Skip to content

Latest commit

 

History

History
536 lines (361 loc) · 21.1 KB

README.md

File metadata and controls

536 lines (361 loc) · 21.1 KB

Custom scripts for AsusWRT

This is a collection of custom scripts for AsusWRT firmware that can be used to enhance your router's functionality.

Most of the scripts were tested on RT-AX58U v2 running official 388.2 firmware - there is no guarantee that everything will work on non-AX routers and on lower versions of the firmware.

Some informations were pulled from GPL_RT-AX58U_3.0.0.4.388.22525-gd35b8fe sources as well as RMerl/asuswrt-merlin.ng repository.

A lot of scripts here are based on resources from SNBForums and asuswrt-merlin.ng wiki, big thanks to everyone who made contributions to the community.

Installation

Important

You need a router with USB port when using official firmware to be able to start the scripts. This is not required on Asuswrt-Merlin as you can use services-start script.

Warning

Newer versions of the official firmware have blocked the ability to run scripts using script_usbmount NVRAM variable and require a workaround - look here.

You can check if your router is affected by doing the following:

  • SSH into the router
  • Run set script_usbmount="/bin/touch /tmp/yesitworks" && nvram commit
  • Wait around 15 seconds then execute nvram get script_usbmount - if there is no output then your router is affected
  • Plugin in any USB storage - make sure the router mounts it as storage (needs supported filesystem)
  • Run cat /tmp/yesitworks - if you see No such file or directory message then your router is affected

If your router is affected then apply this workaround first.

Run these commands to install the startup script:

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts-startup.sh" -o /jffs/scripts-startup.sh
chmod +x /jffs/scripts-startup.sh
sh /jffs/scripts-startup.sh install

Then you can proceed to install scripts that you want to use from the section below.

Available scripts

conditional-reboot
cron-queue
custom-configs
disable-diag
disable-wps
dynamic-dns
entware
force-dns
guest-password
hotplug-event
led-control
modify-features
modify-webui
netboot-download
process-killer
rclone-backup
samba-masquerade
service-event
swap
temperature-warning
update-notify
update-scripts
usb-mount
usb-network
vpn-killswitch
wgs-lanonly

Note

You can override config variables for scripts by creating .conf with the same base name as the script (for example: /jffs/scripts/conditional-reboot.conf).
Configuration variables are defined on top of each script - peek into the script to see what's available to change.

Remember to mark the scripts as executable after installing, you can use chmod +x /jffs/scripts/*.sh to do it in one go.


This script will reboot your router at specified time if it's been running for fixed amount of time.

By default, reboot happens at 5AM when uptime exceeds 7 days.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/conditional-reboot.sh" -o /jffs/scripts/conditional-reboot.sh

^ back to the list ^

When running multiple scripts from this repository that run every minute via cron they can cause a CPU spike (and network wide ping spike on weaker devices).
This script will run all "every minute" tasks synchronously which will reduce the CPU load in exchange for task execution delays.

All scripts from this repository integrate with this script and will use it instead of cru when it's available.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/cron-queue.sh" -o /jffs/scripts/cron-queue.sh

^ back to the list ^

This script implements Custom config files from Asuswrt-Merlin firmware that allows you to use custom config files for certain services.

Supported config files
  • avahi-daemon.conf
  • dnsmasq.conf
  • hosts
  • igmpproxy.conf
  • ipsec.conf
  • mcpd.conf
  • minidlna.conf
  • mt-daapd.conf
  • pptpd.conf
  • profile (profile.add only)
  • ripd.conf
  • smb.conf
  • snmpd.conf
  • stubby.yml (stubby.yml.add only)
  • torrc
  • vsftpd.conf
  • upnp
  • zebra.conf
Supported postconf scripts
  • avahi-daemon.postconf
  • dnsmasq.postconf
  • hosts.postconf
  • igmpproxy.postconf
  • ipsec.postconf
  • mcpd.postconf
  • minidlna.postconf
  • mt-daapd.postconf
  • pptpd.postconf
  • ripd.postconf
  • smb.postconf
  • snmpd.postconf
  • stubby.postconf
  • torrc.postconf
  • vsftpd.postconf
  • upnp.postconf
  • zebra.postconf

Important

In postconf scripts you have to reference .new in the file name instead (for example /etc/smb.conf.new), the correct file path will be passed as an argument to the script (just like on Asuswrt-Merlin).

Recommended to use service-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/custom-configs.sh" -o /jffs/scripts/custom-configs.sh

^ back to the list ^

This script prevent conn_diag from (re)starting amas_portstatus which likes to hog the CPU sometimes.

Caution

Do not install this script if you don't have mentioned CPU usage issue.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/disable-diag.sh" -o /jffs/scripts/disable-diag.sh

^ back to the list ^

This script does exactly what you would expect - makes sure WPS stays disabled.

By default, runs check at boot and at 00:00, and when service-event.sh is used it also runs every time wireless is restarted.

Recommended to use service-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/disable-wps.sh" -o /jffs/scripts/disable-wps.sh

^ back to the list ^

This script implements custom DDNS feature from Asuswrt-Merlin firmware that allows you to use custom Inadyn config file.

Script checks every minute for new IP in NVRAM variable wan0_ipaddr.
You can alternatively configure it to use website API like "ipecho.net/plain".

Tip

On Asuswrt-Merlin you should call this script from /jffs/scripts/ddns-start with force argument instead of start.

Important

You might have to install Entware's curl (and ca-bundle) to bypass the security limitations of the one included in the firmware.

Recommended to use service-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/dynamic-dns.sh" -o /jffs/scripts/dynamic-dns.sh

^ back to the list ^

This script installs and enables Entware, even in RAM (/tmp).

Tip

When installing to RAM the script will automatically install specified packages from IN_RAM variable and symlink files from /jffs/entware to /opt.
Create .symlinkthisdir file in directory's root to symlink it directly or .copythisdir to copy it instead.
If you want a single file to be copied then create a file with the same name and .copythisfile extension, e.g. file.txt.copythisfile.

Important

If you want to use HTTPS to download packages you might have to install Entware's wget-ssl and ca-bundle.

Recommended to use hotplug-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/entware.sh" -o /jffs/scripts/entware.sh

^ back to the list ^

This script will force specified DNS server to be used by LAN and Guest WiFi, can also prevent clients from querying the router's DNS server.

This script can be very useful when running Pi-hole in your LAN.

Tip

On Asuswrt-Merlin you should use DNS Director instead.

Recommended to use service-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/force-dns.sh" -o /jffs/scripts/force-dns.sh

^ back to the list ^

This script rotates Guest WiFi passwords.

By default, it rotates passwords for the first network pair at 4AM.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/guest-password.sh" -o /jffs/scripts/guest-password.sh

^ back to the list ^

This script handles hotplug events.

By default, integrates with all scripts present in this repository.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/hotplug-event.sh" -o /jffs/scripts/hotplug-event.sh

^ back to the list ^

Caution

This script might not work on every device with the official firmware, it should work fine on Asuswrt-Merlin.

This script implements scheduled LED control from Asuswrt-Merlin firmware.

By default, LEDs shutdown at 00:00 and turn on at 06:00.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/led-control.sh" -o /jffs/scripts/led-control.sh

^ back to the list ^

This script modifies rc_support NVRAM variable to enable/disable some features, this is mainly for hiding Web UI menus and tabs.

A good place to look for potential values are init.c and state.js files in the firmware sources.

Recommended to use service-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/modify-features.sh" -o /jffs/scripts/modify-features.sh

^ back to the list ^

This script modifies some web UI elements.

Currently applied modifications:

  • display CPU temperature on the system status screen (with realtime updates)
  • show connect QR code on guest network edit screen and hide the passwords on the main screen
  • add notrendmicro rc_support option (to be used with modify-features.sh) that hides all Trend Micro services, Speed Test will be moved to Network Tools menu

Note

Tested only with English language!

Important

The notrendmicro tweak is not available when using Asuswrt-Merlin firmware as it modifies menuTree.js and stores it in a different path.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/modify-webui.sh" -o /jffs/scripts/modify-webui.sh

^ back to the list ^

Automatically download specified bootloader files from netboot.xyz.

Tip

This and custom-configs.sh can help you setup a netboot.xyz PXE server on the router.

Example dnsmasq.conf.add
dhcp-option=66,192.168.1.1
enable-tftp
tftp-no-fail
tftp-root=/tmp/netboot.xyz
dhcp-match=set:bios,option:client-arch,0
dhcp-boot=tag:bios,netboot.xyz.kpxe,,192.168.1.1
dhcp-boot=tag:!bios,netboot.xyz.efi,,192.168.1.1

Replace 192.168.1.1 with your router's IP address.

Important

You might have to install Entware's curl (and ca-bundle) to bypass the security limitations of the one included in the firmware.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/netboot-download.sh" -o /jffs/scripts/netboot-download.sh

^ back to the list ^

This script can kill processes by their names, unfortunately on the official firmware most of them will restart, there is an attempt to prevent that in that script but it is not guaranteed to work.

Caution

Use this script at your own risk.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/process-killer.sh" -o /jffs/scripts/process-killer.sh

^ back to the list ^

This script can backup all NVRAM variables and selected /jffs contents to cloud service using Rclone.

You have to download the binary and place it on the USB drive. If you installed it through the Entware then it will be automatically detected, alternatively it will install it when it detects Entware installation (then remove it after the job is done - this feature is targeted for Entware installation in RAM).

Example backup list that can be used with this script.

Important

If automatic installation of rclone fails then you might have to install Entware's wget (or wget-ssl when using HTTPS) to bypass the security limitations of the firmware one.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/rclone-backup.sh" -o /jffs/scripts/rclone-backup.sh

^ back to the list ^

Enables masquerading for Samba ports to allow VPN clients to connect to your LAN shares.

By default, default networks for WireGuard, OpenVPN and IPSec are allowed.

Recommended to use service-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/samba-masquerade.sh" -o /jffs/scripts/samba-masquerade.sh

^ back to the list ^

This script tries to emulate service-event script from Asuswrt-Merlin firmware but there is no guarantee whenever it will run before or after the event.

By default, integrates with all scripts (when required) present in this repository.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/service-event.sh" -o /jffs/scripts/service-event.sh

^ back to the list ^

This script enables swap file on start, with configurable size and location.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/swap.sh" -o /jffs/scripts/swap.sh

^ back to the list ^

This script will send log message when CPU or WLAN chip temperatures reach specified threshold.

Be default, the treshold is set to 80C.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/temperature-warning.sh" -o /jffs/scripts/temperature-warning.sh

^ back to the list ^

This script will send you a notification when new router firmware is available.

Currently supported notification providers:

Tip

You can test the notifications by using update-notify.sh test (if it works from the cron) and update-notify.sh test now (if it actually sends) commands.

Important

You might have to install Entware's curl (and ca-bundle) to bypass the security limitations of the one included in the firmware.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/update-notify.sh" -o /jffs/scripts/update-notify.sh

^ back to the list ^

This script updates all *.sh scripts present in the /jffs/scripts folder.

This is on-demand script that must be ran manually.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/update-scripts.sh" -o /jffs/scripts/update-scripts.sh

^ back to the list ^

This script will mount any USB storage device in /tmp/mnt directory if for some reason the official firmware does not automount it for you.

Recommended to use hotplug-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/usb-mount.sh" -o /jffs/scripts/usb-mount.sh

^ back to the list ^

This script will add any USB networking gadget to LAN bridge interface, making it member of your LAN network.

This is a great way of running Pi-hole in your network on a Raspberry Pi Zero connected through USB port.

Recommended to use service-event.sh and hotplug-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/usb-network.sh" -o /jffs/scripts/usb-network.sh

^ back to the list ^

This script will prevent your LAN from accessing the internet through the WAN interface.

There might be a small window after router boots and before this script runs when you can connect through the WAN interface but there is no way to avoid this on the official firmware.

Tip

On Asuswrt-Merlin you should use build-in VPN killswitch function instead.

Recommended to use service-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/vpn-killswitch.sh" -o /jffs/scripts/vpn-killswitch.sh

^ back to the list ^

This script will prevent clients connected to WireGuard server from accessing the internet.

Recommended to use service-event.sh as well.

curl -fsSL "https://raw.githubusercontent.com/jacklul/asuswrt-scripts/master/scripts/wgs-lanonly.sh" -o /jffs/scripts/wgs-lanonly.sh

^ back to the list ^