adminer/OpenWRT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Monthly OpenWrt backup Sun Apr 26 06:26:35 UTC 2026

Browse Source
This commit is contained in:
backup-bot
2026-04-26 06:26:35 +00:00
parent 9201daa20e
commit b9b77bb393
8 changed files with 9271 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bkps/wrt-bkp-10.0.2.210.sh
+1
View File
@@ -0,0 +1 @@
bkps/wrt-bkp-172.16.1.1.sh
+779
View File
@@ -0,0 +1,779 @@
#hostname= Buran_rod
#DISTRIB_DESCRIPTION='OpenWrt 21.02.1 r16325-88151b8303'
#profile = xiaomi_mi-router-3g
#target = ramips
#soc = mt7621
#arch = mipsel_24kc
#Xiaomi Mi Router 3G custom default settings
#----------------------------------------------------
#Generating cmd for install pkg
#----------------------------------------------------
opkg install luci-proto-wireguard
opkg install iwinfo
opkg install cgi-io
opkg install luci-lib-base
opkg install opkg
opkg install luci-app-opkg
opkg install ubus
opkg install rpcd
opkg install luci-lib-ip
opkg install libubus-lua
opkg install kmod-nf-reject6
opkg install libiwinfo-lua
opkg install luci-mod-system
opkg install kmod-nf-flow
opkg install kmod-lib-crc-ccitt
opkg install getrandom
opkg install kmod-gre
opkg install luci-theme-bootstrap
opkg install kmod-pppoe
opkg install kmod-pppox
opkg install luci-app-wireguard
opkg install kmod-ipt-conntrack
opkg install kmod-nf-reject
opkg install base-files
opkg install kmod-nf-nat
opkg install netifd
opkg install uboot-envtools
opkg install dnsmasq
opkg install ubusd
opkg install luci-mod-status
opkg install kmod-pptp
opkg install kmod-usb3
opkg install firewall
opkg install luci-app-firewall
opkg install kmod-nf-ipt
opkg install tcpdump
opkg install ubi-utils
opkg install kmod-ip6tables
opkg install odhcp6c
opkg install fstools
opkg install iptables-mod-ipopt
opkg install uci
opkg install lua
opkg install luci-ssl
opkg install dropbear
opkg install rpcd-mod-file
opkg install mtd
opkg install odhcpd-ipv6only
opkg install libiwinfo-data
opkg install rpcd-mod-luci
opkg install urandom-seed
opkg install luci-proto-ppp
opkg install luci-mod-admin-full
opkg install ppp
opkg install luci-base
opkg install kmod-leds-gpio
opkg install kmod-gpio-button-hotplug
opkg install logd
opkg install kmod-mt7603
opkg install ppp-mod-pptp
opkg install kmod-wireguard
opkg install wireguard-tools
opkg install luci-proto-ipv6
opkg install iptables
opkg install kmod-nf-nathelper-extra
opkg install jshn
opkg install kmod-ipt-core
opkg install kmod-ppp
opkg install uhttpd
opkg install kmod-nf-conntrack
opkg install iptables-mod-conntrack-extra
opkg install usign
opkg install ip6tables
opkg install kmod-nf-ipt6
opkg install luci-lib-nixio
opkg install liblucihttp-lua
opkg install luci-lib-jsonc
opkg install luci
opkg install kmod-nf-conntrack6
opkg install kmod-usb-ledtrig-usbport
opkg install ubox
opkg install kernel
opkg install rpcd-mod-iwinfo
opkg install kmod-mt76x2
opkg install luci-mod-network
opkg install kmod-mppe
opkg install lldpd
opkg install uhttpd-mod-ubus
opkg install fwtool
opkg install jsonfilter
opkg install hostapd-common
opkg install kmod-ipt-offload
opkg install urngd
opkg install kmod-slhc
opkg install iptables-mod-quota2
opkg install rpcd-mod-rrdns
opkg install ppp-mod-pppoe
opkg install kmod-ipt-nat
#----------------------------------------------------
#Generating configuration Xiaomi Mi Router 3G
#----------------------------------------------------
uci -q batch << EOI
set dhcp.@dnsmasq[0]=dnsmasq
set dhcp.@dnsmasq[0].domainneeded='1'
set dhcp.@dnsmasq[0].localise_queries='1'
set dhcp.@dnsmasq[0].rebind_protection='1'
set dhcp.@dnsmasq[0].rebind_localhost='1'
set dhcp.@dnsmasq[0].expandhosts='1'
set dhcp.@dnsmasq[0].authoritative='1'
set dhcp.@dnsmasq[0].readethers='1'
set dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
set dhcp.@dnsmasq[0].localservice='1'
set dhcp.@dnsmasq[0].ednspacket_max='1232'
set dhcp.@dnsmasq[0].local='/pair.lan/'
set dhcp.@dnsmasq[0].domain='pair.lan'
set dhcp.@dnsmasq[0].server='/lan/10.0.254.1'
set dhcp.@dnsmasq[0].address='/lampa.bb.lan/192.168.16.91' '/service.kapka.ru/10.0.254.1' '/service.lan/10.0.254.1' '/loc/10.0.254.1' '/lan/10.0.254.1'
set dhcp.lan=dhcp
set dhcp.lan.interface='lan'
set dhcp.lan.start='100'
set dhcp.lan.limit='150'
set dhcp.lan.leasetime='12h'
set dhcp.lan.dhcpv4='server'
set dhcp.lan.ra_flags='none'
set dhcp.wan=dhcp
set dhcp.wan.interface='wan'
set dhcp.wan.ignore='1'
set dhcp.wan.start='100'
set dhcp.wan.limit='150'
set dhcp.wan.leasetime='12h'
set dhcp.wan.ra_flags='none'
set dhcp.odhcpd=odhcpd
set dhcp.odhcpd.maindhcp='0'
set dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
set dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
set dhcp.odhcpd.loglevel='4'
set dhcp.@host[0]=host
set dhcp.@host[0].name='NPIB41BE2'
set dhcp.@host[0].ip='172.16.1.203'
set dhcp.@host[0].mac='3C:4A:92:B4:1B:E2'
commit dhcp
set dropbear.@dropbear[0]=dropbear
set dropbear.@dropbear[0].PasswordAuth='on'
set dropbear.@dropbear[0].RootPasswordAuth='on'
set dropbear.@dropbear[0].Port='22'
commit dropbear
set firewall.@defaults[0]=defaults
set firewall.@defaults[0].input='ACCEPT'
set firewall.@defaults[0].output='ACCEPT'
set firewall.@defaults[0].forward='REJECT'
set firewall.@defaults[0].synflood_protect='1'
set firewall.lan=zone
set firewall.lan.name='lan'
set firewall.lan.network='lan'
set firewall.lan.input='ACCEPT'
set firewall.lan.output='ACCEPT'
set firewall.lan.forward='ACCEPT'
set firewall.wan=zone
set firewall.wan.name='wan'
set firewall.wan.input='REJECT'
set firewall.wan.output='ACCEPT'
set firewall.wan.forward='REJECT'
set firewall.wan.masq='1'
set firewall.wan.mtu_fix='1'
set firewall.wan.network='wan' 'wan6' 'inet' ''
set firewall.@forwarding[0]=forwarding
set firewall.@forwarding[0].src='lan'
set firewall.@forwarding[0].dest='wan'
set firewall.@rule[0]=rule
set firewall.@rule[0].name='Allow-DHCP-Renew'
set firewall.@rule[0].src='wan'
set firewall.@rule[0].proto='udp'
set firewall.@rule[0].dest_port='68'
set firewall.@rule[0].target='ACCEPT'
set firewall.@rule[0].family='ipv4'
set firewall.@rule[1]=rule
set firewall.@rule[1].name='Allow-Ping'
set firewall.@rule[1].src='wan'
set firewall.@rule[1].proto='icmp'
set firewall.@rule[1].icmp_type='echo-request'
set firewall.@rule[1].family='ipv4'
set firewall.@rule[1].target='ACCEPT'
set firewall.@rule[2]=rule
set firewall.@rule[2].name='Allow-IGMP'
set firewall.@rule[2].src='wan'
set firewall.@rule[2].proto='igmp'
set firewall.@rule[2].family='ipv4'
set firewall.@rule[2].target='ACCEPT'
set firewall.@rule[3]=rule
set firewall.@rule[3].name='Allow-DHCPv6'
set firewall.@rule[3].src='wan'
set firewall.@rule[3].proto='udp'
set firewall.@rule[3].src_ip='fc00::/6'
set firewall.@rule[3].dest_ip='fc00::/6'
set firewall.@rule[3].dest_port='546'
set firewall.@rule[3].family='ipv6'
set firewall.@rule[3].target='ACCEPT'
set firewall.@rule[4]=rule
set firewall.@rule[4].name='Allow-MLD'
set firewall.@rule[4].src='wan'
set firewall.@rule[4].proto='icmp'
set firewall.@rule[4].src_ip='fe80::/10'
set firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
set firewall.@rule[4].family='ipv6'
set firewall.@rule[4].target='ACCEPT'
set firewall.@rule[5]=rule
set firewall.@rule[5].name='Allow-ICMPv6-Input'
set firewall.@rule[5].src='wan'
set firewall.@rule[5].proto='icmp'
set firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
set firewall.@rule[5].limit='1000/sec'
set firewall.@rule[5].family='ipv6'
set firewall.@rule[5].target='ACCEPT'
set firewall.@rule[6]=rule
set firewall.@rule[6].name='Allow-ICMPv6-Forward'
set firewall.@rule[6].src='wan'
set firewall.@rule[6].dest='*'
set firewall.@rule[6].proto='icmp'
set firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
set firewall.@rule[6].limit='1000/sec'
set firewall.@rule[6].family='ipv6'
set firewall.@rule[6].target='ACCEPT'
set firewall.@rule[7]=rule
set firewall.@rule[7].name='Allow-IPSec-ESP'
set firewall.@rule[7].src='wan'
set firewall.@rule[7].dest='lan'
set firewall.@rule[7].proto='esp'
set firewall.@rule[7].target='ACCEPT'
set firewall.@rule[8]=rule
set firewall.@rule[8].name='Allow-ISAKMP'
set firewall.@rule[8].src='wan'
set firewall.@rule[8].dest='lan'
set firewall.@rule[8].dest_port='500'
set firewall.@rule[8].proto='udp'
set firewall.@rule[8].target='ACCEPT'
set firewall.@rule[9]=rule
set firewall.@rule[9].name='Support-UDP-Traceroute'
set firewall.@rule[9].src='wan'
set firewall.@rule[9].dest_port='33434:33689'
set firewall.@rule[9].proto='udp'
set firewall.@rule[9].family='ipv4'
set firewall.@rule[9].target='REJECT'
set firewall.@rule[9].enabled='false'
set firewall.@include[0]=include
set firewall.@include[0].path='/etc/firewall.user'
set firewall.@zone[2]=zone
set firewall.@zone[2].name='wg'
set firewall.@zone[2].input='ACCEPT'
set firewall.@zone[2].output='ACCEPT'
set firewall.@zone[2].forward='REJECT'
set firewall.@zone[2].network='wg13' 'WG5'
set firewall.@forwarding[1]=forwarding
set firewall.@forwarding[1].src='wg'
set firewall.@forwarding[1].dest='lan'
set firewall.@forwarding[2]=forwarding
set firewall.@forwarding[2].src='wg'
set firewall.@forwarding[2].dest='wan'
set firewall.@forwarding[3]=forwarding
set firewall.@forwarding[3].src='lan'
set firewall.@forwarding[3].dest='wg'
commit firewall
set luci.main=core
set luci.main.lang='auto'
set luci.main.mediaurlbase='/luci-static/bootstrap'
set luci.main.resourcebase='/luci-static/resources'
set luci.main.ubuspath='/ubus/'
set luci.flash_keep=extern
set luci.flash_keep.uci='/etc/config/'
set luci.flash_keep.dropbear='/etc/dropbear/'
set luci.flash_keep.openvpn='/etc/openvpn/'
set luci.flash_keep.passwd='/etc/passwd'
set luci.flash_keep.opkg='/etc/opkg.conf'
set luci.flash_keep.firewall='/etc/firewall.user'
set luci.flash_keep.uploads='/lib/uci/upload/'
set luci.languages=internal
set luci.sauth=internal
set luci.sauth.sessionpath='/tmp/luci-sessions'
set luci.sauth.sessiontime='3600'
set luci.ccache=internal
set luci.ccache.enable='1'
set luci.themes=internal
set luci.themes.Bootstrap='/luci-static/bootstrap'
set luci.apply=internal
set luci.apply.rollback='90'
set luci.apply.holdoff='4'
set luci.apply.timeout='5'
set luci.apply.display='1.5'
set luci.diag=internal
set luci.diag.dns='openwrt.org'
set luci.diag.ping='openwrt.org'
set luci.diag.route='openwrt.org'
commit luci
set network.loopback=interface
set network.loopback.device='lo'
set network.loopback.proto='static'
set network.loopback.ipaddr='127.0.0.1'
set network.loopback.netmask='255.0.0.0'
set network.globals=globals
set network.globals.packet_steering='1'
set network.globals.ula_prefix='fd1f:8333:f39f::/48'
set network.@device[0]=device
set network.@device[0].name='br-lan'
set network.@device[0].type='bridge'
set network.@device[0].ports='lan1' 'lan2'
set network.@device[0].ipv6='0'
set network.lan=interface
set network.lan.device='br-lan'
set network.lan.proto='static'
set network.lan.netmask='255.255.255.0'
set network.lan.ip6assign='60'
set network.lan.ipaddr='172.16.1.1'
set network.lan.delegate='0'
set network.wan=interface
set network.wan.device='wan'
set network.wan.proto='static'
set network.wan.netmask='255.255.255.0'
set network.wan.ipaddr='192.168.57.195'
set network.wan.gateway='192.168.57.129'
set network.wan.dns='10.0.254.1' '192.168.57.129' '9.9.9.9'
set network.wan6=interface
set network.wan6.device='wan'
set network.wan6.auto='0'
set network.wan6.proto='none'
set network.wg13=interface
set network.wg13.proto='wireguard'
set network.wg13.delegate='0'
set network.wg13.addresses='10.0.2.14/30'
set network.wg13.private_key='aP5OOWFJpVkC0qzxrBSja7bj+52mrx27XjiQArq1uHw='
set network.@wireguard_wg13[0]=wireguard_wg13
set network.@wireguard_wg13[0].public_key='Ez/9FgQK3VL6knCnCF95A2VTh9lsuMH6HClAy4LMAUQ='
set network.@wireguard_wg13[0].description='muromec'
set network.@wireguard_wg13[0].allowed_ips='0.0.0.0/0'
set network.@wireguard_wg13[0].endpoint_host='muromec.kapka.ru'
set network.@wireguard_wg13[0].endpoint_port='12013'
set network.inet=interface
set network.inet.proto='pptp'
set network.inet.username='pp_SviridovSP'
set network.inet.password='123456'
set network.inet.ipv6='0'
set network.inet.delegate='0'
set network.inet.mtu='1460'
set network.inet.server='192.168.39.1'
set network.inet.auto='0'
set network.@device[1]=device
set network.@device[1].name='eth0'
set network.@device[1].ipv6='0'
set network.@device[2]=device
set network.@device[2].name='wan'
set network.@device[2].macaddr='74:d0:2b:67:0a:0d'
set network.@device[2].ipv6='0'
set network.@wireguard_wg5[0]=wireguard_wg5
set network.@wireguard_wg5[0].description='reut'
set network.@wireguard_wg5[0].allowed_ips='0.0.0.0/0'
set network.WG5=interface
set network.WG5.proto='wireguard'
set network.WG5.addresses='10.0.1.6/30'
set network.WG5.private_key='oCJWf4QTd4fhgs1iosYq0tmNMvyshqjcJr5AcXXN3XA='
set network.@wireguard_WG5[0]=wireguard_WG5
set network.@wireguard_WG5[0].description='turbo.kapka.ru'
set network.@wireguard_WG5[0].endpoint_host='turbo.kapka.ru'
set network.@wireguard_WG5[0].endpoint_port='12105'
set network.@wireguard_WG5[0].allowed_ips='0.0.0.0/0'
set network.@wireguard_WG5[0].public_key='uu5qWom+kaIS/LEakW7wjlFYWPtLrv+5+qxZY1S82mc='
set network.@wireguard_WG5[0].preshared_key='IOF3+lT+4x/hvKfgFwFC7Nly8UnUwy7Grl6w1IC3r1k='
commit network
set rpcd.@rpcd[0]=rpcd
set rpcd.@rpcd[0].socket='/var/run/ubus/ubus.sock'
set rpcd.@rpcd[0].timeout='30'
set rpcd.@login[0]=login
set rpcd.@login[0].username='root'
set rpcd.@login[0].password='$p$root'
set rpcd.@login[0].read='*'
set rpcd.@login[0].write='*'
commit rpcd
set system.@system[0]=system
set system.@system[0].ttylogin='0'
set system.@system[0].log_size='64'
set system.@system[0].urandom_seed='0'
set system.@system[0].compat_version='1.1'
set system.@system[0].hostname='Buran_rod'
set system.@system[0].zonename='Etc/GMT+3'
set system.@system[0].timezone='<-03>3'
set system.@system[0].log_proto='udp'
set system.@system[0].conloglevel='8'
set system.@system[0].cronloglevel='5'
set system.ntp=timeserver
set system.ntp.server='0.openwrt.pool.ntp.org' '1.openwrt.pool.ntp.org' '2.openwrt.pool.ntp.org' '3.openwrt.pool.ntp.org'
commit system
set ubootenv.@ubootenv[0]=ubootenv
set ubootenv.@ubootenv[0].dev='/dev/mtd1'
set ubootenv.@ubootenv[0].offset='0x0'
set ubootenv.@ubootenv[0].envsize='0x1000'
set ubootenv.@ubootenv[0].secsize='0x20000'
commit ubootenv
set ucitrack.@network[0]=network
set ucitrack.@network[0].init='network'
set ucitrack.@network[0].affects='dhcp'
set ucitrack.@wireless[0]=wireless
set ucitrack.@wireless[0].affects='network'
set ucitrack.@firewall[0]=firewall
set ucitrack.@firewall[0].init='firewall'
set ucitrack.@firewall[0].affects='luci-splash' 'qos' 'miniupnpd'
set ucitrack.@olsr[0]=olsr
set ucitrack.@olsr[0].init='olsrd'
set ucitrack.@dhcp[0]=dhcp
set ucitrack.@dhcp[0].init='dnsmasq'
set ucitrack.@dhcp[0].affects='odhcpd'
set ucitrack.@odhcpd[0]=odhcpd
set ucitrack.@odhcpd[0].init='odhcpd'
set ucitrack.@dropbear[0]=dropbear
set ucitrack.@dropbear[0].init='dropbear'
set ucitrack.@httpd[0]=httpd
set ucitrack.@httpd[0].init='httpd'
set ucitrack.@fstab[0]=fstab
set ucitrack.@fstab[0].exec='/sbin/block mount'
set ucitrack.@qos[0]=qos
set ucitrack.@qos[0].init='qos'
set ucitrack.@system[0]=system
set ucitrack.@system[0].init='led'
set ucitrack.@system[0].exec='/etc/init.d/log reload'
set ucitrack.@system[0].affects='luci_statistics' 'dhcp'
set ucitrack.@luci_splash[0]=luci_splash
set ucitrack.@luci_splash[0].init='luci_splash'
set ucitrack.@upnpd[0]=upnpd
set ucitrack.@upnpd[0].init='miniupnpd'
set ucitrack.@ntpclient[0]=ntpclient
set ucitrack.@ntpclient[0].init='ntpclient'
set ucitrack.@samba[0]=samba
set ucitrack.@samba[0].init='samba'
set ucitrack.@tinyproxy[0]=tinyproxy
set ucitrack.@tinyproxy[0].init='tinyproxy'
commit ucitrack
set uhttpd.main=uhttpd
set uhttpd.main.listen_http='0.0.0.0:80' '[::]:80'
set uhttpd.main.listen_https='0.0.0.0:443' '[::]:443'
set uhttpd.main.redirect_https='0'
set uhttpd.main.home='/www'
set uhttpd.main.rfc1918_filter='1'
set uhttpd.main.max_requests='3'
set uhttpd.main.max_connections='100'
set uhttpd.main.cert='/etc/uhttpd.crt'
set uhttpd.main.key='/etc/uhttpd.key'
set uhttpd.main.cgi_prefix='/cgi-bin'
set uhttpd.main.lua_prefix='/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
set uhttpd.main.script_timeout='60'
set uhttpd.main.network_timeout='30'
set uhttpd.main.http_keepalive='20'
set uhttpd.main.tcp_keepalive='1'
set uhttpd.main.ubus_prefix='/ubus'
set uhttpd.defaults=cert
set uhttpd.defaults.days='730'
set uhttpd.defaults.key_type='ec'
set uhttpd.defaults.bits='2048'
set uhttpd.defaults.ec_curve='P-256'
set uhttpd.defaults.country='ZZ'
set uhttpd.defaults.state='Somewhere'
set uhttpd.defaults.location='Unknown'
set uhttpd.defaults.commonname='OpenWrt'
commit uhttpd
set wireless.radio0=wifi-device
set wireless.radio0.type='mac80211'
set wireless.radio0.channel='11'
set wireless.radio0.hwmode='11g'
set wireless.radio0.path='1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
set wireless.radio0.htmode='HT20'
set wireless.radio0.cell_density='0'
set wireless.default_radio0=wifi-iface
set wireless.default_radio0.device='radio0'
set wireless.default_radio0.network='lan'
set wireless.default_radio0.mode='ap'
set wireless.default_radio0.key='23637387581'
set wireless.default_radio0.encryption='sae-mixed'
set wireless.default_radio0.ssid='Buran'
set wireless.radio1=wifi-device
set wireless.radio1.type='mac80211'
set wireless.radio1.channel='36'
set wireless.radio1.hwmode='11a'
set wireless.radio1.path='1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
set wireless.radio1.htmode='VHT80'
set wireless.radio1.cell_density='0'
set wireless.default_radio1=wifi-iface
set wireless.default_radio1.device='radio1'
set wireless.default_radio1.network='lan'
set wireless.default_radio1.mode='ap'
set wireless.default_radio1.ssid='Buran-5G'
set wireless.default_radio1.encryption='sae-mixed'
set wireless.default_radio1.key='23637387581'
commit wireless
EOI
#----------------------------------------------------
#Generating conf file
#----------------------------------------------------
# WARNING: /etc/mosquitto не существует
#Gen file /etc/bird.conf
mkdir -p "/etc"
cat << 'CFGEOF' > "/etc/bird.conf"
#FIG FILE IS NOT A COMPLETE DOCUMENTATION
# PLEASE LOOK IN THE BIRD DOCUMENTATION FOR MORE INFO
# However, most of options used here are just for example
# and will be removed in real-life configs.
log syslog all;
# Override router ID
router id 172.16.1.1;
# Turn on global debugging of all protocols
#debug protocols all;
ipv4 table bgpban;
ipv4 table ospfmy;
#ipv4 table master;
# Define a route filter...
# filter test_filter {
# if net ~ 10.0.0.0/16 then accept;
# else reject;
# }
filter fltOSPF {
if net = 192.168.0.0/16 then reject;
if net = 172.16.0.0/12 then reject;
else accept;
}
# The direct protocol automatically generates device routes to all network
# interfaces. Can exist in as many instances as you wish if you want to
# populate multiple routing tables with device routes. Because device routes
# are handled by Linux kernel, this protocol is usually not needed.
protocol direct {
interface "-wan","-3g-wan1", "*"; # Restrict network interfaces it works with
ipv4;# {
# table ospfmy;
# table bgpban;
#import where net !=0.0.0.0/0;
#export where net !=0.0.0.0/0;
# };
#debug all;
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
# Static routes (again, there can be multiple instances, so that you
# can disable/enable various groups of static routes on the fly).
#protocol static {
# export all; # Default is export none
# route 0.0.0.0/0 via 62.168.0.13;
# route 10.0.0.0/8 reject;
# route 192.168.0.0/16 reject;
#}
#protocol rip {
# disabled;
# import all;
# export all;
# export filter test_filter;
# port 1520;
# period 7;
# infinity 16;
# garbage time 60;
# interface "*" { mode broadcast; };
# honor neighbor;
# honor always;
# honor never;
# authentication none;
#}
######################### OSPF
# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. You can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel ospfMyKern {
ipv4 {
table ospfmy;
# table bgpban;
# import filter fltOSPF;
# import all;
# import where source != RTS_DEVICE;
# export where source != RTS_DEVICE && net !=0.0.0.0/0;
export all;
};
learn; # Learn all alien routes from the kernel
# persist; # Don't remove routes on bird shutdown
scan time 60; # Scan kernel routing table every 20 seconds
# import none; # Default is import all
# import all;
# export all; # Default is export none
# device routes yes;
kernel table 10;
# merge paths switch 16;
metric 10;
#debug all;
}
protocol kernel bgpbanKern {
ipv4 {
table bgpban;
# import all;
export all;
};
learn; # Learn all alien routes from the kernel
# persist; # Don't remove routes on bird shutdown
scan time 60; # Scan kernel routing table every 20 seconds
# import none; # Default is import all
# import all;
# export all; # Default is export none
# device routes yes;
kernel table 11;
# merge paths switch 16;
metric 10;
}
#protocol kernel {
# ipv4 {
# table master4;
## export all;
#import all;
# };
# persist;
# learn;
# scan time 60;
# kernel table 254;
#}
protocol pipe {
table ospfmy;
peer table master4;
# peer table bgpban;
import where net !=0.0.0.0/0;
export where net !=0.0.0.0/0;
#export all;
#export where source != RTS_DEVICE;
#debug all;
}
protocol ospf ASWG {
# disabled;
ipv4 {
table ospfmy;
# import filter fltOSPF;
import all;
export all;
};
# import all;
# export all;
# import filter { print ">>>>>>imp net accepted:", net; accept; };
# export filter { print ">>>>>>exp net accepted:", net; accept; };
# export where source = RTS_STATIC;
area 0 {
# networks {
# 10.0.1.0/24;
# 10.0.2.0/24;
# };
interface "wg13" { #9
cost 60;
hello 10;
retransmit 5;
wait 40;
dead 40;
type pointopoint;
priority 30;
# authentication simple;
# password "pass";
};
interface "wg5" {
cost 5;
hello 10;
retransmit 5;
wait 40;
dead 40;
type pointopoint;
priority 5;
# authentication simple;
# password "pass";
};
};
}
#########################BGP
# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. You can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
#protocol kernel {
# table bgpban;
# learn; # Learn all alien routes from the kernel
# persist; # Don't remove routes on bird shutdown
# scan time 60; # Scan kernel routing table every 20 seconds
# import none; # Default is import all
# import all;
# export all; # Default is export none
#}
protocol bgp {
# disabled;
ipv4 {
table bgpban;
import all;
export all;
};
# import all;
# export all;
# export where source = RTS_STATIC;
local as 65014;
neighbor 10.0.2.13 as 65013;
# multihop 20 via 10.0.2.9;
# multihop;
# hold time 240;
# startup hold time 240;
# connect retry time 120;
# keepalive time 80; # defaults to hold time / 3
# start delay time 5; # How long do we wait before initial connect
# error wait time 60, 300;# Minimum and maximum time we wait after an error (when consecutive
# # errors occur, we increase the delay exponentially ...
# error forget time 300; # ... until this timeout expires)
# disable after error; # Disable the protocol automatically when an error occurs
# next hop self; # Disable next hop processing and always advertise our local address as nexthop
# source address 62.168.0.14; # What local address we use for the TCP connection
# password "secret" # Password used for MD5 authentication
# rr client; # I am a route reflector and the neighor is my client
# rr cluster id 1.0.0.1 # Use this value for cluster id instead of my router id
# };
}
CFGEOF
# WARNING: /etc/bird4.conf не существует
#----------------------------------------------------
#Generating cron
#----------------------------------------------------
#save config to muromec
0 3 * * 1 sh /root/bkpscript/backup_script.sh
bkps/wrt-bkp-172.16.11.4.sh
+1409
View File
File diff suppressed because it is too large Load Diff
bkps/wrt-bkp-172.16.11.7.sh
+2341
View File
File diff suppressed because it is too large Load Diff
bkps/wrt-bkp-172.16.111.7.sh
+2237
View File
File diff suppressed because it is too large Load Diff
bkps/wrt-bkp-172.16.17.1.sh
+699
View File
@@ -0,0 +1,699 @@
#hostname= Buran-vad
#DISTRIB_DESCRIPTION='OpenWrt SNAPSHOT r13406-f166cf9ca0'
#profile = xiaomi_mir3g-v2
#target = mt7621
#soc = packages
#arch = mt7621
#Xiaomi Mi Router 3G v2 custom default settings
#----------------------------------------------------
#Generating cmd for install pkg
#----------------------------------------------------
opkg install luci-proto-wireguard
opkg install iwinfo
opkg install opkg
opkg install ubus
opkg install busybox
opkg install kmod-nf-reject6
opkg install kmod-nf-flow
opkg install kmod-lib-crc-ccitt
opkg install getrandom
opkg install kmod-pppoe
opkg install kmod-pppox
opkg install kmod-ipt-conntrack
opkg install kmod-nf-reject
opkg install base-files
opkg install kmod-nf-nat
opkg install netifd
opkg install dnsmasq
opkg install procd
opkg install ubusd
opkg install firewall
opkg install kmod-nf-ipt
opkg install tcpdump
opkg install ubi-utils
opkg install kmod-ip6tables
opkg install odhcp6c
opkg install fstools
opkg install uci
opkg install dropbear
opkg install mtd
opkg install odhcpd-ipv6only
opkg install urandom-seed
opkg install ppp
opkg install kmod-leds-gpio
opkg install kmod-gpio-button-hotplug
opkg install logd
opkg install kmod-mt7603
opkg install libjson-script
opkg install libblobmsg-json
opkg install iptables
opkg install luci-ssl-nginx
opkg install jshn
opkg install kmod-ipt-core
opkg install kmod-ppp
opkg install kmod-nf-conntrack
opkg install usign
opkg install ip6tables
opkg install kmod-nf-ipt6
opkg install luci
opkg install kmod-nf-conntrack6
opkg install bird1-ipv4-uci
opkg install ubox
opkg install kernel
opkg install libnl-tiny
opkg install kmod-mt76x2
opkg install fwtool
opkg install jsonfilter
opkg install kmod-ipt-offload
opkg install urngd
opkg install kmod-slhc
opkg install ppp-mod-pppoe
opkg install kmod-ipt-nat
#----------------------------------------------------
#Generating configuration Xiaomi Mi Router 3G v2
#----------------------------------------------------
uci -q batch << EOI
set bird4.bird=bird
set bird4.bird.use_UCI_config='0'
set bird4.bird.UCI_config_file='/etc/bird4.conf'
set bird4.global=global
set bird4.global.log_file='/tmp/bird4.log'
set bird4.global.log='all'
set bird4.global.debug='off'
set bird4.@table[0]=table
set bird4.@table[0].name='aux'
set bird4.kernel1=kernel
set bird4.kernel1.table='aux'
set bird4.kernel1.import='all'
set bird4.kernel1.export='all'
set bird4.kernel1.kernel_table='100'
set bird4.kernel1.scan_time='10'
set bird4.kernel1.learn='1'
set bird4.kernel1.persist='0'
set bird4.kernel1.disabled='0'
set bird4.device1=device
set bird4.device1.scan_time='10'
set bird4.device1.disabled='0'
set bird4.static1=static
set bird4.static1.table='aux'
set bird4.static1.disabled='0'
commit bird4
set dhcp.@dnsmasq[0]=dnsmasq
set dhcp.@dnsmasq[0].domainneeded='1'
set dhcp.@dnsmasq[0].localise_queries='1'
set dhcp.@dnsmasq[0].rebind_protection='1'
set dhcp.@dnsmasq[0].rebind_localhost='1'
set dhcp.@dnsmasq[0].expandhosts='1'
set dhcp.@dnsmasq[0].authoritative='1'
set dhcp.@dnsmasq[0].readethers='1'
set dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
set dhcp.@dnsmasq[0].localservice='1'
set dhcp.@dnsmasq[0].allservers='1'
set dhcp.@dnsmasq[0].local='/vad.loc/'
set dhcp.@dnsmasq[0].domain='vad.loc'
set dhcp.@dnsmasq[0].server='/lan/10.0.254.1'
set dhcp.lan=dhcp
set dhcp.lan.interface='lan'
set dhcp.lan.limit='150'
set dhcp.lan.dhcpv6='server'
set dhcp.lan.ra='server'
set dhcp.lan.ra_slaac='1'
set dhcp.lan.ra_flags='managed-config' 'other-config'
set dhcp.lan.start='10'
set dhcp.lan.leasetime='1440h'
set dhcp.lan.ra_management='1'
set dhcp.wan=dhcp
set dhcp.wan.interface='wan'
set dhcp.wan.ignore='1'
set dhcp.odhcpd=odhcpd
set dhcp.odhcpd.maindhcp='0'
set dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
set dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
set dhcp.odhcpd.loglevel='4'
commit dhcp
set dropbear.@dropbear[0]=dropbear
set dropbear.@dropbear[0].PasswordAuth='on'
set dropbear.@dropbear[0].RootPasswordAuth='on'
set dropbear.@dropbear[0].Port='22'
commit dropbear
set firewall.@defaults[0]=defaults
set firewall.@defaults[0].syn_flood='1'
set firewall.@defaults[0].input='ACCEPT'
set firewall.@defaults[0].output='ACCEPT'
set firewall.@defaults[0].forward='REJECT'
set firewall.@zone[0]=zone
set firewall.@zone[0].name='lan'
set firewall.@zone[0].input='ACCEPT'
set firewall.@zone[0].output='ACCEPT'
set firewall.@zone[0].forward='ACCEPT'
set firewall.@zone[0].network='lan'
set firewall.@zone[1]=zone
set firewall.@zone[1].name='wan'
set firewall.@zone[1].network='wan' 'wan6'
set firewall.@zone[1].input='REJECT'
set firewall.@zone[1].output='ACCEPT'
set firewall.@zone[1].forward='REJECT'
set firewall.@zone[1].masq='1'
set firewall.@zone[1].mtu_fix='1'
set firewall.@forwarding[0]=forwarding
set firewall.@forwarding[0].src='lan'
set firewall.@forwarding[0].dest='wan'
set firewall.@rule[0]=rule
set firewall.@rule[0].name='Allow-DHCP-Renew'
set firewall.@rule[0].src='wan'
set firewall.@rule[0].proto='udp'
set firewall.@rule[0].dest_port='68'
set firewall.@rule[0].target='ACCEPT'
set firewall.@rule[0].family='ipv4'
set firewall.@rule[1]=rule
set firewall.@rule[1].name='Allow-Ping'
set firewall.@rule[1].src='wan'
set firewall.@rule[1].proto='icmp'
set firewall.@rule[1].icmp_type='echo-request'
set firewall.@rule[1].family='ipv4'
set firewall.@rule[1].target='ACCEPT'
set firewall.@rule[2]=rule
set firewall.@rule[2].name='Allow-IGMP'
set firewall.@rule[2].src='wan'
set firewall.@rule[2].proto='igmp'
set firewall.@rule[2].family='ipv4'
set firewall.@rule[2].target='ACCEPT'
set firewall.@rule[3]=rule
set firewall.@rule[3].name='Allow-DHCPv6'
set firewall.@rule[3].src='wan'
set firewall.@rule[3].proto='udp'
set firewall.@rule[3].src_ip='fc00::/6'
set firewall.@rule[3].dest_ip='fc00::/6'
set firewall.@rule[3].dest_port='546'
set firewall.@rule[3].family='ipv6'
set firewall.@rule[3].target='ACCEPT'
set firewall.@rule[4]=rule
set firewall.@rule[4].name='Allow-MLD'
set firewall.@rule[4].src='wan'
set firewall.@rule[4].proto='icmp'
set firewall.@rule[4].src_ip='fe80::/10'
set firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
set firewall.@rule[4].family='ipv6'
set firewall.@rule[4].target='ACCEPT'
set firewall.@rule[5]=rule
set firewall.@rule[5].name='Allow-ICMPv6-Input'
set firewall.@rule[5].src='wan'
set firewall.@rule[5].proto='icmp'
set firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
set firewall.@rule[5].limit='1000/sec'
set firewall.@rule[5].family='ipv6'
set firewall.@rule[5].target='ACCEPT'
set firewall.@rule[6]=rule
set firewall.@rule[6].name='Allow-ICMPv6-Forward'
set firewall.@rule[6].src='wan'
set firewall.@rule[6].dest='*'
set firewall.@rule[6].proto='icmp'
set firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
set firewall.@rule[6].limit='1000/sec'
set firewall.@rule[6].family='ipv6'
set firewall.@rule[6].target='ACCEPT'
set firewall.@rule[7]=rule
set firewall.@rule[7].name='Allow-IPSec-ESP'
set firewall.@rule[7].src='wan'
set firewall.@rule[7].dest='lan'
set firewall.@rule[7].proto='esp'
set firewall.@rule[7].target='ACCEPT'
set firewall.@rule[8]=rule
set firewall.@rule[8].name='Allow-ISAKMP'
set firewall.@rule[8].src='wan'
set firewall.@rule[8].dest='lan'
set firewall.@rule[8].dest_port='500'
set firewall.@rule[8].proto='udp'
set firewall.@rule[8].target='ACCEPT'
set firewall.@rule[9]=rule
set firewall.@rule[9].name='Support-UDP-Traceroute'
set firewall.@rule[9].src='wan'
set firewall.@rule[9].dest_port='33434:33689'
set firewall.@rule[9].proto='udp'
set firewall.@rule[9].family='ipv4'
set firewall.@rule[9].target='REJECT'
set firewall.@rule[9].enabled='0'
set firewall.@include[0]=include
set firewall.@include[0].path='/etc/firewall.user'
set firewall.@zone[2]=zone
set firewall.@zone[2].name='wg'
set firewall.@zone[2].input='ACCEPT'
set firewall.@zone[2].output='ACCEPT'
set firewall.@zone[2].forward='ACCEPT'
set firewall.@zone[2].network='wg21 wg13 wg19 wg17 wg9'
set firewall.@forwarding[1]=forwarding
set firewall.@forwarding[1].src='wg'
set firewall.@forwarding[1].dest='lan'
set firewall.@forwarding[2]=forwarding
set firewall.@forwarding[2].src='wg'
set firewall.@forwarding[2].dest='wan'
set firewall.@forwarding[3]=forwarding
set firewall.@forwarding[3].src='lan'
set firewall.@forwarding[3].dest='wg'
set firewall.@rule[10]=rule
set firewall.@rule[10].name='Bereg Allow'
set firewall.@rule[10].src='wan'
set firewall.@rule[10].src_ip='192.168.59.123'
set firewall.@rule[10].target='ACCEPT'
commit firewall
set luci.main=core
set luci.main.lang='auto'
set luci.main.mediaurlbase='/luci-static/bootstrap'
set luci.main.resourcebase='/luci-static/resources'
set luci.main.ubuspath='/ubus/'
set luci.flash_keep=extern
set luci.flash_keep.uci='/etc/config/'
set luci.flash_keep.dropbear='/etc/dropbear/'
set luci.flash_keep.openvpn='/etc/openvpn/'
set luci.flash_keep.passwd='/etc/passwd'
set luci.flash_keep.opkg='/etc/opkg.conf'
set luci.flash_keep.firewall='/etc/firewall.user'
set luci.flash_keep.uploads='/lib/uci/upload/'
set luci.languages=internal
set luci.sauth=internal
set luci.sauth.sessionpath='/tmp/luci-sessions'
set luci.sauth.sessiontime='3600'
set luci.ccache=internal
set luci.ccache.enable='1'
set luci.themes=internal
set luci.themes.Bootstrap='/luci-static/bootstrap'
set luci.apply=internal
set luci.apply.rollback='90'
set luci.apply.holdoff='4'
set luci.apply.timeout='5'
set luci.apply.display='1.5'
set luci.diag=internal
set luci.diag.dns='openwrt.org'
set luci.diag.ping='openwrt.org'
set luci.diag.route='openwrt.org'
commit luci
set network.loopback=interface
set network.loopback.ifname='lo'
set network.loopback.proto='static'
set network.loopback.ipaddr='127.0.0.1'
set network.loopback.netmask='255.0.0.0'
set network.globals=globals
set network.globals.ula_prefix='fd05:470a:0ba9::/48'
set network.lan=interface
set network.lan.type='bridge'
set network.lan.ifname='lan1 lan2'
set network.lan.proto='static'
set network.lan.netmask='255.255.255.0'
set network.lan.ipaddr='172.16.17.1'
set network.lan.delegate='0'
set network.wan=interface
set network.wan.ifname='wan'
set network.wan.proto='static'
set network.wan.netmask='255.255.255.0'
set network.wan.gateway='192.168.58.129'
set network.wan.broadcast='192.168.58.255'
set network.wan.ipaddr='192.168.58.73'
set network.wan.dns='10.0.254.1' '192.168.58.129'
set network.wan6=interface
set network.wan6.ifname='wan'
set network.wan6.proto='none'
set network.wan6.auto='0'
set network.wg17=interface
set network.wg17.proto='wireguard'
set network.wg17.delegate='0'
set network.wg17.addresses='10.0.2.18/30'
set network.wg17.mtu='1420'
set network.wg17.private_key='gK9v8aIWVdrcagpbWCw6fvw+OoaPQcUvwpNi0M+FdXM='
set network.@wireguard_wg17[0]=wireguard_wg17
set network.@wireguard_wg17[0].description='muromec'
set network.@wireguard_wg17[0].allowed_ips='0.0.0.0/0'
set network.@wireguard_wg17[0].endpoint_host='muromec.kapka.ru'
set network.@wireguard_wg17[0].persistent_keepalive='60'
set network.@wireguard_wg17[0].endpoint_port='12017'
set network.@wireguard_wg17[0].public_key='oIra8TLMVSfCD+EZvyjaP/oYC4Jin0hFk/WrsBlhxXA='
set network.wg9=interface
set network.wg9.proto='wireguard'
set network.wg9.private_key='mJydi85I+C/dmX5iEB/i6O2IewTJvGvjZ5Ci1tCQAWU='
set network.wg9.addresses='10.0.1.10/30'
set network.wg9.mtu='1420'
set network.@wireguard_wg9[0]=wireguard_wg9
set network.@wireguard_wg9[0].description='turbo.kapka.ru'
set network.@wireguard_wg9[0].public_key='tTAmlqz5EnZ/FX1s8v6fhNjy9ykOvZ5hghVJ8GcB5kI='
set network.@wireguard_wg9[0].allowed_ips='0.0.0.0/0'
set network.@wireguard_wg9[0].endpoint_host='turbo.kapka.ru'
set network.@wireguard_wg9[0].endpoint_port='12109'
commit network
set rpcd.@rpcd[0]=rpcd
set rpcd.@rpcd[0].socket='/var/run/ubus.sock'
set rpcd.@rpcd[0].timeout='30'
set rpcd.@login[0]=login
set rpcd.@login[0].username='root'
set rpcd.@login[0].password='$p$root'
set rpcd.@login[0].read='*'
set rpcd.@login[0].write='*'
commit rpcd
set system.@system[0]=system
set system.@system[0].ttylogin='0'
set system.@system[0].log_size='64'
set system.@system[0].urandom_seed='0'
set system.@system[0].zonename='Europe/Moscow'
set system.@system[0].timezone='MSK-3'
set system.@system[0].log_proto='udp'
set system.@system[0].conloglevel='8'
set system.@system[0].cronloglevel='5'
set system.@system[0].hostname='Buran-vad'
set system.ntp=timeserver
set system.ntp.server='0.openwrt.pool.ntp.org' '1.openwrt.pool.ntp.org' '2.openwrt.pool.ntp.org' '3.openwrt.pool.ntp.org'
commit system
set ucitrack.@network[0]=network
set ucitrack.@network[0].init='network'
set ucitrack.@network[0].affects='dhcp' 'radvd'
set ucitrack.@wireless[0]=wireless
set ucitrack.@wireless[0].affects='network'
set ucitrack.@firewall[0]=firewall
set ucitrack.@firewall[0].init='firewall'
set ucitrack.@firewall[0].affects='luci-splash' 'qos' 'miniupnpd'
set ucitrack.@olsr[0]=olsr
set ucitrack.@olsr[0].init='olsrd'
set ucitrack.@dhcp[0]=dhcp
set ucitrack.@dhcp[0].init='dnsmasq'
set ucitrack.@dhcp[0].affects='odhcpd'
set ucitrack.@odhcpd[0]=odhcpd
set ucitrack.@odhcpd[0].init='odhcpd'
set ucitrack.@dropbear[0]=dropbear
set ucitrack.@dropbear[0].init='dropbear'
set ucitrack.@httpd[0]=httpd
set ucitrack.@httpd[0].init='httpd'
set ucitrack.@fstab[0]=fstab
set ucitrack.@fstab[0].exec='/sbin/block mount'
set ucitrack.@qos[0]=qos
set ucitrack.@qos[0].init='qos'
set ucitrack.@system[0]=system
set ucitrack.@system[0].init='led'
set ucitrack.@system[0].exec='/etc/init.d/log reload'
set ucitrack.@system[0].affects='luci_statistics' 'dhcp'
set ucitrack.@luci_splash[0]=luci_splash
set ucitrack.@luci_splash[0].init='luci_splash'
set ucitrack.@upnpd[0]=upnpd
set ucitrack.@upnpd[0].init='miniupnpd'
set ucitrack.@ntpclient[0]=ntpclient
set ucitrack.@ntpclient[0].init='ntpclient'
set ucitrack.@samba[0]=samba
set ucitrack.@samba[0].init='samba'
set ucitrack.@tinyproxy[0]=tinyproxy
set ucitrack.@tinyproxy[0].init='tinyproxy'
commit ucitrack
set uhttpd.main=uhttpd
set uhttpd.main.listen_http='0.0.0.0:80' '[::]:80'
set uhttpd.main.listen_https='0.0.0.0:443' '[::]:443'
set uhttpd.main.redirect_https='1'
set uhttpd.main.home='/www'
set uhttpd.main.rfc1918_filter='1'
set uhttpd.main.max_requests='3'
set uhttpd.main.max_connections='100'
set uhttpd.main.cert='/etc/uhttpd.crt'
set uhttpd.main.key='/etc/uhttpd.key'
set uhttpd.main.cgi_prefix='/cgi-bin'
set uhttpd.main.lua_prefix='/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
set uhttpd.main.script_timeout='60'
set uhttpd.main.network_timeout='30'
set uhttpd.main.http_keepalive='20'
set uhttpd.main.tcp_keepalive='1'
set uhttpd.main.ubus_prefix='/ubus'
set uhttpd.defaults=cert
set uhttpd.defaults.days='730'
set uhttpd.defaults.key_type='rsa'
set uhttpd.defaults.bits='2048'
set uhttpd.defaults.ec_curve='P-256'
set uhttpd.defaults.country='ZZ'
set uhttpd.defaults.state='Somewhere'
set uhttpd.defaults.location='Unknown'
set uhttpd.defaults.commonname='OpenWrt'
commit uhttpd
set wireless.radio0=wifi-device
set wireless.radio0.type='mac80211'
set wireless.radio0.hwmode='11g'
set wireless.radio0.path='1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
set wireless.radio0.htmode='HT20'
set wireless.radio0.channel='10'
set wireless.radio0.country='JP'
set wireless.default_radio0=wifi-iface
set wireless.default_radio0.device='radio0'
set wireless.default_radio0.network='lan'
set wireless.default_radio0.mode='ap'
set wireless.default_radio0.encryption='psk2'
set wireless.default_radio0.key='23637387581'
set wireless.default_radio0.ssid='Buran'
set wireless.default_radio0.short_preamble='0'
set wireless.radio1=wifi-device
set wireless.radio1.type='mac80211'
set wireless.radio1.hwmode='11a'
set wireless.radio1.path='1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
set wireless.radio1.htmode='VHT80'
set wireless.radio1.channel='56'
set wireless.radio1.country='JP'
set wireless.default_radio1=wifi-iface
set wireless.default_radio1.device='radio1'
set wireless.default_radio1.network='lan'
set wireless.default_radio1.mode='ap'
set wireless.default_radio1.encryption='psk2'
set wireless.default_radio1.key='23637387581'
set wireless.default_radio1.ssid='Buran-5G'
commit wireless
EOI
#----------------------------------------------------
#Generating conf file
#----------------------------------------------------
# WARNING: /etc/mosquitto не существует
# WARNING: /etc/bird.conf не существует
#Gen file /etc/bird4.conf
mkdir -p "/etc"
cat << 'CFGEOF' > "/etc/bird4.conf"
# THIS CONFIG FILE IS NOT A COMPLETE DOCUMENTATION
# PLEASE LOOK IN THE BIRD DOCUMENTATION FOR MORE INFO
# However, most of options used here are just for example
# and will be removed in real-life configs.
log syslog all;
# Override router ID
router id 172.16.17.1;
# Turn on global debugging of all protocols
#debug protocols all;
table bgpban;
table ospfmy;
#table master;
# Define a route filter...
filter test_filter {
if net = 192.168.0.0/16 then reject;
if net = 172.16.0.0/12 then reject;
else accept;
}
# The direct protocol automatically generates device routes to all network
# interfaces. Can exist in as many instances as you wish if you want to
# populate multiple routing tables with device routes. Because device routes
# are handled by Linux kernel, this protocol is usually not needed.
protocol direct {
interface "-wan", "*"; # Restrict network interfaces it works with
table bgpban;
table ospfmy;
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
# Static routes (again, there can be multiple instances, so that you
# can disable/enable various groups of static routes on the fly).
protocol static {
# export all; # Default is export none
# route 0.0.0.0/0 via 62.168.0.13;
# route 10.0.0.0/8 reject;
# route 192.168.0.0/16 reject;
}
#protocol rip {
# disabled;
# import all;
# export all;
# export filter test_filter;
# port 1520;
# period 7;
# infinity 16;
# garbage time 60;
# interface "*" { mode broadcast; };
# honor neighbor;
# honor always;
# honor never;
# authentication none;
#}
######################### OSPF
# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. You can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel ospfMyKern {
table ospfmy;
# table bgpban;
# learn; # Learn all alien routes from the kernel
# persist; # Don't remove routes on bird shutdown
scan time 60; # Scan kernel routing table every 20 seconds
# import none; # Default is import all
import all;
export all; # Default is export none
# device routes yes;
kernel table 10;
#merge paths switch 16;
metric 10;
}
protocol kernel bgpbanKern {
# table ospfmy;
table bgpban;
# learn; # Learn all alien routes from the kernel
# persist; # Don't remove routes on bird shutdown
scan time 60; # Scan kernel routing table every 20 seconds
# import none; # Default is import all
import all; #COMMENT tis to disable BGP table
export all; # Default is export none
# device routes yes;
kernel table 11;
#merge paths switch 16;
metric 10;
}
#protocol kernel mast {
# table master;
## persist;
# scan time 60;
# learn;
# kernel table 254;
# export all;
#}
#protocol pipe {
# table master;
# peer table ospfmy;
# peer table bgpban;
# import all;
#}
protocol ospf ASWG {
# disabled;
table ospfmy;
import filter test_filter;
export all;
# import filter { print ">>>>>>imp net accepted:", net; accept; };
# export filter { print ">>>>>>exp net accepted:", net; accept; };
# export where source = RTS_STATIC;
area 0 {
# networks {
# 10.0.1.0/24;
# 10.0.2.0/24;
# };
interface "wg17" { #17
cost 60;
hello 10;
retransmit 5;
wait 30;
dead 40;
type pointopoint;
priority 30;
# authentication simple;
# password "pass";
};
interface "wg9" {
cost 5;
hello 10;
retransmit 5;
wait 30;
dead 40;
type pointopoint;
priority 30;
# authentication simple;
# password "pass";
};
};
}
#########################BGP
# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. You can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
#protocol kernel {
# table bgpban;
# learn; # Learn all alien routes from the kernel
# persist; # Don't remove routes on bird shutdown
# scan time 60; # Scan kernel routing table every 20 seconds
# import none; # Default is import all
# import all;
# export all; # Default is export none
#}
protocol bgp {
# disabled;
table bgpban;
import all;
export all;
# export where source = RTS_STATIC;
local as 65018;
neighbor 10.0.2.17 as 65017;
# multihop 20 via 10.0.2.9;
# multihop;
# hold time 240;
# startup hold time 240;
# connect retry time 120;
# keepalive time 80; # defaults to hold time / 3
# start delay time 5; # How long do we wait before initial connect
# error wait time 60, 300;# Minimum and maximum time we wait after an error (when consecutive
# # errors occur, we increase the delay exponentially ...
# error forget time 300; # ... until this timeout expires)
# disable after error; # Disable the protocol automatically when an error occurs
# next hop self; # Disable next hop processing and always advertise our local address as nexthop
# source address 62.168.0.14; # What local address we use for the TCP connection
# password "secret" # Password used for MD5 authentication
# rr client; # I am a route reflector and the neighor is my client
# rr cluster id 1.0.0.1 # Use this value for cluster id instead of my router id
# };
}
CFGEOF
#----------------------------------------------------
#Generating cron
#----------------------------------------------------
3 3 12 12 * /usr/bin/nginx-util 'add_ssl' '_lan'
#save config to muromec
0 3 * * 1 sh /root/bkpscript/backup_script.sh
bkps/wrt-bkp-172.16.21.1.sh
+1
View File
@@ -0,0 +1 @@
bkps/wrt-bkp-172.16.30.1.sh
+1804
View File
File diff suppressed because it is too large Load Diff