OpenWrt scripts for USB 3.0, WPA3, SFTP, SMB, NFS, DDNS, SQM QoS, Acme, OpenVPN, IKEv2/IPsec, Adblock, Watchcat, mSMTP
Create a generic script to install custom OpenWrt configuration automatically on each new release, since 2018 and is now stable
- Wi-Fi SSID and password settings
- Wi-Fi MESH SSID and password settings
- Wi-Fi Guest SSID_Guest and password settings
- TimeZone settings
- Dynamic DNS settings
- DHCP Static Leases settings
- Host entries settings
- Manage Firewall - Zone (wan/lan/guest/vpn) settings
- Firewall - Port Forwards settings
- Manage USB 3.0 and UAS Storage with ext4 / FAT / exFAT / ntfs supported filesystem
- Create and moving Rootfs & Swap on USB storage
- Able to use USB Dongle LTE/4G as wan interface
- Enable WPA3 Wi-Fi security encryption - WPA2/WPA3 (PSK/SAE)
- Adblock running on the router
Legend
- Include by default ✔️
- Optional and depend on config env file 📄
List of packages / services
- SFTP fileserver ✔️
- Samba SMB/CIFS fileserver 📄
- NFS fileserver 📄
- Dynamic DNS for external IP naming ✔️
- Advanced Reboot UI 📄
- SQM QoS (aka Smart Queue Management) 📄
- Enable Freebox TV QoS advices when Freebox Server is set as bridge 📄
- Satistics with collectd 📄
- Acme certificates and script ✔️
- uHTTPd UI ✔️
- OpenVPN 📄
- Generate OpenVPN certificates files
- Set server for clients to access to local network with local gateway (based on username/password)
- Set server Site-to-Site config with domain suffix capability (based on username/password)
- Import existing client config file
- IKEv2/IPsec VPN server with strongSwan 📄
- Set server for clients to access to local network with local gateway (based on username/password)
- Adblock ✔️
- Block ip addresses that track attacks, spyware, viruses ✔️
- Watchcat - network watchdog (periodic reboot or reboot on internet drop) ✔️
- mSMTP - SMTP clients ✔️
Terminal OpenWrt status on login
- General system information
- Disk usage
- Network information
- Network devices
- IPsec connected users
- OpenVPN connected users
- Keep system up to date
Healthcheck
- wifi: Check wifi radios/devices every 1 min ✔️
- url: Check url(s) status every 3 mins ✔️
- wwan: Check LTE connection every 3 mins 📄
- nas: Check NAS status and Port Forwards http/https every 3 mins 📄
OpenWrt release | My Branches/Tag | Supported |
---|---|---|
18.06 | 19.07 | ✔️ |
19.07 | 19.07 | ✔️ |
21.02 | Current | ✔️ |
VPN server | Linux | Windows 10 | Android 11 | iOS |
---|---|---|---|---|
IKEv2/IPsec with strongSwan | ✔️ | ✔️ | ✔️ | ❓ |
OpenVPN | ✔️ | ✔️ | ✔️ | ❓ |
- Backup current config .tar.gz file and keep only :
- /etc/shadow to keep the default login/password
- /etc/acme/<sub.domain.com> to keep current Acme certificates
- /et/easy-rsa/pki to keep current OpenVPN certificates
- Add this repository files under /root folder on your .tar.gz backup file
- Create your own /root/.env file based the example and add it on your .tar.gz backup file (optional, can be done by script)
- Flash new firmware image and Restore with your new .tar.gz backup file
- Open ssh terminal to connect to OpenWrt
$ ssh openwrt
- Start the installation setup and follow the questions
$ /root/opkg-install.sh 2>&1 | tee /var/log/opkg-install.log
$ /root/opkg-install.sh 2>&1 | tee /var/log/opkg-install.log
- Create and moving Rootfs & Swap on new USB storage
- Rebuild Rootfs on existing USB storage
- Start OpenWrt setup installation
Device | Type | Label | Default size |
---|---|---|---|
sda | |||
├─sda1 | swap | 2 x existing RAM with max of 512Mb | |
├─sda2 | ext4 | rootfs | 4Go |
└─sda3 | vfat | data | 10Go --> mount point /mnt/data |
- Wireless Overview
- Interfaces
- Firewall
- Network Shares
- Scheduled Tasks
- Smart Queue Management
- Adblock
- OpenVPN instances
* Set access rights on uploaded files
*
* You are connected to the internet.
*
* Create and moving Rootfs & Swap on new USB storage? [y/N] y
* Please unplug USB storage <enter to continue>...
* Checking for updates, please wait...
* Package USB 3.0 disk management
* Package ext4/FAT
* Package mounted partitions
* Package exFAT/ntfs
* Package hd-idle
* Package SFTP fileserver
* Package wget
* Package disk utilities
* Please plug back in USB storage <enter to continue>...
*
* List of available USB devices:
*
Disk /dev/sda: 14.32 GiB, 15376318464 bytes, 30031872 sectors
Disk model: Ultra Fit
Disklabel type: dos
Device Boot Start End Sectors Size Id Type
/dev/sda1 2048 1050623 20592640 13.8G 83 Linux
*
NAME FSTYPE LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
sda
└─sda1 vfat data 8FC8-3FAD
*
* Enter USB device? </dev/sda>
* Unmount all 3 partitions on /dev/sda
* Built-in USB device for /dev/sda? [y/N] y
* Wiping all signatures for /dev/sda
*
*
*
* Reboot to complete wipefs on /dev/sda? [y/N]
* Please unplug and plug back in /dev/sda <enter to continue>...
* Info: Double RAM for machines with 512MB of RAM or less than, and same with more.
* Current RAM: 512MB
* Enter swap partition size? <512MB>
* Enter root partition size? <4GB>
* Create data partition of <10GB>
*
* Partitions detail for /dev/sda:
Disk /dev/sda: 14.32 GiB, 15376318464 bytes, 30031872 sectors
Disk model: Ultra Fit
Disklabel type: dos
Device Boot Start End Sectors Size Id Type
/dev/sda1 2048 1050623 1048576 512M 83 Linux
/dev/sda2 1050624 9439231 8388608 4G 83 Linux
/dev/sda3 9439232 30031871 20592640 9.8G 83 Linux
*
*
*
*
* Reboot to complete partitions creation on /dev/sda? [y/N]
* Please unplug and plug back in /dev/sda <enter to continue>...
*
* Format partitions with swap/ext4/fat32
*
* Partitions detail for /dev/sda:
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
sda
├─sda1 swap
├─sda2 ext4 rootfs 98d50326-db8a-4314-ba22-2d91864e3381
└─sda3 vfat data 8FC8-3FAD
*
* Remove disk utilities packages
*
* Add swap of 512MB on /dev/sda1
* Move overlayfs:/overlay to 4GB on /dev/sda2
* Add free storage of 9.6GB on /dev/sda3
*
* UCI config fstab
* Enable all mounted partitions
* Please check mounted partitions http://openwrt/cgi-bin/luci/admin/system/mounts
* Copy /overlay on /dev/sda2 partition...
*
*
*
* Reboot to complete "Rootfs & Swap on USB Storage" <enter to continue>...
* Set access rights on uploaded files
*
* You are connected to the internet.
*
* Create and moving Rootfs & Swap on new USB storage? [y/N]
* Rebuild Rootfs on existing USB storage? [y/N] y
* Please unplug USB storage <enter to continue>...
* Checking for updates, please wait...
* Package USB 3.0 disk management
* Package ext4/FAT
* Package mounted partitions
* Package exFAT/ntfs
* Package hd-idle
* Package SFTP fileserver
* Package wget
* Package disk utilities
* Please plug back in USB storage <enter to continue>...
*
* List of available USB devices:
*
NAME FSTYPE LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
├─sda1 swap
├─sda2 ext4 rootfs 98d50326-db8a-4314-ba22-2d91864e3381
└─sda3 vfat data 8FC8-3FAD
*
* Enter swap device? </dev/sda1>
* Enter rootfs device? </dev/sda2>
*
* Format partitions with swap/ext4
* Remove disk utilities packages
* UCI config fstab
* Enable all mounted partitions
* Please check mounted partitions http://openwrt/cgi-bin/luci/admin/system/mounts
* Copy /overlay on /dev/sda2 partition...
*
*
*
* Reboot to complete the "Rootfs & Swap on USB Storage" <enter to continue>...
* Set access rights on uploaded files
*
* You are connected to the internet.
*
* Create and moving Rootfs & Swap on new USB storage? [y/N]
* Rebuild Rootfs on existing USB storage? [y/N]
*
* The current setup:
*
*
* Do you accept this setup? [Y/n]
* UCI config luci
* UCI config timezone
* UCI config lan network
* UCI config Guest network
* UCI config dhcp
* UCI config firewall
* UCI config firewall redirect
* UCI config firewall rule
* UCI config wireless
* UCI config dhcp static leases
* UCI config dhcp host
* UCI config dhcp domain
* Checking for updates, please wait...
* Package Advanced Reboot UI
* Package USB 3.0 disk management
* Package ext4/FAT/exFAT/ntfs
* Package mounted partitions
* UCI enable mounted partitions
* UCI mount partitions
* Package hd-idle
* UCI config hd-idle
* Package WPA2/WPA3 Personal (PSK/SAE) mixed mode
* UCI config WPA2/WPA3 (PSK/SAE)
* Package SFTP fileserver
* Package Samba SMB/CIFS fileserver for 'Network Shares'
* UCI config samba
* Set Samba as local master = yes
* Package NFS fileserver
* UCI config nfs
* Package Dynamic DNS for external IP naming
* UCI config ddns
* Package firewall rtsp nat helper
* Add firewall rtsp config
* Package SQM QoS (aka Smart Queue Management)
* UCI config SQM QoS
* Package for ACME script
* Install ACME script
[Mon Oct 18 06:55:59 UTC 2021] It is recommended to install socat first.
[Mon Oct 18 06:55:59 UTC 2021] We use socat for standalone server if you use standalone mode.
[Mon Oct 18 06:55:59 UTC 2021] If you don't use standalone mode, just ignore this warning.
[Mon Oct 18 06:55:59 UTC 2021] Installing to /etc/acme
cp: can't stat 'acme.sh': No such file or directory
[Mon Oct 18 06:55:59 UTC 2021] Install failed, can not copy acme.sh
[Mon Oct 18 06:56:00 UTC 2021] Installing from online archive.
[Mon Oct 18 06:56:00 UTC 2021] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Mon Oct 18 06:56:05 UTC 2021] Extracting master.tar.gz
[Mon Oct 18 06:56:14 UTC 2021] It is recommended to install socat first.
[Mon Oct 18 06:56:14 UTC 2021] We use socat for standalone server if you use standalone mode.
[Mon Oct 18 06:56:14 UTC 2021] If you don't use standalone mode, just ignore this warning.
[Mon Oct 18 06:56:14 UTC 2021] Installing to /etc/acme
[Mon Oct 18 06:56:14 UTC 2021] Installed to /etc/acme/acme.sh
[Mon Oct 18 06:56:20 UTC 2021] OK
[Mon Oct 18 06:56:20 UTC 2021] Install success!
[Mon Oct 18 06:56:27 UTC 2021] Upgrade success!
* Package Acme UI
* UCI config acme
* Get ACME certificates
[Mon Oct 18 06:56:34 UTC 2021] Domains not changed.
[Mon Oct 18 06:56:34 UTC 2021] Skip, Next renewal time is: Fri Nov 5 07:50:47 UTC 2021
[Mon Oct 18 06:56:34 UTC 2021] Add '--force' to force to renew.
* Package uHTTPd UI
* UCI config uHTTPd
* Package VPN client with OpenVPN
* Set OpenVPN config files
* Set OpenVPN certificates files with network & firewall config
* UCI config firewall for IKEv2/IPsec VPN server
* UCI config network/interface for IKEv2/IPsec VPN server
* UCI config network/zone for IKEv2/IPsec VPN server
* UCI config network/route for IKEv2/IPsec VPN server
* UCI config dhcp/dnsmasq for IKEv2/IPsec VPN server
* Link ACME cetificates for IKEv2/IPsec VPN server
* Package IKEv2/IPsec VPN server with strongSwan
* Set config files for IKEv2/IPsec VPN server with strongSwan
* UCI config remove default firewall - Traffic Rules for IKEv2/IPsec VPN server
* Package adblock
* UCI config adblock
* Block ip addresses that track attacks, spyware, viruses
* Enable crontab 'Scheduled Taks'
* Package watchcat (periodic reboot or reboot on internet drop)
* UCI config watchcat
* Package mSMTP mail client
* Set mSMTP account free,gmail
* Set timezone Europe/Paris
* Package wget
* Package iperf3
* Set iperf3 server at startup
* Add custom scripts
* Remove duplicated conffile
*
*
******************************
/!\ After reboot checks /!\\
******************************
*
*
* Please check swap mounted partition http://openwrt/cgi-bin/luci/admin/system/mounts
*
*
* Certificates issue:
/etc/acme/acme.sh --home /etc/acme --upgrade > /etc/acme/log.txt 2>&1 && /root/fw-redirect.sh Allow-http=on && /etc/acme/acme.sh --home /etc/acme --issue --server letsencrypt -d $DOMAIN -w /www 2>&1 | tee -a /etc/acme/log.txt; /root/fw-redirect.sh Allow-http=off && /usr/sbin/ipsec restart
*
* Certificates renew:
/etc/acme/acme.sh --home /etc/acme --upgrade > /etc/acme/log.txt 2>&1 && /root/fw-redirect.sh Allow-http=on && /etc/acme/acme.sh --home /etc/acme --renew-all --standalone --force 2>&1 | tee -a /etc/acme/log.txt; /root/fw-redirect.sh Allow-http=off && /usr/sbin/ipsec restart
*
*
* Reboot to complete the installation? [Y/n]