Установка и настройка openwrt

Advice

Users that are not expert users of OpenWrt (those that can build their own images) should consider

16/64 as an absolute minimum for any device, with at least 128 MB of RAM being preferred.

Users should expect that devices with less than 16 MB of flash and/or 64 MB of RAM may be unstable in basic operation under current versions of OpenWrt (17.X, 18.X). They should further expect that support for the device may be dropped at any time and that security patches/updates to the kernel, drivers, and/or application software will not be available. While there is no warranty of ongoing support for any device under OpenWrt, those with insufficient resources are at great risk for “end of support”.

Previous versions of OpenWrt (such as earlier versions of 17.X, 15.X, “Chaos Calmer” and prior) contain now-known security vulnerabilities in the kernel, wireless implementation, and/or application code. The OpenWrt community cannot support running known-vulnerable code under any situation. “It’s just my router” is not justification as your router becoming compromised can impact others as a jump-point, command-and-control, or other participant in an attack. In many cases, these known vulnerabilities are being actively targeted, potentially including by advanced, likely state-sponsored or state-affiliated actor or actors.

LuCI模块包

and are meta-packages. Here you see what they comprise, the sizes are in Bytes compiled for the ar71xx platform. They should differ too much from binaries compiled for other architectures. Also note, that with JFFS2 it is not possible to precisely predict the occupied space.

In case you want to use a different web server than uhttpd and not install uhttpd at all, do not install the meta-package because it includes it. Install the individual components instead and a web server of your choice. The article webserver shows you some choices from the repos.

Name	Size	Description
luci	779	Meta package. Standard OpenWrt set including full and mini admin and the standard theme
uhttpd	23778	uHTTPd is a tiny single threaded HTTP server with TLS, CGI and Lua support. It is intended as a drop-in replacement for the Busybox HTTP daemon.
luci-mod-admin-full	60827	LuCI Administration — full-featured for full control
luci-mod-admin-core	5257	Web UI Core module
luci-theme-openwrt	7226	OpenWrt.org (default)
luci-i18n-english	1252	English
luci-app-firewall	16630	Firmware and Portforwarding application
firewall	11603	UCI based firewall for OpenWrt /etc/config/firewall /etc/firewall.user. Dependencies: iptables, iptables-mod-conntrack, iptables-mod-nat
luci-app-initmgr	5713	LuCI Initscript Management
libiwinfo	25362	Wireless information library with consistent interface for proprietary Broadcom, madwifi, nl80211 and wext driver interfaces.
luci-lib-ipkg	2846	LuCI IPKG/OPKG call abstraction library
luci-theme-base	25065	Common base for all themes
libnl-tiny	14390	This package contains a stripped down version of libnl
liblua	81477	Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. This package contains the Lua shared libraries, needed by other programs.
lua	9069	Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. This package contains the Lua language interpreter. (5.1.4-7)
luci-lib-web	59695	MVC Webframework
luci-lib-sys	15795	LuCI Linux/POSIX system library
luci-lib-nixio	31683	NIXIO POSIX library
luci-lib-core	28096	LuCI core libraries
luci-sgi-cgi	2420	CGI Gateway behind existing Webserver
luci-lib-lmo	4714	LuCI LMO I18N library
Additionally Required for HTTPS
luci-ssl	782	Meta package. Standard OpenWrt set including full and mini admin, the standard theme + HTTPS support
uhttpd-mod-tls	5825	The TLS plugin adds HTTPS support to uHTTPd.
uhttpd-mod-lua	9178	The Lua plugin adds a CGI-like Lua runtime interface to uHTTPd.
libcyassl	69682	CyaSSL is an SSL library optimized for small footprint, both on disk and for memory use.
px5g	28480	Px5g is a tiny standalone X.509 certificate generator. It’s suitable to create key files and certificates in DER and PEM format for use with stunnel, uhttpd and others.
Internationalization and localization packages
luci-i18n-xxx	?????	Please confer to http://i18n.luci.subsignal.org/pootle/ for an overview of the translation progress.

According to a is no longer available

Protocol «ppp» (PPP over Modem)

The package must be installed to use PPP.

Name	Type	Required	Default	Description
	file path	yes	(none)	Modem device node
	string	no(?)	(none)	Username for PAP/CHAP authentication
	string	no(?)	(none)	Password for PAP/CHAP authentication
	file path	no	(none)	Path to custom PPP connect script
	file path	no	(none)	Path to custom PPP disconnect script
	number	no	(none)	Number of unanswered echo requests before considering the peer dead. The interval between echo requests is 5 seconds.
	number	no	(none)	Number of seconds to wait before closing the connection due to inactivity
	boolean	no		Replace existing default route on PPP connect
	boolean	no		Use peer-assigned DNS server(s)
	list of ip addresses	no	(none)	Override peer-assigned DNS server(s)
		no		Enable IPv6 on the PPP link 0: IPv6 disabled 1: IPv6 enabled auto: IPv6 enabled. DHCPv6 client enabled.
	string	no	(none)	Additional command line arguments to pass to the pppd daemon

PPP-based protocols negotiate IPv4 and IPv6 support when the link is established. These protocols require to be specified in the parent section if IPv6 support is required. Further configuration can be given in the alias section – see ipv6.

Australia

TPG (ADSL2+)

A good way to configure your internet is using two devices: A dedicated modem that just accepts all ATM traffic and bridges it to its ethernet port, and a second device that acts as a router to your internal LAN, and the WAN port authenticates to your ISP via pppoe, and is physically connected to the first device over ethernet cable.

Below, I show two configs, one config for the modem, (here Netgear DM200 ADSL2+/VDSL modem) and the second config showing the necessary authentication to TPG ISP for the second device (another OpenWrt router).

package network                                                                 
                                                                                
config atm-bridge 'atm'                                                         
        option vpi '8'                                                          
        option vci '35'                                                         
        option encaps 'llc'                                                     
        option payload 'bridged'                                                
                                                                                
config dsl 'dsl'                                                                
        option annex 'a2p'                                                      
        option fwannex 'a'                                                      
        option firmware '/lib/firmware/lantiq-vrx200-a.bin'                     
        option xfer_mode 'atm'                                                  
                                                                                
config interface 'lan'                                                          
        option type 'bridge'                                                    
        option ifname 'eth0 nas0'                                               
        option proto 'none'                                                     
        option auto '1'                                                         
                                                                                
config device 'lan_dev'                                                         
        option name 'eth0'                                                      
        option macaddr 'yy.yy.yy.yy.yy.yy'                                      
                                                                                
config device 'wan_dev'                                                         
        option name 'nas0'                                                      
        option macaddr 'xx.xx.xx.xx.xx.xx'

Second device authenticates to ISP with:

config interface 'wan'
	option ifname 'eth1'
	option proto 'pppoe'
	option username 'xxxx@tpg.com.au'
	option password 'zzzz'

TPG (NBN FTTC)

Simply set the WAN port to use the PPPoE protocol and enter your TPG username and password. That’s all. No VLAN configuration, such as setting WAN to use VLAN2 was required.

Czech Republic

VDSL

• Protocol: PPPoE
• VLAN: 848
• Username: O2
• Password: O2

config interface 'wan'
        option proto 'pppoe'
        option username 'O2'
        option ifname 'dsl0.848'
        option ipv6 'auto'
        option password 'O2'
        
config dsl 'dsl'
        option annex 'a'
        option ds_snr_offset '0'
        option line_mode 'vdsl'
        option tone 'av'        

O2 provides documentation for IPTV here.

• Bridge mode
• VLAN: 835

Example configuration on TP-Link TD-W8980B / TD-9980B. IPTV is plugged in port ‘LAN2’.

config interface 'iptv'
        option type 'bridge'
        option proto 'dhcp'
        option hostname 'O2TV'
        option peerdns '0'
        option defaultroute '0'
        option ifname 'dsl0.835 eth0.835'
        
config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 5 2 4'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '835'
        option ports '6t 0'        

Canada

Bell Canada Fibe

Bell Canada Fibe provides for fiber to the home (FTTH).

They use VLAN tagging and PPPoE protocol.

The VLAN tagging is usually as follows:

• Phone: VLAN 34
• Internet: PPPoE over VLAN 35
• TV: VLAN 36

config interface 'wan'
    option ifname 'eth1.35'
    option proto 'pppoe'
    option username 'b1xxxxxx'
    option password 'xxxxxx'
    option ipv6 'auto'

config interface 'wan6'
    option proto 'dhcpv6'
    option reqaddress 'try'
    option reqprefix 'auto'
    option ifname '@wan'

MTU Settings

Follow the MTU recommendations here:

• Fiddle with your MTU settings to make sure that your router doesn’t have to fragment IP packets. (IP fragmentation will use more CPU on your router, increase overhead on your WAN connection, slightly degrade performance, and cause problems when connecting to networks behind misconfigured firewalls on the Internet).
• At first I used all the default settings and was getting an MTU of 1480.
• I increased the MTU on both my SFP interface and VLAN to 1520 and then set the advertised MTU and MRU settings on my PPPoE interface to 1500 and was able to get an actual MTU of 1500 on my WAN link.
• You can verify your MTU value using ping or a webservice such as the MTU test at Let Me Check.it.

References

• How to get Bell Fibe in Quebec/Ontario (Internet and IPTV) working with pfSense https://forum.netgate.com/topic/78892/how-to-get-bell-fibe-in-quebec-ontario-internet-and-iptv-working-with-pfsense

• How to bypass Bell hub and use your own Route http://forums.redflagdeals.com/please-sticky-how-bypass-bell-hub-use-your-own-router-1993629/

• Bell PPPoE and IPTV with FTTH, Guide, configuration and tidbits. https://community.ubnt.com/t5/EdgeRouter/Bell-PPPoE-and-IPTV-with-FTTH-Guide-configuration-and-tidbits/td-p/1686977

• Bell Fibe WAN PPPoE (in French) http://blog.th0ma7.com/pages/Bell-Fibe-WAN-PPPoE

• Bell Fibe with your own Router

Альтернативные процедуры обновления ОС до Luci или sysupgrade

В OS параметры обновления гораздо более ручной, чем при использовании либо LuCI или sysupgrade. Они нужны только в необычных обстоятельствах.

mtd

1. Если sysupgrade не поддерживается для встроенного устройства,вы должны использовать вместо:

   mtd -r write /tmp/openwrt-ar71xx-generic-wzr-hp-ag300h-squashfs-sysupgrade.bin firmware

Netcat

Прямой метод

Netcat можно было бы использовать, если вы не можете свободно достаточно оперативной памяти. См netcat. Netcat должен быть установлен первым.

Этот метод НЕ рекомендуется!

1. На компьютере Linux запустите:

   nc -q0 192.168.1.1 1234 
   

2. На маршрутизаторе выполните:

   nc -l -p 1234 | mtd write - firmware

Косвенный метод

Этот метод намного безопаснее, если у вас достаточно оперативной памяти.

Этот метод отлично подходит для самостоятельной сборки firmwares.

Вы должны проверить, сколько оперативной памяти у вас есть в настоящее время.(В случае, если у вас нет достаточно осталось, обратитесь бесплатно оперативную память.)

free

Передача файла изображения во временную папку

На вашем GNU/Linux PC запустите run:cat .bin | pv -b | nc -l -p 3333

На маршрутизаторе выполните:run:nc 192.168.1.111 3333 > /tmp/.bin

Порт 3333 адрес 192.168.1.111 IP только примеры. Команда «’pv -b’» является обязательным для отслеживания прогресса, но возможно вы должны установить рv к вашей системе ранее.

Напишите это для вспышки

  sysupgrade:

ИЛИ

  mtd:

Я тестировал под Ubuntu 11.10.

Некоторые полезные ссылки для Netcat

• http://www.g-loaded.eu/2006/11/06/netcat-a-couple-of-useful-examples/

• http://www.screenage.de/blog/2007/12/30/using-netcat-and-tar-for-network-file-transfer/

• https://help.ubuntu.com/community/BackupYourSystem/TAR

• http://www.aboutdebian.com/tar-backup.htm

scp

Убедитесь, что маршрутизатор имеет достаточно памяти.

root@OpenWrt:/# free

Убедитесь, что вы установили пароль для маршрутизатора (для включения SSH необходимо установить пароль для маршрутизатора). См. First Login для получения более подробной информации.

Скопируйте прошивку на маршрутизаторе

На вашем компьютере Linux запустите:

linux$ scp openwrt-ar71xx-tl-wr1043nd-v1-squashfs-sysupgrade.bin root@192.168.1.1:/tmp

Ввод «да» estabilish подлинность,а затем введите пароль вашего маршрутизатора. Подождите scp команда завершена.Теперь вы можете видеть прошивку в /tmp каталог.

Написать прошивку вашего маршрутизатора

root@OpenWrt:/# sysupgrade -v /tmp/.bin 

Заметка

192.168.1.1 является IP — адрес (можно назвать GateWay) вашего маршрутизатора. Проверка бегом:
run:

linux$ ip r 

или вы можете проверить файл /etc/config/network file, 127.0.0.1 является петлевой IP адрес, другой является IP адрес вашего маршрутизатора.

root@OpenWrt:/# grep ipaddr /etc/config/network 

Configuration

Server configuration

There is no need to modify server configuration files /etc/pptpd.conf /etc/ppp/options.pptpd, however some parameters needs to be adjusted depending from clients and network configuration ( such as mtu, mru, ms-dns, proxyarp). See documentation and tips below.

Clients configuration is located in /etc/config/pptpd. Modify it to enable pptpd and configure clients and network. Following is example for two clients. You can add multiple config ‘login’.

config service 'pptpd'
	option 'enabled' '1'
	option 'localip' ‘xxx.yyy.www.zzz’

config 'login' 
	option 'username' ‘foo’
	option 'password' ‘bar’
	option 'remoteip' 'xxx.yyy.zzz.1’

config 'login' 
	option 'username' ‘foo’
	option 'password' ‘bar’
	option 'remoteip' 'xxx.yyy.zzz.2’

Network configuration

If you are using different subnet for VPN clients you need to add route to /etc/network:

config route
	option interface 'lan'
	option target 'xxx.yyy.zzz.0'
	option netmask '255.255.255.0'
	option gateway 'xxx.yyy.www.zzz'

Firewall configuration

Accept traffic from wan

In order to accept pptp traffic in wan to router you need to open following protocols and ports. Add following to /etc/config/network:

config rule
	option target 'ACCEPT'
	option name 'pptp'
	option src 'wan'
	option proto 'tcp'
	option dest_port '1723'

config rule
	option target 'ACCEPT'
	option name 'gre'
	option src 'wan'
	option proto '47'

Accept VPN traffic

In order to enable traffic inside VPN to enter, leave and pass trough router you need to add following. Be aware, that if you are using ppp (PPPoE or similar) in wan following configuration is insecure and shall be modified. You can add it to /etc/firewall.user:

# Allow all traffic in and out of the ppp interface. No reason to specify nets.
iptables -A input_rule -i ppp+ -j ACCEPT
iptables -A output_rule -o ppp+ -j ACCEPT
# This rule will allow traffic towards internet
iptables -A forwarding_rule -i ppp+ -j ACCEPT
iptables -A forwarding_rule -o ppp+ -j ACCEPT

As a safer way you can automate these rules by creating

#!/bin/sh
ifname=$1

if ]
then
	iptables -A forwarding_rule -i "$ifname" -j ACCEPT
fi

and

#!/bin/sh
ifname=$1

if ]
then
	iptables -D forwarding_rule -i "$ifname" -j ACCEPT
fi

/etc/init.d/pptpd enable
/etc/init.d/pptpd start

Подключение через telnet

BusyBox v1.17.3 (2011-02-22 23:42:42 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 ATTITUDE ADJUSTMENT (bleeding edge, r26290) ----------
  * 1/4 oz Vodka      Pour all ingredents into mixing
  * 1/4 oz Gin        tin with ice, strain into glass.
  * 1/4 oz Amaretto
  * 1/4 oz Triple sec
  * 1/4 oz Peach schnapps
  * 1/4 oz Sour mix
  * 1 splash Cranberry juice
 -----------------------------------------------------
root@openwrt:~$

наберите passwd в строке ввода. Вам будет предложено создать новый пароль для пользователя root:

root@openwrt:~$ passwd
Changing password for root
New password:
Retype password:
Password for root changed by root
root@openwrt:~$

• пожалуйста, используйте надежный пароль.
• после того как вы установили пароль telnet daemon будет отключен, наберите в командной строке
• SSH уже доступен без перезагрузки; подключайтесь через HTTPS, если Web-интерфейс (LuCI) уже установлен TLS-модули

• подключитесь опять с помощью команды или используйте signature.authentication

• продолжайте с базовой конфигурацией

Ireland

=== Vodafone SIRO 1G

* igmpproxy need to be installed for TV
for my setup im using separated interface for STB, you can connect your and into LAN (but then plz change configuration of igmpproxy to point to LAN instead of eth3)
config files:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fda0:8093:6a4c::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.0.1'
	option stp '1'
	option igmp_snooping '1'
	option ifname 'eth1 eth3'

config interface 'wan'
	option proto 'pppoe'
	option ifname 'eth0.10'
	option username 'VODAFONE_ROUTER_SERIAL@vfieftth.ie'
	option password 'broadband'
	option ipv6 'auto'

config interface 'wan6'
	option ifname 'eth0'
	option proto 'dhcpv6'


config interface 'iptv'
	option proto 'dhcp'
	option delegate '0'
	option broadcast '1'
	option defaultroute '0'
	option ifname 'eth0.10'

config interface 'stb'
	option proto 'static'
	option ifname 'eth2'
	option type 'bridge'
	option igmp_snooping '1'
	option ipaddr '192.168.2.1'
	option ip6assign '64'
	option netmask '255.255.255.128'

config igmpproxy
	option quickleave 1
#	option verbose (none, minimal, more, maximum)

config phyint
	option network iptv
	option zone wan
	option direction upstream
	list altnet 0.0.0.0/0

config phyint
	option network stb
	option zone lan
	option direction downstream

Preparation

Prerequisites

• Study the documentation available in sourceforge.
• Plan your networks. Remote clients can be in “lan”, but it is feasible to configure dedicated network for clients and set up routing accordingly.
• Modify your firewall rules as described below.
• If upgrading from previous OpenWrt version make backup from pptpd configuration files. 14.07 init script overwrites chap-secrets file.

/etc/pptpd.conf
/etc/ppp/options.pptpd
/etc/ppp/chap-secrets

• pptpd
• kmod-mppe
• ppp

See OpenWrt log for other required packages.

Installation

 opkg install pptpd kmod-mppe

There are bugs in BARRIER BREAKER (14.07, r42625) init script.
Modify /etc/init.d/pptpd to clean up temporary pptp.conf and chap-secrets. Original init script does not enable multiple simultaneous clients with fixed remote IP‘s. Following script and modified configuration file enables it:

#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org

START=60
BIN=/usr/sbin/pptpd
DEFAULT=/etc/default/$BIN
RUN_D=/var/run
PID_F=$RUN_D/$BIN.pid
CONFIG=/var/etc/pptpd.conf
CHAP_SECRETS=/var/etc/chap-secrets

setup_login() {
	local section="$1"
	config_get username "$section" username
	config_get password "$section" password
	config_get remoteip "$section" remoteip
	 || return 0
	 || return 0
	 || return 0

	echo "$username pptp-server $password $remoteip" >> $CHAP_SECRETS
}

setup_config() {
	local section="$1"

	config_get enabled "$section" enabled
	 && return 1

	mkdir -p /var/etc
	cp /etc/pptpd.conf $CONFIG

	config_get localip "$section" localip
	 && echo "localip  $localip" >> $CONFIG
	return 0
}

start_pptpd() {
	 && . $DEFAULT
	mkdir -p $RUN_D
	for m in arc4 sha1_generic slhc crc-ccitt ppp_generic ppp_async ppp_mppe; do
		insmod $m >/dev/null 2>&1
	done
	ln -sfn $CHAP_SECRETS /etc/ppp/chap-secrets
	service_start $BIN $OPTIONS -c $CONFIG
}

start() {
	config_load pptpd
	setup_config pptpd || return
	config_foreach setup_login login
	start_pptpd
}

stop() {
	service_stop $BIN
	rm -rf $CHAP_SECRETS $CONFIG /etc/ppp/chap-secrets
}

Portugal

GlobalConnect Pack

This enterprise VoIP and Internet services package includes a Thomson/Technicolor gateway which can be configured (by the tecnician only) in bridge mode, at installation time. In this configuration, the connection presents itself untagged at the gateway’s switch port 4.
The Internet service is somewhat unusual, in the sense that it requires IP aliasing (it allows the provider to spare one public IP address per connection). The addressing is static, and the configuration provided is (as an example) something along these lines:

• Local WAN IP: 100.64.194.2
• Remote WAN IP: 100.64.194.1
• Internet IP: 62.10.20.30/32

Both the Local and Remote WAN IP addresses belong to a /30 subnet. Inbound traffic arrives at the interface with the Internet IP address as the destination.
To configure this connection on an OpenWrt device (let’s assume interface eth1), on , we need:

config interface 'wan'
	option ifname 'eth1'
	option proto 'static'
	list ipaddr '62.10.20.30/32'
	list ipaddr '100.64.194.2/30'
	option gateway '100.64.194.1'

Now, since the addressing is static, we can do source NAT instead of masquerading. To do so, we configure /etc/config/firewall as follows:

config nat
	option name 'MEO SNAT'
	option device 'eth1'
	option src_dip '62.10.20.30'
	option src 'wan'
	option target 'SNAT'

安装

1. 在软件库中检索可用软件包的最新列表：

opkg update

完整安装一个不需要HTTPS支持的LuCI:

opkg install luci

完整安装一个需要HTTPS支持的LuCI:

opkg install luci-ssl

OPKG 安装 luci

本地语言支持

基本的LuCI Web用户界面是英文的。但是，志愿者们正积极的把它翻译成许多语言。参见http://i18n.luci.subsignal.org/pootle/ 可以参与！有关可用包的列表，运行

opkg list | grep luci-i18n-

您会看到一个可用语言包的列表。要安装你的母语，例如运行

opkg install luci-i18n-chinese 

您还可以通过网页界面安装语言包，你可以同时安装多个LuCI语言包,要在它们之间切换可通过网页界面或编辑这个文件 →

开始使用Web服务器(uHTTPd)

Web服务器uHTTPd是LuCI安装包的一个依赖软件，它会在你安装LuCI时自动安装。
安装后，Web服务器是未运行的!你需要手动开启它。你还应该使能Web服务器，以使它在你重启路由器时自动启动。
下面的第一个命令启动Web服务器，第二个使它在重启时启动。

etcinit.duhttpd start
etcinit.duhttpd enable

现在，你应该能够连接到Web服务器 http://192.168.1.1 享受LuCI提供的服务了。

详细资料

LuCI做为“元包”安装，它同时安装了其他几个被定义为依赖关系的包。
尤其是，它安装了uHTTPd Web服务器，配置为供LuCI使用。
安装的依赖包如下(更多信息参见LuCI技术参考)：

• uhttpd
• uhttpd-mod-ubus
• luci-mod-admin-full
• luci-theme-bootstrap
• luci-app-firewall
• luci-proto-core
• luci-proto-ppp
• libiwinfo-lua

要使用uHTTPd做Web界面,你仅需要很少的配置就行,因为uHTTPd配置了CGI以使LuCI可以使用Lua解释器来工作。
默认配置如下。默认情况下是标准的文档根目录。
因此，通过请求该文档根目录（在浏览器中输入设备IP地址）可以找到一个如的索引文件（uHTTPd设置）。
配备的(与LuCI一起安装)文件会在收到请求时把你重定向到目录，
这是LuCI的默认CGI通道。这仅是一个脚本，它主要是在中调用Lua。
uHTTPd默认配置为用CGI加载路径下的页面，从而通过 脚本为这些网页开启服务。

另外，也可以把Lua作为嵌入式进程来运行LuCI。uHTTPd支持这一点;
可以参考上uHTTPd的UCI配置的相关文章和章节 。

Extensibility issues

Barely enough Flash to accommodate OpenWrt firmware image

• 4MB min (won’t be able to install luci web interface) / 8MB better (will fit luci and some other applications)
• 4MB can work, but are no fun to work with. >4MB will make you happier than 4MB or below.
• 4MB devices can’t fit anything noteworthy unless you use the Image Generator (Image Builder) (that requires a Linux system and some mild experience) or use Extroot. Experienced users creating custom builds may be able to Saving firmware space, but many packages won’t ever fit no matter what you do.
• If you want to be sure you can install at least a few additional software packages, 8MB (or more) of flash and 64MB (or more) of RAM are the only choice.

Most probably, you will not be able to install the following popular packages (and others) on a device with only 4MB flash:

• VPNs and any other package requiring encryption
• Samba (shared folders)
• 3G/4G dongle support

• filesystem drivers/tools for formatting and checking a filesystem for Extroot

Protocol «ncm» (USB modems using NCM protocol)

The package + modem specific driver must be installed to use NCM.

Name	Type	Required	Default	Description
	file path	yes	(none)	NCM device node, typically /dev/cdc-wdm0 or /dev/ttyUSB#
	string	yes	(none)	Used APN
	number	no	(none)	PIN code to unlock SIM card
	string	no	(none)	Username for PAP/CHAP authentication
	string	no	(none)	Password for PAP/CHAP authentication
	string	no	(none)	Authentication type: pap, chap, both, none
	string	no	(modem default)	Used network mode, not every device support every mode: preferlte, preferumts, lte, umts, gsm, auto
	string	no		Used IP-stack mode, (for IPv4), (for IPv6) or (for dual-stack) (Designated Driver #46844 and later)
	number	no	Seconds to wait before trying to interact with the modem (some modems require up to 30 s.)