DD-WRT Upgrade part two

The upgrade of DD-WRT that I performed this last Saturday brought the version from a 2019 release to a 2022 release. DD-WRT always recommends doing a factory reset of settings before and after flashing a new firmware. As far as I’ve been able to find out, DD-WRT doesn’t provide any way to back up the settings in any form other than a binary download that is not compatible between versions. This shortcoming makes upgrading a router with many customized settings a difficult process.

dd-wrt status screen

I performed the flash upgrade without resetting everything to defaults. It wasn’t until I was going to bed on Saturday night that I realized not all things were working properly. All of the ipv4 services appeared to be working properly. The ipv6 services were not working properly on my internal network clients.

I have a Microsoft Windows Server 2016 Essentials machine running several services including file sharing on my internal network. I also have my Windows 10 desktop, and several Raspberry Pi machines. Some of the Pi machines access the file shares on the server for both reading and writing.

I’ve found that when ipv6 is not allocating global addresses for the windows server and clients, file sharing doesn’t work properly. This is an issue I don’t understand, and don’t want to change the default operation of the windows server or windows client machines, which might create more long term maintenance headaches.

Among the customizations I have set in the router:

  • Router Name
  • Domain Name
  • Local IP (v4) address is 192.168.0.1 instead of 192.168.1.1
  • close to 35 DHCP reservations for machines that run on my internal network.
  • IPv6 enabled and configured for DHCPv6 with Prefix Delegation
  • DDNS service configured as in previous post.
  • Wireless SSID
  • Wireless Password
  • SSH access to the router with rsa keys entered for allowed machines.

I figured out that the primary settings for DHCP and DNS resolution are run using dnsmasq, and the configuration file can be viewed by looking at /tmp/dnsmasq.conf in the ssh console. All of the dns reservations are listed in the form of:

dhcp-host=b0:39:56:78:83:b0,GS108Tv2,192.168.0.123,1440m
dhcp-host=28:c6:8e:09:30:cb,GS108Tv2-LR,192.168.0.125,1440m
dhcp-host=04:a1:51:b0:a6:9a,GS108Tv2-OW,192.168.0.124,1440m

Copying all of them out of the console as one entry and adding them to the Additional Dnsmasq Options field was much easier than pasting MAC addresses, Hostnames, and IP addresses into separate field for each entry.

After adding them via the web interface here, they look exactly like the entries created in the static leases section of the interface. I was hoping that the system would parse them and display them in the static leases section, but it doesn’t seem to do that.

My SSH terminal program is configured to send a series of commands to the console each time I connect which reminds me of the current setup as well as how to examine it after a long time when I’ve not worked on the device.

  • date ; uptime
  • route -A inet
  • route -A inet6
  • ip6tables -vnL
  • cat /tmp/dnsmasq.conf
  • cat /tmp/dhcp6c.conf
  • cat /tmp/radvd.conf
  • ifconfig

I’m currently not dumping the iptables (v4) output simply because there are a large number of rules that don’t get used which takes up a lot of extra space scrolling by.

I’ve compared the ipv4 and ipv6 routes from when ipv6 was not working, and they are identical.

root@Netgear-R7000:~# route -A inet
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         br1-mballard-v1 0.0.0.0         UG    0      0        0 vlan2
24.35.91.128    *               255.255.255.192 U     0      0        0 vlan2
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
192.168.0.0     *               255.255.255.0   U     0      0        0 br0
root@Netgear-R7000:~# route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
2604:4080:1304::/64                         ::                                      UA    256    0        0 vlan2   
2604:4080:1304:8010::/60                    ::                                      U     256    0        0 br0     
fe80::/64                                   ::                                      U     256    0        0 eth0    
fe80::/64                                   ::                                      U     256    0        0 vlan1   
fe80::/64                                   ::                                      U     256    0        0 eth1    
fe80::/64                                   ::                                      U     256    0        0 eth2    
fe80::/64                                   ::                                      U     256    1       23 br0     
fe80::/64                                   ::                                      U     256    0        0 vlan2   
::/0                                        fe80::22c:c8ff:fe42:24bf                UGDA  1024   2      302 vlan2   
::/0                                        ::                                      U     2048   2       38 vlan2   
::/0                                        ::                                      !n    -1     1      372 lo      
::1/128                                     ::                                      Un    0      3       15 lo      
2604:4080:1304::/128                        ::                                      Un    0      1        0 lo      
2604:4080:1304:0:b27f:b9ff:fe83:6590/128    ::                                      Un    0      3       75 lo      
2604:4080:1304:8010::/128                   ::                                      Un    0      1        0 lo      
2604:4080:1304:8010:b27f:b9ff:fe83:6591/128 ::                                      Un    0      3       64 lo      
fe80::/128                                  ::                                      Un    0      1        0 lo      
fe80::/128                                  ::                                      Un    0      1        0 lo      
fe80::/128                                  ::                                      Un    0      1        0 lo      
fe80::/128                                  ::                                      Un    0      1        0 lo      
fe80::/128                                  ::                                      Un    0      1        0 lo      
fe80::/128                                  ::                                      Un    0      1        0 lo      
fe80::b27f:b9ff:fe83:658f/128               ::                                      Un    0      1        0 lo      
fe80::b27f:b9ff:fe83:658f/128               ::                                      Un    0      1        0 lo      
fe80::b27f:b9ff:fe83:6590/128               ::                                      Un    0      3       61 lo      
fe80::b27f:b9ff:fe83:6591/128               ::                                      Un    0      1        0 lo      
fe80::b27f:b9ff:fe83:6591/128               ::                                      Un    0      3       24 lo      
fe80::b27f:b9ff:fe83:659e/128               ::                                      Un    0      1        0 lo      
ff00::/8                                    ::                                      U     256    0        0 eth0    
ff00::/8                                    ::                                      U     256    0        0 vlan1   
ff00::/8                                    ::                                      U     256    0        0 eth1    
ff00::/8                                    ::                                      U     256    0        0 eth2    
ff00::/8                                    ::                                      U     256    2      580 br0     
ff00::/8                                    ::                                      U     256    2       12 vlan2   
::/0                                        ::                                      !n    -1     1      372 lo      

I’ve looked at the ip6tables, and it also appears identical, beyond the counters.

root@Netgear-R7000:~# ip6tables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   12  2289 ACCEPT     all      *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED
    5   376 ACCEPT     icmpv6    *      *       ::/0                 ::/0                
    0     0 ACCEPT     all      *      *       fe80::/64            ::/0                
    0     0 ACCEPT     all      br0    *       ::/0                 ::/0                
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED
    0     0 ACCEPT     all      *      vlan2   ::/0                 ::/0                
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128 limit: avg 2/sec burst 5
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 31 packets, 4287 bytes)
 pkts bytes target     prot opt in     out     source               destination         

I’d tried disabling Radvd on the IPv6 configuration gui and adding “enable-ra” to the Additional Dnsmasq Options, but that didn’t fix my problems. The current configuration has matching radv.conf files to the non working version.

root@Netgear-R7000:~# cat /tmp/radvd.conf
interface br0
{
 IgnoreIfMissing on;
 AdvSendAdvert on;
 MinRtrAdvInterval 3;
 MaxRtrAdvInterval 10;
 AdvHomeAgentFlag off;
 AdvManagedFlag off;
 AdvOtherConfigFlag on;
 AdvLinkMTU 1452;
 prefix 2604:4080:1304:8010::/64 
 {
  AdvOnLink on;
  AdvAutonomous on;
  AdvValidLifetime 30;
  AdvPreferredLifetime 20;
 };
 RDNSS 2607:f060:2::1 2607:f060:2:1::1{};
};

I spent a lot of time reading up on IPv6 and reminding myself of things I’d known in the past and forgotten. https://blog.dorianbolivar.com/2018/09/going-full-ipv6-with-dd-wrt.html?lr=1 is a well written post with links to more sources that I found especially helpful as it was written specifically using DD-WRT and IPv6. My only issue is that it was written nearly four years ago and may not have the same options in the DD-WRT gui as are currently available.

One of the items I added to the Additional Dnsmasq Options was a couple of host entries so that dnsmasq would resolve IPv6 addresses for my windows machines. It seems to speed up the IPv6 name discovery of my windows server while still pointing default DNS resolution at the router.

host-record entries

My conclusion is that I don’t understand what was different in the non-functioning setup I had with holdovers from the older version of DD-WRT, and going through the pain of re-installing from factory fresh configuration after each upgrade is worth the trouble. I’m still not satisfied with the best way of retrieving all of the configuration data into a text file that I can later run a difference test to see what’s changed, or needs to be changed.

Access Windows Share from Raspberry Pi (revisited)

Last year I described a simple method of automounting a directory from my windows server to my Raspberry Pi. Since then I’ve gone down a couple of paths to simplify rebuilding my Raspberry Pi machines.

The method I used last year required modifying the /etc/hosts file, the /etc/fstab file, pre-creating the mount points, and creating a credentials file to store the windows login credentials.

My new method doesn’t require modification of the /etc/hosts or /etc/fstab files, or pre-creating the mount points. Instead I’m relying on two features, Multicast DNS and systemd.automount unit files.

In the old method, to find the windows server, I added it to the local hosts file on the raspberry pi.

192.168.0.12 Acid

Using Multicast DNS, if I simply recognize that I can reach the server with the name Acid.WimsWorld.local the raspberry pi will find the server on the local network. My first step was to modify my /etc/fstab enty to use the local address and clean up my hosts file.

//acid.wimsworld.local/web /media/acid/web/ cifs credentials=/etc/wimsworld.smb.credentials,noauto,x-systemd.automount,x-systemd.idle-timeout=2min,_netdev 0 0

I’d never been happy with modifying the /etc/fstab file as part of my system configuration because in newer installations it is unique to each machine, specifying the boot partitions by their formatted serial number:

proc            /proc           proc    defaults          0       0
PARTUUID=142ff4e3-01  /boot           vfat    defaults          0       2
PARTUUID=142ff4e3-02  /               ext4    defaults,noatime  0       1
# a swapfile is not a swap partition, no line here
#   use  dphys-swapfile swap[on|off]  for that

In my recent programming projects I’ve been working with systemd unit files to control my service processes and have come to understand how they work for automounting directories as well. I like that each directory has its own unit files meaning that a modification is less likely to cause problems for the system as a whole.

The single line from the /etc/fstab file above is removed and replaced by two unit files, /etc/systemd/system/media-acid-web.mount and /etc/systemd/system/media-acid-web.automount.

[Unit]
Description=Acid Web

[Mount]
What=//acid.wimsworld.local/web
Where=/media/acid/web
Type=cifs
Options=credentials=/etc/wimsworld.smb.credentials,vers=2.1

[Install]
WantedBy=multi-user.target

and

[Unit]
Description=Automount Acid Web

[Automount]
Where=/media/acid/web
TimeoutIdleSec=120

[Install]
WantedBy=multi-user.target

I still had to create the credentials file for this to work, since I wanted the credentials file to be only root readable in a different location. /etc/wimsworld.smb.credentials

username=WindowsUsername
password=WindowsPassword
domain=OptionalDomainName

After the three files are created, systemd needs to reload its database with the systemctl daemon-reload command, the automount needs to be enabled with the systemctl enable media-acid-web.automount command, and then started with the systemctl start media-acid-web.automount command.

The naming of the mount files is important, and described explicitly in the man pages for each of mount and automount. In my case, /media/acid/web gets named media-acid-web.mount and media-acid-web.automount. I didn’t need to create mount points in the /media directory, as systemd automatically takes care of that.

I was able to create all of the above with a simple paste into my terminal with the following string:

sudo bash
cat > /etc/systemd/system/media-acid-web.mount <<EOF
[Unit]
Description=Acid Web

[Mount]
What=//acid.wimsworld.local/web
Where=/media/acid/web
Type=cifs
Options=credentials=/etc/wimsworld.smb.credentials,vers=2.1

[Install]
WantedBy=multi-user.target
EOF
cat > /etc/systemd/system/media-acid-web.automount <<EOF
[Unit]
Description=Automount Acid Web

[Automount]
Where=/media/acid/web
TimeoutIdleSec=120

[Install]
WantedBy=multi-user.target
EOF
cat > /etc/wimsworld.smb.credentials <<EOF
username=WindowsUsername
password=WindowsPassword
domain=OptionalDomainName
EOF
chmod 0600 /etc/wimsworld.smb.credentials
systemctl daemon-reload
systemctl enable media-acid-web.automount
systemctl start media-acid-web.automount
exit

With the standard Raspberry Pi setup, the cat command is not available as a sudo command while the bash shell is. I’m taking advantage of that by running the bash shell as root and then all of the other commands with root privileges.

Retrieve Wi-Fi Password in Windows 10

Sometimes I go to a place I’ve been before and my computer remembers the WiFi password while my brain does not. The following Windows PowerShell commands will display most of the remembered passwords.

netsh wlan show profiles

netsh wlan show profiles name=’ProfileToDisplay’ key=clear

The first command displays all of the networks your computer has remembered. It can be rather long if you’ve had your computer for several years and done a reasonable amount of traveling and using WiFi in strange locations.

2019-11-27 (1)

The second command takes the profile name that you retrieved with the first command and displays details of the selected profile. The password is displayed as the Key Content section of the Security settings.

2019-11-27 (2)

Monitoring Raspberry Pi with MRTG

I’ve used MRTG for simple monitoring for years. It’s easy to get working and dependent on very few packages. It stores it’s data in simple files. This both limits it, and makes it easy to move or duplicate.

I wanted to monitor each of my Raspberry Pi network interfaces because they are connected via WiFi and I can’t monitor a particular switch port for each device. I’ve spent nearly a year searching for the reason that MRTG didn’t enumerate the interfaces before coming up with a simple snippet fixing my problem.

Adding this line to the end of my /etc/snmp/snmpd.conf file and restarting the snmpd allowed me to run cfgmaker and see my network interfaces.

view   systemonly  included   .1.3.6.1.2.1.2

Quick and dirty addition and query:

sudo echo view   systemonly  included   .1.3.6.1.2.1.2 >>/etc/snmp/snmpd.conf
sudo systemctl restart snmpd

/usr/bin/cfgmaker --no-down --zero-speed=100000000 public@localhost
Thanks to https://www.seei.biz/cpu-temperature-of-a-raspberry-pi-via-snmp/ for giving me the simple answer that I’d been trying to figure out for over a year.

Access Windows share from Raspberry Pi

I have a shared directory from my windows server that I’d like to read and write from my Raspberry Pi. I want the share to be automatically available on my Raspberry Pi whenever both the Raspberry and the Windows server are running, but I don’t want the system to spend too much time hung up if the windows server is not available. My easy solution is below.

My Windows servername is Acid. The share I want to connect to is Web. The IP address of the server is 192.168.0.12.

sudo echo 192.168.0.12 Acid>>/etc/hosts
sudo mkdir --parents /media/acid/web
sudo echo username=WindowsUsername >/etc/wimsworld.smb.credentials
sudo echo password=WindowsPassword >>/etc/wimsworld.smb.credentials
sudo echo domain=OptionalDomainName >>/etc/wimsworld.smb.credentials
sudo chmod 0600 /etc/wimsworld.smb.credentials
sudo echo //acid/web /media/acid/web/ cifs credentials=/etc/wimsworld.smb.credentials,noauto,x-systemd.automount,x-systemd.idle-timeout=1min,_netdev 0 0>>/etc/fstab

That series of commands, with the correct details in the credentials, and the system automounter will automatically attempt to connect whenever there’s an access under /media/acid/web and then disconnect again after it’s been idle for over a minute.

I needed to add Acid to my local hosts file because the name doesn’t resolve from the DNS server the raspberry pi is using.

I put the windows Username/Password and Domain in a file with only read/write permissions to root so that it wasn’t clear text in the fstab file for anyone on the machine to read.

I did all of this on a machine that had been built from the Raspian Buster Lite image from 2019-07-10. I didn’t explicitly install the cifs-utils package. It might be needed on other distributions.