OpenWRT 配置脚本总结

前言

尽管已经在玩OpenWRT很久了,但是配置一个新的路由器,把各种软件都折腾好,还是挺耗费时间和精力的。为了方便配置新的设备以及灾难恢复,对相关的配置进行了一次总结。将配置的每个软件以及功能分别写入到一个脚本中的不同函数中。

阅读本文需要对OpenWRT有一定的基础了解!


环境搭建

在测试脚本的过程中,使用了OpenWRT虚拟机,如何安装OpenWRT虚拟机请参考官方Wiki OpenWrt in VirtualBoxOpenWrt on VMware。默认情况下,OpenWRT会将eth0当作LANeth1当作WAN

eth0(LAN)可以桥接到宿主机的某个环回接口,然后手动配置其IP地址,该IP地址在路由器LAN子网IP地址范围内。注意,不要填写默认网关!,会有什么问题请自行思考,文章末尾会揭示。

eth1(WAN)使用NAT网络或者桥接到物理机的某个网卡访问互联网。


配置脚本

HTTP下载链接配置

在配置过程中,会下载一些脚本以及安装包,因此需要把这些文件上传到某个服务器。当前HTTP下载的地址为http://10.30.7.235

1
HTTP_URL="http://10.30.7.235"

USB

安装USB相关的工具,安装完毕使用fdisk对外接磁盘进行分区操作,然后在网页管理端System -> Mount Points进行挂载。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
usb(){
opkg install block-mount
opkg install kmod-usb-storage
opkg install kmod-usb-storage-extras
opkg install kmod-fs-ext4
opkg install fdisk
opkg install e2fsprogs

block detect > /etc/config/fstab
/etc/init.d/fstab enable
block mount

#### mount block on web
echo "!!!!!!!!!!!!!!!!!!!!!! Attention !!!!!!!!!!!!!!!!!!!!!!"
echo "Please use fdisk to format the usb and mount the block on \"System -> Mount Points\""
}

Transmission

安装Transmission,安装后启动一次transmission-daemon,生成配置文件,然后修改配置文件"rpc-whitelist-enabled": true"rpc-whitelist-enabled": false。然后在命令行上手动启动transmission-daemon,自动启动似乎有些问题。

Transmission内存占用率比较高,为了防止在工作时间影响路由器性能,可以添加定时任务,指定时间段启动Transmission。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
transmission(){
opkg install transmission-daemon
opkg install transmission-cli
opkg install transmission-web
opkg install transmission-remote
opkg install luci-app-transmission

###generate configuration and kill the process
/etc/init.d/transmission start
/etc/init.d/transmission enable

cd && transmission-daemon
sleep 2
killall transmission-daemon

### modify the configuration in /root/.config/transmission-daemon/settings.json
sed -i 's/"rpc-whitelist-enabled": true/"rpc-whitelist-enabled": false/g' /root/.config/transmission-daemon/settings.json

### crontab
cat << EOF >> /etc/crontabs/root

## transmission
0 8 * * * /etc/init.d/transmission stop && killall transmission-daemon
0 21 * * * /etc/init.d/transmission start && cd && transmission-daemon

EOF

echo "!!!!!!!!!!!!!!!!!!!!!! Attention !!!!!!!!!!!!!!!!!!!!!!"
echo "Please start the transmission-daemon later by input the command"
}

Samba

配置Samba服务,注意删除网页管理端 Services -> Network Shares -> Edit Template,删除或者注释掉选项invalid users = root。这里只有root用户配置,若再添加其他用户,请参考 NetGear 刷OpenWRT

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
samba(){
opkg install samba36-server
opkg install luci-app-samba

### set samba root password
smbpasswd -a root

### !!!! set configuration on the web: Services -> Network Shares
### !!!! delete or disable the option : invalid users = root
echo "!!!!!!!!!!!!!!!!!!!!!! Attention !!!!!!!!!!!!!!!!!!!!!!"
echo "set configuration on the web: Services -> Network Shares"
echo "delete or disable the option : Services -> Network Shares"
echo "after above is done, input anything to continue"
read wait

### edit the /etc/config/samba
WORKGROUP_DEF="Garlic"
GLOBAL_SMB_NAME_DEF="Garlic"
GLOBAL_SMB_DES_DEF="Garlic"
SMB_NAME_DEF="Garlic"
SMB_PATH_DEF="/mnt/download"
SMB_USER_DEF="root"

read -p "Please input the workgroup of samba:[$WORKGROUP_DEF]" WORKGROUP
WORKGROUP=${WORKGROUP:-"Garlic"}
read -p "Please input the global name of samba:[$GLOBAL_SMB_NAME_DEF]" GLOBAL_SMB_NAME
GLOBAL_SMB_NAME=${GLOBAL_SMB_NAME:-"Garlic"}
read -p "Please input the description of samba:[$GLOBAL_SMB_DES_DEF]" GLOBAL_SMB_DES
GLOBAL_SMB_DES=${GLOBAL_SMB_DES:-"Garlic"}
read -p "Please input the name of samba:[$SMB_NAME_DEF]" SMB_NAME
SMB_NAME=${SMB_NAME:-"Garlic"}
read -p "Please input the path of samba:[$SMB_PATH_DEF]" SMB_PATH
SMB_PATH=${SMB_PATH:-"/mnt/download"}
read -p "Please input the users of samba:[$SMB_USER_DEF]" SMB_USER
SMB_USER=${SMB_USER:-"root"}

cat << EOF > /etc/config/samba
config samba
option workgroup '$WORKGROUP'
option homes '1'
option name '$GLOBAL_SMB_NAME'
option description '$GLOBAL_SMB_DES'

config sambashare
option name '$SMB_NAME'
option path '$SMB_PATH'
option read_only 'no'
option guest_ok 'no'
option create_mask '0755'
option dir_mask '0755'
option users '$SMB_USER'
EOF

### samba start and statup
/etc/init.d/samba restart
/etc/init.d/samba enable
}

Extra Tools

一些常用工具

  • ip-full 是更易用的网络诊断工具
  • install kmod-nf-nathelper-extra 与路由器接入的客户端连接PPTP VPN相关
  • vim 不必多说
  • htop 是更好用的系统诊断工具
1
2
3
4
5
6
extra_tools(){
opkg install ip-full
opkg install kmod-nf-nathelper-extra
opkg install vim
opkg install htop
}

Across GFW

这里分为两步,首先安装相关的软件包,因为ipset需要重启生效,所以安装后路由器首先要重启

1
2
3
4
5
6
7
8
9
10
across_GFW_S1(){
opkg install iptables-mod-nat-extra
opkg install iptables-mod-tproxy
opkg install ipset
opkg remove dnsmasq
opkg install dnsmasq-full
opkg install coreutils-base64 curl ca-certificates
### !!!! reboot and the ipset take affect
reboot
}

第二步需要配置的涉及到shadowsocks、ipset、iptables、dnsmasq等。其中shadowsocks服务器相关信息,请自行修改。

  • 添加dnsmasq的配置文件,该配置文件利用gfwlist2dnsmasq.sh脚本,每天定时更新
  • 修改shadowsocks配置文件以及启动文件
  • 添加ipset以及iptables的配置,并添加到开机启动中

请自行修改shadowsocks安装包名称!,文本为shadowsocks-libev_2.4.8-2_x86.ipk,因为使用OpenWRT虚拟机是x86架构的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
across_GFW_S2(){
SS_SERVER_DEF="145.176.203.51"
SS_PORT_DEF="3081"
SS_PASSWD_DEF="RootxxOpwrt"

read -p "Please input the IP of shadowsocks server:[$SS_SERVER_DEF]" SS_SERVER
SS_SERVER=${SS_SERVER:-"145.176.203.51"}
read -p "Please input the port of shadowsocks server:[$SS_PORT_DEF]" SS_PORT
SS_PORT=${SS_PORT:-"3081"}
read -p "Please input the password of the port:[$SS_PASSWD_DEF]" SS_PASSWD
SS_PASSWD=${SS_PASSWD:-"RootxxOpwrt"}

### edit the /etc/dnsmasq.conf
echo "conf-dir=/etc/dnsmasq.d">>/etc/dnsmasq.conf
mkdir /etc/dnsmasq.d

### get gfw2dnsmasq and generate dnsmasq configuration
mkdir -p /root/Scripts
cd /root/Scripts
wget $HTTP_URL/Scripts/gfwlist2dnsmasq.sh
chmod u+x *.sh

cd /root/Scripts/ \
&& sh gfwlist2dnsmasq.sh -p 5353 -s redir -o redir-`date "+%Y-%m-%d"`.conf \
&& rm -rf /etc/dnsmasq.d/redir-* \
&& mv redir-`date "+%Y-%m-%d"`.conf /etc/dnsmasq.d/ \
&& /etc/init.d/dnsmasq restart

### crontab
cat << EOF >> /etc/crontabs/root

## gfwlist
0 1 * * * cd /root/Scripts/ \\
&& sh gfwlist2dnsmasq.sh -p 5353 -s redir -o redir-\`date "+%Y-%m-%d"\`.conf \\
&& rm -rf /etc/dnsmasq.d/redir-* \\
&& mv redir-\`date "+%Y-%m-%d"\`.conf /etc/dnsmasq.d/ \\
&& /etc/init.d/dnsmasq restart

EOF

### install shadowsocks
### /etc/shadowsocks.json
cd /tmp
wget $HTTP_URL/opkg/shadowsocks-libev_2.4.8-2_x86.ipk
opkg install shadowsocks-libev_2.4.8-2_x86.ipk

mv /etc/shadowsocks.json /etc/shadowsocks.json.bak
cat << EOF > /etc/shadowsocks.json
{
"server": "$SS_SERVER",
"server_port": $SS_PORT,
"local_port": 1080,
"password": "$SS_PASSWD",
"timeout": 60,
"method": "aes-256-cfb"
}
EOF

### /etc/init.d/shadowsocks
cp /etc/init.d/shadowsocks /etc/init.d/shadowsocks.bak
cat << EOF > /etc/init.d/shadowsocks
#!/bin/sh /etc/rc.common

START=95

SERVICE_USE_PID=1
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
SERVICE_PID_FILE=/var/run/shadowsocks.pid
CONFIG=/etc/shadowsocks.json

start() {
#service_start /usr/bin/ss-local -c \$CONFIG -b 0.0.0.0
service_start /usr/bin/ss-redir -c \$CONFIG -b 0.0.0.0 -u -f \$SERVICE_PID_FILE
service_start /usr/bin/ss-tunnel -c \$CONFIG -b 0.0.0.0 -l 5353 -L 8.8.8.8:53 -u
}

stop() {
#service_stop /usr/bin/ss-local
service_stop /usr/bin/ss-redir
service_stop /usr/bin/ss-tunnel
}
EOF

### enable and start
killall ss-local ss-tunnel ss-redir
/etc/init.d/shadowsocks enable
/etc/init.d/shadowsocks start

### ipset and redirect the dnsmasq domain list
ipset -N redir iphash
iptables -t nat -N shadowsocks
iptables -t mangle -N shadowsocks
iptables -t nat -A shadowsocks -d $SS_SERVER -j RETURN
iptables -t nat -A shadowsocks -d 0.0.0.0/8 -j RETURN
iptables -t nat -A shadowsocks -d 10.0.0.0/8 -j RETURN
iptables -t nat -A shadowsocks -d 127.0.0.0/8 -j RETURN
iptables -t nat -A shadowsocks -d 169.254.0.0/16 -j RETURN
iptables -t nat -A shadowsocks -d 172.16.0.0/12 -j RETURN
iptables -t nat -A shadowsocks -d 192.168.0.0/16 -j RETURN
iptables -t nat -A shadowsocks -d 224.0.0.0/4 -j RETURN
iptables -t nat -A shadowsocks -d 240.0.0.0/4 -j RETURN
iptables -t nat -A shadowsocks -p tcp -m set --match-set redir dst -j REDIRECT --to-ports 1080
iptables -t mangle -A shadowsocks -p udp -m set --match-set redir dst ! --dport 53 -j TPROXY --on-port 1080 --tproxy-mark 0x01/0x01
iptables -t nat -A PREROUTING -p tcp -j shadowsocks
iptables -t mangle -A PREROUTING -j shadowsocks

###ip route && ip rule
ip route add local default dev lo table 100
ip rule add fwmark 0x01/0x01 lookup 100

### startup
sed -i '$d' /etc/rc.local
cat << EOF >> /etc/rc.local

## shadowsocks
ipset -N redir iphash
iptables -t nat -N shadowsocks
iptables -t mangle -N shadowsocks
iptables -t nat -A shadowsocks -d $SS_SERVER -j RETURN
iptables -t nat -A shadowsocks -d 0.0.0.0/8 -j RETURN
iptables -t nat -A shadowsocks -d 10.0.0.0/8 -j RETURN
iptables -t nat -A shadowsocks -d 127.0.0.0/8 -j RETURN
iptables -t nat -A shadowsocks -d 169.254.0.0/16 -j RETURN
iptables -t nat -A shadowsocks -d 172.16.0.0/12 -j RETURN
iptables -t nat -A shadowsocks -d 192.168.0.0/16 -j RETURN
iptables -t nat -A shadowsocks -d 224.0.0.0/4 -j RETURN
iptables -t nat -A shadowsocks -d 240.0.0.0/4 -j RETURN
iptables -t nat -A shadowsocks -p tcp -m set --match-set redir dst -j REDIRECT --to-ports 1080
iptables -t mangle -A shadowsocks -p udp -m set --match-set redir dst ! --dport 53 -j TPROXY --on-port 1080 --tproxy-mark 0x01/0x01
iptables -t nat -A PREROUTING -p tcp -j shadowsocks
iptables -t mangle -A PREROUTING -j shadowsocks
ip route add local default dev lo table 100
ip rule add fwmark 0x01/0x01 lookup 100

exit 0
EOF
}

Logs

OpenWRT本机不保存日志的,可以选择配置日志服务器等方式,不过本文的方式比较简单,直接把logread的结果保存到外接磁盘中。并使用log.sh脚本对日志结果进行筛选。将日志保存的命令添加到开机启动中。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
logs(){
LOG_PATH_DEF="/mnt/download/Logs"
MAX_FILE_SIZE_DEF="10485760"

read -p "Please input the path of logs:[$LOG_PATH_DEF]" LOG_PATH
LOG_PATH=${LOG_PATH:-"/mnt/download/Logs"}
read -p "Please input the max size of log file:[$MAX_FILE_SIZE_DEF]" MAX_FILE_SIZE
MAX_FILE_SIZE=${MAX_FILE_SIZE:-"/mnt/download/Logs"}

mkdir -p $MAX_FILE_SIZE
cd /root/Scripts
wget $HTTP_URL/Scripts/log.sh
chmod u+x *.sh
sed -i "s#/mnt/download/Logs/#$LOG_PATH#g" log.sh
sed -i "s#10485760#$MAX_FILE_SIZE#g" log.sh

logread >> $LOG_PATH/sys.log
logread -f >> $LOG_PATH/sys.log &

### startup
sed -i '$d' /etc/rc.local
cat << EOF >> /etc/rc.local

## log
logread >> $LOG_PATH/sys.log
logread -f >> $LOG_PATH/sys.log &

exit 0
EOF

### crontab
cat << EOF >> /etc/crontabs/root

## log
0 */1 * * * sh /root/Scripts/log.sh

EOF
}

IPv6

IPv6的配置方式有两种,两种方式孰优孰劣,在之前的文章 OpenWRT IPv6 三种配置方式 中已经讨论过。下文为relay模式。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
ipv6_relay(){
### ipv6 relay

sed -i '/ula_prefix/d' /etc/config/network
sed -i "s/option dhcpv6 'server'/option dhcpv6 'relay'/g" /etc/config/dhcp
sed -i "s/option ra 'server'/option ra 'relay'/g" /etc/config/dhcp
sed -i "/option ra/a\ \ \ \ \ \ \ \ \option ndp 'relay'" /etc/config/dhcp

cat << EOF >> /etc/config/dhcp

config dhcp 'wan6'
option interfere 'wan'
option ra 'relay'
option dhcpv6 'relay'
option ndp 'relay'
option master '1'
EOF

/etc/init.d/odhcpd restart

## startup
sed -i '$d' /etc/rc.local
cat << EOF >> /etc/rc.local

## odhcpd
sleep 5
/etc/init.d/odhcpd restart

exit 0
EOF
}

下文为穿透模式

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
ipv6_bridge(){
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop

sed -i '/ula_prefix/d' /etc/config/network
WAN_INTERFACE=`uci get network.wan.ifname`
opkg install ebtables
ebtables -t broute -A BROUTING -p ! ipv6 -j DROP -i $WAN_INTERFACE
brctl addif br-lan $WAN_INTERFACE

## startup
sed -i '$d' /etc/rc.local
cat << EOF >> /etc/rc.local

### ipv6 bridge
ebtables -t broute -A BROUTING -p ! ipv6 -j DROP -i $WAN_INTERFACE
brctl addif br-lan $WAN_INTERFACE

exit 0
EOF
}

Tinc

tinc涉及的配置比较多,总结下主要步骤为,更多配置细节请参考 OpenWRT Tinc配置

  • 安装软件,修改配置文件/etc/config/tinc
  • 初始化运行,生成公私钥对文件
  • 添加tinc虚拟机网卡、启动以及停止的脚本
  • 添加连接对象的公钥文件
  • 添加防火墙配置并重启启动tinc服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
tinc(){
TINC_NAME_DEF="netgear"
TINC_INTERFACE_DEF="tun0"
TINC_PORT_DEF="6565"
TINC_SUBNET_DEF="192.168.3.0/24"
TINC_INTERFACE_IP_DEF="172.16.1.3"
WAN6_IP_DEF="2001:cc0:2020:3020:2ac6:8eff:fe21:8497"
WAN_IP=`uci get network.wan6.ipaddr`

read -p "Please input the name of tinc vpn:[$TINC_NAME_DEF]" TINC_NAME
TINC_NAME=${TINC_NAME:-"netgear"}
read -p "Please input the interface of tinc vpn:[$TINC_INTERFACE_DEF]" TINC_INTERFACE
TINC_INTERFACE=${TINC_INTERFACE:-"tun0"}
read -p "Please input the port of tinc vpn:[$TINC_PORT_DEF]" TINC_PORT
TINC_PORT=${TINC_PORT:-"6565"}
read -p "Please input the subnet that will be advertised of tinc vpn:[$TINC_SUBNET_DEF]" TINC_SUBNET
TINC_SUBNET=${TINC_SUBNET:-"192.168.3.0/24"}
read -p "Please input the ip of interface of tinc vpn:[$TINC_INTERFACE_IP_DEF]" TINC_INTERFACE_IP
TINC_INTERFACE_IP=${TINC_INTERFACE_IP:-"172.16.1.3"}
read -p "Please input the wan ip:[$WAN6_IP_DEF]" WAN6_IP
WAN6_IP=${WAN6_IP:-"172.16.1.3"}

opkg install tinc
cd /etc/config/
mv tinc tinc.bak

### !!!!! add the list ConnectTo $TINC_CONNECT_TO
cat << EOF >> tinc
config tinc-net tinc
option enabled 1

## Daemon Configuration (cmd arguments)
option generate_keys 1
option key_size 2048
option logfile /tmp/log/tinc.tinc.log
option debug 0

## Server Configuration (tinc.conf)
option AddressFamily any

#list ConnectTo host1
#list ConnectTo host2

#option DirectOnly 0
option GraphDumpFile /tmp/log/tinc.tinc.dot
option Interface $TINC_INTERFACE
option Name $TINC_NAME
option PrivateKeyFile /etc/tinc/tinc/rsa_key.priv

config tinc-host $TINC_NAME
option enabled 1
option net tinc
option Port $TINC_PORT
option Subnet $TINC_SUBNET
EOF

echo "!!!!!!!!!!!!!!!!!!!!!! Attention !!!!!!!!!!!!!!!!!!!!!!"
echo "Please edit the /etc/config/tinc and edit the list \"list ConnectTo host2\""
echo "Please input anything to continue"
read wait

cat << EOF >> /etc/config/network

config interface 'tinc'
option ifname '$TINC_INTERFACE'
option defaultroute '0'
option peerdns '0'
option proto 'none'
EOF

### start and generate tinc/rsa_key.priv tinc/hosts/$TINC_NAME
/etc/init.d/tinc start

cd /etc/tinc/tinc

cat << EOF >> tinc-down
#!/bin/sh
ip link set \$INTERFACE down
EOF

### !!!!! edit the route items
cat << EOF >> tinc-up
#!/bin/sh
ip='$TINC_INTERFACE_IP'
ip link set \$INTERFACE up
ip addr add \$ip/24 dev \$INTERFACE
ip route add 192.168.1.0/24 dev \$INTERFACE
ip route add 192.168.2.0/24 dev \$INTERFACE
EOF

echo "!!!!!!!!!!!!!!!!!!!!!! Attention !!!!!!!!!!!!!!!!!!!!!!"
echo "Please edit the /etc/tinc/tinc/tinc-up and edit the list \"ip route\""
echo "Please input anything to continue"
read wait

chmod u+x tinc-*

### edit /etc/tinc/tinc/hosts/$TINC_NAME
sed -i "1i Port = $TINC_PORT" hosts/$TINC_NAME
sed -i "1i Subnet = $TINC_INTERFACE_IP/32" hosts/$TINC_NAME

### add route items
sed -i "1i Subnet = $TINC_SUBNET" hosts/$TINC_NAME

### add WAN ip
sed -i "1i Address = $WAN6_IP" hosts/$TINC_NAME
sed -i "1i Address = $WAN_IP" hosts/$TINC_NAME

echo "!!!!!!!!!!!!!!!!!!!!!! Attention !!!!!!!!!!!!!!!!!!!!!!"
echo "add the ConnectTo host's public key to the folder hosts"
echo "create new firewall zone tinc"
echo "add interface tun0 to the firewall zone of tinc"
echo "add the firewall items about tinc port "
echo "Please input anything to continue"
read wait
### !!!! add the ConnectTo host's public key to the folder hosts
### !!!! create new firewall zone tinc
### !!!! add interface tun0 to the firewall zone of tinc
### !!!! add the firewall items about tinc port

### enable and restart tinc
/etc/init.d/tinc enable
/etc/init.d/tinc restart

### startup
sed -i '$d' /etc/rc.local
cat << EOF >> /etc/rc.local

## tinc
/etc/init.d/tinc restart

exit 0
EOF
}

Python

安装python,一般选择安装外接磁盘

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
python_install(){
DEST_DEF="/mnt/download/packages"

read -p "Please input dest of opkg :[$DEST_DEF]" DEST
DEST=${DEST:-"/mnt/download/packages"}

echo "dest usb $DEST" >> /etc/opkg.conf
mkdir -p $DEST
opkg --dest usb install python
ln -s $DEST/usr/bin/python /usr/bin/python
ln -s $DEST/usr/lib/libpython2.7.so.1.0 /usr/lib/libpython2.7.so.1.0

### !!! copy site-packages, $DEST/usr/lib/python2.7/site-packages
cd $DEST/usr/lib/python2.7/site-packages
wget $HTTP_URL/site-packages/site-packages.tar.gz
tar xvzf site-packages.tar.gz
rm -rf site-packages.tar.gz
}

IPv6 hosts

定期更新路由器的IPv6 hosts,若无IPv6网络环境,请跳过

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
hosts_update(){
mkdir -p /root/Scripts/hosts
cd /root/Scripts
wget $HTTP_URL/Scripts/gethosts.sh
chmod u+x *.sh
./gethosts.sh

### crontab
cat << EOF >> /etc/crontabs/root

## hosts update
0 1 */7 * * sh /root/Scripts/gethosts.sh
0 0 1 */12 * rm -rf /root/Scripts/hosts/hosts.*

EOF
}

Network Authentication

ICT、UCAS的网络验证脚本,自动检测网络连接然后调用python脚本验证网络

ICT

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
ict_network(){
mkdir -p /root/Scripts/ict
cd /root/Scripts/ict
wget $HTTP_URL/Scripts/ict/auth.py
wget $HTTP_URL/Scripts/ict/monitoring.sh
chmod u+x *.sh

### startup
sed -i '$d' /etc/rc.local
cat << EOF >> /etc/rc.local

## ict network authentication
sh /root/Scripts/ict/monitoring.sh

exit 0
EOF

### crontab
cat << EOF >> /etc/crontabs/root

## connect to Internet
0,10,20,30,40,50 * * * * sh /root/Scripts/ict/monitoring.sh
0 0 1 */1 * echo "" > /root/Scripts/ict/network.log

EOF
}

UCAS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
ucas_network(){
mkdir -p /root/Scripts/ucas
cd /root/Scripts/ucas
wget $HTTP_URL/Scripts/ucas/account.txt
wget $HTTP_URL/Scripts/ucas/Login.py
wget $HTTP_URL/Scripts/ucas/Login-full.py
wget $HTTP_URL/Scripts/ucas/monitoring.sh
chmod u+x *.sh *.py

### startup
sed -i '$d' /etc/rc.local
cat << EOF >> /etc/rc.local

## ucas network authentication
sh /root/Scripts/ucas/monitoring.sh

exit 0
EOF

### crontab
cat << EOF >> /etc/crontabs/root

## connect to Internet
0,10,20,30,40,50 * * * * sh /root/Scripts/ucas/monitoring.sh
0 0 1 */1 * echo "" > /root/Scripts/ucas/network.log

EOF
}

汇总调用脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
step_done(){
cat /root/step | while read line
do
#echo $line
if [[ $line == $1 ]];then
return 1
fi
done
}

echo "!!! opkg updating !!!"
#rm -rf /root/step
touch /root/step
opkg update
for i in `seq 20`
do
echo "============================================================================"
echo "| OpenWRT Software Install Wizard |"
echo "| usb : 1 transmission : 2 samba : 3 |"
echo "| extra_tools : 4 across_GFW_S1 : 5.1 across_GFW_S2: 5.2 |"
echo "| logs : 6 ipv6_relay : 7.1 ipv6_bridge : 7.2 |"
echo "| tinc : 8 python_install: 9 hosts_update : 10 |"
echo "| ucas_network : 11.1 ict_network : 11.2 QUIT : 0 |"
echo "============================================================================"
echo -e "Input your choice:\c "
read opt
case $opt in
"1")
step_done "1"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
usb
echo "1" >> /root/step
fi
;;
"2")
step_done "2"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
transmission
echo "2" >> /root/step
fi
;;
"3")
step_done "3"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
samba
echo "3" >> /root/step
fi
;;
"4")
step_done "4"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
extra_tools
echo "4" >> /root/step
fi
;;
"5.1")
step_done "5.1"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
across_GFW_S1
echo "5.1" >> /root/step
fi
;;
"5.2")
step_done "5.2"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
across_GFW_S2
echo "5.2" >> /root/step
fi
;;
"6")
step_done "6"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
logs
echo "6" >> /root/step
fi
;;
"7.1")
step_done "7.1"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
ipv6_relay
echo "7.1" >> /root/step
fi
;;
"7.2")
step_done "7.2"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
ipv6_bridge
echo "7.2" >> /root/step
fi
;;
"8")
step_done "8"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
tinc
echo "8" >> /root/step
fi
;;
"9")
step_done "9"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
python_install
echo "9" >> /root/step
fi
;;
"10")
step_done "10"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
host_update
echo "10" >> /root/step
fi
;;
"11.1")
step_done "11.1"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
ucas_network
echo "11.1" >> /root/step
fi
;;
"11.2")
step_done "11.2"
re=$?
if [[ "$re" = "1" ]];then
echo "You have run the step!"
else
ict_network
echo "11.2" >> /root/step
fi
;;
"0")
i=20
;;
*)
echo "Invalid Option!"
;;
esac
done

结语

  • 为什么要手动设置桥接到OpenWRT虚拟机LAN口的换回接口的IP地址?如果添加网关,会修改宿主机的默认路由,这样影响了宿主机的访问因特网的路由。

  • 完整的脚本以及软件包链接如下

  • htop无法启动 错误提示为Error opening terminal: xterm.

    • 因为先在USB上安装python,导致libncurses安装在usb设备上,进而导致terminfo也被安装在usb设备上,因此在根木下的/usr/share/下无terminfo相关的文件

    • 解决方法:强制卸载libncursesterminfo,然后指定目的重新安装即可。

      1
      2
      3
      4
      opkg remove terminfo --force-depends
      opkg remove libncurses --force-depends
      opkg --dest root install terminfo
      opkg --dest root libncurses terminfo

修订版本信息

修订版本 时间 备注
文档创建 2017/7/6 11:36 文件创建
修改 2017/11/7 10:02 添加UDP转发条目
htop无法启动问题 2018/1/10 20:17 htop无法启动问题

参考