-
Notifications
You must be signed in to change notification settings - Fork 14
/
config-cerowrt.sh
executable file
·234 lines (216 loc) · 8.66 KB
/
config-cerowrt.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
#!/bin/sh
# Update the factory settings of CeroWrt to a known-good configuration.
# You should make a copy of this script, customize it to your needs,
# then use the "To run this script" procedure (below).
#
# This script is designed to configure all the settings needed to
# set up your router after an initial "factory" firmware flash.
#
# There are sections below to configure many aspects of your router.
# All the sections are commented out. There are sections for:
#
# - Set up the ge00/WAN interface to connect to your provider
# - Update the software packages
# - Update the root password
# - Set the time zone
# - Enable SNMP for traffic monitoring and measurements
# - Enable NetFlow export for traffic analysis
# - Enable mDNS/ZeroConf on the ge00 (WAN) interface
# - Change default IP addresses and subnets for interfaces
# - Change default DNS names
# - Set the SQM (Smart Queue Management) parameters
# - Set the radio channels
# - Set wireless SSID names
# - Set the wireless security credentials
#
# To run this script
#
# Flash the router with factory firmware. Then ssh in and execute these statements.
# You should do this over a wired connection because some of these changes
# will reset the wireless network.
#
# ssh [email protected]
# cd /tmp
# cat > config.sh
# [paste in the contents of this file, then hit ^D]
# sh config.sh
# Presto! (You should reboot the router when this completes.)
# === Set up the WAN (ge00) interface ==================
# Default is DHCP, this sets it to PPPoE (typical for DSL/ADSL)
# From http://wiki.openwrt.org/doc/howto/internet.connection
# Supply values for DSLUSERNAME and DSLPASSWORD
# and uncomment seven lines
#
# DSLUSERNAME=YOUR-DSL-USERNAME
# DSLPASSWORD=YOUR-DSL-PASSWORD
# uci set network.ge00.proto=pppoe
# uci set network.ge00.username=$DSLUSERNAME
# uci set network.ge00.password=$DSLPASSWORD
# uci commit network
# ifup ge00
# === Update the software packages =============
# Download and update all the interesting packages
# Some of these are pre-installed, but there is no harm in
# updating/installing them a second time.
# opkg update # retrieve updated packages
# opkg install snmpd fprobe # install snmpd & fprobe
# opkg install qos-scripts # install the qos-scripts
# opkg install ppp-mod-pppoe # install PPPoE module
# === Update root password =====================
# Update the root password. Supply new password for NEWPASSWD and
# uncomment six lines.
#
# echo 'Updating root password'
# NEWPASSWD=Beatthebloat
# passwd <<EOF
# $NEWPASSWD
# $NEWPASSWD
# EOF
# === Set the Time Zone ========================
# Set the time zone to non-default (other than UTC)
# Full list of time zones is at:
# http://wiki.openwrt.org/doc/uci/system#time.zones
# Use the URL above to find the desired ZONENAME and TIMEZONE,
# then uncomment seven lines
#
# TIMEZONE='EST5EDT,M3.2.0,M11.1.0'
# ZONENAME='America/New York'
# echo 'Setting timezone to' $TIMEZONE
# uci set system.@system[0].timezone="$TIMEZONE"
# echo 'Setting zone name to' $ZONENAME
# uci set system.@system[0].zonename="$ZONENAME"
# uci commit system
# === Enable SNMP daemon =======================
# SNMP - See this page for more details
# http://www.bufferbloat.net/projects/cerowrt/wiki/Monitoring_CeroWrt
# Enables responses on IPv4 & IPv6 with same read-only community string
# Supply values for COMMUNITYSTRING and uncomment eleven lines.
# COMMUNITYSTRING=public
# echo 'Configuring and starting snmpd'
# uci set snmpd.@agent[0].agentaddress='UDP:161,UDP6:161'
# uci set snmpd.@com2sec[0].community=$COMMUNITYSTRING
# uci add snmpd com2sec6
# uci set snmpd.@com2sec6[-1].secname=ro
# uci set snmpd.@com2sec6[-1].source=default
# uci set snmpd.@com2sec6[-1].community=$COMMUNITYSTRING
# uci commit snmpd
# /etc/init.d/snmpd restart # default snmpd config uses 'public'
# /etc/init.d/snmpd enable # community string for SNMPv1 & SNMPv2c
# === Enable NetFlow export ====================
# NetFlow export
# Start fprobe now to send netflow records to local netflow
# collector at the following address and port (I use http://intermapper.com)
# Supply values for NETFLOWCOLLECTORADRS & NETFLOWCOLLECTORADRS
# and uncomment nine lines
#
# NETFLOWCOLLECTORADRS=192.168.2.13
# NETFLOWCOLLECTORPORT=2055
# echo 'Configuring and starting fprobe...'
# fprobe -i ge00 -f ip -d 15 -e 60 $NETFLOWCOLLECTORADRS':'$NETFLOWCOLLECTORPORT
# Also edit /etc/rc.local to add the same command
# so that it will start after next reboot
# sed -i '$ i\
# fprobe -i ge00 -f ip -d 15 -e 60 NEWIPPORT' /etc/rc.local
# sed -i s#NEWIPPORT#$NETFLOWCOLLECTORADRS:$NETFLOWCOLLECTORPORT#g /etc/rc.local
# === Enable mDNS/ZeroConf =====================
# Enable avahi to relay mDNS queries out the "WAN" port.
# YOU SHOULD NEVER DO THIS if CeroWrt is your primary router - that is, if it's
# connected directly to the Internet, as it will leak private information.
# To enable mDNS, uncomment two lines, and reboot the router afterwards
###
### IF THIS IS YOUR PRIMARY ROUTER, DO NOT DO THIS! ###
### IT COULD LEAK YOUR mDNS NAMES INTO THE INTERNET! ###
### (It's useful if this is your secondary router.) ###
###
# echo 'Enabling mDNS'
# sed -i s/deny-interfaces=ge00/#deny-interfaces=ge00/g /etc/avahi/avahi-daemon.conf
# === Update IP Subnet Ranges ==================
# Changing configuration for Subnets, DNS, SSIDs, etc.
# See this page for details:
# http://www.bufferbloat.net/projects/cerowrt/wiki/Changing_your_cerowrt_ip_addresses
# If you do any of these, you should reboot the router afterwards
#
# Subnet:
# Supply values for NEWIP and REVIP (e.g. 192.168.1 and 1.168.192, respectively)
# in the lines below, then uncomment five lines
#
# NEWIP=your.new.ip
# REVIP=ip.new.your
# echo 'Changing IP subnets to' $NEWIP 'and' $REVIP
# sed -i s#172.30.42#$NEWIP#g /etc/config/*
# === Update local DNS domain ==================
# DNS:
# Supply a desired DNS name for NEWDNS and uncomment three lines
#
# NEWDNS=home.lan
# echo 'Changing local domain to' $NEWDNS
# sed -i s#home.lan#$NEWDNS#g /etc/config/*
# ==============================
# Set Smart Queue Management (SQM) values for your own network
#
# Use a speed test (http://speedtest.net) to determine the speed
# for your own network, then set the values below accordingly
# Speeds below are in kbits per second (3000 = 3 megabits/sec)
# For all the details about setting the SQM for your router, see:
# http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_SQM_for_CeroWrt_310
#
# DOWNLOADSPEED=7000
# UPLOADSPEED=830
# echo 'Setting SQM to' $DOWNLOADSPEED/$UPLOADSPEED 'kbps down/up'
# uci set sqm.ge00.enabled=1
# uci set sqm.ge00.download=$DOWNLOADSPEED
# uci set sqm.ge00.upload=$UPLOADSPEED
# uci set sqm.ge00.script='simple.qos'
# uci set sqm.ge00.qdisc='fq_codel'
# uci commit sqm
# === Update WiFi info for the access point ================
# a) Assign the radio channels
# b) Assign the SSID's
# c) Assign the encryption/passwords
# To see all the wireless info:
# uci show wireless
#
# Default interface indices and SSIDs are:
# 0 - CEROwrt
# 1 - CEROwrt-guest
# 2 - babel (on 2.4GHz)
# 3 - CEROwrt5
# 4 - CEROwrt-guest5
# 5 - babel (on 5GHz)
# === Assign channels for the wireless radios
# Set the channels for the wireless radios
# Radio0 choices are 1..11
# Radio1 choices are 36, 40, 44, 48, 149, 153, 157, 161, 165
# The default HT40+ settings bond 36&40, 44&48, etc.
# Choose 36 or 44 and it'll work fine
# echo 'Setting 2.4 & 5 GHz channels'
# uci set wireless.radio0.channel=6
# uci set wireless.radio1.channel=44
# === Assign the SSID's
# These are the default SSIDs for CeroWrt; no need to set again
# echo 'Setting SSIDs'
# uci set wireless.@wifi-iface[0].ssid=CEROwrt
# uci set wireless.@wifi-iface[1].ssid=CEROwrt-guest
# uci set wireless.@wifi-iface[3].ssid=CEROwrt5
# uci set wireless.@wifi-iface[4].ssid=CEROwrt-guest5
# === Assign the encryption/password ================
# Update the wifi password/security. To see all the wireless info:
# uci show wireless
# The full list of encryption modes is at: (psk2 gives WPA2-PSK)
# http://wiki.openwrt.org/doc/uci/wireless#wpa.modes
# Set WIFIPASSWD and the ENCRMODE, and then uncomment the remaining lines.
#
# echo 'Updating WiFi security information'
# WIFIPASSWD='Beatthebloat'
# ENCRMODE=psk2
# uci set wireless.@wifi-iface[0].key=$WIFIPASSWD
# uci set wireless.@wifi-iface[1].key=$WIFIPASSWD
# uci set wireless.@wifi-iface[3].key=$WIFIPASSWD
# uci set wireless.@wifi-iface[4].key=$WIFIPASSWD
# uci set wireless.@wifi-iface[0].encryption=$ENCRMODE
# uci set wireless.@wifi-iface[1].encryption=$ENCRMODE
# uci set wireless.@wifi-iface[3].encryption=$ENCRMODE
# uci set wireless.@wifi-iface[4].encryption=$ENCRMODE
# uci commit wireless
echo 'You should restart the router now for these changes to take effect...'
# --- end of script ---