Last active
May 28, 2024 14:09
-
-
Save AjkayAlan/ab89022ff7c1b34fa650caa677962ec8 to your computer and use it in GitHub Desktop.
Setup OpenWrt Snapshots on my x86 machine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This assumes your already running OpenWRT | |
# Follow https://teklager.se/en/knowledge-base/openwrt-installation-instructions/ to get OpenWRT initally installed on an SSD if you haven't | |
# My device expects LAN on eth0, and WAN on eth1 | |
# Sign into the router | |
ssh root@192.168.1.1 | |
# Set vars | |
DOWNLOAD_LINK="https://downloads.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-generic-squashfs-combined-efi.img.gz" | |
SHA256SUMS="https://downloads.openwrt.org/releases/23.05.3/targets/x86/64/sha256sums" | |
# Get latest snapshot and install | |
cd /tmp | |
wget $DOWNLOAD_LINK | |
wget $SHA256SUMS | |
sha256sum -c sha256sums 2>/dev/null|grep OK | |
sysupgrade -n /tmp/*.img.gz | |
# Log back in after reboot and set password | |
ssh root@192.168.1.1 | |
passwd | |
# Update and install packages | |
opkg update | |
opkg install luci | |
opkg install htop | |
opkg install nano | |
opkg install irqbalance | |
opkg install luci-app-upnp | |
opkg install luci-app-sqm | |
# Configure | |
## Only allow SSH from LAN | |
uci del dropbear.@dropbear[0].RootPasswordAuth | |
uci set dropbear.@dropbear[0].Interface='lan' | |
## Don't use ISP DNS | |
uci set network.wan.peerdns='0' | |
uci add_list network.wan.dns='192.168.1.10' | |
uci set network.wan6.reqaddress='try' | |
uci set network.wan6.reqprefix='auto' | |
uci set network.wan6.peerdns='0' | |
uci add_list network.wan6.dns='192.168.1.10' | |
## Redirect hardcoded DNS to my own DNS server | |
## Kudos to https://jeff.vtkellers.com/posts/technology/force-all-dns-queries-through-pihole-with-openwrt/ | |
uci add firewall redirect | |
uci set firewall.@redirect[-1].target='DNAT' | |
uci set firewall.@redirect[-1].name='Redirect DNS' | |
uci set firewall.@redirect[-1].src='lan' | |
uci set firewall.@redirect[-1].src_ip='!192.168.1.10' | |
uci set firewall.@redirect[-1].src_dport='53' | |
uci set firewall.@redirect[-1].dest='lan' | |
uci set firewall.@redirect[-1].dest_ip='192.168.1.10' | |
uci set firewall.@redirect[-1].dest_port='53' | |
uci add firewall nat | |
uci add_list firewall.@nat[-1].proto='tcp' | |
uci add_list firewall.@nat[-1].proto='udp' | |
uci set firewall.@nat[-1].src='lan' | |
uci set firewall.@nat[-1].dest_ip='192.168.1.10' | |
uci set firewall.@nat[-1].dest_port='53' | |
uci set firewall.@nat[-1].target='MASQUERADE' | |
## Setup UPNP | |
uci del upnpd.config.enable_upnp | |
uci del upnpd.config.enable_natpmp | |
uci del upnpd.config.secure_mode | |
uci del upnpd.config.log_output | |
uci set upnpd.config.enabled='1' | |
# Setup SQM | |
uci del sqm.eth1.qdisc_advanced | |
uci del sqm.eth1.ingress_ecn | |
uci del sqm.eth1.egress_ecn | |
uci del sqm.eth1.qdisc_really_really_advanced | |
uci del sqm.eth1.itarget | |
uci del sqm.eth1.etarget | |
uci set sqm.eth1.enabled='1' | |
uci set sqm.eth1.download='955000' | |
uci set sqm.eth1.upload='19000' | |
uci set sqm.eth1.debug_logging='0' | |
uci set sqm.eth1.verbosity='5' | |
/etc/init.d/sqm enable | |
/etc/init.d/sqm restart | |
## Enable IRQ Balance | |
sed -i "s/option enabled '0'/option enabled '1'/g" /etc/config/irqbalance | |
/etc/init.d/irqbalance start | |
## Apply changes and reload | |
uci commit | |
reload_config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment