Last active
February 27, 2026 18:27
-
-
Save LongQT-sea/631f4df76d39c75d8fd32285c19bf947 to your computer and use it in GitHub Desktop.
UCI defaults template for MT7621
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -x | |
| # SPDX-License-Identifier: GPL-3.0-or-later | |
| # Copyright (C) 2026 LongQT-sea <long025733@gmail.com> | |
| # UCI defaults template for use with https://firmware-selector.openwrt.org/ | |
| # Requires OpenWrt 23.05+ routers with dual-band WiFi (256MB RAM+) | |
| # WWAN_USB_PORT is MT7621-specific, update for other hardware | |
| # Requires these additional packages: | |
| # Esscential: luci-ssl luci-app-ddns ddns-scripts-cloudflare zram-swap adguardhome luci-app-mwan3 ip-full ip-bridge curl | |
| # Full WiFi: -wpad-basic-mbedtls wpad-mbedtls luci-app-usteer kmod-nft-bridge | |
| # MBIM modem: luci-proto-modemmanager kmod-usb-net-cdc-mbim | |
| # Tethering: kmod-usb-net-rndis kmod-usb-net-cdc-ncm kmod-usb-net-ipheth | |
| # AdguardHome admin password: 123123123 | |
| # https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#password-reset | |
| ADGUARD_PASSWD='$2a$10$8zHgApzRmAwO9JitSQuqtu3.Ot.y9AC63clRq9gYzRhSL2dy0z5p.' # Single quotes matter | |
| # https://github.com/openwrt/luci/blob/master/modules/luci-lua-runtime/luasrc/sys/zoneinfo/tzdata.lua | |
| ZONE_NAME="" | |
| TIME_ZONE="" | |
| HOSTNAME="" # Default to OpenWrt if unset | |
| ROOT_PASSWD="" | |
| SSH_PUBLIC_KEY="" | |
| SSH_PASSWD_AUTH="" # off = disable password login (SSH keys auth only) | |
| CLOUDFLARE_API_KEY="api_key" | |
| LOOKUP_HOST="openwrt.example.com" | |
| DOMAIN="openwrt@example.com" | |
| DDNS_ENABLE="" # 1 = enabled Cloudflare DDNS | |
| WIFI_2G_CHANNEL="" | |
| WIFI_5G_CHANNEL="" | |
| WIFI_COUNTRY_CODE="" | |
| WIFI_LOG_LEVEL="" | |
| LAN_VLAN_ID="10" # 1-254 | |
| LAN_IP_PREFIX="192.168.${LAN_VLAN_ID}" | |
| LAN_WIFI_2G="" # Default to $HOSTNAME if unset | |
| LAN_WIFI_5G="" # Default to $HOSTNAME if unset | |
| LAN_WIFI_PASSWD="123123123" | |
| LAN_MOBI_DOMAIN="2402" | |
| GUEST_VLAN_ID="88" # 1-254 | |
| GUEST_IP_PREFIX="192.168.${GUEST_VLAN_ID}" | |
| GUEST_WIFI_2G="" | |
| GUEST_WIFI_5G="" | |
| GUEST_WIFI_PASSWD="12345678" | |
| GUEST_MOBI_DOMAIN="2402" | |
| WAN_VLAN_ID="35" | |
| #WAN_IS_TAGGED="1" # Uncomment to tagged | |
| PPPOE_USERNAME="" # Set to use PPPoE instead of DHCP | |
| PPPOE_PASSWD="" | |
| # Statically assign host with hostname "docker-host" to 192.168.X.111 | |
| # After first boot, go to Network > DHCP > Static Leases and set the DUID for the host named "docker-host" | |
| # The DUID ensures "docker-host" always gets an IPv6 address ending in ::111 (see firewall rule) | |
| STATIC_LEASE_ID="111" | |
| DDNS_HOSTNAME="docker-host" | |
| DUID="" | |
| # Uncomment to enable USB MBIM modem failover | |
| #WWAN_USB_PORT="/sys/devices/platform/1e1c0000.xhci/usb2/2-1" | |
| WWAN_APN="internet" | |
| # Uncomment to enable USB tethering failover (Android/iPhone) | |
| #USB_TETHER_DEV="usb0" | |
| # =================== | |
| # End config section | |
| # =================== | |
| exec >> /root/uci_defaults.log 2>&1 | |
| passwd root >/dev/null 2>&1 <<EOF | |
| $ROOT_PASSWD | |
| $ROOT_PASSWD | |
| EOF | |
| cat > /etc/dropbear/authorized_keys <<EOF | |
| ${SSH_PUBLIC_KEY} | |
| EOF | |
| mkdir -p /etc/profile.d | |
| cat > /etc/profile.d/custom_alias.sh << EOF | |
| alias cl=clear | |
| alias df='df -h' | |
| alias top='top -d 1' | |
| alias ip='ip -c' | |
| alias bridge='bridge -c' | |
| alias du1='du -hd1 2>/dev/null' | |
| EOF | |
| HOSTNAME="${HOSTNAME:-OpenWrt}" | |
| # System config | |
| uci batch << EOF | |
| set system.@system[0].hostname="$HOSTNAME" | |
| set system.@system[0].zonename="$ZONE_NAME" | |
| set system.@system[0].timezone="$TIME_ZONE" | |
| set dropbear.@dropbear[0].PasswordAuth="${SSH_PASSWD_AUTH:-on}" | |
| set dropbear.@dropbear[0].RootPasswordAuth="${SSH_PASSWD_AUTH:-on}" | |
| set uhttpd.main.redirect_https=1 | |
| EOF | |
| # Wifi config | |
| uci batch << EOF | |
| set wireless.radio0.disabled=0 | |
| set wireless.radio0.channel="${WIFI_2G_CHANNEL:-1}" | |
| set wireless.radio0.country="$WIFI_COUNTRY_CODE" | |
| set wireless.radio0.log_level="$WIFI_LOG_LEVEL" | |
| set wireless.radio1.disabled=0 | |
| set wireless.radio1.channel="${WIFI_5G_CHANNEL:-149}" | |
| set wireless.radio1.country="$WIFI_COUNTRY_CODE" | |
| set wireless.radio1.log_level="$WIFI_LOG_LEVEL" | |
| set wireless.default_radio0.ssid="${LAN_WIFI_2G:-$HOSTNAME}" | |
| set wireless.default_radio0.encryption=psk2 | |
| set wireless.default_radio0.key="$LAN_WIFI_PASSWD" | |
| set wireless.default_radio0.ieee80211r=1 | |
| set wireless.default_radio0.mobility_domain='$LAN_MOBI_DOMAIN' | |
| set wireless.default_radio0.ft_over_ds=0 | |
| set wireless.default_radio0.ft_psk_generate_local=1 | |
| set wireless.default_radio0.ieee80211k=1 | |
| set wireless.default_radio0.bss_transition=1 | |
| set wireless.guest_radio0=wifi-iface | |
| set wireless.guest_radio0.device=radio0 | |
| set wireless.guest_radio0.mode=ap | |
| set wireless.guest_radio0.ssid="${GUEST_WIFI_2G:-Free_12345678}" | |
| set wireless.guest_radio0.encryption=psk2 | |
| set wireless.guest_radio0.key="$GUEST_WIFI_PASSWD" | |
| set wireless.guest_radio0.network=guest | |
| set wireless.guest_radio0.ieee80211r=1 | |
| set wireless.guest_radio0.mobility_domain='$GUEST_MOBI_DOMAIN' | |
| set wireless.guest_radio0.ft_over_ds=0 | |
| set wireless.guest_radio0.ft_psk_generate_local=1 | |
| set wireless.guest_radio0.ieee80211k=1 | |
| set wireless.guest_radio0.bss_transition=1 | |
| set wireless.default_radio1.ssid="${LAN_WIFI_5G:-$HOSTNAME}" | |
| set wireless.default_radio1.encryption=psk2 | |
| set wireless.default_radio1.key="$LAN_WIFI_PASSWD" | |
| set wireless.default_radio1.ieee80211r=1 | |
| set wireless.default_radio1.mobility_domain='$LAN_MOBI_DOMAIN' | |
| set wireless.default_radio1.ft_over_ds=0 | |
| set wireless.default_radio1.ft_psk_generate_local=1 | |
| set wireless.default_radio1.ieee80211k=1 | |
| set wireless.default_radio1.bss_transition=1 | |
| set wireless.guest_radio1=wifi-iface | |
| set wireless.guest_radio1.device=radio1 | |
| set wireless.guest_radio1.mode=ap | |
| set wireless.guest_radio1.ssid="${GUEST_WIFI_5G:-Free_12345678}" | |
| set wireless.guest_radio1.encryption=psk2 | |
| set wireless.guest_radio1.key="$GUEST_WIFI_PASSWD" | |
| set wireless.guest_radio1.network=guest | |
| set wireless.guest_radio1.ieee80211r=1 | |
| set wireless.guest_radio1.mobility_domain='$GUEST_MOBI_DOMAIN' | |
| set wireless.guest_radio1.ft_over_ds=0 | |
| set wireless.guest_radio1.ft_psk_generate_local=1 | |
| set wireless.guest_radio1.ieee80211k=1 | |
| set wireless.guest_radio1.bss_transition=1 | |
| # Optimized for high-interference areas | |
| # https://openwrt.org/docs/guide-user/network/wifi/usteer | |
| set usteer.@usteer[0]=usteer | |
| set usteer.@usteer[0].roam_scan_snr='-60' | |
| set usteer.@usteer[0].signal_diff_threshold='6' | |
| set usteer.@usteer[0].band_steering_interval='30000' | |
| set usteer.@usteer[0].band_steering_min_snr='-50' | |
| set usteer.@usteer[0].roam_trigger_snr='-65' | |
| set usteer.@usteer[0].roam_kick_delay='100' | |
| set usteer.@usteer[0].min_snr='-79' | |
| EOF | |
| # For stable IPv6 DNS server | |
| IPV6_LINK_LOCAL=$(ip -6 addr show dev eth0 scope link | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d') | |
| # Safeguard VLAN IDs | |
| { [ "$LAN_VLAN_ID" -lt 1 ] || [ "$LAN_VLAN_ID" -gt 254 ]; } && LAN_VLAN_ID=10 | |
| { [ "$GUEST_VLAN_ID" -lt 1 ] || [ "$GUEST_VLAN_ID" -gt 254 ]; } && GUEST_VLAN_ID=88 | |
| [ "$LAN_VLAN_ID" -eq "$GUEST_VLAN_ID" ] && GUEST_VLAN_ID=88 | |
| LAN_IP_PREFIX="192.168.${LAN_VLAN_ID}" | |
| GUEST_IP_PREFIX="192.168.${GUEST_VLAN_ID}" | |
| DDNS_HOSTNAME="${DDNS_HOSTNAME:-docker-host}" | |
| STATIC_LEASE_ID="${STATIC_LEASE_ID:-111}" | |
| # DHCP and DNS config | |
| # DHCP pool: .10–.99; .100–.254 reserved for static hosts | |
| uci batch << EOF | |
| set dhcp.lan.start=10 | |
| set dhcp.lan.limit=90 | |
| set dhcp.lan.ra_slaac=1 | |
| add_list dhcp.lan.dns=$IPV6_LINK_LOCAL | |
| set dhcp.guest=dhcp | |
| set dhcp.guest.interface='guest' | |
| set dhcp.guest.start=10 | |
| set dhcp.guest.limit=90 | |
| set dhcp.guest.leasetime=1h | |
| del dhcp.wan | |
| add_list dhcp.@dnsmasq[0].interface=lan | |
| add_list dhcp.@dnsmasq[0].interface=guest | |
| add_list dhcp.@dnsmasq[0].rebind_domain=/dns.msftncsi.com/ | |
| set dhcp.@dnsmasq[0].noresolv=1 | |
| set dhcp.@dnsmasq[0].cachesize=0 | |
| set dhcp.@dnsmasq[0].dnsforwardmax=500 | |
| add dhcp host | |
| set dhcp.@host[-1].name='$DDNS_HOSTNAME' | |
| set dhcp.@host[-1].dns=1 | |
| set dhcp.@host[-1].ip='${LAN_IP_PREFIX}.${STATIC_LEASE_ID}' | |
| set dhcp.@host[-1].hostid='$STATIC_LEASE_ID' | |
| set dhcp.@host[-1].duid='$DUID' | |
| # Forward DNS to Adguard Home | |
| add_list dhcp.@dnsmasq[0].server='127.0.0.1#5353' | |
| add_list dhcp.@dnsmasq[0].server='::1#5353' | |
| # Ensure NTP can work without DNS | |
| del system.ntp.server | |
| add_list system.ntp.server="time1.google.com" | |
| add_list system.ntp.server="time2.google.com" | |
| add_list system.ntp.server="time3.google.com" | |
| add_list system.ntp.server="time4.google.com" | |
| EOF | |
| cat >> /etc/hosts << EOF | |
| $IPV6_LINK_LOCAL $HOSTNAME | |
| 216.239.35.0 time1.google.com | |
| 216.239.35.4 time2.google.com | |
| 216.239.35.8 time3.google.com | |
| 216.239.35.12 time4.google.com | |
| 2001:4860:4806:: time1.google.com | |
| 2001:4860:4806:4:: time2.google.com | |
| 2001:4860:4806:8:: time3.google.com | |
| 2001:4860:4806:c:: time4.google.com | |
| EOF | |
| cat > /etc/adguardhome.yaml << EOF | |
| http: | |
| address: 0.0.0.0:3000 | |
| users: | |
| - name: admin | |
| password: $ADGUARD_PASSWD | |
| dns: | |
| bind_hosts: | |
| - 127.0.0.1 | |
| - ::1 | |
| port: 5353 | |
| ratelimit: 500 | |
| upstream_dns: | |
| - https://dns10.quad9.net/dns-query | |
| - https://dns.cloudflare.com/dns-query | |
| - https://dns.google/dns-query | |
| bootstrap_dns: | |
| - 1.0.0.1 | |
| - 2620:fe::fe | |
| fallback_dns: | |
| - 1.1.1.1 | |
| - 2620:fe::9 | |
| cache_size: 4194304 | |
| cache_optimistic: true | |
| use_private_ptr_resolvers: false | |
| use_http3_upstreams: true | |
| querylog: | |
| interval: 72h | |
| size_memory: 300 | |
| clients: | |
| runtime_sources: | |
| rdns: false | |
| log: | |
| enabled: false | |
| schema_version: 28 | |
| EOF | |
| # https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes | |
| cat > /etc/sysctl.d/12-buffer-size.conf << EOF | |
| net.core.rmem_max=7500000 | |
| net.core.wmem_max=7500000 | |
| EOF | |
| # Network config | |
| uci batch << EOF | |
| #uci set network.globals.packet_steering='2' | |
| #uci set network.globals.steering_flows='128' | |
| set network.lan.ipaddr=${LAN_IP_PREFIX}.1 | |
| set network.lan.ip6class='wan6 wwan0_6' | |
| set network.guest=interface | |
| set network.guest.proto=static | |
| set network.guest.ipaddr=${GUEST_IP_PREFIX}.1/24 | |
| set network.wan.metric=5 | |
| set network.wan6.proto=dhcpv6 | |
| set network.wan6.device=@wan | |
| set network.wan6.metric=10 | |
| EOF | |
| if [ -n "$PPPOE_USERNAME" ]; then | |
| uci batch <<-EOF | |
| set network.wan.proto=pppoe | |
| set network.wan.ipv6=0 | |
| set network.wan.username="$PPPOE_USERNAME" | |
| set network.wan.password="$PPPOE_PASSWD" | |
| EOF | |
| fi | |
| if [ -n "$WWAN_USB_PORT" ]; then | |
| uci batch <<-EOF | |
| set network.wwan0=interface | |
| set network.wwan0.proto='modemmanager' | |
| set network.wwan0.device="$WWAN_USB_PORT" | |
| set network.wwan0.iptype='ipv4v6' | |
| set network.wwan0.apn="${WWAN_APN:-internet}" | |
| set network.wwan0.metric='15' | |
| EOF | |
| fi | |
| if [ -n "$USB_TETHER_DEV" ]; then | |
| uci batch <<-EOF | |
| set network.usb0=interface | |
| set network.usb0.proto='dhcp' | |
| set network.usb0.device="$USB_TETHER_DEV" | |
| set network.usb0.metric='20' | |
| EOF | |
| fi | |
| if grep -sq DEVTYPE=dsa /sys/class/net/*/uevent; then | |
| # Only setup VLAN on DSA router | |
| switch_ports="$(uci get network.@device[0].ports) $(uci get network.wan.device)" | |
| for port in $switch_ports; do | |
| case "$port" in | |
| wan*) | |
| if [ -n "$WAN_IS_TAGGED" ]; then | |
| wan_ports="${wan_ports:+$wan_ports }$port:t" | |
| else | |
| wan_ports="${wan_ports:+$wan_ports }$port:u*" | |
| fi | |
| ;; | |
| *) | |
| lan_ports="${lan_ports:+$lan_ports }$port:u*" | |
| guest_ports="${guest_ports:+$guest_ports }$port:t" | |
| ;; | |
| esac | |
| done | |
| uci batch <<-EOF | |
| del network.@device[0].ports | |
| set network.@device[0].name='br-vlan' | |
| set network.@device[0].ports='$switch_ports' | |
| add network bridge-vlan | |
| set network.@bridge-vlan[-1].device='br-vlan' | |
| set network.@bridge-vlan[-1].vlan=${LAN_VLAN_ID} | |
| set network.@bridge-vlan[-1].ports='$lan_ports' | |
| set network.lan.device=br-vlan.${LAN_VLAN_ID} | |
| add network bridge-vlan | |
| set network.@bridge-vlan[-1].device='br-vlan' | |
| set network.@bridge-vlan[-1].vlan=${WAN_VLAN_ID} | |
| set network.@bridge-vlan[-1].ports='$wan_ports' | |
| set network.wan.device=br-vlan.${WAN_VLAN_ID} | |
| add network bridge-vlan | |
| set network.@bridge-vlan[-1].device='br-vlan' | |
| set network.@bridge-vlan[-1].vlan=${GUEST_VLAN_ID} | |
| set network.@bridge-vlan[-1].ports='$guest_ports' | |
| set network.guest.device=br-vlan.${GUEST_VLAN_ID} | |
| EOF | |
| else | |
| # Fallback if non-DSA router | |
| uci batch <<-EOF | |
| set network.br_guest=device | |
| set network.br_guest.type='bridge' | |
| set network.br_guest.name='br-guest' | |
| set network.guest.device=br-guest | |
| EOF | |
| fi | |
| WAN_ZONE="wan wan6" | |
| [ -n "$WWAN_USB_PORT" ] && WAN_ZONE="$WAN_ZONE wwan0" | |
| [ -n "$USB_TETHER_DEV" ] && WAN_ZONE="$WAN_ZONE $USB_TETHER_DEV" | |
| # Firewall config | |
| uci batch << EOF | |
| del firewall.@defaults[0].syn_flood | |
| set firewall.@defaults[0].synflood_protect=1 | |
| set firewall.@defaults[0].flow_offloading=1 | |
| set firewall.@defaults[0].flow_offloading_hw=1 | |
| set firewall.@zone[0].network='lan' | |
| set firewall.@zone[1].network="$WAN_ZONE" | |
| add firewall zone | |
| set firewall.@zone[-1].name=guest | |
| set firewall.@zone[-1].input=REJECT | |
| set firewall.@zone[-1].output=ACCEPT | |
| set firewall.@zone[-1].forward=REJECT | |
| set firewall.@zone[-1].network=guest | |
| set firewall.guest_wan=forwarding | |
| set firewall.guest_wan.src='guest' | |
| set firewall.guest_wan.dest='wan' | |
| add firewall rule | |
| set firewall.@rule[-1].target='ACCEPT' | |
| set firewall.@rule[-1].proto='tcp udp' | |
| set firewall.@rule[-1].dest_port='53' | |
| set firewall.@rule[-1].name='Guest-allow-DNS' | |
| set firewall.@rule[-1].src='guest' | |
| add firewall rule | |
| set firewall.@rule[-1].target='ACCEPT' | |
| set firewall.@rule[-1].dest_port='67' | |
| set firewall.@rule[-1].name='Guest-allow-DHCP' | |
| set firewall.@rule[-1].src='guest' | |
| set firewall.@rule[-1].proto='udp' | |
| add firewall rule | |
| set firewall.@rule[-1].target='ACCEPT' | |
| add_list firewall.@rule[-1].icmp_type='echo-request' | |
| set firewall.@rule[-1].name='Guest-allow-Ping' | |
| set firewall.@rule[-1].src='guest' | |
| add_list firewall.@rule[-1].proto='icmp' | |
| add firewall rule | |
| set firewall.@rule[-1].name=Example-Forward-$DDNS_HOSTNAME | |
| set firewall.@rule[-1].src=wan | |
| set firewall.@rule[-1].dest='lan' | |
| set firewall.@rule[-1].proto='tcp udp' | |
| set firewall.@rule[-1].family=ipv6 | |
| set firewall.@rule[-1].dest_port='80 443' | |
| set firewall.@rule[-1].dest_ip=::${STATIC_LEASE_ID}/-64 | |
| set firewall.@rule[-1].target=ACCEPT | |
| set firewall.@rule[-1].enabled=0 | |
| add firewall redirect | |
| set firewall.@redirect[-1].name=Example-HTTPS-$DDNS_HOSTNAME | |
| set firewall.@redirect[-1].family='ipv4' | |
| set firewall.@redirect[-1].src=wan | |
| set firewall.@redirect[-1].src_dport='443' | |
| set firewall.@redirect[-1].dest=lan | |
| set firewall.@redirect[-1].target=DNAT | |
| set firewall.@redirect[-1].dest_ip=${LAN_IP_PREFIX}.${STATIC_LEASE_ID} | |
| set firewall.@redirect[-1].dest_port='443' | |
| set firewall.@redirect[-1].enabled=0 | |
| add firewall redirect | |
| set firewall.@redirect[-1].name=LAN-Prevent-DNS-leaks | |
| set firewall.@redirect[-1].src=lan | |
| set firewall.@redirect[-1].src_dport=53 | |
| set firewall.@redirect[-1].family=any | |
| set firewall.@redirect[-1].target=DNAT | |
| add firewall redirect | |
| set firewall.@redirect[-1].name=Guest-Prevent-DNS-leaks | |
| set firewall.@redirect[-1].src=guest | |
| set firewall.@redirect[-1].src_dport=53 | |
| set firewall.@redirect[-1].family=any | |
| set firewall.@redirect[-1].target=DNAT | |
| EOF | |
| # DDNS config | |
| uci batch << EOF | |
| del ddns.myddns_ipv4 | |
| del ddns.myddns_ipv6 | |
| set ddns.ipv4=service | |
| set ddns.ipv4.service_name='cloudflare.com-v4' | |
| set ddns.ipv4.lookup_host="$LOOKUP_HOST" | |
| set ddns.ipv4.domain="$DOMAIN" | |
| set ddns.ipv4.username='Bearer' | |
| set ddns.ipv4.password="$CLOUDFLARE_API_KEY" | |
| set ddns.ipv4.use_ipv6=0 | |
| set ddns.ipv4.interface='wan' | |
| set ddns.ipv4.ip_source='network' | |
| set ddns.ipv4.ip_network='wan' | |
| set ddns.ipv4.cacert='/etc/ssl/certs' | |
| set ddns.ipv4.use_https=1 | |
| set ddns.ipv4.enabled=${DDNS_ENABLE:-0} | |
| set ddns.ipv6=service | |
| set ddns.ipv6.service_name='cloudflare.com-v4' | |
| set ddns.ipv6.lookup_host="$LOOKUP_HOST" | |
| set ddns.ipv6.domain="$DOMAIN" | |
| set ddns.ipv6.username='Bearer' | |
| set ddns.ipv6.password="$CLOUDFLARE_API_KEY" | |
| set ddns.ipv6.use_ipv6=1 | |
| set ddns.ipv6.interface='wan6' | |
| set ddns.ipv6.ip_source='script' | |
| set ddns.ipv6.ip_script="/sbin/ipv6-fetcher $DDNS_HOSTNAME" | |
| set ddns.ipv6.cacert='/etc/ssl/certs' | |
| set ddns.ipv6.use_https=1 | |
| set ddns.ipv6.enabled=${DDNS_ENABLE:-0} | |
| EOF | |
| # mwan3 helper script | |
| cat > /sbin/mwan3-iface-add << 'EOF' | |
| #!/bin/sh | |
| IFACE="$1" | |
| FAMILY="${2:-ipv4}" | |
| if [ -z "$IFACE" ]; then | |
| echo "Usage: mwan3-iface-add <interface> [ipv4|ipv6]" && exit 1 | |
| fi | |
| if [ "$FAMILY" = "ipv6" ]; then | |
| TRACK_IP="${3:-2620:fe::fe}" | |
| else | |
| TRACK_IP="${3:-1.1.1.1}" | |
| fi | |
| uci batch << UCIEOF | |
| set mwan3.${IFACE}=interface | |
| set mwan3.${IFACE}.enabled='1' | |
| set mwan3.${IFACE}.family='${FAMILY}' | |
| add_list mwan3.${IFACE}.track_ip='${TRACK_IP}' | |
| set mwan3.${IFACE}_m1_w2=member | |
| set mwan3.${IFACE}_m1_w2.interface='${IFACE}' | |
| set mwan3.${IFACE}_m1_w2.metric='1' | |
| set mwan3.${IFACE}_m1_w2.weight='2' | |
| set mwan3.${IFACE}_only=policy | |
| add_list mwan3.${IFACE}_only.use_member='${IFACE}_m1_w2' | |
| UCIEOF | |
| uci add_list mwan3.balanced.use_member="${IFACE}_m1_w2" | |
| uci commit mwan3 | |
| EOF | |
| chmod +x /sbin/mwan3-iface-add | |
| # Multi-WAN configuration | |
| cat > /etc/config/mwan3 << 'EOF' | |
| config globals 'globals' | |
| option mmx_mask '0x3F00' | |
| config interface 'wan' | |
| option enabled '1' | |
| list track_ip '8.8.8.8' | |
| option family 'ipv4' | |
| option reliability 1 | |
| config interface 'wan6' | |
| option enabled '1' | |
| list track_ip '2620:fe::fe' | |
| option family 'ipv6' | |
| option reliability 1 | |
| config member 'wan_m1_w2' | |
| option interface 'wan' | |
| option metric '1' | |
| option weight '2' | |
| config member 'wan6_m1_w2' | |
| option interface 'wan6' | |
| option metric '1' | |
| option weight '2' | |
| config policy 'wan_only' | |
| list use_member 'wan_m1_w2' | |
| list use_member 'wan6_m1_w2' | |
| config policy 'balanced' | |
| list use_member 'wan_m1_w2' | |
| list use_member 'wan6_m1_w2' | |
| config rule 'https' | |
| option sticky '1' | |
| option dest_port '443' | |
| option proto 'tcp' | |
| option use_policy 'balanced' | |
| config rule 'default_rule_v4' | |
| option dest_ip '0.0.0.0/0' | |
| option use_policy 'balanced' | |
| option family 'ipv4' | |
| config rule 'default_rule_v6' | |
| option dest_ip '::/0' | |
| option use_policy 'balanced' | |
| option family 'ipv6' | |
| EOF | |
| # Failover WAN: USB MBIM modem and USB tethering Android/iPhone | |
| [ -n "$WWAN_USB_PORT" ] && /sbin/mwan3-iface-add wwan0 | |
| [ -n "$USB_TETHER_DEV" ] && /sbin/mwan3-iface-add "$USB_TETHER_DEV" | |
| # IPv6 DDNS helper script | |
| cat > /sbin/ipv6-fetcher << 'EOF' | |
| #!/bin/sh | |
| # Hostname to look up | |
| HOST="${1}" | |
| # Network interface to look up | |
| NET_IF="${2:-lan}" | |
| . /lib/functions/network.sh | |
| network_flush_cache | |
| network_find_wan6 NET_IF6 | |
| network_get_prefix6 NET_PFX6 "${NET_IF6}" | |
| network_get_device NET_DEV "${NET_IF}" | |
| eval $(ubus call dhcp ipv6leases \ | |
| | jsonfilter -e "ADDRS=@['device']\ | |
| ['${NET_DEV}']['leases']\ | |
| [@['hostname']='${HOST}']\ | |
| ['ipv6-addr'][@]['address']") | |
| for ADDR in ${ADDRS} | |
| do | |
| if echo "${ADDR}" | grep -q -e "${NET_PFX6%/*}" | |
| then | |
| echo "${ADDR}" | |
| fi | |
| done | |
| EOF | |
| chmod u+x /sbin/ipv6-fetcher |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment