mirror/OpenWrtScripts
1
0
Fork 0
mirror of https://github.com/richb-hanover/OpenWrtScripts.git synced 2026-03-30 10:44:32 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Final release of config-spare-router.sh script;

Browse source 
First draft of a "Why...?" document
This commit is contained in:
Rich Brown 2024-09-26 13:29:46 -04:00
parent 2d2e9ded5f
commit c4a5e30e2d
3 changed files with 236 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
README.md
View file

@ -4,19 +4,29 @@ OpenWrtScripts
This is a set of scripts (sometimes also called "Openscripts") that report, configure and measure (and improve) latency in home routers (and everywhere else!)
These scripts work equally well for both [LEDE](https://lede-project.org) and [OpenWrt](https://openwrt.org) and include:
* [getstats.sh](#getstatssh) - a script to collect troubleshooting information that helps to diagnose problems in the OpenWrt distribution.
* [getstats.sh](#getstatssh) - a script to collect troubleshooting
information that helps to diagnose problems in the OpenWrt distribution.
* [opkgscript.sh](#opkgscriptsh) - a script to save the list of
currently-installed packages (say, before a sysupgrade),
and then restore the full set of packages after the upgrade.
* [opkgscript.sh](#opkgscriptsh) - a script to save the list of
currently-installed packages (say, before a sysupgrade),
and then restore the full set of packages after the upgrade.
* [config-openwrt.sh](#config-openwrtsh) - a script to configure the OpenWrt router consistently after flashing factory firmware.
* [config-openwrt.sh](#config-openwrtsh) - a script to configure the
OpenWrt router consistently after flashing factory firmware.
* [betterspeedtest.sh](#betterspeedtestsh) & [netperfrunner.sh](#netperfrunnersh) & [networkhammer.sh](#networkhammersh) - scripts that measure the performance of your router or offer load to the network for testing.
* [config-spare-router.sh](#config-spare-routersh) - Configure a
"spare router" to known settings so it's easy to use in a new setting.
* [idlelatency.sh](#idlelatencysh) - a script to measure the latency of an "idle line" without any additional traffic generation from the script.
* [betterspeedtest.sh](#betterspeedtestsh) &
[netperfrunner.sh](#netperfrunnersh) &
[networkhammer.sh](#networkhammersh) - scripts that measure the
performance of your router or offer load to the network for testing.
* [tunnelbroker.sh](#tunnelbrokersh) - a script to set up a IPv6 6-in-4 tunnel to TunnelBroker.net.
* [idlelatency.sh](#idlelatencysh) - a script to measure the latency of
an "idle line" without any additional traffic generation from the script.
* [tunnelbroker.sh](#tunnelbrokersh) - a script to set up a
IPv6 6-in-4 tunnel to TunnelBroker.net.
These scripts can be saved in the `/usr/lib/OpenWrtScripts` directory.
The easiest way to do this is to use ssh into the router and enter these commands:
@ -67,6 +77,41 @@ Cloned from Malte Forkel's [original script.](https://forum.openwrt.org/viewtopi
`sh opkgscript.sh help` _display full help information for the script_
## [config-spare-router.sh](https://github.com/richb-hanover/OpenWrtScripts/blob/master/config-spare-router.sh)
Configure a "spare router" to known settings so that
it's easy to use in a new situation.
Many of us have a pile of routers that might be passed along to
friends, family, or neighbors.
But they're in an unknown state, and it's a hassle to figure out the
current configuration to reuse them.
This script configures an OpenWrt router to a known state.
It also prints a label that can be taped to the outside of the router
so the next person "to touch it" can log in easily.
When you're taking a router out of service,
reset it, then run this script.
Print the label below and tape it to the router.
It'll be easy to start using it again.
```
=================================================
Device: D-Link DIR-878 A1
OpenWrt: 'OpenWrt 23.05.5 r24106-10cc5fcd00'
Connect to: http://SpareRouter.local
or: ssh root@SpareRouter.local
LAN: 172.30.42.1
User: root
Login PW: SpareRouter
WiFi SSID: SpareRouter
WiFi PW:
Configured: 2024-Sep-26
=================================================
Power Brick Label: D-Link DIR-878 A1
```
## [config-openwrt.sh](https://github.com/richb-hanover/OpenWrtScripts/blob/master/config-openwrt.sh)
The `config-openwrt.sh` script updates the factory settings of OpenWrt to a known-good configuration.

131
Why a Spare Router?.md Normal file
View file

@ -0,0 +1,131 @@
# Why a "Spare Router" Configuration?
Many people who use OpenWrt wind up with unused routers when
they retire one for a newer device.
These are perfectly functioning devices that are perhaps older or missing a certain function.
They could be easily re-used and passed along to friends, family or neighbors.
BUT...
1. The router retains all your personal info:
passwords, certificates, idiosyncratic packages. etc.
2. You can't remember how it was configured, so you
can't even connect to it.
**The remedy:** A "spare router" configuration script that
you can use when you take a router out of service.
It leaves the router with current OpenWrt firmware
configured for Wifi access, and
a known useful set of package to make it easy to reuse.
The script also prints a label that you can attach to
the router so that you can get started quickly the next
time you get it out.
## Usage
When you retire a router from service, run this script. To do this:
* Connect via Ethernet to a LAN port
* Use the LuCI GUI to upgrade the firmware to the latest version.
* When the router starts up again, reset settings to
factory default (**System -> Backup/Flash firmware**)
* Connect to the router via ssh (you'll need an Ethernet connection)
* Run the script (`cd /tmp; cat > config.sh & paste; ^D; sh config.sh`)
* Print the results from the script to make a label. Tape it to the router
* _Pro tip:_ Snip the model number from the "Power Brick Label:" part of the results
and tape it directly to the power brick.
* _Pro tip:_ Place the router and its power brick in a ziploc bag
to keep them together.
The `config-spare-router.sh` script may be run multiple times without bad effect.
When the script completes, it displays configuration like this,
suitable for printing and taping to the router.
```
=================================================
Device: D-Link DIR-878 A1
OpenWrt: 'OpenWrt 23.05.5 r24106-10cc5fcd00'
Connect to: http://SpareRouter.local
or: ssh root@SpareRouter.local
LAN: 172.30.42.1
User: root
Login PW: SpareRouter
WiFi SSID: SpareRouter
WiFi PW:
Configured: 2024-Sep-26
=================================================
Power Brick Label: D-Link DIR-878 A1
```
## When you (re)deploy the router
The default settings are (intentionally) insecure.
Remember to change the following:
* Root password (**System -> Administration**)
* Wifi credentials (**Network -> Wireless**)
* Enable other Wifi radios (**Network -> Wireless**)
* Change the LAN interace as needed (**Network -> Interfaces**)
* (Optional) Configure SQM (**Network -> SQM QoS**)
* (Optional) Change the hostname (**System -> System**)
* (Optional) Install other packages as needed
* (Optional) Travelmate (**Services -> Travelmate**)
Click the **Interface Wizard** button one time
## Rationale for the configuration choices
This script was designed for ease of use.
It presumes that it is being installed on a modern (post-2021)
router that has plenty of RAM and Flash storage, so that size
was not a consideration.
* **Root password:** To make it easy to re-use the router,
the `root` password is set to `SpareRouter`.
There is no need for strong security here, as you will be changing
the password when you set it up in its new location.
* **LAN Address:** The LAN IP address is set to `172.30.42.1`.
This is a
[valid private IP address range](https://en.wikipedia.org/wiki/Private_network)
(like `10...` and `192.168...`) but it is less commonly used.
This means that you can bring the router into virtually any
network environment without concern for IP address conflicts,
then use the LuCI GUI to configure the LAN.
* **Hostname:** is set to "SpareRouter".
Because `umdns` is installed, you can connect using
`http://SpareRouter.local` or `ssh root@SpareRouter.local`
no matter what the LAN IP address is.
* **Wifi settings:** The SSID is of the _first_ radio is set
to `SpareRouter` without encryption.
No other radios are enabled.
As with the root password, there is no need for a strong password,
because you will be changing it immediately.
* **Time Zone:** As a convenience, the time zone is set to `Americas/New York`.
You can use the LuCI GUI to re-configure as needed.
* **Software packages:** The script installs a minimal set of useful
packages that are required to bootstrap a new router.
* **luci** Released versions of OpenWrt already install `luci`,
re-installing does no harm.
* **umdns** To allow the router to advertise its name as "SpareRouter"
(e.g., connect using `ssh root@sparerouter`)
* **luci-app-sqm** All OpenWrt routers should have the SQM package installed
to minimize bufferbloat
* **travelmate** and
* **luci-app-travelmate** This package allows a router to
act as a Wifi repeater.
It also allows you to connect wirelessly to an "upstream router" for
additional downloads without requiring an Ethernet cable for the WAN port.
## Modifications
This script provides a stable platform for re-deploying old routers.
Feel free to make suggestions (create an Issue) for _minimal_ tweaks that
would improve the script. Enjoy!
## Old information
The script also has a large number of lines that are commented out.
These were steps for other packages that are not essential for the "Spare Router".
Feel free to experiment with these sections in your own copy of the script.

91
config-spare-router.sh
View file

@ -37,6 +37,7 @@
# === CONFIGURATION PARAMETERS ===
# Set the variables in this section to be used for configuration
HOSTNAME="SpareRouter"
NEWPASSWD="SpareRouter"
TIMEZONE='EST5EDT,M3.2.0,M11.1.0' # see link to other time zones below
ZONENAME='America/New York'
@ -50,17 +51,24 @@ ENCRMODE='none'
# === Update root password =====================
# Update the root password.
#
echo 'Updating root password'
echo '*** Updating root password'
passwd <<EOF
$NEWPASSWD
$NEWPASSWD
EOF
# === Set the hostname ========================
# Displayed in LuCI GUI also
# ssh root@$HOSTNAME.local and http://$HOSTNAME.local
echo '*** Setting host name'
uci set system.@system[0].hostname=$HOSTNAME
uci commit system
# === Update the LAN address ==================
# Change the default 192.168.1.1 to $LANIPADDRESS
# Make the change in the /etc/config/network file to avoid
# perturbing the SSH session. Reboot at the end of the script
echo "Changing IP address to $LANIPADDRESS"
echo "*** Changing IP address to $LANIPADDRESS"
sed -i s#192.168.1.1#$LANIPADDRESS#g /etc/config/network
# sleep 5
@ -68,55 +76,42 @@ sed -i s#192.168.1.1#$LANIPADDRESS#g /etc/config/network
# Only one radio opened up for access
# Use its default channel
#
echo "Setting Wi-fi Parameters"
echo "*** Setting Wifi Parameters"
uci set wireless.@wifi-iface[0].ssid=$WIFISSID
uci set wireless.@wifi-iface[0].encryption=$ENCRMODE
uci set wireless.@wifi-iface[0].disabled='0'
uci set wireless.@wifi-device[0].disabled='0'
uci commit wireless
# === Update the software packages =============
# Download and update all the interesting packages
# Some of these are pre-installed, but there is no harm in
# updating/installing them a second time.
echo 'Updating software packages'
opkg update # retrieve updated packages
opkg install luci # install the web GUI
opkg install snmpd # install snmpd
opkg install umdns # install mDNS responder
opkg install luci-app-sqm # install the SQM modules to get fq_codel etc
opkg install travelmate # install the travelmate package to be a repeater
opkg install luci-app-travelmate # and its LuCI GUI
# opkg install netperf # install the netperf module for speed testing
# opkg install ppp-mod-pppoe # install PPPoE module
# opkg install avahi-daemon # install the mDNS daemon
# opkg install fprobe # install fprobe netflow exporter
# === Enable SNMP daemon =======================
# Enables responses on IPv4 & IPv6 with same read-only community string
# Supply values for COMMUNITYSTRING and uncomment eleven lines.
echo 'Configuring and starting snmpd'
uci set snmpd.@agent[0].agentaddress='UDP:161,UDP6:161'
uci set snmpd.@com2sec[0].community=$SNMP_COMMUNITYSTRING
uci add snmpd com2sec6
uci set snmpd.@com2sec6[-1].secname=ro
uci set snmpd.@com2sec6[-1].source=default
uci set snmpd.@com2sec6[-1].community=$SNMP_COMMUNITYSTRING
uci commit snmpd
/etc/init.d/snmpd restart # default snmpd config uses 'public'
/etc/init.d/snmpd enable # community string for SNMPv1 & SNMPv2c
# === Set the Time Zone ========================
# Set the time zone to non-default (other than UTC)
# Full list of time zones is at:
# https://github.com/openwrt/luci/blob/master/modules/luci-lua-runtime/luasrc/sys/zoneinfo/tzdata.lua
#
echo 'Setting timezone to' $TIMEZONE
echo "*** Setting timezone to $TIMEZONE"
uci set system.@system[0].timezone="$TIMEZONE"
echo 'Setting zone name to' $ZONENAME
echo "*** Setting zone name to $ZONENAME"
uci set system.@system[0].zonename="$ZONENAME"
uci commit system
# === Update the software packages =============
# Download and update all the interesting packages
# Some of these are pre-installed, but there is no harm in
# updating/installing them a second time.
echo '*** Updating software packages'
opkg -V0 update # retrieve updated packages
opkg -V0 install luci # install the web GUI
opkg -V0 install umdns # install mDNS responder
opkg -V0 install luci-app-sqm # install the SQM modules to get fq_codel etc
opkg -V0 install travelmate # install the travelmate package to be a repeater
opkg -V0 install luci-app-travelmate # and its LuCI GUI
# opkg -V0 install netperf # install the netperf module for speed testing
# opkg -V0 install ppp-mod-pppoe # install PPPoE module
# opkg -V0 install avahi-daemon # install the mDNS daemon
# opkg -V0 install fprobe # install fprobe netflow exporter
# opkg -V0 install snmpd # install snmpd
echo '*** Package update complete'
# === Display Router Config ===================
#
today=$(date +"%Y-%b-%d")
@ -127,19 +122,23 @@ echo ""
echo "Print the following label and tape it to the router..."
echo ""
echo "================================================="
echo " Configured: $today"
echo " Device: $device"
echo " Device: $device"
echo " OpenWrt: $openwrtversion"
echo " Connect to: http://$HOSTNAME.local"
echo " or: ssh root@$HOSTNAME.local"
echo " LAN: $LANIPADDRESS"
echo " User: root"
echo " Login PW: $NEWPASSWD"
echo " WiFi SSID: $WIFISSID"
echo " WiFi PW: $WIFIPASSWD"
echo " Configured: $today"
echo "================================================="
echo ""
echo "Power Brick Label: $device"
echo ""
echo "Rebooting the router now for these changes to take effect..."
echo " You should now make a new connection to $LANIPADDRESS."
echo ""
reboot
@ -174,6 +173,20 @@ reboot
# fprobe -i ge00 -f ip -d 15 -e 60 NEWIPPORT' /etc/rc.local
# sed -i s#NEWIPPORT#$NETFLOWCOLLECTORADRS:$NETFLOWCOLLECTORPORT#g /etc/rc.local
# === Enable SNMP daemon =======================
# Enables responses on IPv4 & IPv6 with same read-only community string
# Supply values for COMMUNITYSTRING and uncomment eleven lines.
# echo '*** Configuring and starting snmpd ***'
# uci set snmpd.@agent[0].agentaddress='UDP:161,UDP6:161'
# uci set snmpd.@com2sec[0].community=$SNMP_COMMUNITYSTRING
# uci add snmpd com2sec6
# uci set snmpd.@com2sec6[-1].secname=ro
# uci set snmpd.@com2sec6[-1].source=default
# uci set snmpd.@com2sec6[-1].community=$SNMP_COMMUNITYSTRING
# uci commit snmpd
# /etc/init.d/snmpd restart # default snmpd config uses 'public'
# /etc/init.d/snmpd enable # community string for SNMPv1 & SNMPv2c
# ==============================
# Set Smart Queue Management (SQM) values for your own network
#