt) gets expired, clients can’t connect to the OpenVPN server anymore. You need to generate new CA certificate signed with the same key (usually named ca.key) as the old one to avoid the need to regenerate all client certificates also.

Use following command to do so:

openssl x509 -in ca.crt -days 36500 -out ca.crt.new -signkey ca.key
  • 36500days = 100years = validity of the new ca.crt
  • rename ca.crt to ca.crt.old
  • rename ca.crt.new to ca.crt
  • restart / reload OpenVPN
  • distribute new ca.crt to all clients
  • check server certificate – it usually expires also, because both are generated during OpenVPN installation and usually have the same validity

Server certificate

In case that server certificate gets expired, simply generate new one using easy-rsa scripts:

. vars
./buid-key-server server
  • reload / restart OpenVPN after that

Client certificate(s)

When client certificate gets expired, you can generate new one using previous .csr file this way:

. vars
./sign-req <certificate-name>
  • send the new .crt file to the client
  • client’s .key file is not changed => same password, we don’t need to know it to generate new .crt

https://buger.dread.cz/openvpn-expired-certificates.html

Permitir diferentes modos de login en ssh dependiendo del puerto

A veces queremos que un puerto de ssh quede expuesto por la WAN, pero que no se pueda “brute-force”ar, así que podemos permitir un puerto con solo key, y otro normal.

Port 22
Port 2222
...
...

Match LocalPort 2222
PasswordAuthentication no

Debe quedar forzosamente al final del archivo de configuración.

Gracias a esta página que fue donde lo encontré:

https://serverfault.com/questions/636991/is-it-possible-to-have-sshd-accept-passwords-only-on-certain-ports

Configurar proxy para APT

https://stackoverflow.com/questions/25322280/how-can-i-configure-a-http-proxy-for-apt-get

 

 

I managed to solve it in the following way. Go to the following folder:

cd /etc/apt/apt.conf.d

Create a file named 10proxy:

sudo nano 10proxy

Without authentication add the following line:

Acquire::http::Proxy "http://yourproxyaddress:proxyport/";

With authentication:

Acquire::http::Proxy "http://username:password@yourproxyaddress:proxyport/";

The /at the very end was important. Without it it did not work.

MRTG para graficar datos de un DS18B20 en una Raspberry Pi

Tomado de aquí:

http://sebastianhemel.blogspot.com/2016/01/raspberry-pi-monitoring-mit-mrtg-und.html

Antes de instalar cualquier cosa hay que activar el sistema de 1wire en la Raspberry. Para lograr esto hay que editar el archivo

nano /boot/config.txt

Agregar

dtoverlay=w1-gpio

Esto hace que se active el gpio4, es decir el pin número 7 en el header

apt-get install mrtg mrtg-rrd rrdtool snmp snmpd

Make /etc/mrtg.cfg owned by and readable only by root? ⇒ NO ↵

cd /var/

mkdir www
cd /var/www

mkdir mrtg

mkdir -p /var/www/cgi-bin

ln -s /usr/lib/cgi-bin/mrtg-rrd.cgi /var/www/cgi-bin/mrtg-rrd.cgi

chown -R www-data:www-data /var/www/*

sed -i ‘s|import Socket6;|Socket6->import(qw(inet_pton getaddrinfo));|’ /usr/share/perl5/SNMP_Session.pm

mv /etc/mrtg.cfg /etc/mrtg.cfg.bak

cd /home/pi

su pi

mkdir ~/graph

cd /home/pi/graph

nano temp-mrtg-update.sh


#!/bin/sh
# Temperatur von Sensor auslesen
# (c) Sebastian Hemel

sensor=”/sys/bus/w1/devices/28-00000511590a/w1_slave”
if [ -f $sensor ]
then
sensorraw=`cat $sensor`
crc=`echo $sensorraw | cut -f2 -d= | cut -c4-6`
if [ “$crc” = “YES” ]
then
tempraw=`echo $sensorraw | cut -f3 -d=`
temp=`echo “scale=3; $tempraw / 1000” | bc`
#temp=`echo “scale=2; $tempraw / 1000” | bc`

# Update database
#echo $temp
printf “%04.2f” $temp
echo 0
echo 0
echo temperature
fi
fi

 

chmod 750 /home/pi/graph/temp-mrtg-update.sh

sudo cfgmaker –global “Options[_]: growright” –global “IconDir: /mrtg” –global “WriteExpires: Yes” –global “Language: german” –global “RunAsDaemon: yes” –global “EnableIPv6: no” –global “LogFormat: rrdtool” –global “Interval: 1” ‘–if-filter=$if_admin && $default_iftype’ –output /etc/mrtg.cfg public@localhost

 

 

editar mrtg.cfg

Global Config Options

#  for UNIX
# WorkDir: /home/http/mrtg

#  for Debian
HtmlDir: /var/www/mrtg
WorkDir: /var/www/mrtg
Imagedir: /var/www/mrtg

#  or for NT
# WorkDir: c:\mrtgdata

### Global Defaults
#  to get bits instead of bytes and graphs growing to the right
# Options[_]: growright, bits

EnableIPv6: no
Options[_]: growright
IconDir: /mrtg
WriteExpires: Yes
Language: german
RunAsDaemon: yes
EnableIPv6: no
LogFormat: rrdtool
Interval: 1

#####################################################################
# System: DS18S20 Temperatur Sensor
# Contact: root
# Location: attached to Raspberry Pi
#####################################################################
### DS18S20 Temperatur SensorIngolstadt
TimeStrPos[temp_ingolstadt]: RU
Target[temp_ingolstadt]: `/home/pi/graph/temp-mrtg-update.sh`
Options[temp_ingolstadt]: gauge,growright,nopercent,expscale,transparent
Title[temp_ingolstadt]: Temperatur Ingolstadt
PageTop[temp_ingolstadt]: <h1>Temperatur Ingolstadt</h1>
MaxBytes[temp_ingolstadt]: 60
#Unscaled[temp_ingolstadt]: ymwd
Step[temp_ingolstadt]: 60
Legend1[temp_ingolstadt]: Gemessene Temperatur in Ingolstadt
LegendI[temp_ingolstadt]: Aussentemperatur
LegendO[temp_ingolstadt]:
YLegend[temp_ingolstadt]: Grad Celsius
ShortLegend[temp_ingolstadt]: Grad °C

 

sudo cp /usr/share/mrtg/* /var/www/mrtg/

sudo env LANG=C /usr/bin/mrtg /etc/mrtg.cfg

 

Quitar y reponer particiones en un software RAID

Cuando te marca una partición como fallida, y supones que es por algún error lógico, puedes desactivar y reactivar la partición de la siguiente forma:

mdadm –manage /dev/md2 –remove /dev/sdc3

mdadm –manage /dev/md2 -a /dev/sdc3

Posteriormente revisar con cat /proc/mdstat si se está replicando el espejo.