This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| documentation:configuration:config_files:config_network [2015/05/09 14:46] admin created | documentation:configuration:config_files:config_network [2018/05/24 09:05] (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== /etc/config/network ====== | ====== /etc/config/network ====== | ||
| + | |||
| + | The main network configuration file | ||
| + | |||
| + | ===== Sections ===== | ||
| + | |||
| + | ^ Type ^ Description ^ | ||
| + | | [[config_network#globals|globals]] | global network settings | | ||
| + | | [[config_network#switch|switch]] | switch-port configuration | | ||
| + | | [[config_network#switch_vlan|switch_vlan]] | switch-vlan configuration | | ||
| + | | [[config_network#interface|interface]] | logical networks | | ||
| + | | [[config_network#route|route]] | static routing | | ||
| + | | [[config_network#rule|rule]] | policy based routing | | ||
| + | |||
| + | ==== globals ==== | ||
| + | |||
| + | global network settings | ||
| + | |||
| + | === Options === | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''ula_prefix'' | IPv6-prefix | no | //(none)// | IPv6 [[wp>Unique local address|ULA]]-Prefix for this device | | ||
| + | |||
| + | ==== switch ==== | ||
| + | |||
| + | switch configuration | ||
| + | |||
| + | == Options == | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''enable'' | boolean | yes | | | | ||
| + | | ''enable_vlan'' | boolean | no | | | | ||
| + | | ''reset'' | boolean | no | | | | ||
| + | |||
| + | ==== switch_vlan ==== | ||
| + | |||
| + | switch_vlan configuration | ||
| + | |||
| + | == Options == | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''device'' | string | yes | | | | ||
| + | | ''vlan'' | integer | yes | | | | ||
| + | |||
| + | ==== interface ==== | ||
| + | |||
| + | logical networks | ||
| + | |||
| + | === Options === | ||
| + | |||
| + | ^ Protocol ^ Description ^ Program ^ | ||
| + | | ''static'' | Static configuration with fixed address and netmask | ''ip''/''ifconfig''  | | ||
| + | | ''dhcp'' | Address and netmask are assigned by DHCP | ''udhcpc'' (Busybox)  | | ||
| + | | ''dhcpv6'' | Address and netmask are assigned by DHCPv6 | ''odhcpc6c''  | | ||
| + | | ''ppp'' | PPP protocol - dialup modem connections | ''pppd''  | | ||
| + | | ''pppoe'' | PPP over Ethernet - DSL broadband connection | ''pppd'' + ''plugin rp-pppoe.so''  | | ||
| + | | ''pppoa'' | PPP over ATM - DSL connection using a builtin modem | ''pppd'' + plugin ... | | ||
| + | | ''3g'' | CDMA, UMTS or GPRS connection using an AT-style 3G modem | ''comgt''  | | ||
| + | | ''qmi'' | USB modems using QMI protocol | ''uqmi''  | | ||
| + | | ''ncm'' | USB modems using NCM protocol | ''comgt-ncm'' + ? | | ||
| + | | ''hnet'' | Self-managing home network (HNCP) | ''hnet-full''  | | ||
| + | | ''pptp'' | Connection via PPtP VPN | ? | | ||
| + | | ''6in4'' | IPv6-in-IPv4 tunnel forSuppresses DHCP-assigned default gateway if set to 0.0.0.0 use with Tunnel Brokers like HE.net | ? | | ||
| + | | ''aiccu'' | Anything-in-anything tunnel  | ''aiccu''  | | ||
| + | | ''6to4'' | Stateless IPv6 over IPv4 transport | ? | | ||
| + | | ''6rd'' | IPv6 rapid deployment | ''6rd''  | | ||
| + | | ''dslite'' | Dual-Stack Lite | ''ds-lite''  | | ||
| + | | ''l2tp'' | PPP over L2TP Pseudowire Tunnel | ''xl2tpd''  | | ||
| + | | ''relay'' | relayd pseudo-bridge | ''relayd''  | | ||
| + | | ''gre'', ''gretap'' | GRE over IPv4 | ''gre'' + ''kmod-gre''  | | ||
| + | | ''grev6'', ''grev6tap'' | GRE over IPv6 | ''gre'' + ''kmod-gre6''  | | ||
| + | | ''none'' | Unspecified protocol, therefore all the other interface settings will be ignored (like disabling the configuration) | - | | ||
| + | |||
| + | === protocol options === | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''ifname'' | interface name(s) | yes(*) | //(none)// | Physical interface name to assign to this section, list of interfaces if type bridge is set.\\ //(*) This option may be empty or missing if only a wireless interface references this network or if the protocol type is ''pptp'', ''pppoa'' or ''6in4''// | | ||
| + | | ''type'' | string | no | //(none)// | If set to "bridge", a bridge containing the given //ifnames// is created\\ [[https://forum.openwrt.org/viewtopic.php?pid=203784#p203784|Wlan interface names are not predictable, therfore you cannot reference them directly in the network config]] | | ||
| + | | ''stp'' | boolean | no | ''0'' | Only valid for type "bridge", enables the Spanning Tree Protocol | | ||
| + | | ''bridge_empty'' | boolean | no | ''0'' | Only valid for type "bridge", enables creating empty bridges | | ||
| + | | ''igmp_snooping'' | boolean | no | ''1'' | Only valid for type "bridge", sets the multicast_snooping kernel setting for a bridge | | ||
| + | | ''macaddr'' | mac address | no | //(none)// | Override MAC address of this interface | | ||
| + | | ''mtu'' | number | no | //(none)// | Override the default MTU on this interface | | ||
| + | | ''auto'' | boolean | no | ''0'' for proto ''none'', else ''1'' | Specifies whether to bring up interface on boot | | ||
| + | | ''ipv6'' | boolean | no | ''1'' | Specifies whether to enable (1) or disable (0) IPv6 on this interface (Barrier Breaker and later only) | | ||
| + | | ''accept_ra'' | boolean | no | ''1'' for protocol ''dhcp'', else ''0'' | **deprecated:** Specifies whether to accept IPv6 Router Advertisements on this interface (On Attitude Adjustment 12.09 and earlier versions) | | ||
| + | | ''send_rs'' | boolean | no | ''1'' for protocol ''static'', else ''0'' | **deprecated:** Specifies whether to send Router Solicitations on this interface (On Attitude Adjustment 12.09 and earlier versions) | | ||
| + | | ''enabled'' | boolean | no | ''1''  | enable or disable the interface section | | ||
| + | |||
| + | === Protocol "static" === | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''ipaddr'' | ip address | yes, if no ''ip6addr'' is set. | //(none)// | IP address. [openwrt 12.09] It could be a list of ipaddr , that is: several ipaddresses will be assigned to the interface. If, instead of a list, several ipaddr are specified as options, only the last is applied. | | ||
| + | | ''netmask'' | netmask | yes, if no ''ip6addr'' is set | //(none)// | Netmask | | ||
| + | | ''gateway'' | ip address | no | //(none)// | Default gateway | | ||
| + | | ''broadcast'' | ip address | no | //(none)// | Broadcast address (autogenerated if not set) | | ||
| + | | ''ip6addr'' | ipv6 address | yes, if no ''ipaddr'' is set | //(none)// | Assign given IPv6 address to this interface (CIDR notation) | | ||
| + | | ''ip6gw'' | ipv6 address | no | //(none)// | Assign given IPv6 default gateway to this interface | | ||
| + | | ''ip6assign'' | prefix length | no | //(none)// | Delegate a [[[[network6#downstream.configuration.for.lan-interfaces|prefix of given length]] to this interface (Barrier Breaker and later only) | | ||
| + | | ''ip6hint'' | prefix hint (hex) | no | //(none)// | [[network6#downstream.configuration.for.lan-interfaces|Hint the subprefix-ID]] that should be delegeted as hexadecimal number (Barrier Breaker and later only) | | ||
| + | | ''ip6prefix'' | ipv6 prefix | no | //(none)// | IPv6 prefix routed here for use on other interfaces (Barrier Breaker and later only) | | ||
| + | | ''ip6class'' | list of strings | no | //(none)// | Define the IPv6 prefix-classes this interface will accept | | ||
| + | | ''dns'' | list of ip addresses | no | //(none)// | DNS server(s) | | ||
| + | | ''dns_search'' | list of domain names | no | //(none)// | Search list for host-name lookup | | ||
| + | | ''metric'' | integer | no | ''0'' | Specifies the default route metric to use | | ||
| + | | ''force_link'' | integer | no | ''0'' | Specifies whether ip address, route, and optionally gateway are assigned to the interface regardless of the link being active ('1') or only after the link has become active ('0'); in trunk since the introduction of netifd; in case of a wireless interface the default is '1' for an AP and '0' for a STA. | | ||
| + | |||
| + | === Protocol "dhcp" === | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''<del>gateway</del>'' | <del>string</del> | <del>no</del> | <del>//(none)//</del> | <del>Suppresses DHCP-assigned default gateway if set to 0.0.0.0</del> \\ (deprecated) | | ||
| + | | ''broadcast'' | boolean | no | ''0'' | Enable the broadcast flag in DHCP requests, required for certain ISPs, e.g. Charter with DOCSIS 3 | | ||
| + | | ''hostname'' | string | no | //(none)// | Hostname to include in DHCP requests | | ||
| + | | ''clientid'' | string | no | //system default// | Override client identifier in DHCP requests | | ||
| + | | ''vendorclass'' | string | no | //system default// | Override the vendor class in DHCP requests | | ||
| + | | ''dns'' | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 | | ||
| + | | ''peerdns'' | boolean | no | ''1'' | Use DHCP-provided DNS server(s) | | ||
| + | | ''defaultroute'' | boolean | no | ''1'' | Whether to create a default route via the received gateway | | ||
| + | | ''metric'' | integer | no | ''0'' | Specifies the default route metric to use | | ||
| + | | ''reqopts'' | list of strings | no | //(none)// | Specifies a list of additional DHCP options to request | | ||
| + | | ''iface6rd'' | logical interface | no | //(none)// | Logical interface template for auto-configuration of 6rd | | ||
| + | |||
| + | === Protocol "pppoe" (PPP over Ethernet) === | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''username'' | string | no(?) | //(none)// | Username for PAP/CHAP authentication | | ||
| + | | ''password'' | string | no(?) | //(none)// | Password for PAP/CHAP authentication | | ||
| + | | ''ac'' | string | no | //(none)// | Specifies the Access Concentrator to connect to. If unset, ''pppd'' uses the first discovered one | | ||
| + | | ''service'' | string | no | //(none)// | Specifies the Service Name to connect to, If unset, ''pppd'' uses the first discovered one | | ||
| + | | ''connect'' | file path | no | //(none)// | Path to custom PPP connect script | | ||
| + | | ''disconnect'' | file path | no | //(none)// | Path to custom PPP disconnect script | | ||
| + | | ''keepalive'' | number | no | //(none)// | Number of connection failures before reconnect | | ||
| + | | ''demand'' | number | no | //(none)// | Number of seconds to wait before closing the connection due to inactivity | | ||
| + | | ''defaultroute'' | boolean | no | ''1'' | Replace existing default route on PPP connect | | ||
| + | | ''peerdns'' | boolean | no | ''1'' | Use peer-assigned DNS server(s) | | ||
| + | | ''dns'' | list of ip addresses | no | //(none)// | Override peer-assigned DNS server(s) | | ||
| + | | ''ipv6'' | boolean | no | ''0'' | Enable IPv6 on the PPP link | | ||
| + | | ''pppd_options'' | string | no | //(none)// | Additional command line arguments to pass to the pppd daemon | | ||
| + | |||
| + | === Protocol "pptp" (Point-to-Point Tunneling Protocol) === | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''server'' | ip address | yes | //(none)// | Remote PPtP server | | ||
| + | | ''username'' | string | no(?) | //(none)// | Username for PAP/CHAP authentication | | ||
| + | | ''password'' | string | no(?) | //(none)// | Password for PAP/CHAP authentication | | ||
| + | | ''buffering'' | boolean | no | ''1'' | <del>Enables buffering and reordering of packets, ''0'' disables it (''--nobuffer'')</del> pptp buffering option removed in r32482 | | ||
| + | | ''keepalive'' | integer | no | ? | Number of attempts to reconnect | | ||
| + | | ''defaultroute'' | boolean | no | ''1'' | Whether to create a default route over the tunnel  | | ||
| + | | ''peerdns'' | boolean | no | ''1'' |Use PPTP-provided DNS server(s) | | ||
| + | | ''delegate'' | boolean | no | ? |Use builtin IPv6-management | | ||
| + | | ''iface'' | string | no(?) | ''pptp-<vpn>'' | Name of the physical interface. Defaults to ''pptp-<vpn>'' no matter what you use | | ||
| + | |||
| + | === Protocol "l2tp" (PPP over L2TP Pseudowire Tunnel) === | ||
| + | |||
| + | Most options are similar to protocol "ppp". | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''server'' | string | yes | //(none)// | L2TP server to connect to (hostname or IP address) | | ||
| + | | ''username'' | string | no | //(none)// | Username for PAP/CHAP authentication | | ||
| + | | ''password'' | string | yes if ''username'' is provided | //(none)// | Password for PAP/CHAP authentication | | ||
| + | | ''ipv6'' | bool | no | 0 | Enable IPv6 on the PPP link (IPv6CP) | | ||
| + | | ''mtu'' | int | no | ''pppd'' default | Maximum Transmit/Receive Unit, in bytes | | ||
| + | | ''keepalive'' | string | no | //(none)// | Number of unanswered echo requests before considering the peer dead. The interval between echo requests is 5 seconds. | | ||
| + | | ''pppd_options'' | string | no | //(none)// | Additional options to pass to ''pppd'' | | ||
| + | |||
| + | The name of the physical interface will be "l2tp-<logical interface name>". | ||
| + | |||
| + | ''forward_dhcp'' | boolean | no | ''1'' | Enables forwarding of DHCP requests and responses, ''0'' disables it | | ||
| + | |||
| + | ===== route ===== | ||
| + | |||
| + | Static //IPv4 routes// can be defined on specific interfaces using ''route'' sections. As for //aliases//, multiple sections can be attached to an interface. | ||
| + | |||
| + | A minimal example looks like this: | ||
| + | |||
| + | <code>config 'route' 'name_your_route' | ||
| + | option 'interface' 'lan' | ||
| + | option 'target' '172.16.123.0' | ||
| + | option 'netmask' '255.255.255.0' | ||
| + | option 'gateway' '172.16.123.100'</code> | ||
| + | |||
| + | * ''lan'' is the //logical interface name// of the parent interface | ||
| + | * ''172.16.123.0'' is the //network address// of the route | ||
| + | * ''255.255.255.0'' specifies the //route netmask// | ||
| + | |||
| + | Legal options for //IPv4 routes// are: | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''interface'' | string | yes | //(none)// | Specifies the //logical interface name// of the parent (or master) interface this route belongs to; must refer to one of the defined ''interface'' sections | | ||
| + | | ''target'' | ip address | yes | //(none)// | Network address | | ||
| + | | ''netmask'' | netmask | no | //(none)// | Route netmask. If omitted, ''255.255.255.255'' is assumed which makes ''target'' a //host address// | | ||
| + | | ''gateway'' | ip address | no | //(none)// | Network gateway. If omitted, the ''gateway'' from the parent interface is taken; if set to ''0.0.0.0'' no gateway will be specified for the route | | ||
| + | | ''metric'' | number | no | ''0'' | Specifies the //route metric// to use | | ||
| + | | ''mtu'' | number | no | //interface MTU// | Defines a specific MTU for this route | | ||
| + | | ''table'' | routing table | no | //(none)// | Defines the table ID to use for the route. The ID can be either a numeric table index ranging from 0 to 65535 or a symbolic alias declared in /etc/iproute2/rt_tables. The special aliases local (255), main (254) and default (253) are recognized as well | | ||
| + | | ''source'' | ip address | no | //(none)// | The preferred source address when sending to destinations covered by the target | | ||
| + | | ''onlink'' | boolean | no | ''0'' | When enabled gateway is on link even if the gateway does not match any interface prefix (Barrier Breaker and later only) | | ||
| + | | ''type'' | string | no | ''unicast'' | One of the types outlined in the Routing Types table below (Barrier Breaker and later only) | | ||
| + | |||
| + | To disable a route quickly, the option ''enabled'' is not available. Just rewrite the ''route'' config section as ''disabled_route'' like: | ||
| + | <file> | ||
| + | config 'disabled_route' 'name_your_route' | ||
| + | ...lines... | ||
| + | </file> | ||
| + | and it will be recognized by the uci parser but not applied by the ''/etc/init.d/network'' script. | ||
| + | |||
| + | ===== rule ===== | ||
| + | |||
| + | Rules are required to define policy based routing.  | ||
| + | |||
| + | |||
| + | Example: | ||
| + | <code> | ||
| + | config rule | ||
| + | option mark '0xFF' | ||
| + | option in 'lan' | ||
| + | option dest '172.16.0.0/16' | ||
| + | option lookup '100' | ||
| + | </code> | ||
| + | |||
| + | The options below are defined for //IP rule// (''rule'' and ''rule6'') sections: | ||
| + | |||
| + | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| + | | ''in'' | string | no | //(none)// | Specifies the incoming //logical interface name// | | ||
| + | | ''out'' | string | no | //(none)// | Specifies the outgoing //logical interface name// | | ||
| + | | ''src'' | ip subnet | no | //(none)// | Specifies the source subnet to match (CIDR notation) | | ||
| + | | ''dest'' | ip subnet | no | //(none)// | Specifies the destination subnet to match (CIDR notation) | | ||
| + | | ''tos'' | integer | no | //(none)// | Specifies the TOS value to match in IP headers | | ||
| + | | ''mark'' | mark/mask | no | //(none)// | Specifies the //fwmark// and optionally its mask to match, e.g. ''0xFF'' to match mark 255 or ''0x0/0x1'' to match any even mark value | | ||
| + | | ''invert'' | boolean | no | ''0'' | If set to ''1'', the meaning of the match options is inverted | | ||
| + | | ''priority'' | integer | no | //(incrementing)// | Controls the order of the IP rules, by default the priority is auto-assigned so that they are processed in the same order they're declared in the config file | | ||
| + | | ''lookup'' | routing table | at least one of | //(none)// | The rule target is a table lookup, the ID can be either a numeric table index ranging from ''0'' to ''65535'' or a symbolic alias declared in ''/etc/iproute2/rt_tables''. The special aliases ''local'' (''255''), ''main'' (''254'') and ''default'' (''253'') are recognized as well | | ||
| + | | ''goto'' | rule index | ::: | ::: | The rule target is a jump to another rule specified by its ''priority'' value | | ||
| + | | ''action'' | string | ::: | ::: | The rule target is one of the routing actions outlined in the table below | | ||
| + | |||
| + | === Routing Actions === | ||
| + | |||
| + | ^ Action ^ Description ^ | ||
| + | | ''prohibit'' | When reaching the rule, respond with //ICMP prohibited// messages and abort route lookup | | ||
| + | | ''unreachable'' | When reaching the rule, respond with //ICMP unreachable// messages and abort route lookup | | ||
| + | | ''blackhole'' | When reaching the rule, drop packet and abort route lookup | | ||
| + | | ''throw'' | Stop lookup in the current routing table even if a default route exists | | ||
| + | |||
| + | |||