opkg update
opkg list-upgradable | cut -f 1 -d ' ' | xargs -r opkg upgrade
nano /etc/config/network
/etc/init.d/network restart
sed -i "s/zsh/ash/g" "/etc/passwd"
Last active
August 17, 2024 08:00
-
-
Save weblogix/4d0fce56bb60c19ca39e01b89f2abee0 to your computer and use it in GitHub Desktop.
[openwrt cheatsheet]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Sources | |
| # https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan | |
| # https://openwrt.org/docs/guide-user/network/wifi/guestwifi/extras | |
| WIFI_DEV="radio0" | |
| WIFI_PASSWORD="guest" | |
| # Configure network | |
| uci -q delete network.guest | |
| uci set network.guest="interface" | |
| uci set network.guest.type="bridge" | |
| uci set network.guest.proto="static" | |
| uci set network.guest.ipaddr="192.168.101.1" | |
| uci set network.guest.netmask="255.255.255.0" | |
| uci set network.guest.ip6assign="60" | |
| uci commit network | |
| /etc/init.d/network restart | |
| # Configure wireless | |
| uci -q delete wireless.guest | |
| uci set wireless.guest="wifi-iface" | |
| uci set wireless.guest.device="${WIFI_DEV}" | |
| uci set wireless.guest.mode="ap" | |
| uci set wireless.guest.network="guest" | |
| uci set wireless.guest.ssid="guest" | |
| uci set wireless.guest.encryption="sae-mixed" | |
| uci set wireless.guest.key="${WIFI_PASSWORD}" | |
| uci commit wireless | |
| #isolate guest clients | |
| uci set wireless.guest.isolate="1" | |
| wifi reload | |
| uci -q delete dhcp.guest | |
| uci set dhcp.guest="dhcp" | |
| uci set dhcp.guest.interface="guest" | |
| uci set dhcp.guest.start="100" | |
| uci set dhcp.guest.limit="150" | |
| uci set dhcp.guest.leasetime="1h" | |
| uci set dhcp.guest.dhcpv6="server" | |
| uci set dhcp.guest.ra="server" | |
| uci commit dhcp | |
| /etc/init.d/dnsmasq restart | |
| # Configure firewall | |
| uci -q delete firewall.guest | |
| uci set firewall.guest="zone" | |
| uci set firewall.guest.name="guest" | |
| uci set firewall.guest.network="guest" | |
| uci set firewall.guest.input="REJECT" | |
| uci set firewall.guest.output="ACCEPT" | |
| uci set firewall.guest.forward="REJECT" | |
| uci -q delete firewall.guest_wan | |
| uci set firewall.guest_wan="forwarding" | |
| uci set firewall.guest_wan.src="guest" | |
| uci set firewall.guest_wan.dest="wan" | |
| uci -q delete firewall.guest_dns | |
| uci set firewall.guest_dns="rule" | |
| uci set firewall.guest_dns.name="Allow-DNS-Guest" | |
| uci set firewall.guest_dns.src="guest" | |
| uci set firewall.guest_dns.dest_port="53" | |
| uci set firewall.guest_dns.proto="tcp udp" | |
| uci set firewall.guest_dns.target="ACCEPT" | |
| uci -q delete firewall.guest_dhcp | |
| uci set firewall.guest_dhcp="rule" | |
| uci set firewall.guest_dhcp.name="Allow-DHCP-Guest" | |
| uci set firewall.guest_dhcp.src="guest" | |
| uci set firewall.guest_dhcp.dest_port="67" | |
| uci set firewall.guest_dhcp.proto="udp" | |
| uci set firewall.guest_dhcp.family="ipv4" | |
| uci set firewall.guest_dhcp.target="ACCEPT" | |
| uci -q delete firewall.guest_dhcp6 | |
| firewall.guest_dhcp6="rule" | |
| firewall.guest_dhcp6.name="Allow-DHCPv6-Guest" | |
| firewall.guest_dhcp6.src="guest" | |
| firewall.guest_dhcp6.dest_port="547" | |
| firewall.guest_dhcp6.proto="udp" | |
| firewall.guest_dhcp6.family="ipv6" | |
| firewall.guest_dhcp6.target="ACCEPT" | |
| uci commit firewall | |
| /etc/init.d/firewall restart | |
| # ICMP/ICMP6 | |
| # (might not be required) | |
| uci rename firewall.@rule[1]="icmp" | |
| uci rename firewall.@rule[5]="icmp6" | |
| uci set firewall.icmp.src="*" | |
| uci set firewall.icmp6.src="*" | |
| uci commit firewall | |
| /etc/init.d/firewall restart | |
| # Resolving race conditions | |
| # Configure DHCP | |
| uci set dhcp.guest.force="1" | |
| uci commit dhcp | |
| /etc/init.d/dnsmasq restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get latest package list | |
| opkg update | |
| #general packages | |
| opkg install luci-app-upnp wget | |
| # Add stangri’s OpenWrt packages repo | |
| if ubus -S call system board | grep -q '15.05'; then opkg install ca-certificates wget libopenssl; else opkg install uclient-fetch libustream-mbedtls ca-bundle ca-certificates; fi | |
| echo -e -n 'untrusted comment: OpenWrt usign key of Stan Grishin\nRWR//HUXxMwMVnx7fESOKO7x8XoW4/dRidJPjt91hAAU2L59mYvHy0Fa\n' > /etc/opkg/keys/7ffc7517c4cc0c56 | |
| sed -i '/stangri_repo/d' /etc/opkg/customfeeds.conf | |
| ! grep -q 'stangri_repo' /etc/opkg/customfeeds.conf && echo 'src/gz stangri_repo https://repo.openwrt.melmac.net' >> /etc/opkg/customfeeds.conf | |
| opkg update | |
| opkg update | |
| # Install PBR | |
| opkg install vpn-policy-routing luci-app-vpn-policy-routing | |
| opkg update; opkg remove dnsmasq; opkg install dnsmasq-full; | |
| # Install other packages | |
| opkg install zsh luci-app-https-dns-proxy https-dns-proxy | |
| # Enable zsh | |
| sed -i -- 's:/bin/ash:/usr/bin/zsh:g' /etc/passwd | |
| # Install Wireguard | |
| opkg install luci-i18n-wireguard-en | |
| # Dynamic DNS client | |
| opkg install luci-app-ddns ddns-scripts | |
| opkg remove ath10k-firmware-qca988x-ct kmod-ath10k-ct | |
| opkg install ath10k-firmware-qca988x kmod-ath10k |
opkg remove ath10k-firmware-qca988x-ct kmod-ath10k-ct
opkg update && opkg install ath10k-firmware-qca988x kmod-ath10k
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment