Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
On this page you can find various commands to manage your Gluon based node using the command line. You can access the command line remotely using SSH if you've added your public key or defined a password in the configuration wizard. All nodes should be accessible using their IPv6 addresses. If in doubt ask your local community on how to find your devices IPv6 address.
Most settings can be changed using the UCI configuration tool.
On the console you have a Linux
busybox shell with a limited command set.
You read the current value with
uci get <config>.<section>.<option>
If you don't know where to find a certain value search for it with
uci show | grep searchpattern
for setting a value you use
uci set <config>.<section>.<option>="new value"
If the variable is a list, for example
uci set to set the first list array element and every further element add with
uci add_list <config>.<section>.<option>="new list element"
del_list to Remove the given string from an existing list option:
del_list <config>.<section>.<option>="list element"
See also the UCI Documentation
Your Gluon Release may have some custom scripts, which use temporary UCI state to do some of its magic. So it may be a good idea to check changes before commit:
(Re-)entering config mode
uci set gluon-setup-mode.@setup_mode.enabled='1' uci commit gluon-setup-mode reboot
Install new firmware via commandline
cd /tmp/ echo 3 > /proc/sys/vm/drop_caches wget [FIRMWAREURL] echo 3 > /proc/sys/vm/drop_caches sysupgrade [NAMEOFFIRMWAREFILE]
As an alternative to wget you can push the firmware file from your client using scp
Add SSH public key
SSH_KEY="ssh-rsa ..." touch /etc/dropbear/authorized_keys sed -i "1i$SSH_KEY" /etc/dropbear/authorized_keys
Show number of connected clients
grep -cEo "\[.*W.*\]+" /sys/kernel/debug/batman_adv/bat0/transtable_local
Show router model
# With vendor and hardware version (example: "tp-link-tl-wdr4300-v1") lua -e 'print(require("platform_info").get_image_name())' # With vendor and hardware version (human readable, example: "TP-Link TL-WDR4300 v1") lua -e 'print(require("platform_info").get_model())' # Only type of router (example: "tl-wdr4300") lua -e 'print(require("platform_info").get_board_name())'
Show installed gluon version
# Gluon version (example: "v2017.1.5") cat /lib/gluon/gluon-version # Build version (example: "2016.1.5-stable-2016-06.05") cat /lib/gluon/release
Change autoupdater branch
uci set autoupdater.settings.enabled=1 uci set autoupdater.settings.branch=stable uci commit autoupdater autoupdater -f
To use a different branch than saved only once, use:
autoupdater -b [NAMEOFBRANCH] -f
To do an update to a firmware lacking enough signatures
uci set autoupdater.stable.good_signatures='1' autoupdater -f
Change the OpenWrt keyboard layout
Only helpful on targets (eg. x86, kvm) that have a direct keyboard interface (usb/ps2 etc.). Gluon being OpenWrt based by default only sports the US keyboard layout which makes using eg. a German keyboard a tedious task.
For this to work you have to explicitely enable the busybox applet
loadkmap during gluon build time. You can do that eg. in GLUON_DIR/include/config or more target specific in GLUON_DIR/targets/<profile>/config (if you don't want the applet in all profiles). add
loadkmap applet is available in your Gluon build you can load keymaps like this
loadkmap < /usr/share/keymaps/i386/qwertz/de-latin1-nodeadkeys.bmap
A readymade package of binary keymaps (the format expected by busybox, converted from the Debian keymaps package) can be downloaded here . The whole package is 1.1MB in size, so you might want to copy only selected maps to your box if you are constrained for space. Placing the maps into /usr/share/keymaps/ would be good style but is not necessarily needed.
Change/Disable console blanking timeout, monitor switch off
By default the physical console gets blanked after 10 minutes (600 secs). You can check the current timeout via
Gluon/OpenWrt is lacking the needed
setterm binary to manipulate this timeout. Luckily the timeout is set via a control sequence
"\033[<signal>;<value>]". Valid combinations are listed on the
console_codes man page.
Linux Console Private CSI Sequences
The following sequences are neither ECMA-48 nor native VT102. They are native to the Linux console driver. Colors are in SGR parameters: 0 = black, 1 = red, 2 = green, 3 = brown, 4 = blue, 5 = magenta, 6 = cyan, 7 = white.
ESC [ 1 ; n ] Set color n as the underline color ESC [ 2 ; n ] Set color n as the dim color ESC [ 8 ] Make the current color pair the default attributes. ESC [ 9 ; n ] Set screen blank timeout to n minutes. ESC [ 10 ; n ] Set bell frequency in Hz. ESC [ 11 ; n ] Set bell duration in msec. ESC [ 12 ; n ] Bring specified console to the front. ESC [ 13 ] Unblank the screen. ESC [ 14 ; n ] Set the VESA powerdown interval in minutes.
Knowing that we can disable the timeouts for blanking and monitor switch off
If you want to make the changes permanent, you can add the line to
~/.profile, which is executed everytime a shell is started. If the file is missing simply create it.
uci set gluon-node-info.@location.latitude=53.834470 uci set gluon-node-info.@location.longitude=10.702518 uci set gluon-node-info.@location.altitude=11.51 uci set gluon-node-info.@location.share_location=1 uci commit gluon-node-info
uci show gluon-node-info
gluon-node-info.@location=location gluon-node-info.@location.share_location=1 gluon-node-info.@location.latitude=53.834470 gluon-node-info.@location.longitude=10.702518 gluon-node-info.@location.altitude=11.51
uci get gluon-node-info.@owner || uci add gluon-node-info owner uci set gluon-node-info.@email@example.com uci commit gluon-node-info
$ uci show gluon-node-info .... gluon-node-info.@owner=owner gluon-node-info.@firstname.lastname@example.org
$ pretty-hostname newhostname-with-utf8-support ... root@newhostname-with-utf8-support:~#
$ pretty-hostname .... hostname-with-utf8-support
Setting Hostname without pretty-hostname
Note: this paragraph is meant for routers with old firmware, that may not have 'pretty-hostname', yet. This way utf8-support is not given.
uci set system.@system.hostname='newname' uci commit system /etc/init.d/system reload
Showing Hostname without pretty-hostname
$ uci show system .... system.@system.hostname='newname'
The VPN-Uplink (Mesh-VPN) can be enabled and disabled via console.
$ uci set fastd.mesh_vpn.enabled=1 $ uci commit fastd $ /etc/init.d/fastd generate_key mesh_vpn 18fa75d1808692f04770bedf30c42dac24585d331560c545d70dd27f22a05648
/etc/init.d/fastd stop uci set fastd.mesh_vpn.enabled=0 uci commit fastd
Note: "/etc/init.d/fastd stop" won't stop fastd process if enabled=0.
This will desable Mesh-VPN permanently. If you just want to disable it for example for one hour or until reboot, the preferred method is the following:
Disable fastd for a limited time
You can remotely stop fastd for a while with this script from your console
SECONDS=3600 # one hour ssh root@your:ipv6::addr:ess '(/etc/init.d/fastd stop && sleep '$SECONDS' && /etc/init.d/fastd start)&'
Disable fastd encryption
uci del_list fastd.mesh_vpn.method=salsa2012+umac uci add_list fastd.mesh_vpn.method=null uci add_list fastd.mesh_vpn.method=salsa2012+umac uci commit fastd /etc/init.d/fastd restart
Note: Your community's servers need to support unencrypted connections.
Show fastd public key
/etc/init.d/fastd show_key mesh_vpn ~>18fa75d1808692f04770bedf30c42dac24585d331560c545d70dd27f22a05648
Show fastd private key
uci get fastd.mesh_vpn.secret 1234567890123456789012345678901234567890123456789012345678901234
Set existing fastd private key
uci set fastd.mesh_vpn.enabled=1 uci set fastd.mesh_vpn.secret=18fa75d1808692f04770bedf30c42dac24585d331560c545d70dd27f22a05648 uci commit fastd
Depending on the setup your community uses this can be helpful to avoid reregistration of your node due to new fastd keys
Limit Bandwidth (Gluon >=2016.x)
uci set simple-tc.mesh_vpn.limit_egress=800 # upload 0.8 Mbit/s uci set simple-tc.mesh_vpn.limit_ingress=5000 # download 5.0 Mbit/s uci set simple-tc.mesh_vpn.enabled=1 uci commit simple-tc /etc/init.d/fastd restart
Note: It is not a good idea to set the upload Bandwidth below 200 (or below 500 in large meshes)
Set a static IPv4 for the WAN-Port
uci set network.wan.proto=static uci set network.wan.ipaddr=XXX.XXX.XXX.XXX uci set network.wan.netmask=XXX.XXX.XXX.XXX uci set network.wan.gateway=XXX.XXX.XXX.XXX uci commit network /etc/init.d/network restart
uci add_list gluon-wan-dnsmasq.@static.server=XXX.XXX.XXX.XXX uci commit gluon-wan-dnsmasq /etc/init.d/gluon-wan-dnsmasq restart
Enable DHCP for the WAN-Port
uci set network.wan.proto=dhcp uci commit network /etc/init.d/network restart
Mesh VXLAN ID (>=2018.1)
The VXLAN ID can be discovered from the
lua -lgluon.util -e 'print(tonumber(gluon.util.domain_seed_bytes("gluon-mesh-vxlan", 3), 16))'
Mesh on LAN
This will activate mesh on all LAN ports (usually yellow on TP-Link devices).
activate (Gluon >=2016.1.x)
uci set network.mesh_lan.auto=1 for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do uci del_list network.client.ifname=$ifname done uci commit network /etc/init.d/network restart
deactivate (Gluon >=2016.1.x)
uci set network.mesh_lan.auto=0 for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do uci add_list network.client.ifname=$ifname done uci commit network /etc/init.d/network restart
activate (Gluon >=2018.1)
uci set network.mesh_lan.disabled=0 for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do uci del_list network.client.ifname=$ifname done uci commit network /etc/init.d/network restart
deactivate (Gluon >=2018.1)
uci set network.mesh_lan.disabled=1 for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do uci add_list network.client.ifname=$ifname done uci commit network /etc/init.d/network restart
Mesh on WAN
This will change the behaviour of the WAN port (on most devices the blue port) so you can directly connect other nodes on the WAN port that also have enabled any of Mesh-on-WAN or Mesh-on-LAN.
activate (Gluon <=2017.1.x)
uci set network.mesh_wan.auto=1 uci commit network /etc/init.d/network restart
activate (Gluon >=2018.1.x)
uci set network.mesh_wan.disabled=0 uci commit network /etc/init.d/network restart
- If you now connect your WAN port to your Home Router too and don't configure some additional VLAN, the whole mesh traffic will also be pushed into your local network, which might cause problems.
- Be sure to have VPN disabled, otherwise this connection would build up another fastd tunnel inside the Freifunk net.
deactivate (Gluon <= 2017.1.x)
uci set network.mesh_wan.auto=0 uci commit network /etc/init.d/network restart
deactivate (Gluon >= 2018.1.x)
uci set network.mesh_wan.disabled=1 uci commit network /etc/init.d/network restart
switch to legacy mode (without VXLAN, Gluon >=2018.1)
uci set network.mesh_wan.legacy='1' uci commit network /etc/init.d/network restart
use "legacy='0'" to enable VXLAN based meshing
Mesh on WAN and private WiFi simultaneously
(tested & valid for Gluon 2014.4)
Simultaneous configuration of Mesh-on-WAN and a private WiFi network (bridged to your local network on the WAN port) is not usually possible - in Mesh-on-WAN mode B.A.T.M.A.N. consumes the WAN interface completely, no other traffic should use that interface anymore. A private WiFi would not have access to your LAN in this case.
While making only minimal changes to the network configuration of the node, you can achieve both by using a VLAN on your local network (or a second port & cable if you're so inclined and have more than one port available, which isn't covered in this example). Let the node do Mesh-on-WAN directly on the WAN interface, while seperating your private network with a VLAN tag from that interface (mixed untagged/tagged mode). Tagging the mesh traffic is possible too, but needs additional configuration (
REORDER_HDR) and isn't covered in this example.
This example is designed to keep as much of the upper level network layout consistent with the default state, in particular the interface
br-wan still is the interface which handles local network traffic (Ethernet & WiFi), which is used e.g. by the firewall.
This example uses VLAN id 42. The necessary VLAN configuration of your local network will not be explained.
This example was used on a TP-Link TL-WR841Nv9 which features an additional integrated VLAN aware ethernet switch. This switch and its ports were not used, keeping it available for other tasks and configurations. This also means that this example does work on devices with only one ethernet port.
uci set network.mesh_wan.auto=1 uci set network.mesh_wan.ifname=$(cat /lib/gluon/core/sysconfig/wan_ifname) uci set network.wan_vlan=device uci set network.wan_vlan.type=8021q uci set network.wan_vlan.vid=42 uci set network.wan_vlan.ifname=$(cat /lib/gluon/core/sysconfig/wan_ifname) uci set network.wan_vlan.name=vlan-wan uci set network.wan.ifname=vlan-wan
Then configure your private WiFi like you usually would:
RID=0 SSID="privateWLANname" KEY="yoursecret1337password" uci set wireless.wan_radio$RID=wifi-iface uci set wireless.wan_radio$RID.device=radio$RID uci set wireless.wan_radio$RID.network=wan uci set wireless.wan_radio$RID.mode=ap uci set wireless.wan_radio$RID.encryption=psk2 uci set wireless.wan_radio$RID.ssid="$SSID" uci set wireless.wan_radio$RID.key="$KEY" uci set wireless.wan_radio$RID.disabled=0 uci set wireless.wan_radio$RID.macaddr="$($(echo "lua -e print(require('gluon.util').generate_mac(3+4*$RID))"))"
And finish it all up:
uci commit wireless reboot
If you can't reach your node on the WAN port after it has rebooted, you're in the wrong VLAN.
switching WAN network to LAN ports
WAN at all LAN ports (switch mode)
If you don't need Freifunk on LAN but do need more network ports of your local private network, you can user your router as switch.
uci set network.client.ifname=bat0 uci set network.wan.ifname='eth0 eth1' uci commit network /etc/init.d/network restart
For the TP-LINK 3600/4300 use
eth0.2 instead of
Client network on LAN ports (reverse switch mode)
uci set network.client.ifname='bat0 eth0' uci set network.wan.ifname=eth1 uci commit network /etc/init.d/network restart
All tasks are per radio. If you've got only a single radio (2.4GHz only or 5GHz only) it is usually named radio0. On dualband devices you have to apply the setting to each radio. On dual-band devices the radios are usually named radio0 for 2.4GHz and radio1 for 5GHz. If in doubt check using uci show wireless - each radio should display a value "hwmode" - 11g or 11ng are 2.4GHz, 11a or 11na are 5GHz. The following examples are radio0 only.
Disable Client Network
This will disable the client network while the mesh network stays active:
uci set wireless.client_radio0.disabled=1 uci commit wireless wifi
uci set wireless.client_radio0.disabled=0 uci commit wireless wifi
Disable IBSS/Ad-Hoc Mesh Network
deactivate (Gluon >=2016.1.x)
uci set wireless.ibss_radio0.disabled=1 uci commit wireless wifi
activate (Gluon >=2016.1.x)
uci set wireless.ibss_radio0.disabled=0 uci commit wireless wifi
Disable 802.11s Mesh Network
uci set wireless.mesh_radio0.disabled=1 uci commit wireless wifi
uci set wireless.mesh_radio0.disabled=0 uci commit wireless wifi
Change wireless channel
uci set wireless.radio0.channel=X uci commit wireless wifi
Please keep in mind changing the channel can prevent nearby devices from meshing with your router.
activate (Gluon 2017.x ?) and above
uci set system.gpio_switch_poe_passthrough.value=1 uci commit system /etc/init.d/gpio_switch restart
deactivate (Gluon 2017.x ?) and above
uci set system.gpio_switch_poe_passthrough.value=0 uci commit system /etc/init.d/gpio_switch restart
activate (Gluon 2016.2.x)
uci set system.poe_passthrough.value=1 uci commit system /etc/init.d/gpio_switch restart
deactivate (Gluon 2016.2.x)
uci set system.poe_passthrough.value=0 uci commit system /etc/init.d/gpio_switch restart
Gluon 2016.1.6 and below
Execute the following commands to enable PoE passthrough, or add to
automatically enable on boot.
# Uncomment one of these three: #GPIO=20 # TP-LINK CPE210/510 #GPIO=8 # Ubiquiti Nanostation M2/M5 (XM) #GPIO=2 # Ubiquiti Nanostation M2/M5 (XW)
echo $GPIO > /sys/class/gpio/export echo out > /sys/class/gpio/gpio$GPIO/direction echo 1 > /sys/class/gpio/gpio$GPIO/value
To prevent the
/etc/rc.local to be overwritten during a sysupgrade add the filename as one line into
TP-Link CPE 210/510/...
uci set network.client.ifname='bat0' # remove eth0.2 from client net uci delete network.@switch_vlan # delete VLAN 2 uci set network.@switch_vlan.ports='0t 4 5' # set VLAN 1 to Port 4 (LAN) uci commit network /etc/init.d/network restart
Transmit power on Ubiquiti devices
There is a bug in the current (2015/01) OpenWRT Barrier Breaker which prevents to factor in the antenna gain for transmission power setting. This is still existant in Chaos Calmer (Gluon 2016.1). Therefore your device will actually transmit with higher power than advertised in the web-UI. This is a) usually illegal and b) while clients may receive a great signal they will most likely be unable to answer. To prevent this we lower the power manually.
uci set wireless.radio0.txpower=9 uci commit wireless wifi
Nanostation M2 loco
uci set wireless.radio0.txpower=12 uci commit wireless wifi
you can check the currently set transmit power with:
iwinfo client0 txpower
Nanostation webinterface inside the Freifunk network
The NanoStation and other Point-to-Point accesspoints usually have only one network interface. If you use these PtP links for batman-adv traffic, you lose the ability to access the web interface .
WARNING: If you connect two Gluon Routers with VLAN10 on br-client using WAN you'll get a loop. You have been warned...
Tha WAN Interface must not be behind a vswitch
shows for example
eth1.4 VLAN tagging is not possible
Settings for Nanostation: here
uci set network.client.ifname="$(cat /lib/gluon/core/sysconfig/lan_ifname) bat0 $(cat /lib/gluon/core/sysconfig/wan_ifname).10" uci commit network /etc/init.d/network restart
- A German reference can be found at freifunk.net