diff --git a/settings-configs/BPI-R4/adguardhome b/settings-configs/BPI-R4/adguardhome new file mode 100644 index 0000000..ab1465b --- /dev/null +++ b/settings-configs/BPI-R4/adguardhome @@ -0,0 +1,6 @@ + +config adguardhome 'config' + option config '/etc/adguardhome/adguardhome.yaml' + option workdir '/var/lib/adguardhome' + option pidfile '/run/adguardhome.pid' + diff --git a/settings-configs/BPI-R4/ddns b/settings-configs/BPI-R4/ddns index eb15baf..467ffae 100644 --- a/settings-configs/BPI-R4/ddns +++ b/settings-configs/BPI-R4/ddns @@ -1,40 +1,45 @@ -# -# Please read https://openwrt.org/docs/guide-user/base-system/ddns -# -config ddns "global" - option ddns_dateformat "%F %R" -# option ddns_rundir "/var/run/ddns" -# option ddns_logdir "/var/log/ddns" - option ddns_loglines "250" - option upd_privateip "0" +config ddns 'global' + option ddns_dateformat '%F %R' + option ddns_loglines '250' + option ddns_rundir '/var/run/ddns' + option ddns_logdir '/var/log/ddns' option use_curl '1' -config service 'DOMAIN' +config service 'dancio_ipv4' option service_name 'duckdns.org' - option lookup_host 'DOMAIN.duckdns.org' + option lookup_host 'my.duckdns.org' option enabled '1' option use_ipv6 '0' - option domain 'DOMAIN.duckdns.org' - option username 'MYUSER@GITHUB.COM' - option password 'MYTOKEN' + option domain 'my.duckdns.org' + option username 'my@github' + option password 'sometoken' option ip_source 'network' option ip_network 'wan' option interface 'wan' option use_syslog '2' option check_unit 'minutes' - option force_unit 'minutes' + option force_unit 'hours' option retry_unit 'seconds' + option check_interval '30' + option force_interval '1' -config service 'DOMAIN_ipv6' - option service_name 'duckdns.org' - option use_ipv6 '1' +config service 'dancio_desec' + option service_name 'desec.io' + option use_ipv6 '0' option enabled '1' - option lookup_host 'DOMAIN.duckdns.org' - option domain 'DOMAIN' - option username 'MYUSER@GITHUB.COM' - option password 'MYTOKEN' - option interface 'wan6' + option lookup_host 'my.dedyn.io' + option domain 'my.dedyn.io' + option username 'my.dedyn.io' + option password 'token' option ip_source 'network' - option ip_network 'wan6' + option interface 'wan' + option use_syslog '2' + option check_interval '15' + option check_unit 'minutes' + option force_interval '1' + option force_unit 'hours' + option retry_unit 'seconds' + option use_https '1' + option ip_network 'wan' diff --git a/settings-configs/BPI-R4/firewall b/settings-configs/BPI-R4/firewall index 776acf3..d6c867a 100644 --- a/settings-configs/BPI-R4/firewall +++ b/settings-configs/BPI-R4/firewall @@ -9,20 +9,20 @@ config defaults config zone 'lan' option name 'lan' - option network 'lan wg_lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' + list network 'lan' + list network 'wg_lan' config zone 'wan' option name 'wan' - list network 'wan' - list network 'wan6' option input 'REJECT' option output 'ACCEPT' - option forward 'REJECT' + option forward 'DROP' option masq '1' option mtu_fix '1' + list network 'wan' config forwarding option src 'lan' @@ -124,23 +124,43 @@ config rule config rule 'wg' option name 'Allow-WireGuard-lan' option src 'wan' - option dest_port '12345' + option dest_port '51820' option proto 'udp' option target 'ACCEPT' +config rule + option name 'Block-Public-DNS-and-force-DoH-DoT' + option src 'lan' + option dest 'wan' + option dest_port '53 853 5353' + option target 'REJECT' + option enabled '0' + config redirect option dest 'lan' option target 'DNAT' - option name 'Divert-DNS, port 53' + option name 'http server' option src 'wan' - option src_dport '53' - option dest_port '53' + option src_dport '3000' + option dest_ip '192.168.88.117' + option dest_port '3000' + option enabled '0' + +config redirect + option dest 'lan' + option target 'DNAT' + option name 'librespeed' + option src 'wan' + option src_dport '8989' + option dest_ip '192.168.88.1' + option dest_port '8989' + option enabled '0' config rule - option name 'Reject-DoT,port 853' + option name 'Block-DNS-from-WAN' + option src 'wan' + option dest_port '53' list proto 'tcp' - option src 'lan' - option dest 'wan' - option dest_port '853' + list proto 'udp' option target 'REJECT' diff --git a/settings-configs/BPI-R4/network-pppoe b/settings-configs/BPI-R4/network-pppoe new file mode 100644 index 0000000..cc0d3d2 --- /dev/null +++ b/settings-configs/BPI-R4/network-pppoe @@ -0,0 +1,72 @@ + +config interface 'loopback' + option device 'lo' + option proto 'static' + list ipaddr '127.0.0.1/8' + +config globals 'globals' + option ula_prefix 'fd7e:38e9:4215::/48' + option packet_steering '1' + option steering_flows '256' + +config device + option name 'br-lan' + option type 'bridge' + list ports 'lan1' + list ports 'lan2' + list ports 'lan3' + list ports 'sfp-lan' + option igmp_snooping '1' + +config interface 'lan' + option device 'br-lan' + option proto 'static' + list ipaddr '192.168.88.1/24' + option ip6assign '60' + +config device + option name 'br-wan' + option type 'bridge' + list ports 'wan' + list ports 'sfp-wan' + +config device + option name 'wan' + +config interface 'wan' + option device 'br-wan.35' + option proto 'pppoe' + option username 'user' + option password 'password' + option ipv6 'auto' + option norelease '1' + +config interface 'wan6' + option device 'br-wan.35' + option proto 'dhcpv6' + option reqaddress 'try' + option reqprefix 'auto' + option norelease '1' + option peerdns '0' + option auto '0' + +# NOTE: usually on BPi-R4 would use br-wan, but below would be an +# example, how it would be for other devices. + +config device + option type '8021q' + option ifname 'br-wan' + option vid '35' + option name 'br-wan.35' + +config device + option type '8021q' + option ifname 'wan' + option vid '35' + option name 'wan.35' + +config device + option type '8021q' + option ifname 'sfp-wan' + option vid '35' + option name 'sfp-wan.35' diff --git a/settings-configs/BPI-R4/qosify-pppoe b/settings-configs/BPI-R4/qosify-pppoe new file mode 100644 index 0000000..23a9f62 --- /dev/null +++ b/settings-configs/BPI-R4/qosify-pppoe @@ -0,0 +1,52 @@ +config defaults + list defaults /etc/qosify/*.conf + option dscp_prio video + option dscp_icmp +besteffort + option dscp_default_udp besteffort + option prio_max_avg_pkt_len 500 + +config class besteffort + option ingress CS0 + option egress CS0 + +config class bulk + option ingress LE + option egress LE + +config class video + option ingress AF41 + option egress AF41 + +config class voice + option ingress CS6 + option egress CS6 + option bulk_trigger_pps 100 + option bulk_trigger_timeout 5 + option dscp_bulk CS0 + +config interface 'wan' + option name 'wan' + option disabled '0' + option bandwidth_up '820mbit' + option bandwidth_down '820mbit' + #### + option overhead_type manual + option overhead 44 + option overhead_mpu 84 + #### + ## https://forum.openwrt.org/t/qosify-new-package-for-dscp-marking-cake/111789/135 + # option overhead_type manual + # option overhead_vlan 1 + # option overhead 44 + #### + option mode 'diffserv4' + option nat '1' + option host_isolate '1' + option autorate_ingress '0' + option ingress_options '' + option egress_options '' + +config device 'wandev' + option disabled '0' + option name 'br-wan.35' + option bandwidth '820mbit' diff --git a/settings-configs/BPI-R4/stubby b/settings-configs/BPI-R4/stubby index da211a6..e2a253c 100644 --- a/settings-configs/BPI-R4/stubby +++ b/settings-configs/BPI-R4/stubby @@ -21,28 +21,19 @@ config stubby 'global' # option command_line_arguments '' # option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20' # option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256' - # option tls_min_version '1.2' - # option tls_max_version '1.3' - + option tls_min_version '1.2' + option tls_max_version '1.3' + option openssl_cryptodev 0 +## NON BLOCKING ### config resolver option address '45.XX.XX.0' - option tls_auth_name 'XXX.dns.nextdns' + option tls_auth_name 'XX.dns.nextdns.io' option tls_port 853 config resolver - option address '2a07:XXX::0' - option tls_auth_name 'XXX.dns.nextdns.io' - option tls_port 853 - -config resolver - option address '9.9.9.11' - option tls_auth_name '1-iabqabaqaaaae.max.rethinkdns.com' - option tls_port 853 - -config resolver - option address '2620:fe::11' - option tls_auth_name '1-iabqabaqaaaae.max.rethinkdns.com' + option address '2a07:XX::0' + option tls_auth_name 'XX.dns.nextdns.io' option tls_port 853 config resolver @@ -65,12 +56,33 @@ config resolver option tls_auth_name 'p1.freedns.controld.com' option tls_port 853 -# config resolver -# option address '1.0.0.1' -# option tls_auth_name 'cloudflare-dns.com' -# # option tls_port 853 -# # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=' -# # option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20' -# # option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256' -# # option tls_min_version '1.2' -# # option tls_max_version '1.3' +config resolver + option address '9.9.9.11' + option tls_auth_name 'ada.openbld.net' + option tls_port 853 + +config resolver + option address '2620:fe::11' + option tls_auth_name 'ada.openbld.net' + option tls_port 853 + +config resolver + option address '9.9.9.11' + option tls_auth_name '1-iabqabaqaaaae.max.rethinkdns.com' + option tls_port 853 + +config resolver + option address '2620:fe::11' + option tls_auth_name '1-iabqabaqaaaae.max.rethinkdns.com' + option tls_port 853 + +### Block smarttv + notrack +#config resolver +# option address '9.9.9.11' +# option tls_auth_name '1-iabqabaqacaae.max.rethinkdns.com' +# option tls_port 853 +# +#config resolver +# option address '2620:fe::11' +# option tls_auth_name '1-iabqabaqacaae.max.rethinkdns.com' +# option tls_port 853 diff --git a/settings-configs/usteer-configs/usteer-almost-ok b/settings-configs/BPI-R4/usteer-configs/usteer-almost-ok similarity index 100% rename from settings-configs/usteer-configs/usteer-almost-ok rename to settings-configs/BPI-R4/usteer-configs/usteer-almost-ok diff --git a/settings-configs/usteer-configs/usteer-band-steering b/settings-configs/BPI-R4/usteer-configs/usteer-band-steering similarity index 100% rename from settings-configs/usteer-configs/usteer-band-steering rename to settings-configs/BPI-R4/usteer-configs/usteer-band-steering diff --git a/settings-configs/usteer-configs/usteer-chatgpt b/settings-configs/BPI-R4/usteer-configs/usteer-chatgpt similarity index 100% rename from settings-configs/usteer-configs/usteer-chatgpt rename to settings-configs/BPI-R4/usteer-configs/usteer-chatgpt diff --git a/settings-configs/usteer-configs/usteer-eko-one b/settings-configs/BPI-R4/usteer-configs/usteer-eko-one similarity index 100% rename from settings-configs/usteer-configs/usteer-eko-one rename to settings-configs/BPI-R4/usteer-configs/usteer-eko-one diff --git a/settings-configs/usteer-configs/usteer-minimal b/settings-configs/BPI-R4/usteer-configs/usteer-minimal similarity index 100% rename from settings-configs/usteer-configs/usteer-minimal rename to settings-configs/BPI-R4/usteer-configs/usteer-minimal diff --git a/settings-configs/usteer-configs/usteer-opkg b/settings-configs/BPI-R4/usteer-configs/usteer-opkg similarity index 100% rename from settings-configs/usteer-configs/usteer-opkg rename to settings-configs/BPI-R4/usteer-configs/usteer-opkg