Sunday, 22 October 2017 21:00

Fix Corrupted Windows Profile

Rate this item
(0 votes)

 

Over the years, I've had various people that have had trouble logging into their Windows computer.  Windows would login to a Temporary profile.  It is an easy fix, but not so easy from a distance since it involves editing the registry.  I don't like sending regedit commands to users since so many things could go wrong.  In response to the many requests I received, I wrote the script below in AutoIT.  It's simple and easy for the user to double-click the executable file after restarting into Safe Mode.  It fixes the Corrupted Profile.  The code isn't pretty, but leave a comment if you find anything that doesn't work.

If you want to learn more about the Windows Temporary Profile, search for:  windows temporary profile fix

I hope this helps someone.

Thanks!


#NoTrayIcon #RequireAdmin #include Opt("TrayMenuMode",3) ;$settingsitem = TrayCreateItem("Settings") ;TrayCreateItem ("") $exititem = TrayCreateItem("Exit") TraySetIcon("Shell32.dll",14) TraySetToolTip("Running Fix Profile") TraySetState() Func CheckMenuItem() $msg = TrayGetMsg() Select Case $msg = $exititem Exit EndSelect EndFunc For $i = 1 To 50 Local $var = RegEnumKey("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", $i) CheckMenuItem() If @error <> 0 Then ExitLoop if stringright ($var,4) = ".bak" Then $slen = StringLen ($var) $new = stringleft ($var,$slen - 4) $copykey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $new $destkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $new & ".old" _RegMoveKey($copykey, $destkey) $movesourcekey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $var $movedestkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $new _RegMoveKey ($movesourcekey, $movedestkey) ; Parameters.....: $s_key - Source key ; $s_val - Source value ;RefCount set to 0 RegWrite ($movedestkey,"RefCount","REG_DWORD",0) CheckMenuItem() ; Write Log file Local $file = FileOpen("fixlog.txt", 1) If $file = -1 Then MsgBox(0, "Error", "Unable to open file.") Exit EndIf ; Get current system time $tCur = _Date_Time_GetSystemTime() FileWrite($file, _Date_Time_SystemTimeToDateTimeStr($tCur) & @CRLF) FileWrite($file, "Move From: " & $copykey & @CRLF) FileWrite($file, "Move To: " & $destkey & @CRLF) FileWrite($file, "Move From: " & $movesourcekey & @CRLF) FileWrite($file, "Move To: " & $movedestkey & @CRLF) FileWrite($file, "Changed RefCount Value to 0" & @CRLF) FileClose($file) MsgBox (0,"Completed","Press OK to Exit. Restart computer and login like normal.") Exit Else MsgBox (0,"Completed","Press OK to Exit. A bad profile was not found. Please contact the Help Desk for more troubleshooting ideas.") Exit EndIf Next

Last modified on Sunday, 22 October 2017 21:38
Thursday, 12 October 2017 01:03

OpenWrt, OpenVPN, Two Signals, One Router

Rate this item
(0 votes)

While living outside the U.S., I, often, found myself needing a VPN connection to do stuff that made me look like I was in the U.S. I chose an OpenVPN service because it was simple to set up, but ran into trouble when I needed it for multiple devices. I installed the OpenVPN software on my computer, my children's computer, and my wife's computer, but found I couldn't connect any Streaming Device to it because I couldn't install the software on it. With the VPN service I had, I could only connect 2 devices at a time so this, quickly, became troublesome. I began thinking about what to do. I could purchase (or use) another router and configure it for an OpenVPN connection, but I would have two wifi routers and a modem sitting around. I, really, didn't want the extra cables and wires collecting dust.

Thinking through this,I had another idea. Instead of having two wifi routers, what if I could configure the OpenWRT to router to broadcast two wifi signals with one connecting to an OpenVPN server and the other one connecting locally? This way, I would only have one router and one modem sitting around. With this in mind, I went on a tech hunt and, finally, figured it out. After I configured mine, I configured many others as people learned about what I did. These routers were quite popular at one time with folks around me. For your, geeky, reading pleasure, the steps that I do to make one are below.

Enjoy!

Warning:  There is a lot I don't explain in this walkthrough as these are my notes.  If you are unfamiliar with what you see below, please ask in the comments or ask a trusted friend to help.


The idea: Using an OpenWRT flashed router, broadcast two wireless signals. One connecting to an OpenVPN server (ex. Witopia, StrongVPN, etc.) and the other connecting locally

The Purpose: To secure a connection for online banking, online purchasing, watching Netflix, Hulu, etc., on media devices and to have local internet access, when needed. Depending on which wireless SSID that is connected, you can either be running over a VPN or locally. For example, you can connect your media devices to the VPN SSID and run Netflix, Hulu, or to just have a secure connection all the time and/or connect to the other SSID when the VPN connection goes down or to have a faster speed

Before attempting this, I looked around on the internet and didn't find a walk through, so if there is one, please let me know. However, I did find lots of help that I picked up from different places. Some of them include:

http://wiki.openwrt.org/doc/howto/vpn.client.pptp

https://forum.openwrt.org/viewtopic.php?id=39223

There were a few more, but can't remember which ones now.

The instructions below are written for Attitude Adjustment 12.09 RC2, but they will work on any later version


Here is what I do:

Purchase OpenVPN service from a reputable company (ex. Witopia, StrongVPN, etc.)

Install OpenVPN and ip on the OpenWRT router:

  • opkg update

  • opkg install openvpn-openssl ip

Add a new Wireless controller as normal (Network->Wifi).

  • SSID: <your 'secure' name>

  • Mode: Access Point

  • Attach the network to the LAN network for now.

  • We'll test it to make sure it works and that you have internet access in a few moments...

  • Add Wireless Security and any other wireless setting you desire

  • Save and Apply

  • Click 'Enable'

Add a new interface (Network->Interfaces->Add new interface)

  • Choose Name (ex. Slan) -If you change this name (Slan), make sure to change the other references to it below

  • Select 'Static Address.'

  • Create bridge = unchecked

  • Cover the following interfaces = Choose newly created wireless Network

  • Submit

Choose IP address in another subnet, for example:

  • IPv4 address = 192.168.20.1

  • IPv4 netmask = 255.255.255.0

  • Leave Gateway blank

  • Custom DNS server = 192.168.20.1

  • Save and Apply

Firewall Settings

  • Create new Zone = <your 'secure' lan name> (needs to be different than wlan above. I choose the name of the lan. ex. slan)

  • Click 'Setup DHCP server' and use default settings unless you need something special.

  • Save and Apply

From LuCI, go to the Firewall section: Network->Firewall Section

  • Edit the LAN settings and add the newly created interface (slan) to the covered networks. There should be two now. LAN and SLAN. Wan should be checked under the Allow forward to destination zone.

  • Save and Apply.

Back to Network->Wifi section

  • Edit the newly created wireless interface and uncheck the 'lan' network. Only 'slan' or whatever you called it should be checked.

  • Save and Apply

Test the wireless connection. If you followed the above steps, you should have internet access and have an ip address in the 192.168.20.0 subnet.

 

 Once the test is good, go to Network->Firewall and edit each setting so it matches the table below: 

Name

Input

Output

Forward

Masquerade & MSS clamping

Covered Networks

Allow Forward To

Allow Forward From

Lan

Accept

Accept

Reject

Both Blank

Lan

wan

 

Wan

Reject

Accept

Reject

Both Checked

Wan

 

lan

Slan

Accept

Accept

Reject

Both Blank

Slan

Ovpn 1

 

Ovpn 1

Accept

Accept

Reject

Check Masquerade

MSS Blank

Ovpn 1

 

Slan

1 See below for more information about ovpn firewall zone. Just edit Lan and Wan at this point. We'll finish this below.

 

The rest of the setup process will be on the command line so login to the router via SSH (see Command-Line Interface(CLI))

  • Configure the network – edit file: /etc/config/network

    • Add ovpn interface

config 'interface' 'ovpn'

option 'ifname' 'tun0'

option 'defaultroute' '0'

option 'peerdns' '0'

option 'proto' 'none'

 

Configure the firewall – edit file: /etc/config/firewall

  • Configure Forward Zone for ovpn

config 'forwarding'

option 'dest' 'ovpn'

option 'src' 'slan'

 

  • Configure OpenVPN Firewall zone

config zone

option name 'ovpn'

option input 'ACCEPT'

option forward 'REJECT'

option output 'ACCEPT'

option network 'ovpn'

 

Add new table to routing table – edit file: /etc/iproute2/rt_tables

  • install ip from software repo, if the iproute2 folder doesn't exist

  • Add the one highlighted line below

# reserved values

#

255 local

254 main

253 default

10 vpn

0 unspec

#

# local

#

#1 inr.ruhep

 

Create route-up.sh and tunneldown.sh files in root folder with favorite editor (ex. vi).  These files do not exist so they need to be created and edit the IP address as shown below

  • FileName: /root/tunneldown.sh

#!/bin/sh

ip rule del from <ip address of slan>/24 table vpn

ip route flush table vpn

#example: ip rule del from 192.168.20.1/24 table vpn

  • FileName: /root/route-up.sh

#!/bin/sh

ip route add $ifconfig_remote dev $dev proto kernel scope link src $ifconfig_local

ip route add $route_network_1 via $ifconfig_remote dev $dev metric 1 table vpn

ip route add 0.0.0.0/1 via $ifconfig_remote dev $dev table vpn

ip route add 128.0.0.0/1 via $ifconfig_remote dev $dev table vpn

# Add route back to local network

ip route add <ip subnet from slan>/24 via <slan Gateway> table vpn

#example : ip route add 192.168.20.0/24 via 192.168.20.1 table vpn

# Add rule from local network to VPN Gateway

ip rule add from <ip address from slan>/24 table vpn

#example: ip rule add from 192.168.20.1/24 table vpn


Create and edit the OpenVPN Config below and save it on your computer as .ovpn (ex. vpn.dallas.ovpn). Place it in the same folder where the .key, .crt, and ca.crt files are located that you received from the OpenVPN service

  • Edit and/or add the yellow highlighted lines

#####################################

# OpenVPN configuration file

#####################################

client

route-up /root/route-up.sh

route-noexec

down /root/tunneldown.sh

script-security 3 system

dev tun

proto udp

remote <vpn.server.name> 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ns-cert-type server

cipher bf-cbc

comp-lzo

verb 3

mute 20

ca /root/ca.crt

mssfix 1300

key /root/<openvpn>.key

cert /root/<openvpn>.crt

#tls-auth ta.key 1

 

Copy Files to router (using favorite File transfer program)

  • In linux, use Terminal and type the following from the folder where the four files are located.

    • scp ca.crt <openvpn>.ovpn <openvpn>.crt <openvpn>.key This email address is being protected from spambots. You need JavaScript enabled to view it..x.x:/root

  • SSH back into the router

 

Make the files, route-up.sh and tunneldown.sh, executable

  • From the router, run:

    • chmod u=rwx /root/route-up.sh /root/tunneldown.sh

 

Make the .key and .crt non-accessible to others or OpenVPN will fuss at you

  • chmod u=rw,go= <openvpn>.key <openvpn>.crt

 

Now comes the fun...

  • Test the connection and get the DNS number you'll use in the next section
  •  Still in SSH terminal, Type: openvpn –config vpn.<whateveryoucalledit>.ovpn

  •  Watch the messages scroll up the screen. If all is successful, you'll see 'Initialization Sequence Completed' on the last line.

  •  If successful, scroll up and look at the lines until you see the one that reads DNS:

  •  PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.x.x.x,route 10.x.x.x,topology net30,ping 10,ping-restart 60,ifconfig 10.x.x.x 10.x.x.x'

  •  Also watch for “RNETLINK answers: File exists.” This means the route-up file was successful.

  •  Once you have the DNS address, we can modify the settings

  •  Configure dnsmasq settings – edit file: /etc/dnsmasq.conf

 Add the highlighted lines to the file

# Change the following lines if you want dnsmasq to serve SRV

# records.

# You may add multiple srv-host lines.

# The fields are <name>,<target>,<port>,<priority>,<weight>

# Added for OpenVPN DNS

dhcp-option=<name of network interface>, 6, <IP Address from OpenVPN Connection>

# example: dhcp-option=slan,6,10.x.x.x

# A SRV record sending LDAP for the example.com domain to

# ldapserver.example.com port 289

#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389

 

Create and name a startup file and place it in /etc/init.d/ so it can be enabled and disabled from OpenWrt GUI

  • Create file with your favorite text editor (ex. vi /etc/init.d/openvpn-client)

#!/bin/sh /etc/rc.common

# Copyright (C) 2007 OpenWrt.org

START=90

start()

{

logger -t "openvpn" "starting openvpn-client"

openvpn --daemon --config /root/vpn.<whateveryoucalledit>.ovpn

}

stop()

{

logger -t "openvpn" "stopping openvpn-client"

killall openvpn

sleep 3

}

  • Make it executable: chmod u=rwx /etc/init.d/openvpn-client

  • Exit the SSH Shell!

 

  • From Web GUI, go to System -> Startup

    • The 'openvpn-client' and 'openvpn' show in 'Initsscripts' as disabled

    • Enable openvpn and refresh to make sure it is running

    • If it stays in the Enabled state, finish the firewall settings:

Name

Input

Output

Forward

Masquerade & MSS clamping

Covered Networks

Allow Forward To

Allow Forward From

Lan

Accept

Accept

Reject

Both Blank

Lan

wan

 

Wan

Reject

Accept

Reject

Check Masquerade

MSS Blank

Wan

 

lan

Slan

Accept

Accept

Reject

Both Blank

Slan

Ovpn 1

 

Ovpn 1

Accept

Accept

Reject

Check Masquerade

MSS Blank

Ovpn 1

 

Slan


Restart the router

If everything works, when you connect to the secure wireless network, your ip address will be in the location of the vpn server.

All DONE!


Troubleshooting

  • If, after enabling the openvpn-client, it comes back disabled, there is something wrong in the configuration. The best way to debug or troubleshoot the connection is to SSH into the router and start the openvpn connection by typing:

  • openvpn --config <openvpn>.ovpn

  • Watch toward the end to see if there are any errors in the route-up.sh script

  • Press 'Ctrl C' and watch what happens to the tunneldown.sh script

  • If you forgot to make the files executable, the connection will fail.



 

Last modified on Saturday, 14 October 2017 03:36
Monday, 09 October 2017 02:18

K2 Comment Notification

Rate this item
(0 votes)

Today, I was messing around with the K2 Joomla Plugin. I got it working and everything was great. The only problem I found is if someone leaves a comment on an article, no one will know unless the page is visited again. I searched around and found a plugin that cost some moolah, but I didn't want to go that route. Another one I found was not available for downloading. So, away I went on a development hunt to figure out what I could do.

I ended up writing my own PHP script.  It creates a new column in K2's comment table.  When the script runs, it looks for 0's in the new column and sends an email with the information it finds in the record.  It's not a perfect solution, but it works for me.  I set it to run once a day so I'll receive all the comments, in separate emails, daily.

It's not a Joomla plugin, but it is still really easy to install. I have two .php files. One for authenticating and the other is the script. I did it this way in case someone wants to put the script in the 'public_html' folder. However, I recommend creating a folder within the Home folder so it's not accessible from the Internet and run it as a cron job.

For my example below, I'll use the folder 'K2Send'.  Let's begin:

Create a folder to hold two .php files.

/home/<<user name>>/K2Send

Create two files within this folder (ex. K2Send.php and K2SendAuth.php)

Copy the following into the K2SendAuth.php file and then edit it to reflect your server and database information:


<?php // Information for K2 Send Comments $dbserver = 'localhost'; $dbuser= 'Database User'; $dbpass = 'Database Password'; $db = 'Database'; $dbtable = "K2 comments Table"; // This is the name of the column that will be added to the K2 Comment Table. // It can be labeled anything $dbcolumn = "Notify"; // fromEmail = What email address it is sent from $fromEmail = "This email address is being protected from spambots. You need JavaScript enabled to view it."; // toEmail = What email address it is sent to $toEmail = "This email address is being protected from spambots. You need JavaScript enabled to view it."; // Server domain where K2 is running $fromdomain = "mywebdomain.com"; // textEmail =0 (email is formatted HTML) // textEmail = 1 (email is formatted Text) $textEmail = "0"; ?>


 Now that you have the auth file done, open up the K2Send.php file and paste the following in it and edit the 'require_once' line to reflect the path:


<?php /* To Do.... 1. Check if the notification column is in the K2 comments table 2. If not, create it 3. Check if column contains a 0 4. If so, send email 5. Replace the 0 with a 1 */ //Require Authenication File require_once "/home/---UserNAME---/K2Send/K2SendAuth.php"; $servername = $dbserver; $username = $dbuser; $password = $dbpass; $dbname = $db; $columnexist = 0; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } // 1. Check if the notification column is in the K2 comments table $sql = "SELECT `COLUMN_NAME` FROM `INFORMATION_SCHEMA`.`COLUMNS` WHERE `TABLE_NAME`='{$dbtable}'"; $result = $conn->query($sql); if ($result->num_rows > 0) { // output data of each row while($row = $result->fetch_assoc()) { if ($row["COLUMN_NAME"]==$dbcolumn) { echo "This column- ".$dbcolumn." - Exists!\n\n"; $columnexist=1; } } if ($columnexist==0) { // 2. If not, create it $add = "ALTER TABLE ".$dbtable." ADD ".$dbcolumn." INT( 11 ) NOT NULL"; $result = $conn->query($add) or die(mysqli_error($conn)); } } else { echo "0 results"; } // 3. Check if column contains a 0 $sql = "SELECT * FROM ".$dbtable; $result = $conn->query($sql); if ($result->num_rows > 0) { // output data of each row while($row = $result->fetch_assoc()) { /* echo "-". $row["id"]."-".$row["userName"]."-".$row["commentDate"]. "-" . $row["commentText"]. "-" . $row["commentEmail"]. "-" . $row["commentURL"]. "-" . $row["published"]. "-" . $row[$dbcolumn]."\n\n"; */ echo "Searching Comments Table.\n\n"; if ($row[$dbcolumn]==0) { // 4. If so, send email in text or HTML // $textEmail = 0 (HTML) echo "Found a new comment.\n\n"; if ($textEmail == 0) { $message = " <html> <head> <title>K2 Commment</title> </head> <body> <p>New K2 Comment</p> <table> <tr> <th>id</th> <th>Item</th> <th>User</th> <th>User Name</th> <th>Date</th> <th>Comment</th> <th>User Email</th> <th>User URL</th> </tr> <tr> <td>".$row["id"]."</td> <td>".$row["itemID"]."</td> <td>".$row["userID"]."</td> <td>".$row["userName"]."</td> <td>".$row["commentDate"]."</td> <td>".$row["commentText"]."</td> <td>".$row["commentEmail"]."</td> <td>".$row["commentURL"]."</td> </tr> </table> </body> </html> "; // Always set content-type when sending HTML email $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n"; } else { //Send Text Email $message = "New K2 Comment\nID = ".$row["id"]."\n ItemID = ".$row["itemID"]. "\n UserID = ".$row["userID"]."\n User Name= ".$row["userName"]."\n Date = ". $row["commentDate"]."\n Comment = ".$row["commentText"]."\n User Email = ". $row["commentEmail"]."\n User URL = ".$row["commentURL"]."\n"; } $to = $toEmail; $subject = "K2 Comments from ".$fromdomain; // More headers $headers .= 'From: '.$fromEmail . "\r\n"; // $headers .= 'Cc: <<Put another EMAIL Address>>' . "\r\n"; mail($to,$subject,$message,$headers); // 5. Replace the 0 with a 1 $sql = "UPDATE {$dbtable} SET {$dbcolumn}=1 WHERE id={$row["id"]}"; if ($conn->query($sql) === TRUE) { echo "Record updated successfully\n\n"; } else { echo "Error: " . $sql . "<br>" . $conn->error; } } echo "No new comment found.\n\n"; } } else { echo "0 results"; } $conn->close(); echo "Exiting...\n\n"; ?>

 


Add a cron job to run the K2Send.php file as often as you like.

Post a comment if you see any errors.

Enjoy!

Last modified on Monday, 09 October 2017 05:15
Friday, 06 October 2017 13:53

Joomla LDAP Plugin - Update email address

Rate this item
(0 votes)

I spent a little while searching for a way to update the Joomla user Email Address when the email address changes in Windows Active Directory. Of course, I'm using the LDAP plugin included in Joomla 3.x. The plugin can be found here. As you see, there isn't much documentation on it.

Since I couldn't find anything, I decided to edit the php file and make it work. Below is what I did.

Hope this helps someone.


1. Found the file in my Joomla site and opened it up for editing (ldap.php)

2. Went to line 150 or right after:

if (isset($userdetails[0][$ldap_email][0]))
{
$response->email = $userdetails[0][$ldap_email][0];

3. I Inserted the code:

// Grab email address, currently, in the Joomla User table
$db = JFactory::getDbo();
$query = $db->getQuery(true)
->select('email')
->from('<<INSERT JOOMLA USER TABLE>>_users')
->where('username=' . "'{$credentials['username']}'");
$db->setQuery($query);
$result = $db->loadResult();

// Update Email address if it's different
$newemail = $userdetails[0][$ldap_email][0];
if ( $result == $newemail)
{
// echo "Same";
}
else
{
$db = JFactory::getDbo();
$query = $db->getQuery(true)
->update('<<INSERT JOOMLA USER TABLE>>_users')
->set("email = '{$newemail}'")
->where('username=' . "'{$credentials['username']}'");
$db->setQuery($query);
$found = (int) $db->execute();

}

4. Done. Now, when the user logs in, it checks the email address to see if it's different. If it is, it updates it. If it's not, nothing happens.

Last modified on Friday, 06 October 2017 14:05
Friday, 06 October 2017 03:15

OpenWRT and Cisco Trunking

Rate this item
(1 Vote)

How to create a trunk port on an OpenWRT or Gargoyle Router to use with a Cisco switch or other ‘trunking’ device


This may be self explanatory to many people, but I could not find straightforward information on this topic. It may be around and, if so, this post will be for me the next time I need this information.

For example, if you have a Cisco switch configured with multiple vlans and a trunk port running to another trunk port on a Cisco Router, you can remove the Cisco router and use the OpenWRT/Gargoyle Router. If you don’t know why you would want to use the cheaper router, it’s ok. This post is for those that do.

To get this done, you’ll need to edit the following three files:
‘/etc/config/network’
‘/etc/config/dhcp’
‘/etc/config/firewall’

 

First: ‘/etc/config/network’
Create the VLAN IDS that match the same VLAN IDS of the Cisco Switch. You’ll only need to configure the interface as a bridge if you plan on attaching it to a wifi interface.

config interface 'lan'
option ifname 'eth1.5'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.5.1'
option dns '192.168.5.1'

config interface 'vlan6'
option ifname 'eth1.6'
option proto 'static'
option ipaddr '192.168.6.1'
option netmask '255.255.255.0'
option dns '192.168.6.1'

config interface 'vlan7'
option ifname 'eth1.7'
option proto 'static'
option ipaddr '192.168.7.1'
option netmask '255.255.255.0'
option dns '192.168.7.1'

 

Second: ‘/etc/config/dhcp’
Create the DHCP server pool for each VLAN

config dhcp 'vlan5'
option interface 'vlan5'
option start '100'
option limit '50'
option leasetime '8h'

config dhcp 'vlan6'
option interface 'vlan6'
option start '150'
option limit '10'
option leasetime '8h'

config dhcp 'vlan7'
option interface 'vlan7'
option start '160'
option limit '40'
option leasetime '8h'

 

Third: ‘/etc/config/firewall’
Create the Firewall entries for each VLAN

config zone
option name 'vlan5'
list network 'vlan5'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'

config zone
option name 'vlan6'
list network 'vlan6'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'

config zone
option name 'vlan7'
list network 'vlan7'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'


config forwarding
option src 'vlan5'
option dest 'wan'

config forwarding
option src 'vlan6'
option dest 'wan'

config forwarding
option src 'vlan7'
option dest 'wan'

 

After these are configured, head back to ‘/etc/config/network’ to configure the switch ports for the VLANS. There should already be the first section ‘config switch’ below. Look at the ‘name’ of the switch (option name). In the example below, it is switch0, but it could differ. Use it in the ‘option device’ line of the vlans. Additionally, the switch port and port lines below don’t always match up, so test each one and use a sharpie to mark the port number on the router itself. For example, Port 1 on the router may be port 3 in the ‘option ports’ line below.

If I want to make vlan5 on port 3, vlan6, on port 2, vlan7 on port 1, and have a trunk port on port 4, I'll use the following configuration:

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '5'
option ports '0t 3 4t'

config switch_vlan
option device 'switch0'
option vlan '6'
option ports '0t 2 4t'

config switch_vlan
option device 'switch0'
option vlan '7'
option ports '0t 1 4t'


## If, for some reason, you need a Native VLAN added, you can add the following section.
## If VLAN 1 is the Native VLAN ID
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 4t'

Once you plug in the Cisco switch’s trunk port, you’ll see the logs bring up the vlans and ports. Plug a device into the Cisco switch port and it will grab the appropriate IP address from the OpenWRT/Gargoyle Router

Enjoy…

Last modified on Friday, 06 October 2017 14:01