Last active
October 25, 2025 22:35
-
-
Save fbraz3/3db625adf81e2ea335968d933e6d61b1 to your computer and use it in GitHub Desktop.
Revisions
-
fbraz3 revised this gist
Jul 7, 2025 . 1 changed file with 6 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,8 +7,10 @@ # # - Ensure the Wi-Fi interfaces retain their default names (radio0 and radio1). # - For enable download/upload limits, you MUST install the sqm-scripts package on your OpenWRT router. # - For enable roaming (aka wifi mesh): # - You must install the xxd package on your OpenWRT router. # - Ensure the wireless interface supports 802.11r and 802.11k. # - All router must have the same roaming domain # # Info about OpenWRT support on AX3000T: # https://openwrt.org/inbox/toh/xiaomi/ax3000t @@ -37,7 +39,7 @@ SQM_UPLOAD_LIMIT='10000' # Upload limit in Kbps, e.g. 10000 for 10 Mbps # If you want to open ports on your WAN/LAN from the guest network, just add them below ALLOW_PORTS='53,tcp 53,udp' # Allow DNS port, change or comment out if you don't want to allow requests from the guest network. # Reminder: you must install the xxd package and all routers must have the same roaming domain. ROAMING_ENABLE=1 # Set to 1 to enable roaming (aka wifi mesh); comment out to disable. ROAMING_DOMAIN='a1c2' # MUST be a 4 character hexadecimal string, e.g. 'abcd'. @@ -119,7 +121,7 @@ uci set firewall.${GUEST_INTERFACE}_iso='rule' uci set firewall.${GUEST_INTERFACE}_iso.name="${GUEST_INTERFACE}_iso" uci set firewall.${GUEST_INTERFACE}_iso.src="${GUEST_INTERFACE}" uci set firewall.${GUEST_INTERFACE}_iso.dest="${DEST_INTERFACE}" uci set firewall.${GUEST_INTERFACE}_iso.dest_ip="${DEST_RANGE}" uci set firewall.${GUEST_INTERFACE}_iso.target='REJECT' # Add forwarding to lan -
Jul 7, 2025 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -37,6 +37,7 @@ SQM_UPLOAD_LIMIT='10000' # Upload limit in Kbps, e.g. 10000 for 10 Mbps # If you want to open ports on your WAN/LAN from the guest network, just add them below ALLOW_PORTS='53,tcp 53,udp' # Allow DNS port, change or comment out if you don't want to allow requests from the guest network. # If you want to enable roaming (aka wifi mesh), you must install the xxd package on your OpenWRT router. ROAMING_ENABLE=1 # Set to 1 to enable roaming (aka wifi mesh); comment out to disable. ROAMING_DOMAIN='a1c2' # MUST be a 4 character hexadecimal string, e.g. 'abcd'. -
Jul 7, 2025 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,7 +44,7 @@ ROAMING_DOMAIN='a1c2' # MUST be a 4 character hexadecimal string, e.g. 'abcd'. # Configuration below this line should not require modification. # # Define radio interfaces RADIO0_IFACE='radio0' # radio0 is the default interface for the 2.4GHz band RADIO1_IFACE='radio1' # radio1 is the default interface for the 5GHz band -
Jul 7, 2025 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -45,8 +45,8 @@ ROAMING_DOMAIN='a1c2' # MUST be a 4 character hexadecimal string, e.g. 'abcd'. # #define radio interfaces RADIO0_IFACE='radio0' # radio0 is the default interface for the 2.4GHz band RADIO1_IFACE='radio1' # radio1 is the default interface for the 5GHz band # Configure network bridge uci -q delete network.${GUEST_INTERFACE}_dev -
Jul 7, 2025 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,8 +7,8 @@ # # - Ensure the Wi-Fi interfaces retain their default names (radio0 and radio1). # - For enable download/upload limits, you MUST install the sqm-scripts package on your OpenWRT router. # - For enable roaming (aka wifi mesh), ensure the wireless interface supports 802.11r and 802.11k. # - For enable roaming (aka wifi mesh), you MUST install the xxd package on your OpenWRT router. # # Info about OpenWRT support on AX3000T: # https://openwrt.org/inbox/toh/xiaomi/ax3000t -
Jul 7, 2025 . 1 changed file with 62 additions and 18 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,7 +6,9 @@ # Tested on a Xiaomi AX3000T router; should work on any OpenWRT-powered router. # # - Ensure the Wi-Fi interfaces retain their default names (radio0 and radio1). # - For enable download/upload limits, you MUST install the sqm-scripts package on your OpenWRT router. # - For enable roaming, ensure the wireless interface supports 802.11r and 802.11k. # - For enable roaming, you MUST install the xxd package on your OpenWRT router. # # Info about OpenWRT support on AX3000T: # https://openwrt.org/inbox/toh/xiaomi/ax3000t @@ -29,26 +31,33 @@ RADIO1_ENABLE=1 # Set to 1 to enable radio1; comment out to use only the radio0 # Reminder: In order to use bandwidth control, you must install the sqm-scripts package on your OpenWRT router. SQM_ENABLE=1 # Set to 1 to enable SQM (Smart Queue Management) for bandwidth control; comment out to disable. SQM_DOWNLOAD_LIMIT='10000' # Download limit in Kbps, e.g. 10000 for 10 Mbps SQM_UPLOAD_LIMIT='10000' # Upload limit in Kbps, e.g. 10000 for 10 Mbps # If you want to open ports on your WAN/LAN from the guest network, just add them below ALLOW_PORTS='53,tcp 53,udp' # Allow DNS port, change or comment out if you don't want to allow requests from the guest network. ROAMING_ENABLE=1 # Set to 1 to enable roaming (aka wifi mesh); comment out to disable. ROAMING_DOMAIN='a1c2' # MUST be a 4 character hexadecimal string, e.g. 'abcd'. # # Configuration below this line should not require modification. # #define radio interfaces RADIO0_IFACE='radio0' RADIO1_IFACE='radio1' # Configure network bridge uci -q delete network.${GUEST_INTERFACE}_dev uci set network.${GUEST_INTERFACE}_dev='device' uci set network.${GUEST_INTERFACE}_dev.type='bridge' uci set network.${GUEST_INTERFACE}_dev.name="br-${GUEST_INTERFACE}" # Configure network interface uci -q delete network.${GUEST_INTERFACE} uci set network.${GUEST_INTERFACE}='interface' uci set network.${GUEST_INTERFACE}.proto='static' uci set network.${GUEST_INTERFACE}.device="br-${GUEST_INTERFACE}" uci set network.${GUEST_INTERFACE}.ipaddr="${GUEST_NETWORK}" @@ -57,11 +66,11 @@ service network restart # Configure dhcp server uci -q delete dhcp.${GUEST_INTERFACE} uci set dhcp.${GUEST_INTERFACE}='dhcp' uci set dhcp.${GUEST_INTERFACE}.interface="${GUEST_INTERFACE}" uci set dhcp.${GUEST_INTERFACE}.start='100' uci set dhcp.${GUEST_INTERFACE}.limit='150' uci set dhcp.${GUEST_INTERFACE}.leasetime='1h' uci add_list dhcp.${GUEST_INTERFACE}.dhcp_option="6,${GUEST_DNS_SERVER}" uci commit dhcp @@ -109,7 +118,7 @@ uci set firewall.${GUEST_INTERFACE}_iso='rule' uci set firewall.${GUEST_INTERFACE}_iso.name="${GUEST_INTERFACE}_iso" uci set firewall.${GUEST_INTERFACE}_iso.src="${GUEST_INTERFACE}" uci set firewall.${GUEST_INTERFACE}_iso.dest="${DEST_INTERFACE}" #uci set firewall.${GUEST_INTERFACE}_iso.dest_ip="${DEST_RANGE}" uci set firewall.${GUEST_INTERFACE}_iso.target='REJECT' # Add forwarding to lan @@ -124,7 +133,7 @@ service firewall restart # Create radio0 wifi network uci -q delete wireless.${GUEST_INTERFACE} uci set wireless.${GUEST_INTERFACE}=wifi-iface uci set wireless.${GUEST_INTERFACE}.device="${RADIO0_IFACE}" uci set wireless.${GUEST_INTERFACE}.mode='ap' uci set wireless.${GUEST_INTERFACE}.network="${GUEST_INTERFACE}" uci set wireless.${GUEST_INTERFACE}.ssid="${RADIO_SSID}" @@ -136,7 +145,7 @@ uci set wireless.${GUEST_INTERFACE}.isolate='1' if [ ! -z "${RADIO1_ENABLE}" ]; then uci -q delete wireless.${GUEST_INTERFACE}_1 uci set wireless.${GUEST_INTERFACE}_1=wifi-iface uci set wireless.${GUEST_INTERFACE}_1.device="${RADIO1_IFACE}" uci set wireless.${GUEST_INTERFACE}_1.mode='ap' uci set wireless.${GUEST_INTERFACE}_1.network="${GUEST_INTERFACE}" uci set wireless.${GUEST_INTERFACE}_1.ssid="${RADIO_SSID}" @@ -145,17 +154,52 @@ if [ ! -z "${RADIO1_ENABLE}" ]; then uci set wireless.${GUEST_INTERFACE}_1.isolate='1' fi if [ ! -z "${ROAMING_ENABLE}" ]; then NAS_ID=$(echo "${GUEST_INTERFACE}" | awk '{print toupper($0)}') NAS_ID="${NAS_ID}_$(head -c 1 /dev/urandom | xxd -p -l 12 | awk '{print toupper($0)}')" R1_KEY_HOLDER=$(head -c 6 /dev/urandom | xxd -p -l 12) uci set wireless.${GUEST_INTERFACE}.ieee80211r='1' uci set wireless.${GUEST_INTERFACE}.nasid="${NAS_ID}" uci set wireless.${GUEST_INTERFACE}.mobility_domain="${ROAMING_DOMAIN}" uci set wireless.${GUEST_INTERFACE}.ft_over_ds='0' uci set wireless.${GUEST_INTERFACE}.r1_key_holder="${R1_KEY_HOLDER}" uci set wireless.${GUEST_INTERFACE}.pmk_r1_push='1' uci set wireless.${GUEST_INTERFACE}.ieee80211k='1' uci set wireless.${GUEST_INTERFACE}.time_advertisement='2' uci set wireless.${GUEST_INTERFACE}.time_zone='<-03>3' uci set wireless.${GUEST_INTERFACE}.bss_transition='1' uci set wireless.${GUEST_INTERFACE}.ocv='0' if [ ! -z "${RADIO1_ENABLE}" ]; then NAS_ID="${NAS_ID}_1" R1_KEY_HOLDER=$(head -c 6 /dev/urandom | xxd -p -l 12) uci set wireless.${GUEST_INTERFACE}_1.ieee80211r='1' uci set wireless.${GUEST_INTERFACE}_1.nasid="${NAS_ID}" uci set wireless.${GUEST_INTERFACE}_1.mobility_domain="${ROAMING_DOMAIN}" uci set wireless.${GUEST_INTERFACE}_1.ft_over_ds='0' uci set wireless.${GUEST_INTERFACE}_1.r1_key_holder="${R1_KEY_HOLDER}" uci set wireless.${GUEST_INTERFACE}_1.pmk_r1_push='1' uci set wireless.${GUEST_INTERFACE}_1.ieee80211k='1' uci set wireless.${GUEST_INTERFACE}_1.time_advertisement='2' uci set wireless.${GUEST_INTERFACE}_1.time_zone='<-03>3' uci set wireless.${GUEST_INTERFACE}_1.bss_transition='1' uci set wireless.${GUEST_INTERFACE}_1.ocv='0' fi fi uci commit wireless wifi reload # Configure SQM (Smart Queue Management) for bandwidth control if [ ! -z "${SQM_ENABLE}" ]; then uci del sqm.${GUEST_INTERFACE} uci set sqm.${GUEST_INTERFACE}=queue uci set sqm.${GUEST_INTERFACE}.enabled='1' uci set sqm.${GUEST_INTERFACE}.interface="br-${GUEST_INTERFACE}" uci set sqm.${GUEST_INTERFACE}.download="${SQM_UPLOAD_LIMIT}" # upload from the guest network to the internet uci set sqm.${GUEST_INTERFACE}.upload="${SQM_DOWNLOAD_LIMIT}" # download from internet to the guest network uci set sqm.${GUEST_INTERFACE}.debug_logging='0' uci set sqm.${GUEST_INTERFACE}.verbosity='5' uci set sqm.${GUEST_INTERFACE}.qdisc="cake" -
Jul 4, 2025 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -32,9 +32,8 @@ SQM_ENABLE=1 # Set to 1 to enable SQM (Smart Queue Management) for bandwidth con DOWNLOAD_LIMIT='10000' # Download limit in Kbps, e.g. 10000 for 10 Mbps UPLOAD_LIMIT='10000' # Upload limit in Kbps, e.g. 10000 for 10 Mbps # If you want to open ports on your WAN/LAN from the guest network, just add them below ALLOW_PORTS="53,tcp 53,udp" # Allow DNS port, change or comment out if you don't want to allow requests from the guest network. # # Configuration below this line should not require modification. @@ -81,6 +80,7 @@ if [ ! -z "${ALLOW_PORTS}" ]; then for ITEM in $ALLOW_PORTS; do PORT=$(echo $ITEM | cut -d',' -f1) PROTO=$(echo $ITEM | cut -d',' -f2) [ "$PROTO" != "tcp" ] && [ "$PROTO" != "udp" ] && PROTO="tcp" RULE_NAME="${GUEST_INTERFACE}_open_${PORT}_${PROTO}" uci -q delete firewall.${RULE_NAME} -
Jul 4, 2025 . 1 changed file with 101 additions and 89 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,151 +5,163 @@ # This script creates a guest network fully isolated from the main one. # Tested on a Xiaomi AX3000T router; should work on any OpenWRT-powered router. # # - Ensure the Wi-Fi interfaces retain their default names (radio0 and radio1). # - For enable download/upload limits, install the sqm-scripts package on your OpenWRT router. # # Info about OpenWRT support on AX3000T: # https://openwrt.org/inbox/toh/xiaomi/ax3000t # # Guest interface configuration GUEST_INTERFACE='guest' GUEST_NETWORK='192.168.6.1/24' GUEST_DNS_SERVER='8.8.8.8,8.8.4.4' # DNS server for the guest network, split by commas if multiple (e.g. 8.8.8.8,8.8.4.4) # The interface which serves as the internet gateway for the guest network; it could be your WAN or LAN interface depending on your setup. DEST_INTERFACE='wan' # Change this to 'lan' if you want the guest network to access the local LAN. DEST_RANGE='192.168.1.1/24' # The range of the destination interface, its needed for the firewall rules to isolate the guest network. # Wi-Fi SSID and Password RADIO_SSID='my-guest-wifi' # Choose your Wi-Fi network name here RADIO_KEY='my-guest-password' # BE SURE TO CHANGE THE PASSWORD!!! RADIO1_ENABLE=1 # Set to 1 to enable radio1; comment out to use only the radio0 interface. # Reminder: In order to use bandwidth control, you must install the sqm-scripts package on your OpenWRT router. SQM_ENABLE=1 # Set to 1 to enable SQM (Smart Queue Management) for bandwidth control; comment out to disable. DOWNLOAD_LIMIT='10000' # Download limit in Kbps, e.g. 10000 for 10 Mbps UPLOAD_LIMIT='10000' # Upload limit in Kbps, e.g. 10000 for 10 Mbps # Ports to be allowed in the guest network, format: "port,protocol port,protocol " # e.g. PORTS="80,tcp 443,tcp 53,udp" ALLOW_PORTS="53,tcp 53,udp" # DNS port, change or comment out if you don't want to allow requests from the guest network. # # Configuration below this line should not require modification. # # Configure network bridge uci -q delete network.${GUEST_INTERFACE}_dev uci set network.${GUEST_INTERFACE}_dev="device" uci set network.${GUEST_INTERFACE}_dev.type="bridge" uci set network.${GUEST_INTERFACE}_dev.name="br-${GUEST_INTERFACE}" # Configure network interface uci -q delete network.${GUEST_INTERFACE} uci set network.${GUEST_INTERFACE}="interface" uci set network.${GUEST_INTERFACE}.proto="static" uci set network.${GUEST_INTERFACE}.device="br-${GUEST_INTERFACE}" uci set network.${GUEST_INTERFACE}.ipaddr="${GUEST_NETWORK}" uci commit network service network restart # Configure dhcp server uci -q delete dhcp.${GUEST_INTERFACE} uci set dhcp.${GUEST_INTERFACE}="dhcp" uci set dhcp.${GUEST_INTERFACE}.interface="${GUEST_INTERFACE}" uci set dhcp.${GUEST_INTERFACE}.start="100" uci set dhcp.${GUEST_INTERFACE}.limit="150" uci set dhcp.${GUEST_INTERFACE}.leasetime="1h" uci add_list dhcp.${GUEST_INTERFACE}.dhcp_option="6,${GUEST_DNS_SERVER}" uci commit dhcp service dnsmasq restart # Add firewall group uci -q delete firewall.${GUEST_INTERFACE} uci set firewall.${GUEST_INTERFACE}='zone' uci set firewall.${GUEST_INTERFACE}.name="${GUEST_INTERFACE}" uci set firewall.${GUEST_INTERFACE}.network="${GUEST_INTERFACE}" uci set firewall.${GUEST_INTERFACE}.input='REJECT' uci set firewall.${GUEST_INTERFACE}.output='ACCEPT' uci set firewall.${GUEST_INTERFACE}.forward='REJECT' if [ ! -z "${ALLOW_PORTS}" ]; then for ITEM in $ALLOW_PORTS; do PORT=$(echo $ITEM | cut -d',' -f1) PROTO=$(echo $ITEM | cut -d',' -f2) RULE_NAME="${GUEST_INTERFACE}_open_${PORT}_${PROTO}" uci -q delete firewall.${RULE_NAME} uci set firewall.${RULE_NAME}='rule' uci set firewall.${RULE_NAME}.name="${RULE_NAME}" uci set firewall.${RULE_NAME}.src="${GUEST_INTERFACE}" uci set firewall.${RULE_NAME}.dest="${DEST_INTERFACE}" uci set firewall.${RULE_NAME}.dest_port="${PORT}" uci set firewall.${RULE_NAME}.proto="${PROTO}" uci set firewall.${RULE_NAME}.target='ACCEPT' done fi # FW Rule: Allow DHCP uci -q delete firewall.${GUEST_INTERFACE}_dhcp uci set firewall.${GUEST_INTERFACE}_dhcp='rule' uci set firewall.${GUEST_INTERFACE}_dhcp.name="${GUEST_INTERFACE}_dhcp" uci set firewall.${GUEST_INTERFACE}_dhcp.src="${GUEST_INTERFACE}" uci set firewall.${GUEST_INTERFACE}_dhcp.dest_port='67-68' uci set firewall.${GUEST_INTERFACE}_dhcp.target='ACCEPT' uci set firewall.${GUEST_INTERFACE}_dhcp.proto='tcp udp' # FW Rule: Isolate network from local LAN uci -q delete firewall.${GUEST_INTERFACE}_iso uci set firewall.${GUEST_INTERFACE}_iso='rule' uci set firewall.${GUEST_INTERFACE}_iso.name="${GUEST_INTERFACE}_iso" uci set firewall.${GUEST_INTERFACE}_iso.src="${GUEST_INTERFACE}" uci set firewall.${GUEST_INTERFACE}_iso.dest="${DEST_INTERFACE}" uci set firewall.${GUEST_INTERFACE}_iso.dest_ip="${DEST_RANGE}" uci set firewall.${GUEST_INTERFACE}_iso.target='REJECT' # Add forwarding to lan uci -q delete firewall.${GUEST_INTERFACE}_forward uci set firewall.${GUEST_INTERFACE}_forward='forwarding' uci set firewall.${GUEST_INTERFACE}_forward.src="${GUEST_INTERFACE}" uci set firewall.${GUEST_INTERFACE}_forward.dest="${DEST_INTERFACE}" uci commit firewall service firewall restart # Create radio0 wifi network uci -q delete wireless.${GUEST_INTERFACE} uci set wireless.${GUEST_INTERFACE}=wifi-iface uci set wireless.${GUEST_INTERFACE}.device='radio0' uci set wireless.${GUEST_INTERFACE}.mode='ap' uci set wireless.${GUEST_INTERFACE}.network="${GUEST_INTERFACE}" uci set wireless.${GUEST_INTERFACE}.ssid="${RADIO_SSID}" uci set wireless.${GUEST_INTERFACE}.encryption='sae-mixed' uci set wireless.${GUEST_INTERFACE}.key="${RADIO_KEY}" uci set wireless.${GUEST_INTERFACE}.isolate='1' # Create radio1 wifi network if [ ! -z "${RADIO1_ENABLE}" ]; then uci -q delete wireless.${GUEST_INTERFACE}_1 uci set wireless.${GUEST_INTERFACE}_1=wifi-iface uci set wireless.${GUEST_INTERFACE}_1.device='radio1' uci set wireless.${GUEST_INTERFACE}_1.mode='ap' uci set wireless.${GUEST_INTERFACE}_1.network="${GUEST_INTERFACE}" uci set wireless.${GUEST_INTERFACE}_1.ssid="${RADIO_SSID}" uci set wireless.${GUEST_INTERFACE}_1.encryption='sae-mixed' uci set wireless.${GUEST_INTERFACE}_1.key="${RADIO_KEY}" uci set wireless.${GUEST_INTERFACE}_1.isolate='1' fi uci commit wireless wifi reload # Configure SQM (Smart Queue Management) for bandwidth control if [ ! -z "${SQM_ENABLE}" ]; then uci del sqm.${GUEST_INTERFACE} uci set sqm.${GUEST_INTERFACE}=queue uci set sqm.${GUEST_INTERFACE}.enabled="1" uci set sqm.${GUEST_INTERFACE}.interface="br-${GUEST_INTERFACE}" uci set sqm.${GUEST_INTERFACE}.download="${UPLOAD_LIMIT}" # upload from the guest network to the internet uci set sqm.${GUEST_INTERFACE}.upload="${DOWNLOAD_LIMIT}" # download from internet to the guest network uci set sqm.${GUEST_INTERFACE}.debug_logging='0' uci set sqm.${GUEST_INTERFACE}.verbosity='5' uci set sqm.${GUEST_INTERFACE}.qdisc="cake" uci set sqm.${GUEST_INTERFACE}.script='piece_of_cake.qos' uci set sqm.${GUEST_INTERFACE}.linklayer='none' uci commit sqm service sqm restart fi -
Jul 4, 2025 . No changes.There are no files selected for viewing
-
Jul 2, 2025 . No changes.There are no files selected for viewing
-
Jul 2, 2025 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -149,7 +149,7 @@ if [ ! -z "${SQM_ENABLE}" ]; then uci set sqm.${INTERFACE}.qdisc="cake" uci set sqm.${INTERFACE}.script='piece_of_cake.qos' uci set sqm.${INTERFACE}.linklayer='none' uci commit sqm service sqm restart fi -
Jul 1, 2025 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -142,8 +142,8 @@ if [ ! -z "${SQM_ENABLE}" ]; then uci set sqm.${INTERFACE}=queue uci set sqm.${INTERFACE}.enabled="1" uci set sqm.${INTERFACE}.interface="br-${INTERFACE}" uci set sqm.${INTERFACE}.download="${UPLOAD_LIMIT}" # upload from the guest network to the internet uci set sqm.${INTERFACE}.upload="${DOWNLOAD_LIMIT}" # download from internet to the guest network uci set sqm.${INTERFACE}.debug_logging='0' uci set sqm.${INTERFACE}.verbosity='5' uci set sqm.${INTERFACE}.qdisc="cake" -
Jul 1, 2025 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -26,7 +26,7 @@ RADIO_KEY='my-guest-password' # BE SURE TO CHANGE THE PASSWORD!!! RADIO1_ENABLE=1 # Set to 1 to enable radio1; comment out to use only the radio0 interface. # IMPORTANT: Install the required packages: sqm-scripts SQM_ENABLE=1 # Set to 1 to enable SQM (Smart Queue Management) for bandwidth control; comment out to disable. DOWNLOAD_LIMIT='10000' # Download limit in Kbps, e.g. 10000 for 10 Mbps UPLOAD_LIMIT='10000' # Upload limit in Kbps, e.g. 10000 for 10 Mbps @@ -142,8 +142,8 @@ if [ ! -z "${SQM_ENABLE}" ]; then uci set sqm.${INTERFACE}=queue uci set sqm.${INTERFACE}.enabled="1" uci set sqm.${INTERFACE}.interface="br-${INTERFACE}" uci set sqm.${INTERFACE}.download="${UPLOAD_LIMIT}" # ingress = upload from the guest network to the internet uci set sqm.${INTERFACE}.upload="${DOWNLOAD_LIMIT}" # egress = download from internet to the guest network uci set sqm.${INTERFACE}.debug_logging='0' uci set sqm.${INTERFACE}.verbosity='5' uci set sqm.${INTERFACE}.qdisc="cake" -
Jul 1, 2025 . No changes.There are no files selected for viewing
-
Jul 1, 2025 . 1 changed file with 36 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,6 +14,7 @@ # Guest interface configuration INTERFACE='guest' NETWORK='192.168.6.1/24' GUEST_DNS_SERVER='8.8.8.8,8.8.4.4' # DNS server for the guest network, split by commas if multiple (e.g. 8.8.8.8,8.8.4.4) # Your current LAN interface configuration, needed by firewall rules LAN_INTERFACE='lan' @@ -25,6 +26,11 @@ RADIO_KEY='my-guest-password' # BE SURE TO CHANGE THE PASSWORD!!! RADIO1_ENABLE=1 # Set to 1 to enable radio1; comment out to use only the radio0 interface. # Don't forget to install the required packages: sqm-scripts SQM_ENABLE=1 # Set to 1 to enable SQM (Smart Queue Management) for bandwidth control; comment out to disable. DOWNLOAD_LIMIT='10000' # Download limit in Kbps, e.g. 10000 for 10 Mbps UPLOAD_LIMIT='10000' # Upload limit in Kbps, e.g. 10000 for 10 Mbps # # Configuration below this line should not require modification. # @@ -52,6 +58,7 @@ uci set dhcp.${INTERFACE}.interface="${INTERFACE}" uci set dhcp.${INTERFACE}.start="100" uci set dhcp.${INTERFACE}.limit="150" uci set dhcp.${INTERFACE}.leasetime="1h" uci add_list dhcp.${INTERFACE}.dhcp_option="6,${GUEST_DNS_SERVER}" uci commit dhcp service dnsmasq restart @@ -70,6 +77,7 @@ uci -q delete firewall.${INTERFACE}_dns uci set firewall.${INTERFACE}_dns='rule' uci set firewall.${INTERFACE}_dns.name="${INTERFACE}_dns" uci set firewall.${INTERFACE}_dns.src="${INTERFACE}" uci set firewall.${INTERFACE}_dns.dest="${LAN_INTERFACE}" uci set firewall.${INTERFACE}_dns.dest_port='53' uci set firewall.${INTERFACE}_dns.proto='tcp udp' uci set firewall.${INTERFACE}_dns.target='ACCEPT' @@ -110,18 +118,38 @@ uci set wireless.${INTERFACE}.network="${INTERFACE}" uci set wireless.${INTERFACE}.ssid="${RADIO_SSID}" uci set wireless.${INTERFACE}.encryption='sae-mixed' uci set wireless.${INTERFACE}.key="${RADIO_KEY}" uci set wireless.${INTERFACE}.isolate='1' # Create radio1 wifi network if [ ! -z "${RADIO1_ENABLE}" ]; then uci -q delete wireless.${INTERFACE}_1 uci set wireless.${INTERFACE}_1=wifi-iface uci set wireless.${INTERFACE}_1.device='radio1' uci set wireless.${INTERFACE}_1.mode='ap' uci set wireless.${INTERFACE}_1.network="${INTERFACE}" uci set wireless.${INTERFACE}_1.ssid="${RADIO_SSID}" uci set wireless.${INTERFACE}_1.encryption='sae-mixed' uci set wireless.${INTERFACE}_1.key="${RADIO_KEY}" uci set wireless.${INTERFACE}_1.isolate='1' fi uci commit wireless wifi reload # Configure SQM (Smart Queue Management) for bandwidth control if [ ! -z "${SQM_ENABLE}" ]; then uci del sqm.${INTERFACE} uci set sqm.${INTERFACE}=queue uci set sqm.${INTERFACE}.enabled="1" uci set sqm.${INTERFACE}.interface="br-${INTERFACE}" uci set sqm.${INTERFACE}.download="${UPLOAD_LIMIT}" # ingress = upload limit uci set sqm.${INTERFACE}.upload="${DOWNLOAD_LIMIT}" # egress = download limit uci set sqm.${INTERFACE}.debug_logging='0' uci set sqm.${INTERFACE}.verbosity='5' uci set sqm.${INTERFACE}.qdisc="cake" uci set sqm.${INTERFACE}.script='piece_of_cake.qos' uci set sqm.${INTERFACE}.linklayer='none' fi uci commit sqm /etc/init.d/sqm restart -
Dec 28, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,7 +11,7 @@ # https://openwrt.org/inbox/toh/xiaomi/ax3000t # # Guest interface configuration INTERFACE='guest' NETWORK='192.168.6.1/24' -
Dec 28, 2024 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,11 +11,11 @@ # https://openwrt.org/inbox/toh/xiaomi/ax3000t # # Guest interface configuration, the interface name will also be the SSID INTERFACE='guest' NETWORK='192.168.6.1/24' # Your current LAN interface configuration, needed by firewall rules LAN_INTERFACE='lan' LAN_RANGE='192.168.1.1/24' -
Dec 28, 2024 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,5 @@ #!/bin/sh # # FOR USE IN OPENWRT # This script creates a guest network fully isolated from the main one. -
Dec 28, 2024 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -92,7 +92,7 @@ uci set firewall.${INTERFACE}_iso.dest_ip="${LAN_RANGE}" uci set firewall.${INTERFACE}_iso.target='REJECT' # Add forwarding to lan uci -q delete firewall.${INTERFACE}_forward uci set firewall.${INTERFACE}_forward='forwarding' uci set firewall.${INTERFACE}_forward.src="${INTERFACE}" uci set firewall.${INTERFACE}_forward.dest="${LAN_INTERFACE}" @@ -101,6 +101,7 @@ uci commit firewall service firewall restart # Create radio0 wifi network uci -q delete wireless.${INTERFACE} uci set wireless.${INTERFACE}=wifi-iface uci set wireless.${INTERFACE}.device='radio0' uci set wireless.${INTERFACE}.mode='ap' @@ -111,6 +112,7 @@ uci set wireless.${INTERFACE}.key="${RADIO_KEY}" # Create radio1 wifi network if [ ! -z "${RADIO1_ENABLE}" ]; then uci -q delete wireless.${INTERFACE}_1 uci set wireless.${INTERFACE}_1=wifi-iface uci set wireless.${INTERFACE}_1.device='radio1' uci set wireless.${INTERFACE}_1.mode='ap' -
Dec 28, 2024 . 1 changed file with 11 additions and 13 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,33 +1,31 @@ #!/bin/bash # # FOR USE IN OPENWRT # This script creates a guest network fully isolated from the main one. # Tested on a Xiaomi AX3000T router; should work on any OpenWRT-powered router. # # Ensure the Wi-Fi interfaces retain their default names (radio0 and radio1). # # Info about OpenWRT support on AX3000T: # https://openwrt.org/inbox/toh/xiaomi/ax3000t # # Guest interface configuration INTERFACE='guest' NETWORK='192.168.6.1/24' # LAN interface configuration LAN_INTERFACE='lan' LAN_RANGE='192.168.1.1/24' # Wi-Fi SSID and Password RADIO_SSID='my-guest-wifi' # Choose your Wi-Fi network name here RADIO_KEY='my-guest-password' # BE SURE TO CHANGE THE PASSWORD!!! RADIO1_ENABLE=1 # Set to 1 to enable radio1; comment out to use only the radio0 interface. # # Configuration below this line should not require modification. # # Configure network bridge -
Dec 28, 2024 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -94,6 +94,7 @@ uci set firewall.${INTERFACE}_iso.dest_ip="${LAN_RANGE}" uci set firewall.${INTERFACE}_iso.target='REJECT' # Add forwarding to lan uci delete firewall.${INTERFACE}_forward || true uci set firewall.${INTERFACE}_forward='forwarding' uci set firewall.${INTERFACE}_forward.src="${INTERFACE}" uci set firewall.${INTERFACE}_forward.dest="${LAN_INTERFACE}" -
Sep 1, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,125 @@ #!/bin/bash # # FOR USE IN OPENWRT # This script will create a guest network fully isolated from the main one # I'm using on a Xiaomi AX3000T router but theoretically will work in any openwrt powered router # # ensure the wifi interfaces are named as it default names (radio0 and radio1) # # Info about openwrt support on ax3000t: # https://openwrt.org/inbox/toh/xiaomi/ax3000t # # # Guest interface config INTERFACE='guest' NETWORK='192.168.6.1/24' # LAN interface config LAN_INTERFACE='lan' LAN_RANGE='192.168.1.1/24' # Wifi SSID and Password RADIO_SSID='my-guest-wifi' # Choose your wifi network name here RADIO_KEY='my-guest-password' #BE SURE TO CHANGE THE PASSWORD!!! RADIO1_ENABLE=1 #comment this line to use only radio0 interface # # Don't touch below # # Configure network bridge uci -q delete network.${INTERFACE}_dev uci set network.${INTERFACE}_dev="device" uci set network.${INTERFACE}_dev.type="bridge" uci set network.${INTERFACE}_dev.name="br-${INTERFACE}" # Configure network interface uci -q delete network.${INTERFACE} uci set network.${INTERFACE}="interface" uci set network.${INTERFACE}.proto="static" uci set network.${INTERFACE}.device="br-${INTERFACE}" uci set network.${INTERFACE}.ipaddr="${NETWORK}" uci commit network service network restart # Configure dhcp server uci -q delete dhcp.${INTERFACE} uci set dhcp.${INTERFACE}="dhcp" uci set dhcp.${INTERFACE}.interface="${INTERFACE}" uci set dhcp.${INTERFACE}.start="100" uci set dhcp.${INTERFACE}.limit="150" uci set dhcp.${INTERFACE}.leasetime="1h" uci commit dhcp service dnsmasq restart # Add firewall group uci -q delete firewall.${INTERFACE} uci set firewall.${INTERFACE}='zone' uci set firewall.${INTERFACE}.name="${INTERFACE}" uci set firewall.${INTERFACE}.network="${INTERFACE}" uci set firewall.${INTERFACE}.input='REJECT' uci set firewall.${INTERFACE}.output='ACCEPT' uci set firewall.${INTERFACE}.forward='REJECT' # FW Rule: Allow DNS uci -q delete firewall.${INTERFACE}_dns uci set firewall.${INTERFACE}_dns='rule' uci set firewall.${INTERFACE}_dns.name="${INTERFACE}_dns" uci set firewall.${INTERFACE}_dns.src="${INTERFACE}" uci set firewall.${INTERFACE}_dns.dest_port='53' uci set firewall.${INTERFACE}_dns.proto='tcp udp' uci set firewall.${INTERFACE}_dns.target='ACCEPT' # FW Rule: Allow DHCP uci -q delete firewall.${INTERFACE}_dhcp uci set firewall.${INTERFACE}_dhcp='rule' uci set firewall.${INTERFACE}_dhcp.name="${INTERFACE}_dhcp" uci set firewall.${INTERFACE}_dhcp.src="${INTERFACE}" uci set firewall.${INTERFACE}_dhcp.dest_port='67-68' uci set firewall.${INTERFACE}_dhcp.target='ACCEPT' uci set firewall.${INTERFACE}_dhcp.proto='tcp udp' # FW Rule: Isolate network from local LAN uci -q delete firewall.${INTERFACE}_iso uci set firewall.${INTERFACE}_iso='rule' uci set firewall.${INTERFACE}_iso.name="${INTERFACE}_iso" uci set firewall.${INTERFACE}_iso.src="${INTERFACE}" uci set firewall.${INTERFACE}_iso.dest="${LAN_INTERFACE}" uci set firewall.${INTERFACE}_iso.dest_ip="${LAN_RANGE}" uci set firewall.${INTERFACE}_iso.target='REJECT' # Add forwarding to lan uci set firewall.${INTERFACE}_forward='forwarding' uci set firewall.${INTERFACE}_forward.src="${INTERFACE}" uci set firewall.${INTERFACE}_forward.dest="${LAN_INTERFACE}" uci commit firewall service firewall restart # Create radio0 wifi network uci set wireless.${INTERFACE}=wifi-iface uci set wireless.${INTERFACE}.device='radio0' uci set wireless.${INTERFACE}.mode='ap' uci set wireless.${INTERFACE}.network="${INTERFACE}" uci set wireless.${INTERFACE}.ssid="${RADIO_SSID}" uci set wireless.${INTERFACE}.encryption='sae-mixed' uci set wireless.${INTERFACE}.key="${RADIO_KEY}" # Create radio1 wifi network if [ ! -z "${RADIO1_ENABLE}" ]; then uci set wireless.${INTERFACE}_1=wifi-iface uci set wireless.${INTERFACE}_1.device='radio1' uci set wireless.${INTERFACE}_1.mode='ap' uci set wireless.${INTERFACE}_1.network="${INTERFACE}" uci set wireless.${INTERFACE}_1.ssid="${RADIO_SSID}" uci set wireless.${INTERFACE}_1.encryption='sae-mixed' uci set wireless.${INTERFACE}_1.key="${RADIO_KEY}" fi uci commit wireless wifi reload