Update settings

settings-configs/AX3200-dumb-ap/attendedsysupgrade

@@ -7,3 +7,14 @@ config client 'client'
 	option auto_search '0'
 	option advanced_mode '1'
 
+# Example configuration for 'owut'.  The option names are the same
+# as those used on the command line, with all '-' dashes replaced by
+# '_' underscores.  Use 'owut --help' to see more.
+
+config owut 'owut'
+#       option verbosity    0
+#       option keep         true
+#       option init_script '/root/data/my-init-script.sh'
+#       option image       '/tmp/my-firmware-img.bin'
+#       option rootfs_size  256
+

settings-configs/AX3200-dumb-ap/dawn

@@ -0,0 +1,79 @@
+config local
+	option loglevel '0'
+
+config network
+	option broadcast_ip '192.168.88.255'
+	option broadcast_port '1025'
+	option tcp_port '1026'
+	option network_option '2'
+	option shared_key 'Niiiiiiiiiiiiick'
+	option iv 'Niiiiiiiiiiiiick'
+	option use_symm_enc '0'
+	option collision_domain '-1'
+	option bandwidth '-1'
+
+config hostapd
+	option hostapd_dir '/var/run/hostapd'
+
+config times
+	option con_timeout '60'
+	option update_client '10'
+	option remove_client '15'
+	option remove_probe '30'
+	option remove_ap '460'
+	option update_hostapd '10'
+	option update_tcp_con '10'
+	option update_chan_util '5'
+	option update_beacon_reports '20'
+
+config metric 'global'
+	option min_probe_count '3'
+	option bandwidth_threshold '6'
+	option use_station_count '0'
+	option max_station_diff '1'
+	option eval_probe_req '0'
+	option eval_auth_req '0'
+	option eval_assoc_req '0'
+	option kicking '3'
+	option kicking_threshold '20'
+	option deny_auth_reason '1'
+	option deny_assoc_reason '17'
+	option min_number_to_kick '3'
+	option chan_util_avg_period '3'
+	option set_hostapd_nr '0'
+	option duration '0'
+	option rrm_mode 'pat'
+
+config metric '802_11g'
+	option initial_score '80'
+	option ht_support '5'
+	option vht_support '5'
+	option no_ht_support '0'
+	option no_vht_support '0'
+	option rssi '15'
+	option rssi_val '-60'
+	option low_rssi_val '-80'
+	option low_rssi '-15'
+	option chan_util '0'
+	option chan_util_val '140'
+	option max_chan_util '-15'
+	option max_chan_util_val '170'
+	option rssi_weight '0'
+	option rssi_center '-70'
+
+config metric '802_11a'
+	option initial_score '100'
+	option ht_support '5'
+	option vht_support '5'
+	option no_ht_support '0'
+	option no_vht_support '0'
+	option rssi '15'
+	option rssi_val '-60'
+	option low_rssi_val '-80'
+	option low_rssi '-15'
+	option chan_util '0'
+	option chan_util_val '140'
+	option max_chan_util '-15'
+	option max_chan_util_val '170'
+	option rssi_weight '0'
+	option rssi_center '-70'

settings-configs/AX3200-dumb-ap/network

@@ -8,6 +8,7 @@ config interface 'loopback'
 config globals 'globals'
 	option ula_prefix 'fd3a:91fc:a5f6::/48'
 	option packet_steering '1'
+	option steering_flows '256'
 
 config device
 	option name 'br-lan'
@@ -24,7 +25,6 @@ config interface 'lan'
 	option ip6assign '60'
 	option gateway '192.168.88.1'
 	list dns '192.168.88.1'
-	list dns '1.1.1.1'
 
 config device
 	option name 'wan'

settings-configs/AX3200-dumb-ap/system

@@ -12,10 +12,9 @@ config system
 	option cronloglevel '5'
 
 config timeserver 'ntp'
-	list server '0.openwrt.pool.ntp.org'
-	list server '1.openwrt.pool.ntp.org'
-	list server '2.openwrt.pool.ntp.org'
-	list server '3.openwrt.pool.ntp.org'
+	list server '162.159.200.1'
+	list server '216.239.35.12'
+	list server '91.212.242.19'
 
 config led 'led_wan'
 	option name 'WAN'

settings-configs/AX3200-dumb-ap/usteer

@@ -5,7 +5,6 @@ config usteer
 	option local_mode '0'
 	option ipv6 '0'
 	option debug_level '2'
-	list ssid_list 'MYWIFI'
 	option roam_scan_snr '-70'
 	option roam_trigger_snr '-75'
 	option min_snr '-85'

settings-configs/AX3200-dumb-ap/wireless

@@ -4,12 +4,9 @@ config wifi-device 'radio0'
 	option phy 'wl0'
 	option country 'PL'
 	option cell_density '0'
-	option htmode 'HT40'
 	option band '2g'
 	option channel '8'
 	option txpower '20'
-	option rts '512'
-	option frag '768'
 
 config wifi-iface 'default_radio0'
 	option device 'radio0'
@@ -20,17 +17,17 @@ config wifi-iface 'default_radio0'
 	option key 'PASSWORD1234'
 	option wnm_sleep_mode '1'
 	option bss_transition '1'
-	option dtim_period '1'
 	option skip_inactivity_poll '1'
+	option disassoc_low_ack '0'
 
 config wifi-device 'radio1'
 	option type 'mac80211'
 	option phy 'wl1'
 	option country 'PL'
 	option cell_density '0'
-	option htmode 'HE80'
+	option htmode 'HE160'
 	option band '5g'
-	option channel '36'
+	option channel '48'
 	option txpower '23'
 
 config wifi-iface 'default_radio1'
@@ -50,13 +47,16 @@ config wifi-iface 'default_radio1'
 	option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'
 	option wnm_sleep_mode '1'
 	option bss_transition '1'
+	option ocv '0'
 
 config wifi-iface 'wifinet2'
 	option device 'radio1'
 	option mode 'ap'
 	option ssid 'MYWIFI_iot'
-	option encryption 'psk2'
+	option encryption 'sae'
 	option key 'PASSWORD1234'
 	option network 'lan'
-	option hidden '1'
+	option wnm_sleep_mode '1'
+	option bss_transition '1'
+	option ieee80211k '1'
 

settings-configs/BPI-R4/attendedsysupgrade

@@ -7,3 +7,14 @@ config client 'client'
 	option auto_search '0'
 	option advanced_mode '1'
 
+# Example configuration for 'owut'.  The option names are the same
+# as those used on the command line, with all '-' dashes replaced by
+# '_' underscores.  Use 'owut --help' to see more.
+
+config owut 'owut'
+#       option verbosity    0
+#       option keep         true
+#       option init_script '/root/data/my-init-script.sh'
+#       option image       '/tmp/my-firmware-img.bin'
+#       option rootfs_size  256
+

settings-configs/BPI-R4/dawn

@@ -0,0 +1,79 @@
+config local
+	option loglevel '0'
+
+config network
+	option broadcast_ip '192.168.88.255'
+	option broadcast_port '1025'
+	option tcp_port '1026'
+	option network_option '2'
+	option shared_key 'Niiiiiiiiiiiiick'
+	option iv 'Niiiiiiiiiiiiick'
+	option use_symm_enc '0'
+	option collision_domain '-1'
+	option bandwidth '-1'
+
+config hostapd
+	option hostapd_dir '/var/run/hostapd'
+
+config times
+	option con_timeout '60'
+	option update_client '10'
+	option remove_client '15'
+	option remove_probe '30'
+	option remove_ap '460'
+	option update_hostapd '10'
+	option update_tcp_con '10'
+	option update_chan_util '5'
+	option update_beacon_reports '20'
+
+config metric 'global'
+	option min_probe_count '3'
+	option bandwidth_threshold '6'
+	option use_station_count '0'
+	option max_station_diff '1'
+	option eval_probe_req '0'
+	option eval_auth_req '0'
+	option eval_assoc_req '0'
+	option kicking '3'
+	option kicking_threshold '20'
+	option deny_auth_reason '1'
+	option deny_assoc_reason '17'
+	option min_number_to_kick '3'
+	option chan_util_avg_period '3'
+	option set_hostapd_nr '0'
+	option duration '0'
+	option rrm_mode 'pat'
+
+config metric '802_11g'
+	option initial_score '80'
+	option ht_support '5'
+	option vht_support '5'
+	option no_ht_support '0'
+	option no_vht_support '0'
+	option rssi '15'
+	option rssi_val '-60'
+	option low_rssi_val '-80'
+	option low_rssi '-15'
+	option chan_util '0'
+	option chan_util_val '140'
+	option max_chan_util '-15'
+	option max_chan_util_val '170'
+	option rssi_weight '0'
+	option rssi_center '-70'
+
+config metric '802_11a'
+	option initial_score '100'
+	option ht_support '5'
+	option vht_support '5'
+	option no_ht_support '0'
+	option no_vht_support '0'
+	option rssi '15'
+	option rssi_val '-60'
+	option low_rssi_val '-80'
+	option low_rssi '-15'
+	option chan_util '0'
+	option chan_util_val '140'
+	option max_chan_util '-15'
+	option max_chan_util_val '170'
+	option rssi_weight '0'
+	option rssi_center '-70'

settings-configs/BPI-R4/ddns

@@ -1,9 +1,13 @@
 
-config ddns 'global'
-	option ddns_dateformat '%F %R'
-	option ddns_loglines '250'
-	option ddns_rundir '/var/run/ddns'
-	option ddns_logdir '/var/log/ddns'
+#
+# Please read https://openwrt.org/docs/guide-user/base-system/ddns
+#
+config ddns "global"
+	option ddns_dateformat "%F %R"
+#	option ddns_rundir "/var/run/ddns"
+#	option ddns_logdir "/var/log/ddns"
+	option ddns_loglines "250"
+	option upd_privateip "0"
 	option use_curl '1'
 
 config service 'DOMAIN'
@@ -28,8 +32,9 @@ config service 'DOMAIN_ipv6'
 	option enabled '1'
 	option lookup_host 'DOMAIN.duckdns.org'
 	option domain 'DOMAIN'
-	option username 'danpawlik@github'
-	option password 'ff66aa01-0640-493f-a9e4-70561207448b'
+	option username 'MYUSER@GITHUB.COM'
+	option password 'MYTOKEN'
 	option interface 'wan6'
 	option ip_source 'network'
 	option ip_network 'wan6'
+

settings-configs/BPI-R4/dhcp

@@ -7,26 +7,15 @@ config dnsmasq
 	option local '/lan/'
 	option domain 'lan'
 	option expandhosts '1'
-	option cachesize '1000'
+	option cachesize '0'
 	option authoritative '1'
 	option readethers '1'
 	option leasefile '/tmp/dhcp.leases'
 	option localservice '1'
 	option ednspacket_max '1232'
-	list server '/mask.icloud.com/'
-	list server '/mask-h2.icloud.com/'
-	list server '/use-application-dns.net/'
-	list server '127.0.0.1#5053'
-	list server '127.0.0.1#5054'
-	option doh_backup_noresolv '-1'
 	option noresolv '1'
-	list doh_backup_server '/mask.icloud.com/'
-	list doh_backup_server '/mask-h2.icloud.com/'
-	list doh_backup_server '/use-application-dns.net/'
-	list doh_backup_server '127.0.0.1#5053'
-	list doh_backup_server '127.0.0.1#5054'
-	list doh_server '127.0.0.1#5053'
-	list doh_server '127.0.0.1#5054'
+	option localuse '1'
+	list server '127.0.0.53'
 
 config dhcp 'lan'
 	option interface 'lan'
@@ -59,6 +48,6 @@ config host
 
 config host
 	option name 'NAS'
-	option ip '192.168.88.10'
 	list mac '90:09:D0:XX:XX:XX'
+	option ip '192.168.88.10'
 

settings-configs/BPI-R4/dnscrypt-proxy2/dnscrypt-proxy.toml

@@ -0,0 +1,73 @@
+server_names = ['quad9-dnscrypt-ip4-filter-ecs-pri', 'NextDNS-MYID']
+listen_addresses = ['127.0.0.53:53']
+max_clients = 250
+ipv4_servers = true
+ipv6_servers = false
+dnscrypt_servers = true
+doh_servers = true
+odoh_servers = false
+require_dnssec = true
+require_nolog = false
+require_nofilter = false
+disabled_server_names = []
+force_tcp = false
+http3 = true
+timeout = 5000
+keepalive = 30
+cert_refresh_delay = 240
+bootstrap_resolvers = ['9.9.9.11:53', '45.90.28.174:53']
+ignore_system_dns = true
+netprobe_timeout = 60
+netprobe_address = '9.9.9.9:53'
+log_files_max_size = 10
+log_files_max_age = 7
+log_files_max_backups = 1
+block_ipv6 = false
+block_unqualified = true
+block_undelegated = true
+reject_ttl = 10
+cache = true
+cache_size = 8196
+cache_min_ttl = 2400
+cache_max_ttl = 86400
+cache_neg_min_ttl = 60
+cache_neg_max_ttl = 600
+
+log_level = 2
+# log_file = '/var/log/dnscrypt-proxy.log'
+# log_file_latest = true
+use_syslog = true
+
+[captive_portals]
+[local_doh]
+[query_log]
+format = 'tsv'
+[nx_log]
+format = 'tsv'
+[blocked_names]
+[blocked_ips]
+[allowed_names]
+[allowed_ips]
+[schedules]
+[sources]
+  [sources.public-resolvers]
+    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
+    cache_file = 'public-resolvers.md'
+    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+    refresh_delay = 72
+    prefix = ''
+  [sources.relays]
+    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md']
+    cache_file = 'relays.md'
+    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+    refresh_delay = 72
+    prefix = ''
+[broken_implementations]
+fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']
+[doh_client_x509_auth]
+[anonymized_dns]
+skip_incompatible = false
+[dns64]
+[static]
+  [static.'NextDNS-MYID']
+    stamp = 'sdns://YOURNEXTDNSTOKEN'

settings-configs/BPI-R4/firewall

@@ -128,3 +128,19 @@ config rule 'wg'
 	option proto 'udp'
 	option target 'ACCEPT'
 
+config redirect
+	option dest 'lan'
+	option target 'DNAT'
+	option name 'Divert-DNS, port 53'
+	option src 'wan'
+	option src_dport '53'
+	option dest_port '53'
+
+config rule
+	option name 'Reject-DoT,port 853'
+	list proto 'tcp'
+	option src 'lan'
+	option dest 'wan'
+	option dest_port '853'
+	option target 'REJECT'
+

settings-configs/BPI-R4/https-dns-proxy

@@ -1,32 +0,0 @@
-config main 'config'
-	option canary_domains_icloud '1'
-	option canary_domains_mozilla '1'
-	option dnsmasq_config_update '*'
-	option force_dns '1'
-	list force_dns_port '53'
-	list force_dns_port '853'
-# ports listed below are used by some
-# of the dnscrypt-proxy v1 resolvers
-#	list force_dns_port '553'
-#	list force_dns_port '1443'
-#	list force_dns_port '4343'
-#	list force_dns_port '4434'
-#	list force_dns_port '5443'
-#	list force_dns_port '8443'
-	option procd_trigger_wan6 '0'
-
-config https-dns-proxy
-	option bootstrap_dns '1.1.1.1,1.0.0.1'
-	option resolver_url 'https://cloudflare-dns.com/dns-query'
-	option listen_addr '127.0.0.1'
-	option listen_port '5053'
-	option user 'nobody'
-	option group 'nogroup'
-
-config https-dns-proxy
-	option bootstrap_dns '8.8.8.8,8.8.4.4'
-	option resolver_url 'https://dns.google/dns-query'
-	option listen_addr '127.0.0.1'
-	option listen_port '5054'
-	option user 'nobody'
-	option group 'nogroup'

settings-configs/BPI-R4/network

@@ -32,11 +32,17 @@ config device
 
 config interface 'wan'
 	option device 'br-wan'
-	option proto 'dhcp'
+	option proto 'static'
+	option ipaddr '10.0.0.2'
+	option netmask '255.255.255.0'
+	option gateway '10.0.0.1'
 
 config interface 'wan6'
 	option device 'br-wan'
 	option proto 'dhcpv6'
+	option reqaddress 'try'
+	option reqprefix 'auto'
+	option peerdns '0'
 
 config device
 	option name 'eth2'

settings-configs/BPI-R4/sqm

@@ -1,10 +1,10 @@
 
 config queue 'eth1'
-	option enabled '1'
+	option enabled '0'
 	option interface 'br-wan'
-	option download '850000'
-	option upload '850000'
-	option qdisc 'fq_codel'
+	option download '550000'
+	option upload '550000'
+	option qdisc 'cake'
 	option script 'piece_of_cake.qos'
 	option linklayer 'ethernet'
 	option debug_logging '0'

settings-configs/BPI-R4/system

@@ -11,10 +11,9 @@ config system
 	option cronloglevel '5'
 
 config timeserver 'ntp'
-	list server '0.openwrt.pool.ntp.org'
-	list server '1.openwrt.pool.ntp.org'
-	list server '2.openwrt.pool.ntp.org'
-	list server '3.openwrt.pool.ntp.org'
+	list server '162.159.200.1'
+	list server '216.239.35.12'
+	list server '91.212.242.19'
 
 config led 'led_wan'
 	option name 'wan'

settings-configs/BPI-R4/usteer

@@ -5,7 +5,6 @@ config usteer
 	option local_mode '0'
 	option ipv6 '0'
 	option debug_level '2'
-	list ssid_list 'MYWIFI'
 	option roam_scan_snr '-70'
 	option roam_trigger_snr '-75'
 	option min_snr '-85'

settings-configs/BPI-R4/wireless

@@ -2,7 +2,7 @@
 config wifi-device 'radio0'
 	option type 'mac80211'
 	option path 'soc/11310000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0'
-	option channel '48'
+	option channel '36'
 	option band '5g'
 	option htmode 'HE80'
 	option txpower '20'
@@ -35,4 +35,26 @@ config wifi-iface 'wifinet1'
 	option wnm_sleep_mode '1'
 	option bss_transition '1'
 	option network 'lan'
+	option ocv '0'
 
+config wifi-device 'radio2'
+	option type 'mac80211'
+	option path 'soc/11300000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
+	option band '5g'
+	option channel '40'
+	option country 'PL'
+	option cell_density '0'
+	option htmode 'HE80'
+	option txpower '20'
+
+config wifi-iface 'wifinet3'
+	option device 'radio2'
+	option mode 'ap'
+	option ssid 'MYWIFI_iot'
+	option encryption 'sae'
+	option key 'PASSWORD1234'
+	option wnm_sleep_mode '1'
+	option bss_transition '1'
+	option network 'lan'
+	option ieee80211k '1'
+	option ocv '0'