Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux_router:wifi [2025-03-09 Sun wk10 11:09] – [References] baumkplinux_router:wifi [2025-05-24 Sat wk21 19:59] (current) – [/etc/config/uhttpd] baumkp
Line 1: Line 1:
 +{{tag>linux router wifi "wifi router" "access point"}}
 ======Wifi Router / Access Points====== ======Wifi Router / Access Points======
 I prefer to run higher quality wifi access points (AP) than the all in one type routers.   My current router is X86 based running Linux Nftables on bare metal and Bind9 and Kea as well as some other services in Docker on a VM. I prefer to run higher quality wifi access points (AP) than the all in one type routers.   My current router is X86 based running Linux Nftables on bare metal and Bind9 and Kea as well as some other services in Docker on a VM.
Line 14: Line 15:
 =====Wi-Fi Extender/Repeater with Bridged AP over Ethernet===== =====Wi-Fi Extender/Repeater with Bridged AP over Ethernet=====
 I always setup my Wifi Routers as Wifi Access Points (AP) using an Ethernet uplink only, also know as "Dump AP" or "Bridged AP" Effectively the AP becomes an extension of my LAN and all the providing the Wifi functionality, all DNS, DHCP, firewalling, NAT functions occur in the upstream Ethernet wired Router. I always setup my Wifi Routers as Wifi Access Points (AP) using an Ethernet uplink only, also know as "Dump AP" or "Bridged AP" Effectively the AP becomes an extension of my LAN and all the providing the Wifi functionality, all DNS, DHCP, firewalling, NAT functions occur in the upstream Ethernet wired Router.
- 
  
 802.11r is fast transition from one AP to another in the same mobility domain (i.e. faster authentication when you roam from one AP to another) 802.11r is fast transition from one AP to another in the same mobility domain (i.e. faster authentication when you roam from one AP to another)
-802.11k/v is band steering (i.e. help the client device to find a nearby AP that it would consider roaming to or stimulate“ a device to roam if an AP is saturated)+802.11k/v is band steering (i.e. help the client device to find a nearby AP that it would consider roaming to or "stimulatea device to roam if an AP is saturated) 
 + 
 +=====/etc/config/uhttpd===== 
 + 
 +++++ default /etc/config/uhttpd| 
 +<code>config uhttpd 'main' 
 + list listen_http '0.0.0.0:80' 
 + list listen_http '[::]:80' 
 + list listen_https '0.0.0.0:443' 
 + list listen_https '[::]:443' 
 + option redirect_https '0' 
 + option home '/www' 
 + option rfc1918_filter '1' 
 + option max_requests '3' 
 + option max_connections '100' 
 + option cert '/etc/uhttpd.crt' 
 + option key '/etc/uhttpd.key' 
 + option cgi_prefix '/cgi-bin' 
 + list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua' 
 + option script_timeout '60' 
 + option network_timeout '30' 
 + option http_keepalive '20' 
 + option tcp_keepalive '1' 
 + option ubus_prefix '/ubus' 
 + 
 +config cert 'defaults' 
 + option days '397' 
 + option key_type 'ec' 
 + option bits '2048' 
 + option ec_curve 'P-256' 
 + option country 'ZZ' 
 + option state 'Somewhere' 
 + option location 'Unknown' 
 + option commonname 'OpenWrt'</code> 
 +++++ 
 +I copy my main '*.local.kptree.net' cer/crt and key files from LetsEncrypt to the openWRT machines /etc/uhttpd.crt and key files using 'scp' from the machine remote to the openWRT machines. Install sftp-server with ''opkg update'' and ''opkg install openssh-sftp-server''
 +  *''scp .config/certificates/'*.local.kptree.net.key' root@wifi-ap1.local.kptree.net:/etc/uhttpd.key'' to copy across the key 
 +  *''scp .config/certificates/'*.local.kptree.net.cer' root@wifi-ap1.local.kptree.net:/etc/uhttpd.crt'' to copy across the certificate 
 +I have a separate script that extracts the various certificates key from Traefik combined certificate file that I need to use on my mail server, that is mentioned elsewhere on my wiki. 
 + 
 +After the certificates are updated the router must be rebooted or the uhttpd module restarted: 
 +  *ssh into the router ''%%ssh root@wifi-ap1.local.kptree.net:/etc/uhttpd.crt%%'' and run ''%%/etc/init.d/uhttpd restart%%'' 
 +  *'Or run the command in ssh: '%%ssh root@wifi-ap0.local.kptree.net "/etc/init.d/uhttpd restart"%%'' 
 + 
 + 
 + 
  
 ====References==== ====References====
Line 25: Line 71:
     *[[https://forum.openwrt.org/t/wax206-newbie-advice/213085|https://forum.openwrt.org/t/wax206-newbie-advice/213085]]     *[[https://forum.openwrt.org/t/wax206-newbie-advice/213085|https://forum.openwrt.org/t/wax206-newbie-advice/213085]]
     *[[https://openwrt.org/docs/guide-user/network/wifi/wifiextenders/bridgedap|Wi-Fi Extender/Repeater with Bridged AP over Ethernet]]     *[[https://openwrt.org/docs/guide-user/network/wifi/wifiextenders/bridgedap|Wi-Fi Extender/Repeater with Bridged AP over Ethernet]]
 +    *[[https://openwrt.org/docs/guide-quick-start/sshadministration|SSH access for newcomers]]
 +    *[[https://openwrt.org/docs/guide-user/luci/getting_rid_of_luci_https_certificate_warnings|get rid of https certificate warnings]]
  
 [[https://dd-wrt.com/support/documentation/|dd-wrt]], [[https://www.myopenrouter.com/article/transform-netgear-ex6200-wi-fi-router-dd-wrt|Transform the NETGEAR EX6200 into a Wi-Fi Router with DD-WRT]] [[https://dd-wrt.com/support/documentation/|dd-wrt]], [[https://www.myopenrouter.com/article/transform-netgear-ex6200-wi-fi-router-dd-wrt|Transform the NETGEAR EX6200 into a Wi-Fi Router with DD-WRT]]