DDWRT remote administration / ngrok / tailscale / zerotier

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 4521
Location: UK, London, just across the river..

PostPosted: Sat Sep 11, 2021 22:37    Post subject: DDWRT remote administration / ngrok / tailscale / zerotier Reply with quote
using Tailscale as a router service on DDWRT router...

this guide was adapted for DDWRT , but is still experimental it needs testing in some aspects, its based on those 2 links...but its still W.I.P.

https://gist.github.com/willangley/9adf3e34b3c4c7046b1f638647415dae

https://willangley.org/how-i-set-up-tailscale-on-my-wifi-router/

-----------------------------------------------------
install Entware via /OPT

opkg install tailscale

opkg install nano

opkg install ca-bundle

opkg update
opkg upgrade

nano /opt/etc/init.d/S06tailscaled

delete all and paste this script (without the lines)
-------------------------------------------------------------------------------------

#!/bin/sh

ENABLED=yes
PROCS=tailscaled
ARGS="--state=/opt/var/tailscaled.state"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func

USE_PROCD=1
START=06


start_service() {
/usr/sbin/tailscaled --cleanup

procd_open_instance
procd_set_param command /usr/sbin/tailscaled

# Set the port to listen on for incoming VPN packets.
# Remote nodes will automatically be informed about the new port number,
# but you might want to configure this in order to set external firewall
# settings.
procd_append_param command --port 41641

# OpenWRT /var is a symlink to /tmp, so write persistent state elsewhere.
procd_append_param command --state opt/etc/tailscale/tailscaled.state

procd_set_param respawn
procd_set_param stdout 1
procd_set_param stderr 1

procd_close_instance
}

stop_service() {
/usr/sbin/tailscaled --cleanup
}


----------------------------------------------------------------------------

press ctrl + x
press yes (enter)

type: chmod +x /opt/etc/init.d/S06tailscaled

go to DDWRT GUI add to start up script/save start up script

/opt/etc/init.d/S06tailscaled.sh start
/opt/etc/init.d/rc.unslung restart


via SSh or telnet check if tailscale is present type: ip addr show

it must show output like:

tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN qlen 500
link/[65534]


to start tailscale type: tailscale up
to stop: tailscale down

To authenticate, visit:

https://login.tailscale.com/a/36f1z3c51csb

than log in to the web via browser using the generated address to and see if your device is showing connected status


copy this IP and ping it via ssh it must sow some ping times


you can also check "top" command (no qutes) via ssh if trailscale service is running.

if all is ok, it must survive reboot....but you have to manually log in via SSh using:
tailscale up

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 47117 BS AP,NAT
TP-Link WR1043NDv2 -DD-WRT 47474 BS AP,NAT,AP Isolation,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 47381 BS AP,NAT,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm Atheros/
Netgear R7800 --DD-WRT 47381 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,Vanilla
Netgear R9000 --DD-WRT 47474 BS AP,NAT,AD-Block,AP Isolation,Firewall,Local DNS,DoT,2,4Ghz only,Vanilla
Broadcom
Netgear R7000 ---DD-WRT 47381 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Sat Sep 18, 2021 22:30; edited 10 times in total
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 4521
Location: UK, London, just across the river..

PostPosted: Sat Sep 11, 2021 22:50    Post subject: Reply with quote
Im about to dig into those ways from above in terms of router secure remote administration (running on router level via Entware as a service or not)......

DDWRT doesn't have any guides regarding ngrok,zerotier or tailscale, nor Entware has, but all of the above are OpenWRT supported...

So, far in the past i tried ngrok following this guide here, made by Libros https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327087&start=0 and ended with mixed results...but it was working on an old build...I could not make it work with generated 3072bit key with password protection...(witch was my goal)..(although it doesn't require Entware, ngrok-c is available on Entware/opkg too)

I also have Zerotier network, its working ok with some devices, but to be able to use it as remote administration i couldn't make it on the DDWRT router level...
I tried it on 1043v2 from my signature...but it was producing 'illegal command' on any try to run anything..nor i ve fund a config file anywhere around opt or tmp, or where to place it to make it work...Regarding it, there is very limited information about running it mostly on OpenWRT only, witch can be used as a starting point...(kinds of)

Recently tried Tailscale but on 1043v2 it was very odd, while installed on R9000 via Entware opt, it came out with some outcome and syntax templates...i suppose, it has to do all the routing automatically, but with tailscale commands that ware recommended i couldn't start it up.....

So, If anyone has anything to share, regarding configurations and set up, give as many details are possible...please !!

P.S. ill start digging with tailscale on my R9000 and will copy/paste the output here later...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 47117 BS AP,NAT
TP-Link WR1043NDv2 -DD-WRT 47474 BS AP,NAT,AP Isolation,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 47381 BS AP,NAT,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm Atheros/
Netgear R7800 --DD-WRT 47381 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,Vanilla
Netgear R9000 --DD-WRT 47474 BS AP,NAT,AD-Block,AP Isolation,Firewall,Local DNS,DoT,2,4Ghz only,Vanilla
Broadcom
Netgear R7000 ---DD-WRT 47381 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Wed Sep 15, 2021 14:02; edited 2 times in total
d33b0_n4p41m
DD-WRT User


Joined: 10 Sep 2021
Posts: 133

PostPosted: Sun Sep 12, 2021 1:02    Post subject: Tailscale Reference Information Reply with quote
This is from OpenWRT, but we might be able to use it as a starting point on figuring out how to make things work. Also including the tailscale static binary package download information and github repo here for reference. Does Entware have a MIPS package or no? I haven't looked that far yet ^_^

https://willangley.org/how-i-set-up-tailscale-on-my-wifi-router/

https://pkgs.tailscale.com/stable/#static

https://github.com/tailscale/tailscale

I noticed a post on the tailscale forums and on reddit. You wouldn't happen to be "i_am_top_bloke", would you? ^_^

So far, all I have uncovered for zerotier is this issue which didn't go anywhere far:

https://github.com/zerotier/ZeroTierOne/issues/155

I haven't gotten around to looking at ngrock, yet.
royitoroy
DD-WRT User


Joined: 07 Jun 2007
Posts: 193
Location: La Paz, Bolivia

PostPosted: Mon Sep 13, 2021 14:31    Post subject: Reply with quote
I have been reading these tutorials that they are for OpenWrt https://foro.seguridadwireless.net/openwrt/vpn-con-zerotier-en-openwrt/

Quote:
APPLICATION 1
Server (for files, web pages, sensor reading, relay management, etc.) (See more)

OpenWrt router playing server role in a VPN.

APPLICATION 2
Virtual private network access point (masquerading) (See more)

OpenWrt router in bridge mode (bridged AP). The router assigns non-VPN IPs to its hosts. Hosts go out to the VPN with the router's IP using a technique called masquerading. They can navigate, but they are not addressable.

APPLICATION 3
Virtual private network access point (layer 2 bridging) (See more)

OpenWrt router in gateway mode (routed AP). The router assigns its hosts IPs within the VPN range. The hosts go out to the VPN with their own IP using a technique called layer 2 bridging. They can navigate and are addressable.

APPLICATION 4
Extended LAN. PCs located in remote locations are on the same network (See more)

Several OpenWrt routers in gateway mode (routed AP). Each router assigns its hosts IPs within a VPN sub-range. Hosts go out to the VPN with their own IP using a technique called layer 2 bridging. They can navigate and are addressable.



And they show 4 ways of configuration of which I am working on understanding the 3rd way to carry it out on my own router, and from what I have been able to understand it is to put the ddwrt router in AP mode and connected to the modem by lan port and not wan And configure it to be the same zerotier that manages the ips for the hosts connected to the router. In this way, any device connected to the router would automatically generate a private IP that at the same time would be through the zerotier 'VPN', and through the zerotier's network id any remote device will access to the 'private/virtual local network' as well as remote management and you should not use the zerotier client on any other device ...

That is what they teach in this very complete tutorial, since I do not know anything about commands or console or linux thats why I am spending a lot of time learning step by step... but I think I am getting an idea...

_________________
Fiber Modem/Router: ZTE-ZXHN F670L

MAINROUTER:
NETGEAR NIGTHAWK R9000 --> DD-WRT v3.0-r47206 std

WAN, Gateway, DHCP, Vanilla, 2.4Ghz, 5Ghz, WPA2, Sharing USB Printer, QoS, 1gbps Wired NAS Server, Entware: Zerotier, Mc.

AP 1:
TP-Link Archer AC1750 C7 v2 --> DD-WRT v3.0-r47225 std
AP 2 & 3
TP-Link Archer AC1750 A7 v5.6 --> DD-WRT v3.0-r47282 std
AP's 1, 2 and 3

Mode AP, 1gbps Wired AP, Wifi's 2.4Ghz/5Ghz, Radio Time Restrictions, WPA2, MAC Filter,
(AP 3) WIFI Printer/Scanner, (AP 2&4) Free Public Isolated VAP


Things at handTutorials & WikisDownload FirmwaresBest Wifi SettingsComplete Guide Wifi
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 4521
Location: UK, London, just across the river..

PostPosted: Mon Sep 13, 2021 21:06    Post subject: Reply with quote
this 3rd way that you describe as an AP/WAP/Switch mode with NAT disable, router in a router mode and no dns&dhcp, no firewall and ect.... it not very ideal...and completely disables the router...so it doesn't matter at all, as its just like a switch and you can use zerotier with only one difference to pass connection to all connected devices...witch you can achieve device to device connectivity anyway...i already done that....
My idea is and what is more useful here, is to use it as a service for remote administration to control the router and use NAS for example...so you can access CLI, upgrade your firmware, apply settings or use the NAS as well OPT, JFFS, kinds of a full control over the hardware...otherwise just to connect the clients is easy anyway...
Those guides are useful for Linux and OpenWRT where the things are a bit different, although with DDWRT it feels the same...my problem is i cannot start it, cannot set variables and create the needed configs...sadly im on training and will be busy, and away of my R9000 untill the end of the week, so not much time to explore... as well 1043v2 plays funny with all of those above..for some odd reason...
May be couse it has VPN, dont know and no time to play atm... Rolling Eyes Crying or Very sad

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 47117 BS AP,NAT
TP-Link WR1043NDv2 -DD-WRT 47474 BS AP,NAT,AP Isolation,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 47381 BS AP,NAT,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm Atheros/
Netgear R7800 --DD-WRT 47381 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,Vanilla
Netgear R9000 --DD-WRT 47474 BS AP,NAT,AD-Block,AP Isolation,Firewall,Local DNS,DoT,2,4Ghz only,Vanilla
Broadcom
Netgear R7000 ---DD-WRT 47381 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 4521
Location: UK, London, just across the river..

PostPosted: Tue Sep 14, 2021 22:53    Post subject: Reply with quote
Its too late and time to go bed, will try more stuff tomorrow. More fiddling to come Laughing Laughing ..
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 47117 BS AP,NAT
TP-Link WR1043NDv2 -DD-WRT 47474 BS AP,NAT,AP Isolation,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 47381 BS AP,NAT,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm Atheros/
Netgear R7800 --DD-WRT 47381 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,Vanilla
Netgear R9000 --DD-WRT 47474 BS AP,NAT,AD-Block,AP Isolation,Firewall,Local DNS,DoT,2,4Ghz only,Vanilla
Broadcom
Netgear R7000 ---DD-WRT 47381 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 4521
Location: UK, London, just across the river..

PostPosted: Sat Sep 18, 2021 20:47    Post subject: Reply with quote
hmm there ware few typos on the tailscale script...so, i corrected those, i must've been very tired as i was, when i posted this guide, so i due to apologise...

revised lines:

START=06

path to tailsaled

procd_append_param command --state opt/etc/tailscale/tailscaled.state

/opt/etc/init.d/S06tailscaled.sh start

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 47117 BS AP,NAT
TP-Link WR1043NDv2 -DD-WRT 47474 BS AP,NAT,AP Isolation,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 47381 BS AP,NAT,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm Atheros/
Netgear R7800 --DD-WRT 47381 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,Vanilla
Netgear R9000 --DD-WRT 47474 BS AP,NAT,AD-Block,AP Isolation,Firewall,Local DNS,DoT,2,4Ghz only,Vanilla
Broadcom
Netgear R7000 ---DD-WRT 47381 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum