diff --git a/image-extras/common/usr/bin/getdomains-check.sh b/image-extras/common/usr/bin/getdomains-check.sh new file mode 100755 index 0000000..2d4dc02 --- /dev/null +++ b/image-extras/common/usr/bin/getdomains-check.sh @@ -0,0 +1,496 @@ +#!/bin/sh + +HIRKN=/etc/init.d/hirkn +GETDOMAINS=/etc/init.d/getdomains +DUMP=/tmp/dump.txt + +checkpoint_true() { + printf "\033[32;1m[\342\234\223] $1\033[0m\n" +} + +checkpoint_false() { + printf "\033[31;1m[x] $1\033[0m\n" +} + +output_21() { + if [ "$VERSION_ID" -eq 21 ]; then + echo "You are using OpenWrt 21.02. This check does not support it" + fi +} + +# System Details +MODEL=$(grep machine /proc/cpuinfo | cut -d ':' -f 2) +RELEASE=$(grep OPENWRT_RELEASE /etc/os-release | awk -F '"' '{print $2}') +printf "\033[34;1mModel:$MODEL\033[0m\n" +printf "\033[34;1mVersion: $RELEASE\033[0m\n" + +VERSION_ID=$(grep VERSION_ID /etc/os-release | awk -F '"' '{print $2}' | awk -F. '{print $1}') +RAM=$(free -m | grep Mem: | awk '{print $2}') +if [[ "$VERSION_ID" -ge 22 && "$RAM" -lt 150000 ]] +then + echo "Your router has less than 256MB of RAM. I recommend using only the vpn_domains list" +fi + +# Check packages +CURL=$(opkg list-installed | grep -c curl) +if [ $CURL -eq 2 ]; then + checkpoint_true "Curl package" +else + checkpoint_false "Curl package" + echo "Install: opkg install curl" +fi + +DNSMASQ=$(opkg list-installed | grep dnsmasq-full | awk -F "-" '{print $3}' | tr -d '.' ) +if [ $DNSMASQ -ge 287 ]; then + checkpoint_true "Dnsmasq-full package" +else + checkpoint_false "Dnsmasq-full package" + echo "If you don't use vpn_domains set, it's OK" + echo "Check version: opkg list-installed | grep dnsmasq-full" + echo "Required version >= 2.87. For openwrt 22.03 follow manual: https://t.me/itdoginfo/12" + if [ "$VERSION_ID" -eq 21 ]; then + echo "You are using OpenWrt 21.02. This check does not support it" + echo "Manual for openwrt 21.02: https://t.me/itdoginfo/8" + fi +fi + +# Chek xray package +if opkg list-installed | grep -q xray-core; then + checkpoint_false "Xray-core package detected" +fi + +if opkg list-installed | grep -q luci-app-xray; then + checkpoint_false "luci-app-xray package detected. Not compatible. For delete: opkg remove luci-app-xray --force-removal-of-dependent-packages" +fi + +# Check dnsmasq +DNSMASQ_RUN=$(service dnsmasq status | grep -c 'running') +if [ $DNSMASQ_RUN -eq 1 ]; then + checkpoint_true "Dnsmasq service" +else + checkpoint_false "Dnsmasq service" + echo "Check config /etc/config/dhcp" + output_21 +fi + + +# Check internet connection +if curl -Is https://community.antifilter.download/ | grep -q 200; then + checkpoint_true "Check Internet" + else + checkpoint_false "Check Internet" + if [ $CURL -lt 2 ]; then + echo "Install curl: opkg install curl" + else + echo "Check internet connection. If ok, check date on router. Details: https://cli.co/2EaW4rO" + echo "For more info run: curl -Is https://community.antifilter.download/" + fi +fi + +# Check IPv6 + +if curl -6 -s https://ifconfig.io | egrep -q "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?"; then + checkpoint_false "IPv6 detected. This script does not currently work with IPv6" +fi + +# Tunnels +WIREGUARD=$(opkg list-installed | grep -c wireguard-tools ) +if [ $WIREGUARD -eq 1 ]; then + checkpoint_true "Wireguard-tools package" + WG=true +else + checkpoint_false "Wireguard-tools package" + echo "If you don't use WG it's OK" +fi + +if [ "$WG" == true ]; then + WG_PING=$(ping -c 1 -q -I wg0 itdog.info | grep -c "1 packets received") + if [ $WG_PING -eq 1 ]; then + checkpoint_true "Wireguard" + else + checkpoint_false "Wireguard" + WG_TRACE=$(traceroute -i wg0 itdog.info -m 1 | grep ms | awk '{print $2}' | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + if [ $WG_TRACE -eq 1 ]; then + echo "Tunnel to wg server is work, but routing to internet doesn't work. Check server configuration. Details: https://cli.co/RSCvOxI" + else + echo "Bad news: WG tunnel isn't work, check your WG configuration. Details: https://cli.co/hGUUXDs" + echo "If you don't use WG, but OpenVPN for example, it's OK" + fi + fi + + # Check WG route_allowed_ips + if uci show network | grep -q ".route_allowed_ips='1'"; then + checkpoint_false "Wireguard route_allowed_ips" + echo "All traffic goes into the tunnel. Read more at: https://cli.co/SaxBzH7" + else + checkpoint_true "Wireguard route_allowed_ips" + fi + + # Check route table + ROUTE_TABLE=$(ip route show table vpn | grep -c "default dev wg0 scope link" ) + if [ $ROUTE_TABLE -eq 1 ]; then + checkpoint_true "Route table WG" + else + checkpoint_false "Route table VPN" + echo "Details: https://cli.co/Atxr6U3" + fi +fi + +if opkg list-installed | grep -q openvpn; then + checkpoint_true "OpenVPN package" + OVPN=true +else + checkpoint_false "OpenVPN package" + echo "If you don't use OpenVPN it's OK" +fi + +# Check OpenVPN +if [ "$OVPN" == true ]; then + if ping -c 1 -q -I tun0 itdog.info | grep -q "1 packets received"; then + checkpoint_true "OpenVPN" + else + checkpoint_false "OpenVPN" + if traceroute -i tun0 itdog.info -m 1 | grep ms | awk '{print $2}' | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then + echo "Tunnel to OpenVPN server is work, but routing to internet doesn't work. Check server configuration." + else + echo "Bad news: OpenVPN tunnel isn't work, check your OpenVPN configuration." + fi + fi + + # Check OpenVPN redirect-gateway + if grep -q redirect-gateway /etc/openvpn/*; then + checkpoint_false "OpenVPN redirect-gateway" + echo "All traffic goes into the tunnel. Read more at: https://cli.co/vzTNq_3" + else + checkpoint_true "OpenVPN redirect-gateway" + fi + + # Check route table + if ip route show table vpn | grep -q "default dev tun0 scope link"; then + checkpoint_true "Route table OpenVPN" + else + checkpoint_false "Route table OpenVPN" + echo "Details: https://cli.co/Atxr6U3" + fi +fi + +if opkg list-installed | grep -q sing-box; then + checkpoint_true "Sing-box package" + + # Check route table + if ip route show table vpn | grep -q "default dev tun0 scope link"; then + checkpoint_true "Route table Sing-box" + else + checkpoint_false "Route table Sing-box. Try service network restart. Details: https://cli.co/n7xAbc1" + fi + + IP_EXTERNAL=$(curl -s ifconfig.me) + IFCONFIG=$(nslookup -type=a ifconfig.me | awk '/^Address: / {print $2}') + + ip route add $IFCONFIG via 172.19.0.1 dev tun0 + IP_VPN=$(curl -s ifconfig.me) + ip route del $IFCONFIG via 172.19.0.1 dev tun0 + + if [ "$IP_EXTERNAL" != $IP_VPN ]; then + checkpoint_true "Sing-box. VPN IP: $IP_VPN" + else + checkpoint_false "Sing-box. Check config: https://cli.co/Badmn3K" + fi +else + checkpoint_false "Sing-box package" + echo "If you don't use sing-box it's OK" +fi + +if which tun2socks | grep -q tun2socks; then + checkpoint_true "tun2socks package" + + # Check route table + if ip route show table vpn | grep -q "default dev tun0 scope link"; then + checkpoint_true "Route table tun2socks" + else + checkpoint_false "Route table tun2socks. Try service network restart. Details: https://cli.co/n7xAbc1" + fi + + IP_EXTERNAL=$(curl -s ifconfig.me) + IFCONFIG=$(nslookup -type=a ifconfig.me | awk '/^Address: / {print $2}') + + ip route add $IFCONFIG via 172.16.250.1 dev tun0 + IP_VPN=$(curl -s ifconfig.me) + ip route del $IFCONFIG via 172.16.250.1 dev tun0 + + if [ "$IP_EXTERNAL" != $IP_VPN ]; then + checkpoint_true "tun2socks. VPN IP: $IP_VPN" + else + checkpoint_false "tun2socks. Check config: https://cli.co/VNZISEM" + fi +else + checkpoint_false "tun2socks package" + echo "If you don't use tun2socks it's OK" +fi + +# Check sets + +# vpn_domains set +vpn_domain_ipset_id=$(uci show firewall | grep -E '@ipset.*vpn_domains' | awk -F '[][{}]' '{print $2}' | head -n 1) +vpn_domain_ipset_string=$(uci show firewall.@ipset[$vpn_domain_ipset_id] | grep -c "name='vpn_domains'\|match='dst_net'") +vpn_domain_rule_id=$(uci show firewall | grep -E '@rule.*vpn_domains' | awk -F '[][{}]' '{print $2}' | head -n 1) +vpn_domain_rule_string=$(uci show firewall.@rule[$vpn_domain_rule_id] | grep -c "name='mark_domains'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_domains'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") + +if [ $((vpn_domain_ipset_string + vpn_domain_rule_string)) -eq 10 ]; then + checkpoint_true "vpn_domains set" + + # force resolve for vpn_domains. All list + nslookup terraform.io 127.0.0.1 > /dev/null + nslookup pochta.ru 127.0.0.1 > /dev/null + nslookup 2gis.ru 127.0.0.1 > /dev/null + + VPN_DOMAINS_IP=$(nft list ruleset | grep -A 10 vpn_domains | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + if [ $VPN_DOMAINS_IP -ge 1 ]; then + checkpoint_true "IPs in vpn_domains" + else + checkpoint_false "IPs in vpn_domains" + echo "If you don't use vpn_domains, it's OK" + echo "But if you want use, check configs" + output_21 + fi +else + checkpoint_false "vpn_domains set" + echo "If you don't use vpn_domains set, it's OK" + echo "But if you want use, check config: https://cli.co/AwUGeM6" +fi + +# vpn_ip set +vpn_ip_ipset_id=$(uci show firewall | grep -E '@ipset.*vpn_ip' | awk -F '[][{}]' '{print $2}' | head -n 1) +vpn_ip_ipset_string=$(uci show firewall.@ipset[$vpn_ip_ipset_id] | grep -c "name='vpn_ip'\|match='dst_net'\|loadfile='/tmp/lst/ip.lst'") +vpn_ip_rule_id=$(uci show firewall | grep -E '@rule.*vpn_ip' | awk -F '[][{}]' '{print $2}' | head -n 1) +vpn_ip_rule_string=$(uci show firewall.@rule[$vpn_ip_rule_id] | grep -c "name='mark_ip'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_ip'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") + +if [ $((vpn_ip_ipset_string + vpn_ip_rule_string)) -eq 11 ]; then + checkpoint_true "vpn_ip set" + VPN_IP_IP=$(nft list ruleset | grep -A 10 vpn_ip | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + if [ $VPN_IP_IP -ge 1 ]; then + checkpoint_true "IPs in vpn_ip" + else + checkpoint_false "IPs in vpn_ip" + echo "But if you want use, check configs" + output_21 + fi +else + checkpoint_false "vpn_ip set" + echo "If you don't use vpn_ip set, it's OK" + echo "But if you want use, check config: https://cli.co/AwUGeM6" +fi + +# vpn_subnet set +vpn_subnet_ipset_id=$(uci show firewall | grep -E '@ipset.*vpn_subnet' | awk -F '[][{}]' '{print $2}' | head -n 1) +vpn_subnet_ipset_string=$(uci show firewall.@ipset[$vpn_subnet_ipset_id] | grep -c "name='vpn_subnets'\|match='dst_net'\|loadfile='/tmp/lst/subnet.lst'") +vpn_subnet_rule_id=$(uci show firewall | grep -E '@rule.*vpn_subnet' | awk -F '[][{}]' '{print $2}' | head -n 1) +vpn_subnet_rule_string=$(uci show firewall.@rule[$vpn_subnet_rule_id] | grep -c "name='mark_subnet'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_subnets'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") + +if [ $((vpn_subnet_ipset_string + vpn_subnet_rule_string)) -eq 11 ]; then + checkpoint_true "vpn_subnet set" + VPN_IP_SUBNET=$(nft list ruleset | grep -A 10 vpn_subnet | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + if [ $VPN_IP_SUBNET -ge 1 ]; then + checkpoint_true "IPs in vpn_subnet" + else + checkpoint_false "IPs in vpn_subnet" + echo "But if you want use, check configs" + output_21 + fi +else + checkpoint_false "vpn_subnet set" + echo "If you don't use vpn_subnet set, it's OK" + echo "But if you want use, check config: https://cli.co/AwUGeM6" +fi + +# vpn_community set +vpn_community_ipset_id=$(uci show firewall | grep -E '@ipset.*vpn_community' | awk -F '[][{}]' '{print $2}' | head -n 1) +vpn_community_ipset_string=$(uci show firewall.@ipset[$vpn_community_ipset_id] | grep -c "name='vpn_community'\|match='dst_net'\|loadfile='/tmp/lst/community.lst'") +vpn_community_rule_id=$(uci show firewall | grep -E '@rule.*vpn_community' | awk -F '[][{}]' '{print $2}' | head -n 1) +vpn_community_rule_string=$(uci show firewall.@rule[$vpn_community_rule_id] | grep -c "name='mark_community'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_community'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") + +if [ $((vpn_community_ipset_string + vpn_community_rule_string)) -eq 11 ]; then + checkpoint_true "vpn_community set" + VPN_COMMUNITY_IP=$(nft list ruleset | grep -A 10 vpn_community | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + if [ $VPN_COMMUNITY_IP -ge 1 ]; then + checkpoint_true "IPs in vpn_community" + else + checkpoint_false "IPs in vpn_community" + echo "But if you want use, check configs" + output_21 + fi +else + checkpoint_false "vpn_community set" + echo "If you don't use vpn_community set, it's OK" + echo "But if you want use, check config: https://cli.co/AwUGeM6" + output_21 +fi + +# hirkn script +if [ -s "$HIRKN" ]; then + checkpoint_true "Script hirkn" + if crontab -l | grep -q $HIRKN; then + checkpoint_true "Script hirkn in crontab" + else + checkpoint_false "Script hirkn in crontab" + echo "Script is not enabled in crontab. Check: crontab -l" + fi +else + checkpoint_false "Script hirkn" + echo "Script don't exists in $HIRKN. If you don't use old hirkn script, it's OK" +fi + +# getdomains script +if [ -s "$GETDOMAINS" ]; then + checkpoint_true "Script getdomains" + if crontab -l | grep -q $GETDOMAINS; then + checkpoint_true "Script getdomains in crontab" + else + checkpoint_false "Script getdomains in crontab" + echo "Script is not enabled in crontab. Check: crontab -l" + fi +else + checkpoint_false "Script getdomains" + echo "Script don't exists in $GETDOMAINS. If you don't use getdomains, it's OK" +fi + +# DNS + +# DNSCrypt +if opkg list-installed | grep -q dnscrypt-proxy2; then + checkpoint_true "Dnscrypt-proxy2 package" + if service dnscrypt-proxy status | grep -q 'running'; then + checkpoint_true "DNSCrypt service" + else + checkpoint_false "DNSCrypt service" + echo "Check config: https://cli.co/wN-tc_S" + output_21 + fi + + DNSMASQ_STRING=$(uci show dhcp.@dnsmasq[0] | grep -c "127.0.0.53#53\|noresolv='1'") + if [ $DNSMASQ_STRING -eq 2 ]; then + checkpoint_true "Dnsmasq config for DNSCrypt" + else + checkpoint_false "Dnsmasq config for DNSCrypt" + echo "Check config: https://cli.co/rooc0uz" + fi +else + checkpoint_false "Dnscrypt-proxy2 package" + echo "If you don't use Dnscrypt, it's OK" +fi + +# Stubby +if opkg list-installed | grep -q stubby; then + checkpoint_true "Stubby package" + if service stubby status | grep -q 'running'; then + checkpoint_true "Stubby service" + else + checkpoint_false "Stubby service" + echo "Check config: https://cli.co/HbDBT2V" + output_21 + fi + + STUBBY_STRING=$(uci show dhcp.@dnsmasq[0] | grep -c "127.0.0.1#5453\|noresolv='1'") + if [ $STUBBY_STRING -eq 2 ]; then + checkpoint_true "Dnsmasq config for Stubby" + else + checkpoint_false "Dnsmasq config for Stubby" + echo "Check config: https://cli.co/HbDBT2V" + fi +else + checkpoint_false "Stubby package" + echo "If you don't use Stubby, it's OK" +fi + +# Create dump +if [[ "$1" == dump ]]; then + printf "\033[36;1mCreate dump without private variables\033[0m\n" + date > $DUMP + $HIRKN start >> $DUMP 2>&1 + $GETDOMAINS start >> $DUMP 2>&1 + uci show firewall >> $DUMP + uci show network | sed -r 's/(.*private_key=|.*preshared_key=|.*public_key=|.*endpoint_host=|.*wan.ipaddr=|.*wan.netmask=|.*wan.gateway=|.*wan.dns|.*.macaddr=).*/\1REMOVED/' >> $DUMP + + echo "Dump is here: $DUMP" + echo "For download Linux/Mac use:" + echo "scp root@IP_ROUTER:$DUMP ." + echo "For Windows use PSCP or WSL" +fi + +# Check DNS +if [[ "$1" == dns ]]; then + printf "\033[36;1mCheck DNS servers\033[0m\n" + DNS_SERVERS="1.1.1.1 8.8.8.8 8.8.4.4" + DOH_DNS_SERVERS="cloudflare-dns.com 1.1.1.1 mozilla.cloudflare-dns.com security.cloudflare-dns.com" + DOMAINS="instagram.com facebook.com" + + echo "1. Block DNS traffic (Port 53/udp is available)" + + for i in $DNS_SERVERS; + do + if nslookup -type=a -timeout=2 -retry=1 itdog.info $i | grep -q "timed out"; then + checkpoint_false "$i" + else + checkpoint_true "$i" + fi + done + + echo "2. DoH available" + + for i in $DOH_DNS_SERVERS; + do + if curl --connect-timeout 5 -s -H "accept: application/dns-json" "https://$i/dns-query?name=itdog.info&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then + checkpoint_true "$i" + else + checkpoint_false "$i" + fi + done + + echo "3. The response not contains an address from 127.0.0.0/8" + + for i in $DOMAINS; + do + if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '127\.[0-9]{1,3}\.'; then + checkpoint_false "$i" + else + checkpoint_true "$i" + fi + done + + echo "4. One IP for two different domains" + + FIRSTIP=$(nslookup -type=a instagram.com | awk '/^Address: / {print $2}') + SECONDIP=$(nslookup -type=a facebook.com | awk '/^Address: / {print $2}') + + if [ "$FIRSTIP" = "$SECONDIP" ] ; then + checkpoint_false "IP addresses are the same" + else + checkpoint_true "Different IP addresses" + fi + + echo "5. The response is not blank" + + for i in $DOMAINS; + do + if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then + checkpoint_true "$i" + else + checkpoint_false "$i" + fi + done + + echo "6. Сomparing response from unencrypted DNS and DoH (DNS poisoning)" + + DOHIP=$(curl -s -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=facebook.com&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + OPENIP=$(nslookup -type=a -timeout=2 facebook.com 1.1.1.1 | awk '/^Address: / {print $2}') + + if [ "$DOHIP" = "$OPENIP" ]; then + checkpoint_true "IPs match" + else + checkpoint_false "IPs not match" + fi +fi + +# Info +echo -e "\nTelegram channel: https://t.me/itdoginfo" +echo "Telegram chat: https://t.me/itdogchat" \ No newline at end of file diff --git a/image-extras/common/usr/bin/getdomains-install.sh b/image-extras/common/usr/bin/getdomains-install.sh new file mode 100755 index 0000000..2f8da95 --- /dev/null +++ b/image-extras/common/usr/bin/getdomains-install.sh @@ -0,0 +1,596 @@ +#!/bin/sh + +#set -x + +check_repo() { + printf "\033[32;1mChecking OpenWrt repo availability...\033[0m\n" + opkg update | grep -q "Failed to download" && printf "\033[32;1mopkg failed. Check internet or date. Command for force ntp sync: ntpd -p ptbtime1.ptb.de\033[0m\n" && exit 1 +} + +route_vpn () { + if [ "$TUNNEL" == wg ]; then +cat << EOF > /etc/hotplug.d/iface/30-rknroute +#!/bin/sh + +ip route add table vpn default dev wg0 +EOF + elif [ "$TUNNEL" == singbox ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then +cat << EOF > /etc/hotplug.d/iface/30-rknroute +#!/bin/sh + +sleep 5 +ip route add table vpn default dev tun0 +EOF + fi +} + +add_mark() { + grep -q "99 vpn" /etc/iproute2/rt_tables || echo '99 vpn' >> /etc/iproute2/rt_tables + + if ! uci show network | grep -q mark0x1; then + printf "\033[32;1mConfigure mark rule\033[0m\n" + uci add network rule + uci set network.@rule[-1].name='mark0x1' + uci set network.@rule[-1].mark='0x1' + uci set network.@rule[-1].priority='100' + uci set network.@rule[-1].lookup='vpn' + uci commit + fi +} + +add_tunnel() { + echo "We can automatically configure only Wireguard. OpenVPN, Sing-box(Shadowsocks2022, VMess, VLESS, etc) and tun2socks will need to be configured manually" + echo "Select a tunnel:" + echo "1) WireGuard" + echo "2) OpenVPN" + echo "3) Sing-box" + echo "4) tun2socks" + echo "5) Skip this step" + + while true; do + read -r -p '' TUNNEL + case $TUNNEL in + + 1) + TUNNEL=wg + break + ;; + + 2) + TUNNEL=ovpn + break + ;; + + 3) + TUNNEL=singbox + break + ;; + + 4) + TUNNEL=tun2socks + break + ;; + + 5) + echo "Skip" + TUNNEL=0 + break + ;; + + *) + echo "Choose from the following options" + ;; + esac + done + + if [ "$TUNNEL" == 'wg' ]; then + printf "\033[32;1mConfigure WireGuard\033[0m\n" + if opkg list-installed | grep -q wireguard-tools; then + echo "Wireguard already installed" + else + echo "Installed wg..." + opkg install wireguard-tools + fi + + route_vpn + + read -r -p "Enter the private key (from [Interface]):"$'\n' WG_PRIVATE_KEY + + while true; do + read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (from [Interface]):"$'\n' WG_IP + if echo "$WG_IP" | egrep -oq '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+$'; then + break + else + echo "This IP is not valid. Please repeat" + fi + done + + read -r -p "Enter the public key (from [Peer]):"$'\n' WG_PUBLIC_KEY + read -r -p "If use PresharedKey, Enter this (from [Peer]). If your don't use leave blank:"$'\n' WG_PRESHARED_KEY + read -r -p "Enter Enpoint host without port (Domain or IP) (from [Peer]):"$'\n' WG_ENDPOINT + + read -r -p "Enter Enpoint host port (from [Peer]) [51820]:"$'\n' WG_ENDPOINT_PORT + WG_ENDPOINT_PORT=${WG_ENDPOINT_PORT:-51820} + if [ "$WG_ENDPOINT_PORT" = '51820' ]; then + echo $WG_ENDPOINT_PORT + fi + + uci set network.wg0=interface + uci set network.wg0.proto='wireguard' + uci set network.wg0.private_key=$WG_PRIVATE_KEY + uci set network.wg0.listen_port='51820' + uci set network.wg0.addresses=$WG_IP + + if ! uci show network | grep -q wireguard_wg0; then + uci add network wireguard_wg0 + fi + uci set network.@wireguard_wg0[0]=wireguard_wg0 + uci set network.@wireguard_wg0[0].name='wg0_client' + uci set network.@wireguard_wg0[0].public_key=$WG_PUBLIC_KEY + uci set network.@wireguard_wg0[0].preshared_key=$WG_PRESHARED_KEY + uci set network.@wireguard_wg0[0].route_allowed_ips='0' + uci set network.@wireguard_wg0[0].persistent_keepalive='25' + uci set network.@wireguard_wg0[0].endpoint_host=$WG_ENDPOINT + uci set network.@wireguard_wg0[0].allowed_ips='0.0.0.0/0' + uci set network.@wireguard_wg0[0].endpoint_port=$WG_ENDPOINT_PORT + uci commit + fi + + if [ "$TUNNEL" == 'ovpn' ]; then + if opkg list-installed | grep -q openvpn-openssl; then + echo "OpenVPN already installed" + else + echo "Installed openvpn" + opkg install openvpn-openssl + fi + printf "\033[32;1mConfigure route for OpenVPN\033[0m\n" + route_vpn + fi + + if [ "$TUNNEL" == 'singbox' ]; then + if opkg list-installed | grep -q sing-box; then + echo "Sing-box already installed" + else + AVAILABLE_SPACE=$(df / | awk 'NR>1 { print $4 }') + if [[ "$AVAILABLE_SPACE" -gt 2000 ]]; then + echo "Installed sing-box" + opkg install sing-box + else + printf "\033[31;1mNo free space for a sing-box. Sing-box is not installed.\033[0m\n" + exit 1 + fi + fi + if grep -q "option enabled '0'" /etc/config/sing-box; then + sed -i "s/ option enabled \'0\'/ option enabled \'1\'/" /etc/config/sing-box + fi + if grep -q "option user 'sing-box'" /etc/config/sing-box; then + sed -i "s/ option user \'sing-box\'/ option user \'root\'/" /etc/config/sing-box + fi + if grep -q "tun0" /etc/sing-box/config.json; then + printf "\033[32;1mConfig /etc/sing-box/config.json already exists\033[0m\n" + else +cat << 'EOF' > /etc/sing-box/config.json +{ + "log": { + "level": "debug" + }, + "inbounds": [ + { + "type": "tun", + "interface_name": "tun0", + "domain_strategy": "ipv4_only", + "inet4_address": "172.16.250.1/30", + "auto_route": false, + "strict_route": false, + "sniff": true + } + ], + "outbounds": [ + { + "type": "$TYPE", + "server": "$HOST", + "server_port": $PORT, + "method": "$METHOD", + "password": "$PASS" + } + ], + "route": { + "auto_detect_interface": true + } +} +EOF + printf "\033[32;1mCreate template config in /etc/sing-box/config.json. Edit it manually. Official doc: https://sing-box.sagernet.org/configuration/outbound/\033[0m\n" + printf "\033[32;1mOfficial doc: https://sing-box.sagernet.org/configuration/outbound/\033[0m\n" + printf "\033[32;1mManual with example SS: https://cli.co/Badmn3K \033[0m\n" + + fi + printf "\033[32;1mConfigure route for Sing-box\033[0m\n" + route_vpn + fi +} + +dnsmasqfull() { + if opkg list-installed | grep -q dnsmasq-full; then + printf "\033[32;1mdnsmasq-full already installed\033[0m\n" + else + printf "\033[32;1mInstalled dnsmasq-full\033[0m\n" + cd /tmp/ && opkg download dnsmasq-full + opkg remove dnsmasq && opkg install dnsmasq-full --cache /tmp/ + + [ -f /etc/config/dhcp-opkg ] && cp /etc/config/dhcp /etc/config/dhcp-old && mv /etc/config/dhcp-opkg /etc/config/dhcp +fi +} + +remove_forwarding() { + if [ ! -z "$forward_id" ]; then + while uci -q delete firewall.@forwarding[$forward_id]; do :; done + fi +} + +add_zone() { + if [ "$TUNNEL" == 0 ]; then + printf "\033[32;1mZone setting skipped\033[0m\n" + elif uci show firewall | grep -q "@zone.*name='$TUNNEL'"; then + printf "\033[32;1mZone already exist\033[0m\n" + else + printf "\033[32;1mCreate zone\033[0m\n" + + # Delete exists zone + zone_tun_id=$(uci show firewall | grep -E '@zone.*tun0' | awk -F '[][{}]' '{print $2}' | head -n 1) + if [ "$zone_tun_id" == 0 ] || [ "$zone_tun_id" == 1 ]; then + printf "\033[32;1mtun0 zone has an identifier of 0 or 1. That's not ok. Fix your firewall. lan and wan zones should have identifiers 0 and 1. \033[0m\n" + exit 1 + fi + if [ ! -z "$zone_tun_id" ]; then + while uci -q delete firewall.@zone[$zone_tun_id]; do :; done + fi + + zone_wg_id=$(uci show firewall | grep -E '@zone.*wg0' | awk -F '[][{}]' '{print $2}' | head -n 1) + if [ "$zone_wg_id" == 0 ] || [ "$zone_wg_id" == 1 ]; then + printf "\033[32;1mwg0 zone has an identifier of 0 or 1. That's not ok. Fix your firewall. lan and wan zones should have identifiers 0 and 1. \033[0m\n" + exit 1 + fi + if [ ! -z "$zone_wg_id" ]; then + while uci -q delete firewall.@zone[$zone_wg_id]; do :; done + fi + + uci add firewall zone + uci set firewall.@zone[-1].name="$TUNNEL" + if [ "$TUNNEL" == wg ]; then + uci set firewall.@zone[-1].network='wg0' + elif [ "$TUNNEL" == singbox ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then + uci set firewall.@zone[-1].device='tun0' + fi + if [ "$TUNNEL" == wg ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then + uci set firewall.@zone[-1].forward='REJECT' + uci set firewall.@zone[-1].output='ACCEPT' + uci set firewall.@zone[-1].input='REJECT' + elif [ "$TUNNEL" == singbox ]; then + uci set firewall.@zone[-1].forward='ACCEPT' + uci set firewall.@zone[-1].output='ACCEPT' + uci set firewall.@zone[-1].input='ACCEPT' + fi + uci set firewall.@zone[-1].masq='1' + uci set firewall.@zone[-1].mtu_fix='1' + uci set firewall.@zone[-1].family='ipv4' + uci commit firewall + fi + + if [ "$TUNNEL" == 0 ]; then + printf "\033[32;1mForwarding setting skipped\033[0m\n" + elif uci show firewall | grep -q "@forwarding.*name='$TUNNEL-lan'"; then + printf "\033[32;1mForwarding already configured\033[0m\n" + else + printf "\033[32;1mConfigured forwarding\033[0m\n" + # Delete exists forwarding + if [[ $TUNNEL != "wg" ]]; then + forward_id=$(uci show firewall | grep -E "@forwarding.*dest='wg'" | awk -F '[][{}]' '{print $2}' | head -n 1) + remove_forwarding + fi + + if [[ $TUNNEL != "ovpn" ]]; then + forward_id=$(uci show firewall | grep -E "@forwarding.*dest='ovpn'" | awk -F '[][{}]' '{print $2}' | head -n 1) + remove_forwarding + fi + + if [[ $TUNNEL != "singbox" ]]; then + forward_id=$(uci show firewall | grep -E "@forwarding.*dest='singbox'" | awk -F '[][{}]' '{print $2}' | head -n 1) + remove_forwarding + fi + + if [[ $TUNNEL != "tun2socks" ]]; then + forward_id=$(uci show firewall | grep -E "@forwarding.*dest='tun2socks'" | awk -F '[][{}]' '{print $2}' | head -n 1) + remove_forwarding + fi + + uci add firewall forwarding + uci set firewall.@forwarding[-1]=forwarding + uci set firewall.@forwarding[-1].name="$TUNNEL-lan" + uci set firewall.@forwarding[-1].dest="$TUNNEL" + uci set firewall.@forwarding[-1].src='lan' + uci set firewall.@forwarding[-1].family='ipv4' + uci commit firewall + fi +} + +show_manual() { + if [ "$TUNNEL" == tun2socks ]; then + printf "\033[42;1mZone for tun2socks cofigured. But you need to set up the tunnel yourself.\033[0m\n" + echo "Use this manual: https://cli.co/VNZISEM" + elif [ "$TUNNEL" == ovpn ]; then + printf "\033[42;1mZone for OpenVPN cofigured. But you need to set up the tunnel yourself.\033[0m\n" + echo "Use this manual: https://itdog.info/nastrojka-klienta-openvpn-na-openwrt/" + fi +} + +add_set() { + if uci show firewall | grep -q "@ipset.*name='vpn_domains'"; then + printf "\033[32;1mSet already exist\033[0m\n" + else + printf "\033[32;1mCreate set\033[0m\n" + uci add firewall ipset + uci set firewall.@ipset[-1].name='vpn_domains' + uci set firewall.@ipset[-1].match='dst_net' + uci commit + fi + if uci show firewall | grep -q "@rule.*name='mark_domains'"; then + printf "\033[32;1mRule for set already exist\033[0m\n" + else + printf "\033[32;1mCreate rule set\033[0m\n" + uci add firewall rule + uci set firewall.@rule[-1]=rule + uci set firewall.@rule[-1].name='mark_domains' + uci set firewall.@rule[-1].src='lan' + uci set firewall.@rule[-1].dest='*' + uci set firewall.@rule[-1].proto='all' + uci set firewall.@rule[-1].ipset='vpn_domains' + uci set firewall.@rule[-1].set_mark='0x1' + uci set firewall.@rule[-1].target='MARK' + uci set firewall.@rule[-1].family='ipv4' + uci commit + fi +} + +add_dns_resolver() { + echo "Configure DNSCrypt2 or Stubby? It does matter if your ISP is spoofing DNS requests" + DISK=$(df -m / | awk 'NR==2{ print $2 }') + if [[ "$DISK" -lt 32 ]]; then + printf "\033[31;1mYour router a disk have less than 32MB. It is not recommended to install DNSCrypt, it takes 10MB\033[0m\n" + fi + echo "Select:" + echo "1) No [Default]" + echo "2) DNSCrypt2 (10.7M)" + echo "3) Stubby (36K)" + + while true; do + read -r -p '' DNS_RESOLVER + case $DNS_RESOLVER in + + 1) + echo "Skiped" + break + ;; + + 2) + DNS_RESOLVER=DNSCRYPT + break + ;; + + 3) + DNS_RESOLVER=STUBBY + break + ;; + + *) + echo "Choose from the following options" + ;; + esac + done + + if [ "$DNS_RESOLVER" == 'DNSCRYPT' ]; then + if opkg list-installed | grep -q dnscrypt-proxy2; then + printf "\033[32;1mDNSCrypt2 already installed\033[0m\n" + else + printf "\033[32;1mInstalled dnscrypt-proxy2\033[0m\n" + opkg install dnscrypt-proxy2 + if grep -q "# server_names" /etc/dnscrypt-proxy2/dnscrypt-proxy.toml; then + sed -i "s/^# server_names =.*/server_names = [\'google\', \'cloudflare\', \'scaleway-fr\', \'yandex\']/g" /etc/dnscrypt-proxy2/dnscrypt-proxy.toml + fi + + printf "\033[32;1mDNSCrypt restart\033[0m\n" + service dnscrypt-proxy restart + printf "\033[32;1mDNSCrypt needs to load the relays list. Please wait\033[0m\n" + sleep 30 + + if [ -f /etc/dnscrypt-proxy2/relays.md ]; then + uci set dhcp.@dnsmasq[0].noresolv="1" + uci -q delete dhcp.@dnsmasq[0].server + uci add_list dhcp.@dnsmasq[0].server="127.0.0.53#53" + uci add_list dhcp.@dnsmasq[0].server='/use-application-dns.net/' + uci commit dhcp + + printf "\033[32;1mDnsmasq restart\033[0m\n" + + /etc/init.d/dnsmasq restart + else + printf "\033[31;1mDNSCrypt not download list on /etc/dnscrypt-proxy2. Repeat install DNSCrypt by script.\033[0m\n" + fi + fi + + fi + + if [ "$DNS_RESOLVER" == 'STUBBY' ]; then + printf "\033[32;1mConfigure Stubby\033[0m\n" + + if opkg list-installed | grep -q stubby; then + printf "\033[32;1mStubby already installed\033[0m\n" + else + printf "\033[32;1mInstalled stubby\033[0m\n" + opkg install stubby + + printf "\033[32;1mConfigure Dnsmasq for Stubby\033[0m\n" + uci set dhcp.@dnsmasq[0].noresolv="1" + uci -q delete dhcp.@dnsmasq[0].server + uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5453" + uci add_list dhcp.@dnsmasq[0].server='/use-application-dns.net/' + uci commit dhcp + + printf "\033[32;1mDnsmasq restart\033[0m\n" + + /etc/init.d/dnsmasq restart + fi + fi +} + +add_packages() { + if opkg list-installed | grep -q "curl -"; then + printf "\033[32;1mCurl already installed\033[0m\n" + else + printf "\033[32;1mInstall curl\033[0m\n" + opkg install curl + fi + + if opkg list-installed | grep -q nano; then + printf "\033[32;1mNano already installed\033[0m\n" + else + printf "\033[32;1mInstall nano\033[0m\n" + opkg install nano + fi +} + +add_getdomains() { + echo "Choose you country" + echo "Select:" + echo "1) Russia inside. You are inside Russia" + echo "2) Russia outside. You are outside of Russia, but you need access to Russian resources" + echo "3) Ukraine. uablacklist.net list" + echo "4) Skip script creation" + + while true; do + read -r -p '' COUNTRY + case $COUNTRY in + + 1) + COUNTRY=russia_inside + break + ;; + + 2) + COUNTRY=russia_outside + break + ;; + + 3) + COUNTRY=ukraine + break + ;; + + 4) + echo "Skiped" + COUNTRY=0 + break + ;; + + *) + echo "Choose from the following options" + ;; + esac + done + + if [ "$COUNTRY" == 'russia_inside' ]; then + EOF_DOMAINS=DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Russia/inside-dnsmasq-nfset.lst + elif [ "$COUNTRY" == 'russia_outside' ]; then + EOF_DOMAINS=DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Russia/outside-dnsmasq-nfset.lst + elif [ "$COUNTRY" == 'ukraine' ]; then + EOF_DOMAINS=DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Ukraine/inside-dnsmasq-nfset.lst + fi + + if [ "$COUNTRY" != '0' ]; then + printf "\033[32;1mCreate script /etc/init.d/getdomains\033[0m\n" + +cat << EOF > /etc/init.d/getdomains +#!/bin/sh /etc/rc.common + +START=99 + +start () { + $EOF_DOMAINS +EOF +cat << 'EOF' >> /etc/init.d/getdomains + count=0 + while true; do + if curl -m 3 github.com; then + curl -f $DOMAINS --output /tmp/dnsmasq.d/domains.lst + break + else + echo "GitHub is not available. Check the internet availability [$count]" + count=$((count+1)) + fi + done + + if dnsmasq --conf-file=/tmp/dnsmasq.d/domains.lst --test 2>&1 | grep -q "syntax check OK"; then + /etc/init.d/dnsmasq restart + fi +} +EOF + + chmod +x /etc/init.d/getdomains + /etc/init.d/getdomains enable + + if crontab -l | grep -q /etc/init.d/getdomains; then + printf "\033[32;1mCrontab already configured\033[0m\n" + + else + crontab -l | { cat; echo "0 */8 * * * /etc/init.d/getdomains start"; } | crontab - + printf "\033[32;1mIgnore this error. This is normal for a new installation\033[0m\n" + /etc/init.d/cron restart + fi + + printf "\033[32;1mStart script\033[0m\n" + + /etc/init.d/getdomains start + fi +} + +# System Details +MODEL=$(grep machine /proc/cpuinfo | cut -d ':' -f 2) +RELEASE=$(grep OPENWRT_RELEASE /etc/os-release | awk -F '"' '{print $2}') +printf "\033[34;1mModel:$MODEL\033[0m\n" +printf "\033[34;1mVersion: $RELEASE\033[0m\n" + +VERSION_ID=$(grep VERSION_ID /etc/os-release | awk -F '"' '{print $2}' | awk -F. '{print $1}') + +if [ "$VERSION_ID" -ne 23 ]; then + printf "\033[31;1mScript only support OpenWrt 23.05\033[0m\n" + echo "For OpenWrt 21.02 and 22.03 you can:" + echo "1) Use ansible https://github.com/itdoginfo/ansible-openwrt-hirkn" + echo "2) Configure manually. Old manual: https://itdog.info/tochechnyj-obhod-blokirovok-rkn-na-routere-s-openwrt-s-pomoshhyu-wireguard-i-dnscrypt/" + exit 1 +fi + +printf "\033[31;1mAll actions performed here cannot be rolled back automatically.\033[0m\n" + +check_repo + +add_packages + +add_tunnel + +add_mark + +add_zone + +show_manual + +add_set + +dnsmasqfull + +add_dns_resolver + +add_getdomains + +printf "\033[32;1mRestart network\033[0m\n" +/etc/init.d/network restart + +printf "\033[32;1mDone\033[0m\n" diff --git a/image-extras/tplink_tl-wdr3600-v1/etc/uci-defaults/99-defaults b/image-extras/tplink_tl-wdr3600-v1/etc/uci-defaults/99-defaults new file mode 100644 index 0000000..c08f7e5 --- /dev/null +++ b/image-extras/tplink_tl-wdr3600-v1/etc/uci-defaults/99-defaults @@ -0,0 +1,104 @@ +#!/bin/sh +# +# Beware! This script will be in /rom/etc/uci-defaults/ as part of the image. +# Uncomment lines to apply: +wlan_name="office" +wlan_password="fuckingwep" +root_password="AsD7fg" +lan_ip_address="192.168.47.1" +hostname="gw-aramil" +# dhcp server 1 disable, 0 enable +dhcpsrv="0" + +# log potential errors +exec >/tmp/setup.log 2>&1 + +if [ -n "$root_password" ]; then + (echo "$root_password"; sleep 1; echo "$root_password") | passwd > /dev/null +fi + +# Configure LAN +# More options: https://openwrt.org/docs/guide-user/base-system/basic-networking +if [ -n "$lan_ip_address" ]; then + uci set network.lan.ipaddr="$lan_ip_address" + uci commit network +fi + +# Configure WLAN +# More options: https://openwrt.org/docs/guide-user/network/wifi/basic#wi-fi_interfaces +if [ -n "$wlan_name" -a -n "$wlan_password" -a ${#wlan_password} -ge 8 ]; then + uci set wireless.@wifi-device[0].disabled='0' + uci set wireless.@wifi-device[0].channel='11' + uci set wireless.@wifi-device[0].txpower='15' + uci set wireless.@wifi-device[0].disabled='0' + uci set wireless.@wifi-device[0].country='RU' + uci set wireless.@wifi-iface[0].mode='ap' + uci set wireless.@wifi-iface[0].encryption='psk2' + uci set wireless.@wifi-iface[0].ssid="$wlan_name" + uci set wireless.@wifi-iface[0].key="$wlan_password" + #uci set wireless.@wifi-iface[0].macfilter='allow' + #uci add_list wireless.@wifi-iface[0].maclist='' + uci commit wireless +fi + +# Configure system +uci set system.@system[0].hostname="$hostname" +uci set system.@system[0].timezone='<+05>-5' +uci set system.ntp.enable_server='1' +uci set system.ntp.interface='lan' +uci set system.@system[0].zonename='Asia/Yekaterinburg' +commit system +/etc/init.d/system restart + +# Configure ssh dropbear +SSHPUB="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSZsnOKXMTO7GTdrDUzuemE2h+SAIwMBbsrLVtx/CFoYidtT5qQ4ukAJG5JvRIkmZUl0t2C69z0nEEZXInTycsqQW7IlYpiy9yTlImd9QmyckZcHptTtEzyNdcCDOXOcW2Q0YEykpOoccTCkk2PHa3Xufel67jTwXfaqAVzaN5fXy6uO2I1ab5HHwCFX8zTuagBXKSYDMlHxrz9friu8ipuiPsEgl5n1LOvasypnZkpjhb5XnJi7tyRHfbzx+X+DIZc/ZW21BPtcExSXn+mmVhTD0vQh9MGG/hnfdvCXGPSKGGHMPiZEL9vzN3PvBYVchp/8DDSKtRZtJnBpNhdtl+8LjGsOgDPN51otOxcDtIQgOiMGbgX6fzMB7EN642b3f8tlFp3aVswtH3isBz6AgeVO+qqI/nW6Io7mayNXrDXVIULh0Ol4TKTZ61KGLCUhX/ZL9ifXdXWlTVeXzidaxIZ7BGF5SaTRlHJhRfqVc8fZI9BBaPFFSqxBYzybYkGzU= jeka@x220" +cat << EOI > /etc/dropbear/authorized_keys +${SSHPUB} +EOI +chmod 600 /etc/dropbear/authorized_keys +uci set dropbear.@dropbear[0].PasswordAuth="0" +uci set dropbear.@dropbear[0].RootPasswordAuth="0" +uci set dropbear.@dropbear[0].GatewayPorts='on' +uci commit dropbear +/etc/init.d/dropbear restart + +# Configure uhttpd +uci set uhttpd.main.listen_http='0.0.0.0:8080' +uci set uhttpd.main.listen_https='0.0.0.0:4431' +commit uhttpd +/etc/init.d/uhttpd restart + +# DHCP server on/off +#uci set dhcp.lan.ignore="$dhcpsrv" +#uci add host +#uci set dhcp.@host[-1].name='jeka-office' +#uci set dhcp.@host[-1].mac='4c:cc:6a:01:5d:30' +#uci set dhcp.@host[-1].ip='192.168.77.35' +#uci add host +#uci set dhcp.@host[-1].name='fs1370dn' +#uci set dhcp.@host[-1].mac='00:C0:EE:9E:01:55' +#uci set dhcp.@host[-1].ip='192.168.77.33' +#uci add host +#uci set dhcp.@host[-1].name='kyoceraigor' +#uci set dhcp.@host[-1].mac='00:17:C8:21:A7:F2' +#uci set dhcp.@host[-1].ip='192.168.77.30' +#uci add host +#uci set dhcp.@host[-1].name='kyocerascanner' +#uci set dhcp.@host[-1].mac='00:C0:EE:BB:85:2C' +#uci set dhcp.@host[-1].ip='192.168.77.31' +#uci add host +#uci set dhcp.@host[-1].name='natasha-office' +#uci set dhcp.@host[-1].mac='50:46:5D:09:D0:69' +#uci set dhcp.@host[-1].ip='192.168.77.36' +#uci add host +#uci set dhcp.@host[-1].name='klipper' +#uci set dhcp.@host[-1].mac='B8:27:EB:B9:82:6D' +#uci set dhcp.@host[-1].ip='192.168.77.44' +#uci commit dhcp +#/etc/init.d/dnsmasq restart + +# Configure network +/etc/init.d/network restart + +# Configure firewall +/etc/init.d/firewall restart