Last active
March 14, 2024 08:56
-
-
Save HackingGate/b75ac856397075756ea878380c5b848c to your computer and use it in GitHub Desktop.
upgrade ipk on OpenWrt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
VERSION=19.07.7 | |
# Download imagebuilder for R7800. | |
aria2c -c -x4 -s4 https://downloads.openwrt.org/releases/${VERSION}/targets/ipq806x/generic/openwrt-imagebuilder-${VERSION}-ipq806x-generic.Linux-x86_64.tar.xz | |
# Extract & remove used file & cd to the directory | |
tar -xvf openwrt-imagebuilder-${VERSION}-ipq806x-generic.Linux-x86_64.tar.xz | |
rm openwrt-imagebuilder-${VERSION}-ipq806x-generic.Linux-x86_64.tar.xz | |
cd openwrt-imagebuilder-${VERSION}-ipq806x-generic.Linux-x86_64/ | |
# Use https when making image | |
sed -i 's/http:/https:/g' repositories.conf | |
# Make all kernel modules built-in | |
sed -i -e "s/=m/=y/g" build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/linux-ipq806x_generic/linux-*/.config | |
# Run the final build configuration | |
make image PROFILE=netgear_r7800 \ | |
PACKAGES="ca-bundle ca-certificates libustream-openssl -ppp -ppp-mod-pppoe \ | |
uhttpd uhttpd-mod-ubus libiwinfo-lua luci-base luci-app-firewall luci-mod-admin-full luci-theme-bootstrap \ | |
-wpad-mini -wpad-basic wpad-openssl usbutils block-mount e2fsprogs samba4-server luci-app-samba4 \ | |
aria2 luci-app-aria2 ariang stubby curl wget tcpdump kmod-fs-ext4 kmod-usb-storage kmod-usb-storage-uas" | |
# list result | |
ls $PWD/bin/targets/ipq806x/generic |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# To use opkg via https | |
opkg update | |
opkg install ca-bundle ca-certificates libustream-openssl curl wget | |
sed -i 's/http:/https:/g' /etc/opkg/distfeeds.conf | |
# DoH with Dnsmasq and https-dns-proxy | |
# https://openwrt.org/docs/guide-user/services/dns/doh_dnsmasq_https-dns-proxy | |
opkg install https-dns-proxy luci-app-https-dns-proxy | |
# pkg-upgrade.sh | |
wget https://gist.github.com/HackingGate/b75ac856397075756ea878380c5b848c/raw/db404b6028b9136b47192ce90f3520e97a3faa3e/pkg-upgrade.sh | |
chmod +x pkg-upgrade.sh | |
./pkg-upgrade.sh | |
# sys-upgrade.sh | |
wget https://gist.github.com/HackingGate/b75ac856397075756ea878380c5b848c/raw/725c991f7286400e4f0d6ae5f993f8dd17caca90/sys-upgrade.sh | |
chmod +x sys-upgrade.sh | |
./sys-upgrade.sh | |
# Capturing packets | |
opkg install tcpdump | |
# Deploy WPA3 Wi-Fi | |
opkg remove wpad-mini wpad-basic | |
opkg install wpad-openssl | |
/etc/init.d/network restart | |
# Using storage devices | |
opkg update | |
opkg install kmod-usb-storage | |
opkg install kmod-usb-storage-uas | |
opkg install usbutils | |
lsusb -t | |
opkg install block-mount | |
block info | grep "/dev/sd" | |
lsusb -t | |
opkg install e2fsprogs | |
opkg install kmod-fs-ext4 | |
block detect | uci import fstab | |
uci set fstab.@mount[-1].enabled='1' | |
uci set fstab.@global[0].check_fs='1' | |
uci commit fstab | |
uci show fstab | |
service fstab boot | |
# SMB Samba4 | |
opkg install samba4-server | |
opkg install luci-app-samba4 | |
# Aira2 and ariang | |
opkg install aria2 | |
opkg install luci-app-aria2 | |
opkg install ariang |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -e | |
# Force HTTPS | |
sed -i 's/http:/https:/g' /etc/opkg/distfeeds.conf | |
# Update packages | |
opkg update | |
for ipk in $(opkg list-upgradable | awk '$1!~/^base-files|^kmod|^Multiple/{print $1}'); do | |
opkg upgrade $ipk | |
done | |
# Download bt trackers | |
TRACKERS=`curl -s https://raw.githubusercontent.com/ngosang/trackerslist/master/trackers_best.txt \ | |
| tr '\n' ' ' \ | |
| sed 's/ *$//'` | |
echo "Updating /etc/config/aria2 bt_tracker" | |
# Delete config | |
sed -i "/list bt_tracker/d" /etc/config/aria2 | |
# Append config | |
echo -e "\tlist bt_tracker '$TRACKERS'" | tee -a /etc/config/aria2 | |
# Download netboot.xyz | |
wget https://boot.netboot.xyz/ipxe/netboot.xyz.efi -O /root/tftp/netboot.xyz.efi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -e | |
OPENWRT_TAG=`git ls-remote git://github.com/openwrt/openwrt.git | grep -E -o 'v[0-9]+\.[0-9]+\.[0-9]+' | tail -1` | |
OPENWRT_VERSION=`echo ${OPENWRT_TAG} | grep -E -o '[0-9]+\.[0-9]+\.[0-9]+'` | |
rm -f *.manifest manifest.diff | |
# Use sed remove vlmcsd | |
opkg list-installed | sed '/vlmcsd/d' | tee list-installed.manifest | |
wget https://downloads.hackinggate.com/openwrt-${OPENWRT_VERSION}-ipq806x-generic-netgear-r7800/openwrt-${OPENWRT_VERSION}-ipq806x-generic-device-netgear-r7800.manifest | |
diff openwrt-${OPENWRT_VERSION}-ipq806x-generic-device-netgear-r7800.manifest list-installed.manifest | tee manifest.diff | |
FILE1_LINES=`cat manifest.diff | grep '<' | wc -l` | |
FILE2_LINES=`cat manifest.diff | grep '>' | wc -l` | |
# n1 -ge n2 True if the integer n1 is algebraically greater than or equal to the integer n2. | |
# n1 -gt n2 True if the integer n1 is algebraically greater than the integer n2. | |
if [ ${FILE1_LINES} -ge 0 ] && [ ${FILE1_LINES} -eq ${FILE2_LINES} ] | |
then | |
echo "Upgrading to ${OPENWRT_TAG}" | |
rm -f openwrt-${OPENWRT_TAG}-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin | |
wget https://downloads.hackinggate.com/openwrt-${OPENWRT_VERSION}-ipq806x-generic-netgear-r7800/openwrt-${OPENWRT_VERSION}-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin | |
# -o attempt to preserve all changed files in /, except those | |
# from packages but including changed confs. | |
sysupgrade -o openwrt-${OPENWRT_VERSION}-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin | |
fi |
netboot.xyz
cd /root
mkdir tftp
cd tftp
wget https://boot.netboot.xyz/ipxe/netboot.xyz.efi
Edit /etc/config/dhcp
config dnsmasq
...
option enable_tftp '1'
option dhcp_boot 'netboot.xyz.efi'
option tftp_root '/root/tftp'
config dhcp 'lan'
...
list dhcp_option '66,0.0.0.0'
/etc/init.d/dnsmasq restart
Upgrade OpenWrt
auc
Advertise DNS server
/etc/config/dhcp
config dhcp 'lan'
...
list dhcp_option '6,192.168.4.45'
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Block Country IPs
Tutorial for how to boycott CN IPv4 on OpenWrt.
Script from here https://github.com/kravietz/blacklist-scripts
CIDR IP list from my project https://country-ip-blocks.hackinggate.com
OpenWrt Setup
Install
Create
/etc/ip-blacklist.conf
Edit
/etc/firewall.user
I don't have
pppoe-wan
and the blocklist don't work.I replaced
IN_OPT="-i $wan_iface"
withIN_OPT=""
and it works now. (kravietz/blacklist-scripts#6)Activate
Check & Test
Two new sets are added
View blocked CN IPv4 entries
Here's how to use
manual-blacklist
.Block Multi Lists
Example of
/etc/ip-blacklist.conf
All set will name
country-ip-blocks.hac
and override.To fix it. Edit
/etc/firewall.user
. Insert script between the two lines. L116Will be
sh /etc/firewall.user
andipset list -name
will beCheck if there's entries