# Set the port to listen on for incoming VPN packets.
# Remote nodes will automatically be informed about the new port number,
# but you might want to configure this in order to set external firewall
# settings.
procd_append_param command --port 41641
# OpenWRT /var is a symlink to /tmp, so write persistent state elsewhere.
procd_append_param command --state opt/etc/tailscale/tailscaled.state
Than log in to the web via browser using the generated address and see if your device is showing connected status in Tailscale console
copy this IP and ping it via ssh it must show some ping times
you can also check "top" command (no quotes) via ssh if trailscale service is running.
if all is ok, it must survive reboot....but you have to manually log in via SSh using:
tailscale up _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Tue Jan 03, 2023 10:22; edited 14 times in total
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Sat Sep 11, 2021 22:50 Post subject:
Im about to dig into those ways from above in terms of router secure remote administration (running on router level via Entware as a service or not)......
DDWRT doesn't have any guides regarding ngrok,zerotier,tinc or tailscale, nor Entware has, but all of the above are OpenWRT supported...
So, far in the past i tried ngrok following this guide here, made by Libroshttps://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327087&start=0 and ended with mixed results...but it was working on an old build...I could not make it work with generated 3072bit key with password protection...(witch was my goal)..(although it doesn't require Entware, ngrok-c is available on Entware/opkg too)
I also have Zerotier network, its working ok with some devices, but to be able to use it as remote administration i couldn't make it on the DDWRT router level...
I tried it on 1043v2 from my signature...but it was producing 'illegal command' on any try to run anything..nor i ve fund a config file anywhere around opt or tmp, or where to place it to make it work...Regarding it, there is very limited information about running it mostly on OpenWRT only, witch can be used as a starting point...(kinds of)
Recently tried Tailscale but on 1043v2 it was very odd, while installed on R9000 via Entware opt, it came out with some outcome and syntax templates...i suppose, it has to do all the routing automatically, but with tailscale commands that ware recommended i couldn't start it up.....
So, If anyone has anything to share, regarding configurations and set up, give as many details are possible...please !!
P.S. ill start digging with tailscale on my R9000 and will copy/paste the output here later... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Fri Sep 24, 2021 20:49; edited 3 times in total
Posted: Sun Sep 12, 2021 1:02 Post subject: Tailscale Reference Information
This is from OpenWRT, but we might be able to use it as a starting point on figuring out how to make things work. Also including the tailscale static binary package download information and github repo here for reference. Does Entware have a MIPS package or no? I haven't looked that far yet ^_^
APPLICATION 1
Server (for files, web pages, sensor reading, relay management, etc.) (See more)
OpenWrt router playing server role in a VPN.
APPLICATION 2
Virtual private network access point (masquerading) (See more)
OpenWrt router in bridge mode (bridged AP). The router assigns non-VPN IPs to its hosts. Hosts go out to the VPN with the router's IP using a technique called masquerading. They can navigate, but they are not addressable.
APPLICATION 3
Virtual private network access point (layer 2 bridging) (See more)
OpenWrt router in gateway mode (routed AP). The router assigns its hosts IPs within the VPN range. The hosts go out to the VPN with their own IP using a technique called layer 2 bridging. They can navigate and are addressable.
APPLICATION 4
Extended LAN. PCs located in remote locations are on the same network (See more)
Several OpenWrt routers in gateway mode (routed AP). Each router assigns its hosts IPs within a VPN sub-range. Hosts go out to the VPN with their own IP using a technique called layer 2 bridging. They can navigate and are addressable.
And they show 4 ways of configuration of which I am working on understanding the 3rd way to carry it out on my own router, and from what I have been able to understand it is to put the ddwrt router in AP mode and connected to the modem by lan port and not wan And configure it to be the same zerotier that manages the ips for the hosts connected to the router. In this way, any device connected to the router would automatically generate a private IP that at the same time would be through the zerotier 'VPN', and through the zerotier's network id any remote device will access to the 'private/virtual local network' as well as remote management and you should not use the zerotier client on any other device ...
That is what they teach in this very complete tutorial, since I do not know anything about commands or console or linux thats why I am spending a lot of time learning step by step... but I think I am getting an idea... _________________ Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2 (failover)
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Mon Sep 13, 2021 21:06 Post subject:
this 3rd way that you describe as an AP/WAP/Switch mode with NAT disable, router in a router mode and no dns&dhcp, no firewall and ect.... it not very ideal...and completely disables the router...so it doesn't matter at all, as its just like a switch and you can use zerotier with only one difference to pass connection to all connected devices...witch you can achieve device to device connectivity anyway...i already done that....
My idea is and what is more useful here, is to use it as a service for remote administration to control the router and use NAS for example...so you can access CLI, upgrade your firmware, apply settings or use the NAS as well OPT, JFFS, kinds of a full control over the hardware...otherwise just to connect the clients is easy anyway...
Those guides are useful for Linux and OpenWRT where the things are a bit different, although with DDWRT it feels the same...my problem is i cannot start it, cannot set variables and create the needed configs...sadly im on training and will be busy, and away of my R9000 untill the end of the week, so not much time to explore... as well 1043v2 plays funny with all of those above..for some odd reason...
May be couse it has VPN, dont know and no time to play atm... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Tue Sep 14, 2021 22:53 Post subject:
Its too late and time to go bed, will try more stuff tomorrow. More fiddling to come .. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Sat Sep 18, 2021 20:47 Post subject:
hmm there ware few typos on the tailscale script...so, i corrected those, i must've been very tired as i was, when i posted this guide, so i due to apologise...
Alas, still no zerotier write-up specific to DD-WRT. Ho-hum. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
> /opt/etc/init.d/S06tailscaled start
> tailscale up
To explain, it seems that the default tailscale package tries to execute some instructions which are not available on all processors. The _nohf variant takes care of this.
Then, it appears that the tun kernel module is missing and not available on entware, at least not for dd-wrt. Luckily, it looks like tailscale's userspace-networking option still works.
I haven't done much testing on this, but it appears to work and keeps working after a router reboot.
I've been trying to get Tailscale to run on dd-wrt on my Archer C7 v5 but it's not really doing much.
I want the router to use an exit node that is already on the Tailnet so that I can pretend to be in the exit nodes location when any device connects to the router.
I can get it to work using userspace-networking but that's not helping. When I try to disable userspace-networking, tailscaled fails to initiate the tunnel (tailscale0). I see an error like the following:
When I run ls /dev/net it returns tun so there's something there...
I'm no expert so I'm reaching out for any help that anyone could give me to get tailscale running properly on this router. Or should I try and move to OpenWRT?
Yes it looks like the --tun=userspace-networking solves it for me on the R7800. I think the problem is that tailscale is trying to create an Tun0 interface but it is already taken by my openVPN client.
cannedchaos wrote:
I had to take a slightly different approach to get this working for me on my D-link DIR-868L router:
> /opt/etc/init.d/S06tailscaled start
> tailscale up
To explain, it seems that the default tailscale package tries to execute some instructions which are not available on all processors. The _nohf variant takes care of this.
Then, it appears that the tun kernel module is missing and not available on entware, at least not for dd-wrt. Luckily, it looks like tailscale's userspace-networking option still works.
I haven't done much testing on this, but it appears to work and keeps working after a router reboot.
I tried to follow your guide with an rt n66u but i don't see the tailscale network in the network list and "tailscale up" command give an error: failed to connect to local tailscaled; it doesn't appear to be running
Alozaros wrote:
using Tailscale as a router service on DDWRT router...
this guide was adapted for DDWRT , but is still experimental it needs testing in some aspects, its based on those 2 links...but its still W.I.P.
# Set the port to listen on for incoming VPN packets.
# Remote nodes will automatically be informed about the new port number,
# but you might want to configure this in order to set external firewall
# settings.
procd_append_param command --port 41641
# OpenWRT /var is a symlink to /tmp, so write persistent state elsewhere.
procd_append_param command --state opt/etc/tailscale/tailscaled.state
I tried to follow your guide with an rt n66u but i don't see the tailscale network in the network list and "tailscale up" command give an error: failed to connect to local tailscaled; it doesn't appear to be running
its been long time since i used tailscale ...
very often, it comes to a bad config, bad entware install, or router misconfiguration...
with not much details from your side...not much to be done..
read the last comment before yours...
> opkg install tailscale_nohf
modify ARGS in /opt/etc/init.d/S06tailscaled:
Quote:
#!/bin/sh
have you tied it.. ? did you read all the thread... ??
do you have a working entware...?? _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913