diff options
author | Andy Jack <github@veracity.ca> | 2018-06-24 21:17:38 +0300 |
---|---|---|
committer | Andy Jack <github@veracity.ca> | 2018-06-24 21:17:38 +0300 |
commit | 4ac7ba9dfc55780c71dc2f40432845e59f561ebc (patch) | |
tree | 925870ecbfafaeb8490da78c1b631c31470cf5f5 |
Initial checkin
-rw-r--r-- | README.md | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..cf72360 --- /dev/null +++ b/README.md @@ -0,0 +1,144 @@ +# Setting up Netgear R7800 (Nighthawk X4S) with OpenWRT + +## Connections + +1. Connect to laptop with ethernet - use internal lan port +1. Power up the router +1. Reconfigure ethernet network on the laptop to use DHCP - should get a + 192.168.1.x address +1. Factory Netgear firmware is set up to listen on http://192.168.1.1 + +The factory firmware will require you to set up a password and some security +questions. You just need to be able to get to the firmware update page so a +secure/complex password isn't really necessary. + +## Firmware Install + +1. Following the [Factory + Install](https://openwrt.org/docs/guide-quick-start/factory_installation) + guide. +1. Pages for R7800 on OpenWRT + * [Hardware data](https://openwrt.org/toh/hwdata/netgear/netgear_r7800) + * [Table of Hardware](https://openwrt.org/toh/hwdata/netgear/netgear_r7800) + page for looking up supported releases + +If you are looking for newer releases of the firmware to upgrade, the target +arch is `ipq806x/generic`. The release I used was: + +http://downloads.lede-project.org/releases/17.01.4/targets/ipq806x/generic/ + +And I downloaded the `R7800-squashfs-factory.img` file. Look at the +Supplementary Files section at the bottom for sha256 sums. + +## Setup + +I have a different box connected to the internet, so I just want a "dumb AP" +setup for the R7800: + +* no firewall +* no dhcp + +### Password setup + +When the R7800 first boots after installing the OpenWRT firmware it will have +a login page - log in with the user `root` and no password. + +Then you can go to the password setup page and add a password for `root`. Log +out and back in again to confirm that the password works. + +### Network Interface + +[This page](https://openwrt.org/docs/guide-user/network/wifi/dumbap) is a good +starting point. In the 17.01.4 release for the R7800 the LAN and the wireless +radios are already set up in a bridge, so no additional work is needed for +that part of the article. + +1. Edit the LAN interface of the R7800. "Network -> Interfaces" menu; then + click the "Edit" button of the LAN section. +1. Assign a static IP to the LAN interface. Choose one outside of the DHCP + range set up on the main router. + * set "IPv4 gateway" to the main router's IP + * set "Use custom DNS Servers" to the main router's IP too - this is so the + R7800 can access the internet for NTP +1. At the bottom of the edit page, check off "Disable DHCP for this + interface". + * Then select the IPv6 Settings tab, and set all of the following to + `disabled`: + * Router Advertisement-Service + * DHCPv6-Service + * NDP-Proxy + +After saving these changes, the R7800 is now on a different IP and network. +You'll need to reconfigure your laptop's network to be able to connect to the +R7800. + +### Firewall + +Disable the firewall so it doesn't run. + +1. "System -> Startup" +1. Click the "Enabled" button so it shows "Disabled". +1. Click "Submit" at the bottom of the page. + +### Wireless setup + +These can be found under "Network -> Wireless". + +For both radios: + +* Under "Device Configuration -> Advanced Settings", change country code to + "CA" +* "Device Configuration -> General Setup" + * 802.11nac radio: Mode AC, Channel 36, Width 80 MHz + * 802.11bgn radio: Mode N, Channel 7 , Width 20 MHz +* "Interface Configuration -> General Setup" tab: + * Set up the ESSID; Mode is "Access Point" +* "Interface Configuration -> Wireless Security" tab: + * Encryption: WPA2-PSK; Cipher is "auto"; key is a secret! + +## Securing LuCI + +The web UI for managing the R7800 runs via http only, so it's rather insecure. +You should set up https instead - for the purpose of a home router a +self-signed certificate for https better than no encryption. + +Use `ssh` to connect to the router using `root` as the username, and the +password you set up initially. The `opkg` command is used for managing +package installation. + +``` +opkg update +opkg install luci-ssl-openssl +``` + +The `luci-ssl-openssl` package pulls in other dependencies for the webserver +(`uhttpd`) to support TLS. [This forum +posting](https://forum.lede-project.org/t/luci-over-https-luci-ssl-vs-luci-ssl-openssl/12828/4) +gave a quick overview of the setup. + +After installing the package, it generates a private key and certificate for +use by `uhttpd`. Restarting the service afterward Just Worked, because +`uhttpd` was configured out-of-the-box for TLS. Now requests to the http port +are redirected to the https port. + +``` +/etc/init.d/uhttpd restart +``` + +More information on configuring `uhttpd` is +[here](https://openwrt.org/docs/guide-user/services/webserver/uhttpd). + +## Backing up configuration + +"System -> Backup / Flash Firmware" allows you to download an archive of the +configuration you worked so hard on. Once you're done setting up the R7800 +creating a backup of this configuration would be helpful for future upgrades. + +## Final Setup + +Replace the old wireless router with the R7800. Before disconnecting the old +router, change the SSID and password to some nonsense values. + +<!-- + vim:tw=78 +--> |