From 2a57e84f5f0eaa5e71ab6b3672b136a1694eda3f Mon Sep 17 00:00:00 2001 From: jessikitty Date: Mon, 15 Dec 2025 11:18:03 +1100 Subject: [PATCH] Update IP configuration and add comprehensive DHCP guide Changes: - OpenWRT IP changed from 10.0.0.246 to 10.0.0.254 (main gateway) - TP-Link AX72 IP changed from 10.0.0.254 to 10.0.0.246 (swapped) - Added comprehensive DHCP configuration section - Added dual DNS options: 10.0.0.245 (filtered) and 10.0.0.254 (unfiltered) - Added boot options (PXE/TFTP) configuration - Added common DHCP options reference (NTP, WINS, domain, static routes, MTU) - Added testing instructions for DHCP options - Updated all IP references throughout the document --- openwrt-adguard-setup.md | 867 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 866 insertions(+), 1 deletion(-) diff --git a/openwrt-adguard-setup.md b/openwrt-adguard-setup.md index ceb2479..ce69a77 100644 --- a/openwrt-adguard-setup.md +++ b/openwrt-adguard-setup.md @@ -1 +1,866 @@ -IyBPcGVuV1JUIEdhdGV3YXkgJiBBZEd1YXJkIEhvbWUgLSBDb21wbGV0ZSBDb25maWd1cmF0aW9uIEd1aWRlCgojIyBOZXR3b3JrIE92ZXJ2aWV3CgoqKk5ldyBOZXR3b3JrIFRvcG9sb2d5OioqCmBgYApDYWJsZSBNb2RlbSDihpIgT3BlbldSVCAoTWFpbiBHYXRld2F5KSDihpIgVFAtTGluayBBcmNoZXIgQVg3MiBQcm8gKEFQIE1vZGUpIOKGkiBEZXZpY2VzCiAgICAgICAgICAgICAgICAgICAg4oaTCiAgICAgICAgICAgICAgQWRHdWFyZCBIb21lICgxMC4wLjAuMjQ1KSAtIEROUyBGaWx0ZXJpbmcKYGBgCgoqKklQIENvbmZpZ3VyYXRpb246KioKLSBPcGVuV1JUIFdBTjogREhDUCBmcm9tIENhYmxlIE1vZGVtIChQdWJsaWMgSVApCi0gT3BlbldSVCBMQU46ICoqMTAuMC4wLjI0NioqIChNYWluIEdhdGV3YXkpCi0gQWRHdWFyZCBIb21lOiAqKjEwLjAuMC4yNDUqKiAoRE5TIFNlcnZlcikKLSBUUC1MaW5rIEFyY2hlciBBWDcyIFBybzogKioxMC4wLjAuMjU0KiogKEFQIE1vZGUsIG5vIHJvdXRpbmcpCi0gREhDUCBSYW5nZTogKioxMC4wLjAuMSAtIDEwLjAuMC4yMDAqKgotIFN1Ym5ldDogKioxMC4wLjAuMC8yNCoqCgoqKlJvbGVzOioqCi0gKipPcGVuV1JUKio6IE1haW4gcm91dGVyLCBnYXRld2F5LCBmaXJld2FsbCwgTkFULCBESENQIHNlcnZlciwgYWNjZXNzIGNvbnRyb2wKLSAqKkFkR3VhcmQqKjogRE5TIGZpbHRlcmluZywgYWQgYmxvY2tpbmcsIHBoaXNoaW5nIHByb3RlY3Rpb24sIHBhcmVudGFsIGNvbnRyb2xzCi0gKipUUC1MaW5rIEFYNzIgUHJvKio6IFdpRmkgNiBhY2Nlc3MgcG9pbnQgKyBFdGhlcm5ldCBzd2l0Y2ggb25seSAobm8gcm91dGluZy9ESENQKQoKLS0tCgojIyBQYXJ0IDE6IE9wZW5XUlQgSW5pdGlhbCBTZXR1cCBhcyBNYWluIEdhdGV3YXkKCiMjIyAxLjEgUGh5c2ljYWwgQ29ubmVjdGlvbiBTZXR1cAoKKipDb25uZWN0aW9uIE9yZGVyOioqCjEuICoqRE8gTk9UIGNvbm5lY3QgY2FibGUgbW9kZW0geWV0KioKMi4gQ29ubmVjdCBjb21wdXRlciB0byBPcGVuV1JUIExBTiBwb3J0IHZpYSBFdGhlcm5ldAozLiBQb3dlciBvbiBPcGVuV1JUCjQuIENvbmZpZ3VyZSBPcGVuV1JUIGNvbXBsZXRlbHkgZmlyc3QKNS4gVGhlbiBjb25uZWN0IHRvIGNhYmxlIG1vZGVtCgojIyMgMS4yIEZpcnN0IExvZ2luIGFuZCBCYXNpYyBDb25maWd1cmF0aW9uCgoxLiAqKkNvbm5lY3QgdG8gT3BlbldSVDoqKgogICAtIENvbm5lY3QgdmlhIEV0aGVybmV0IHRvIGFueSBMQU4gcG9ydAogICAtIERlZmF1bHQgSVA6IGAxOTIuMTY4LjEuMWAKICAgLSBBY2Nlc3MgdmlhIGJyb3dzZXI6IGBodHRwOi8vMTkyLjE2OC4xLjFgCiAgIC0gRGVmYXVsdCBsb2dpbjogYHJvb3RgIChubyBwYXNzd29yZCBpbml0aWFsbHkpCgoyLiAqKlNldCBSb290IFBhc3N3b3JkOioqCiAgIGBgYAogICBTeXN0ZW0g4oaSIEFkbWluaXN0cmF0aW9uIOKGkiBSb3V0ZXIgUGFzc3dvcmQKICAgYGBgCiAgIFNldCBhIHN0cm9uZyBwYXNzd29yZCBpbW1lZGlhdGVseSAoZS5nLiwgMTYrIGNoYXJhY3RlcnMgd2l0aCBudW1iZXJzL3N5bWJvbHMpLgoKMy4gKipTZXQgVGltZXpvbmU6KioKICAgYGBgCiAgIFN5c3RlbSDihpIgU3lzdGVtIOKGkiBHZW5lcmFsIFNldHRpbmdzCiAgIFRpbWV6b25lOiBBdXN0cmFsaWEvTWVsYm91cm5lCiAgIGBgYAoKIyMjIDEuMyBDb25maWd1cmUgV0FOIEludGVyZmFjZSAoSW50ZXJuZXQgQ29ubmVjdGlvbikKCioqVGhpcyBjb25uZWN0cyBPcGVuV1JUIHRvIHlvdXIgY2FibGUgbW9kZW0uKioKCjEuICoqTmF2aWdhdGUgdG8gTmV0d29yayDihpIgSW50ZXJmYWNlcyoqCgoyLiAqKkVkaXQgV0FOIGludGVyZmFjZToqKgogICAtIFByb3RvY29sOiBgREhDUCBjbGllbnRgIChtb3N0IGNhYmxlIG1vZGVtcyB1c2UgREhDUCkKICAgLSBMZWF2ZSBldmVyeXRoaW5nIGRlZmF1bHQgaW5pdGlhbGx5CiAgIC0gQWR2YW5jZWQgU2V0dGluZ3M6CiAgICAgLSDinJMgVXNlIEROUyBzZXJ2ZXJzIGFkdmVydGlzZWQgYnkgcGVlciAod2UnbGwgY2hhbmdlIHRoaXMgbGF0ZXIpCiAgIC0gRmlyZXdhbGwgU2V0dGluZ3M6CiAgICAgLSBDcmVhdGUvQXNzaWduIHRvIGZpcmV3YWxsIHpvbmU6IGB3YW5gCiAgIC0gQ2xpY2sgIlNhdmUiCgozLiAqKklmIHlvdXIgSVNQIHJlcXVpcmVzIHNwZWNpZmljIHNldHRpbmdzOioqCiAgIC0gU29tZSBJU1BzIHJlcXVpcmU6CiAgICAgLSBNQUMgYWRkcmVzcyBjbG9uaW5nICh1c2UgeW91ciBvbGQgcm91dGVyJ3MgTUFDKQogICAgIC0gVkxBTiB0YWdnaW5nCiAgICAgLSBQUFBvRSAodXNlcm5hbWUvcGFzc3dvcmQpCiAgIC0gQ2hlY2sgd2l0aCB5b3VyIElTUCBpZiBjb25uZWN0aW9uIGZhaWxzCgojIyMgMS40IENvbmZpZ3VyZSBMQU4gSW50ZXJmYWNlCgoxLiAqKk5hdmlnYXRlIHRvIE5ldHdvcmsg4oaSIEludGVyZmFjZXMqKgoKMi4gKipFZGl0IExBTiBpbnRlcmZhY2U6KioKICAgLSBQcm90b2NvbDogYFN0YXRpYyBhZGRyZXNzYAogICAtIElQdjQgYWRkcmVzczogYDEwLjAuMC4yNDZgCiAgIC0gSVB2NCBuZXRtYXNrOiBgMjU1LjI1NS4yNTUuMGAgKG9yIC8yNCkKICAgLSBJUHY0IGdhdGV3YXk6IChsZWF2ZSBlbXB0eSAtIHRoaXMgSVMgdGhlIGdhdGV3YXkpCiAgIC0gVXNlIGN1c3RvbSBETlMgc2VydmVyczogYDEwLjAuMC4yNDVgCiAgIC0gQ2xpY2sgIlNhdmUgJiBBcHBseSIKCjMuICoqV2FpdCAzMCBzZWNvbmRzKiosIHRoZW4gcmVjb25uZWN0IHRvOiBgaHR0cDovLzEwLjAuMC4yNDZgCgojIyMgMS41IENvbmZpZ3VyZSBGaXJld2FsbCAmIE5BVAoKMS4gKipOZXR3b3JrIOKGkiBGaXJld2FsbCDihpIgR2VuZXJhbCBTZXR0aW5ncyoqCgoyLiAqKlpvbmU6IFdBTioqCiAgIC0gSW5wdXQ6IGByZWplY3RgCiAgIC0gT3V0cHV0OiBgYWNjZXB0YAogICAtIEZvcndhcmQ6IGByZWplY3RgCiAgIC0g4pyTIE1hc3F1ZXJhZGluZyAoTkFUKSAtICoqQ1JJVElDQUwqKgogICAtIOKckyBNU1MgY2xhbXBpbmcKICAgLSBDb3ZlcmVkIG5ldHdvcmtzOiBgd2FuYCBgd2FuNmAKCjMuICoqWm9uZTogTEFOKioKICAgLSBJbnB1dDogYGFjY2VwdGAKICAgLSBPdXRwdXQ6IGBhY2NlcHRgCiAgIC0gRm9yd2FyZDogYGFjY2VwdGAKICAgLSBNYXNxdWVyYWRpbmc6IHVuY2hlY2tlZAogICAtIENvdmVyZWQgbmV0d29ya3M6IGBsYW5gCgo0LiAqKkZvcndhcmRpbmcgUnVsZXM6KioKICAgLSBBZGQ6IExBTiDihpIgV0FOIChBbGxvdykgLSBzaG91bGQgZXhpc3QgYnkgZGVmYXVsdAogICAtIFZlcmlmeSB0aGlzIHJ1bGUgZXhpc3RzCgo1LiAqKkFkdmFuY2VkIFNldHRpbmdzOioqCiAgIGBgYAogICBFbmFibGUgU1lOLWZsb29kIHByb3RlY3Rpb246IOKckwogICBEcm9wIGludmFsaWQgcGFja2V0czog4pyTCiAgIGBgYAoKNi4gKipTYXZlICYgQXBwbHkqKgoKIyMjIDEuNiBUZXN0IEludGVybmV0IENvbm5lY3Rpb24KCioqTm93IGNvbm5lY3QgdGhlIGNhYmxlIG1vZGVtOioqCgoxLiAqKkNvbm5lY3QgY2FibGUgbW9kZW0gdG8gT3BlbldSVCBXQU4gcG9ydCoqCjIuICoqV2FpdCA2MCBzZWNvbmRzKiogZm9yIG1vZGVtIHRvIGFzc2lnbiBJUAozLiAqKkNoZWNrIGNvbm5lY3Rpb246KioKICAgYGBgCiAgIE5ldHdvcmsg4oaSIEludGVyZmFjZXMg4oaSIFdBTgogICBgYGAKICAgLSBTaG91bGQgc2hvdyBwdWJsaWMgSVAgYWRkcmVzcwogICAtIFNob3VsZCBzaG93ICJDb25uZWN0ZWQiIHN0YXR1cwoKNC4gKipUZXN0IGZyb20gT3BlbldSVDoqKgogICAtIEdvIHRvIE5ldHdvcmsg4oaSIERpYWdub3N0aWNzCiAgIC0gUGluZyB0ZXN0OiBgOC44LjguOGAgKHNob3VsZCB3b3JrKQogICAtIFBpbmcgdGVzdDogYGdvb2dsZS5jb21gIChzaG91bGQgd29yaykKCjUuICoqSWYgY29ubmVjdGlvbiBmYWlsczoqKgogICAtIENoZWNrIGNhYmxlIG1vZGVtIGlzIG9ubGluZSAobGlnaHRzIHN0YWJsZSkKICAgLSBUcnkgcmVib290aW5nIGNhYmxlIG1vZGVtICh1bnBsdWcgMzAgc2Vjb25kcykKICAgLSBDaGVjayBXQU4gaW50ZXJmYWNlIHNldHRpbmdzCiAgIC0gU29tZSBJU1BzIHJlcXVpcmUgTUFDIGNsb25pbmcgKHNlZSBTZWN0aW9uIDEuOSkKCiMjIyAxLjcgVXBkYXRlIE9wZW5XUlQKCioqQmVmb3JlIGNvbnRpbnVpbmcsIHVwZGF0ZSBwYWNrYWdlczoqKgoKU1NIIGludG8gT3BlbldSVDoKYGBgYmFzaApzc2ggcm9vdEAxMC4wLjAuMjQ2CmBgYAoKVXBkYXRlIHBhY2thZ2UgbGlzdHM6CmBgYGJhc2gKb3BrZyB1cGRhdGUKb3BrZyBsaXN0LXVwZ3JhZGFibGUKb3BrZyB1cGdyYWRlIFtwYWNrYWdlLW5hbWVdCmBgYAoKT3IgdXBkYXRlIGFsbCAoYmUgY2FyZWZ1bCwgdGVzdCBmaXJzdCk6CmBgYGJhc2gKb3BrZyBsaXN0LXVwZ3JhZGFibGUgfCBjdXQgLWQgJyAnIC1mIDEgfCB4YXJncyBvcGtnIHVwZ3JhZGUKYGBgCgojIyMgMS44IEluc3RhbGwgRXNzZW50aWFsIFBhY2thZ2VzCgpgYGBiYXNoCiMgRmlyZXdhbGwgYW5kIG5ldHdvcmsgdG9vbHMKb3BrZyBpbnN0YWxsIGx1Y2ktYXBwLWZpcmV3YWxsCm9wa2cgaW5zdGFsbCBpcHRhYmxlcy1tb2QtZXh0cmEKb3BrZyBpbnN0YWxsIGlwc2V0CgojIE1vbml0b3JpbmcgdG9vbHMKb3BrZyBpbnN0YWxsIGx1Y2ktYXBwLW5sYndtb24gICAgIyBCYW5kd2lkdGggbW9uaXRvcmluZwpvcGtnIGluc3RhbGwgbHVjaS1hcHAtc3RhdGlzdGljcyAgIyBTeXN0ZW0gc3RhdHMKCiMgSFRUUFMgZm9yIHdlYiBpbnRlcmZhY2UgKHJlY29tbWVuZGVkKQpvcGtnIGluc3RhbGwgbHVjaS1zc2wtb3BlbnNzbAoKIyBBZGRpdGlvbmFsIHVzZWZ1bCB0b29scwpvcGtnIGluc3RhbGwgdGNwZHVtcCAgICAgICAgICAgICAgIyBOZXR3b3JrIGRlYnVnZ2luZwpvcGtnIGluc3RhbGwgaXBlcmYzICAgICAgICAgICAgICAjIFNwZWVkIHRlc3RpbmcKYGBgCgojIyMgMS45IE1BQyBBZGRyZXNzIENsb25pbmcgKElmIFJlcXVpcmVkKQoKU29tZSBJU1BzIGJpbmQgdG8geW91ciBwcmV2aW91cyByb3V0ZXIncyBNQUMgYWRkcmVzcy4KCjEuICoqRmluZCB5b3VyIG9sZCByb3V0ZXIncyBXQU4gTUFDIGFkZHJlc3MqKgogICAtIFVzdWFsbHkgb24gYSBzdGlja2VyIG9uIHRoZSBUUC1MaW5rCiAgIC0gT3IgZnJvbSBUUC1MaW5rIGFkbWluIGludGVyZmFjZQoKMi4gKipDbG9uZSBNQUMgaW4gT3BlbldSVDoqKgogICBgYGAKICAgTmV0d29yayDihpIgSW50ZXJmYWNlcyDihpIgV0FOIOKGkiBFZGl0CiAgIEFkdmFuY2VkIFNldHRpbmdzOgogICAtIE92ZXJyaWRlIE1BQyBhZGRyZXNzOiBbZW50ZXIgb2xkIHJvdXRlcidzIE1BQ10KICAgU2F2ZSAmIEFwcGx5CiAgIGBgYAoKMy4gKipSZWJvb3QgY2FibGUgbW9kZW0gYW5kIE9wZW5XUlQqKgoKLS0tCgojIyBQYXJ0IDI6IERIQ1AgU2VydmVyIENvbmZpZ3VyYXRpb24KCiMjIyAyLjEgQmFzaWMgREhDUCBTZXR0aW5ncwoKMS4gKipOYXZpZ2F0ZSB0byBOZXR3b3JrIOKGkiBESENQIGFuZCBETlMqKgoKMi4gKipHZW5lcmFsIFNldHRpbmdzIHRhYjoqKgogICAtIOKckyBBdXRob3JpdGF0aXZlIChPcGVuV1JUIGlzIG5vdyB0aGUgb25seSBESENQIHNlcnZlcikKICAgLSBETlMgZm9yd2FyZGluZ3M6IGAxMC4wLjAuMjQ1YAogICAtIEROUyBzZXJ2ZXIgcG9ydDogYDUzYAogICAtIExvY2FsIHNlcnZlcjogYC9sYW4vYAogICAtIExvY2FsIGRvbWFpbjogYGxhbmAgKG9yIHlvdXIgcHJlZmVyZW5jZSBsaWtlIGBob21lLmxvY2FsYCkKICAgLSBDbGljayAiU2F2ZSIKCjMuICoqQWR2YW5jZWQgU2V0dGluZ3M6KioKICAgLSBSZWJpbmQgcHJvdGVjdGlvbjog4pyTCiAgIC0gRG9tYWluIHdoaXRlbGlzdDogKGxlYXZlIGVtcHR5IHVubGVzcyBuZWVkZWQpCiAgIC0gU3RyaWN0IG9yZGVyOiDinJMgKHVzZXMgRE5TIHNlcnZlcnMgaW4gb3JkZXIpCgojIyMgMi4yIERIQ1AgUG9vbCBDb25maWd1cmF0aW9uCgoxLiAqKk5ldHdvcmsg4oaSIEludGVyZmFjZXMg4oaSIExBTiDihpIgRWRpdCDihpIgREhDUCBTZXJ2ZXIgdGFiKioKCjIuICoqR2VuZXJhbCBTZXR1cDoqKgogICAtIOKckyBJZ25vcmUgaW50ZXJmYWNlOiBVbmNoZWNrIChlbmFibGUgREhDUCkKICAgLSBTdGFydDogYDFgCiAgIC0gTGltaXQ6IGAyMDBgCiAgIC0gTGVhc2UgdGltZTogYDEyaGAgKG9yIGAyNGhgIGZvciBzdGFiaWxpdHkpCgozLiAqKkFkdmFuY2VkIFNldHRpbmdzOioqCiAgIC0gRHluYW1pYyBESENQOiDinJMKICAgLSBGb3JjZTog4pyTIChwcmV2ZW50cyBkZXZpY2VzIGZyb20gdXNpbmcgc3RhdGljIElQcyBpbiBESENQIHJhbmdlKQoKNC4gKipESENQIE9wdGlvbnM6KioKICAgLSBBZGQgb3B0aW9uIGAzLDEwLjAuMC4yNDZgIChHYXRld2F5IC0gc2hvdWxkIGJlIGRlZmF1bHQpCiAgIC0gQWRkIG9wdGlvbiBgNiwxMC4wLjAuMjQ1YCAoRE5TIFNlcnZlcikKICAgLSBBZGQgb3B0aW9uIGA0MiwxMC4wLjAuMjQ1YCAoTlRQIFNlcnZlciAtIG9wdGlvbmFsKQoKIyMjIDIuMyBTdGF0aWMgTGVhc2VzIENvbmZpZ3VyYXRpb24KCjEuICoqTmF2aWdhdGUgdG8gTmV0d29yayDihpIgREhDUCBhbmQgRE5TIOKGkiBTdGF0aWMgTGVhc2VzKioKCjIuICoqQWRkIENyaXRpY2FsIFN0YXRpYyBMZWFzZXM6KioKCioqQWRHdWFyZCBIb21lOioqCmBgYApIb3N0bmFtZTogYWRndWFyZApNQUMgQWRkcmVzczogW0FkR3VhcmQgc2VydmVyIE1BQ10KSVB2NCBhZGRyZXNzOiAxMC4wLjAuMjQ1CkxlYXNlIHRpbWU6IGluZmluaXRlCmBgYAoKKipUUC1MaW5rIEFyY2hlciBBWDcyIFBybzoqKgpgYGAKSG9zdG5hbWU6IHRwbGluay1hcApNQUMgQWRkcmVzczogW1RQLUxpbmsgV0FOL0xBTiBNQUNdCklQdjQgYWRkcmVzczogMTAuMC4wLjI1NApMZWFzZSB0aW1lOiBpbmZpbml0ZQpgYGAKCioqSG9tZUFzc2lzdGFudCAoaWYgYXBwbGljYWJsZSk6KioKYGBgCkhvc3RuYW1lOiBob21lYXNzaXN0YW50Ck1BQyBBZGRyZXNzOiBbSEEgTUFDXQpJUHY0IGFkZHJlc3M6IDEwLjAuMC41NQpMZWFzZSB0aW1lOiBpbmZpbml0ZQpgYGAKCioqT3RoZXIgc2VydmVycy9kZXZpY2VzOioqCmBgYApOQVM6IDEwLjAuMC42MApQcmludGVyOiAxMC4wLjAuNzAKRGVza3RvcDogMTAuMC4wLjEwMQpMYXB0b3A6IDEwLjAuMC4xMDIKYGBgCgojIyMgMi40IFBlci1EZXZpY2UgRE5TIENvbmZpZ3VyYXRpb24gKEZvciBQYXJlbnRhbCBDb250cm9scykKCioqTWV0aG9kOiBWaWEgQ29uZmlnIEZpbGUqKgoKU1NIIGludG8gT3BlbldSVCBhbmQgZWRpdCBgL2V0Yy9jb25maWcvZGhjcGA6CgpgYGBiYXNoCnZpIC9ldGMvY29uZmlnL2RoY3AKYGBgCgpBZGQgaG9zdCBjb25maWd1cmF0aW9uczoKCmBgYGJhc2gKIyBTdGFuZGFyZCBhZHVsdCBkZXZpY2UgLSB1c2VzIEFkR3VhcmQgd2l0aCBmdWxsIGZpbHRlcmluZwpjb25maWcgaG9zdAogICAgb3B0aW9uIG5hbWUgJ2xhcHRvcCcKICAgIG9wdGlvbiBtYWMgJzExOjIyOjMzOjQ0OjU1OjY2JwogICAgb3B0aW9uIGlwICcxMC4wLjAuMTAxJwogICAgb3B0aW9uIGRucyAnMTAuMC4wLjI0NScKCiMgS2lkcyBkZXZpY2UgLSB1c2VzIEFkR3VhcmQgd2l0aCBwYXJlbnRhbCBjb250cm9scwpjb25maWcgaG9zdAogICAgb3B0aW9uIG5hbWUgJ2tpZHMtdGFibGV0JwogICAgb3B0aW9uIG1hYyAnQUE6QkI6Q0M6REQ6RUU6RkYnCiAgICBvcHRpb24gaXAgJzEwLjAuMC4xMDAnCiAgICBvcHRpb24gZG5zICcxMC4wLjAuMjQ1JwogICAgb3B0aW9uIHRhZyAna2lkcycKCiMgV29yay91bmZpbHRlcmVkIGRldmljZSAtIGJ5cGFzc2VzIEFkR3VhcmQKY29uZmlnIGhvc3QKICAgIG9wdGlvbiBuYW1lICd3b3JrLWxhcHRvcCcKICAgIG9wdGlvbiBtYWMgJzc3Ojg4Ojk5OkFBOkJCOkNDJwogICAgb3B0aW9uIGlwICcxMC4wLjAuMTUwJwogICAgb3B0aW9uIGRucyAnMS4xLjEuMSA4LjguOC44JwpgYGAKClJlc3RhcnQgZG5zbWFzcToKYGBgYmFzaAovZXRjL2luaXQuZC9kbnNtYXNxIHJlc3RhcnQKYGBgCgoqKk5vdGU6KiogV2UnbGwgY29uZmlndXJlIEFkR3VhcmQgdG8gaGFuZGxlIGRpZmZlcmVudCBmaWx0ZXJpbmcgbGV2ZWxzIGZvciBraWRzIHZzIGFkdWx0cyBpbiBQYXJ0IDUuCgotLS0KCiMjIFBhcnQgMzogQWNjZXNzIENvbnRyb2wgJiBEZXZpY2UgQmxvY2tpbmcKCiMjIyAzLjEgQ3JlYXRlIERldmljZSBCbG9ja2luZyBTeXN0ZW0KClRoaXMgYWxsb3dzIHlvdSB0byBibG9jayBpbnRlcm5ldCBhY2Nlc3MgZm9yIHNwZWNpZmljIGRldmljZXMuCgoqKkNyZWF0ZSB0aGUgbWFuYWdlbWVudCBzY3JpcHQqKiBgL3Jvb3QvZGV2aWNlLWNvbnRyb2wuc2hgOgoKYGBgYmFzaAojIS9iaW4vc2gKIyBEZXZpY2UgQWNjZXNzIENvbnRyb2wgU2NyaXB0IGZvciBPcGVuV1JUCiMgVXNhZ2U6IC4vZGV2aWNlLWNvbnRyb2wuc2gge2luaXR8YmxvY2t8dW5ibG9ja3xsaXN0fHN0YXR1c3xsb2d8Y2xlYXJ8aGVscH0KCklQU0VUX05BTUU9ImJsb2NrZWRfZGV2aWNlcyIKTE9HX0ZJTEU9Ii92YXIvbG9nL2RldmljZS1jb250cm9sLmxvZyIKCmluaXRfc3lzdGVtKCkgewogICAgZWNobyAiSW5pdGlhbGl6aW5nIGRldmljZSBibG9ja2luZyBzeXN0ZW0uLi4iCiAgICAKICAgICMgQ3JlYXRlIGlwc2V0IGlmIGl0IGRvZXNuJ3QgZXhpc3QKICAgIGlwc2V0IGNyZWF0ZSAkSVBTRVRfTkFNRSBoYXNoOmlwIHRpbWVvdXQgMCBjb21tZW50IC1leGlzdAogICAgCiAgICAjIENyZWF0ZSBmaXJld2FsbCBydWxlIGlmIGl0IGRvZXNuJ3QgZXhpc3QKICAgIGlmICEgaXB0YWJsZXMgLUMgRk9SV0FSRCAtbSBzZXQgLS1tYXRjaC1zZXQgJElQU0VUX05BTUUgc3JjIC1qIFJFSkVDVCAyPi9kZXYvbnVsbDsgdGhlbgogICAgICAgIGlwdGFibGVzIC1JIEZPUldBUkQgMSAtbSBzZXQgLS1tYXRjaC1zZXQgJElQU0VUX05BTUUgc3JjIC1qIFJFSkVDVAogICAgICAgIGVjaG8gIkZpcmV3YWxsIHJ1bGUgY3JlYXRlZCIKICAgIGVsc2UKICAgICAgICBlY2hvICJGaXJld2FsbCBydWxlIGFscmVhZHkgZXhpc3RzIgogICAgZmkKICAgIAogICAgZWNobyAiU3lzdGVtIGluaXRpYWxpemVkIHN1Y2Nlc3NmdWxseSIKICAgIGVjaG8gIiQoZGF0ZSk6IFN5c3RlbSBpbml0aWFsaXplZCIgPj4gJExPR19GSUxFCn0KCmJsb2NrX2RldmljZSgpIHsKICAgIElQPSQxCiAgICBOQU1FPSQyCiAgICAKICAgIGlmIFsgLXogIiRJUCIgXTsgdGhlbgogICAgICAgIGVjaG8gIkVycm9yOiBJUCBhZGRyZXNzIHJlcXVpcmVkIgogICAgICAgIGVjaG8gIlVzYWdlOiAkMCBibG9jayA8SVA+IFtOQU1FXSIKICAgICAgICBleGl0IDEKICAgIGZpCiAgICAKICAgICMgQWRkIHRvIGlwc2V0IHdpdGggY29tbWVudAogICAgaWYgWyAtbiAiJE5BTUUiIF07IHRoZW4KICAgICAgICBpcHNldCBhZGQgJElQU0VUX05BTUUgJElQIGNvbW1lbnQgIiROQU1FIiAtZXhpc3QKICAgICAgICBlY2hvICLinJMgQmxvY2tlZDogJE5BTUUgKCRJUCkiCiAgICAgICAgZWNobyAiJChkYXRlKTogQmxvY2tlZCAkTkFNRSAoJElQKSIgPj4gJExPR19GSUxFCiAgICBlbHNlCiAgICAgICAgaXBzZXQgYWRkICRJUFNFVF9OQU1FICRJUCAtZXhpc3QKICAgICAgICBlY2hvICLinJMgQmxvY2tlZDogJElQIgogICAgICAgIGVjaG8gIiQoZGF0ZSk6IEJsb2NrZWQgJElQIiA+PiAkTE9HX0ZJTEUKICAgIGZpCn0KCnVuYmxvY2tfZGV2aWNlKCkgewogICAgSVA9JDEKICAgIE5BTUU9JDIKICAgIAogICAgaWYgWyAteiAiJElQIiBdOyB0aGVuCiAgICAgICAgZWNobyAiRXJyb3I6IElQIGFkZHJlc3MgcmVxdWlyZWQiCiAgICAgICAgZWNobyAiVXNhZ2U6ICQwIHVuYmxvY2sgPElQPiBbTkFNRV0iCiAgICAgICAgZXhpdCAxCiAgICBmaQogICAgCiAgICAjIFJlbW92ZSBmcm9tIGlwc2V0CiAgICBpZiBpcHNldCB0ZXN0ICRJUFNFVF9OQU1FICRJUCAyPi9kZXYvbnVsbDsgdGhlbgogICAgICAgIGlwc2V0IGRlbCAkSVBTRVRfTkFNRSAkSVAKICAgICAgICBpZiBbIC1uICIkTkFNRSIgXTsgdGhlbgogICAgICAgICAgICBlY2hvICLinJMgVW5ibG9ja2VkOiAkTkFNRSAoJElQKSIKICAgICAgICAgICAgZWNobyAiJChkYXRlKTogVW5ibG9ja2VkICROQU1FICgkSVApIiA+PiAkTE9HX0ZJTEUKICAgICAgICBlbHNlCiAgICAgICAgICAgIGVjaG8gIuKckyBVbmJsb2NrZWQ6ICRJUCIKICAgICAgICAgICAgZWNobyAiJChkYXRlKTogVW5ibG9ja2VkICRJUCIgPj4gJExPR19GSUxFCiAgICAgICAgZmkKICAgIGVsc2UKICAgICAgICBlY2hvICLinJcgRGV2aWNlICRJUCB3YXMgbm90IGJsb2NrZWQiCiAgICBmaQp9CgpsaXN0X2RldmljZXMoKSB7CiAgICBlY2hvICI9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PSIKICAgIGVjaG8gIkN1cnJlbnRseSBCbG9ja2VkIERldmljZXM6IgogICAgZWNobyAiPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0iCiAgICBpcHNldCBsaXN0ICRJUFNFVF9OQU1FIHwgZ3JlcCAtQSAxMDAwICJNZW1iZXJzOiIgfCB0YWlsIC1uICsyCiAgICBDT1VOVD0kKGlwc2V0IGxpc3QgJElQU0VUX05BTUUgfCBncmVwIC1BIDEwMDAgIk1lbWJlcnM6IiB8IHRhaWwgLW4gKzIgfCB3YyAtbCkKICAgIGVjaG8gIj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09IgogICAgZWNobyAiVG90YWwgYmxvY2tlZDogJENPVU5UIGRldmljZShzKSIKfQoKY2hlY2tfc3RhdHVzKCkgewogICAgSVA9JDEKICAgIAogICAgaWYgWyAteiAiJElQIiBdOyB0aGVuCiAgICAgICAgZWNobyAiRXJyb3I6IElQIGFkZHJlc3MgcmVxdWlyZWQiCiAgICAgICAgZWNobyAiVXNhZ2U6ICQwIHN0YXR1cyA8SVA+IgogICAgICAgIGV4aXQgMQogICAgZmkKICAgIAogICAgaWYgaXBzZXQgdGVzdCAkSVBTRVRfTkFNRSAkSVAgMj4vZGV2L251bGw7IHRoZW4KICAgICAgICBlY2hvICLwn5S0ICRJUCBpcyBCTE9DS0VEIgogICAgZWxzZQogICAgICAgIGVjaG8gIvCfn6IgJElQIGlzIEFMTE9XRUQiCiAgICBmaQp9Cgp2aWV3X2xvZygpIHsKICAgIGlmIFsgLWYgIiRMT0dfRklMRSIgXTsgdGhlbgogICAgICAgIGVjaG8gIj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09IgogICAgICAgIGVjaG8gIkxhc3QgNTAgQWN0aW9uczoiCiAgICAgICAgZWNobyAiPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0iCiAgICAgICAgdGFpbCAtNTAgJExPR19GSUxFCiAgICBlbHNlCiAgICAgICAgZWNobyAiTm8gbG9nIGZpbGUgZm91bmQiCiAgICBmaQp9CgpjbGVhcl9hbGwoKSB7CiAgICBlY2hvICLimqDvuI8gIFdBUk5JTkc6IFRoaXMgd2lsbCB1bmJsb2NrIEFMTCBkZXZpY2VzISIKICAgIGVjaG8gLW4gIkFyZSB5b3Ugc3VyZT8gKHllcy9ubyk6ICIKICAgIHJlYWQgQ09ORklSTQogICAgCiAgICBpZiBbICIkQ09ORklSTSIgPSAieWVzIiBdOyB0aGVuCiAgICAgICAgaXBzZXQgZmx1c2ggJElQU0VUX05BTUUKICAgICAgICBlY2hvICLinJMgQWxsIGRldmljZXMgdW5ibG9ja2VkIgogICAgICAgIGVjaG8gIiQoZGF0ZSk6IEFsbCBkZXZpY2VzIHVuYmxvY2tlZCIgPj4gJExPR19GSUxFCiAgICBlbHNlCiAgICAgICAgZWNobyAiQ2FuY2VsbGVkIgogICAgZmkKfQoKc2hvd19oZWxwKCkgewogICAgY2F0IDw8IEVPRQPEZXZPY2UgQWNjZXNzIENvbnRyb2wgU2NyaXB0CgpVc2FnZToKICAkMCBpbml0ICAgICAgICAgICAgICAgICAgICAtIEluaXRpYWxpemUgYmxvY2tpbmcgc3lzdGVtCiAgJDAgYmxvY2sgPElQPiBbTkFNRV0gICAgICAgLSBCbG9jayBhIGRldmljZQogICQwIHVuYmxvY2sgPElQPiBbTkFNRV0gICAgIC0gVW5ibG9jayBhIGRldmljZQogICQwIGxpc3QgICAgICAgICAgICAgICAgICAgIC0gTGlzdCBhbGwgYmxvY2tlZCBkZXZpY2VzCiAgJDAgc3RhdHVzIDxJUD4gICAgICAgICAgICAgLSBDaGVjayBpZiBkZXZpY2UgaXMgYmxvY2tlZAogICQwIGxvZyAgICAgICAgICAgICAgICAgICAgIC0gVmlldyBhY3Rpb24gbG9nCiAgJDAgY2xlYXIgICAgICAgICAgICAgICAgICAgLSBDbGVhciBhbGwgYmxvY2tzICh3aXRoIGNvbmZpcm1hdGlvbikKICAkMCBoZWxwICAgICAgICAgICAgICAgICAgICAtIFNob3cgdGhpcyBoZWxwCgpFeGFtcGxlczoKICAkMCBibG9jayAxMC4wLjAuMTAwICJLaWRzIFRhYmxldCIKICAkMCB1bmJsb2NrIDEwLjAuMC4xMDAKICAkMCBzdGF0dXMgMTAuMC4wLjEwMAogICQwIGxpc3QKCkVPRgp9CgojIE1haW4gc2NyaXB0IGxvZ2ljCmNhc2UgIiQxIiBpbgogICAgaW5pdCkKICAgICAgICBpbml0X3N5c3RlbQogICAgICAgIDs7CiAgICBibG9jaykKICAgICAgICBibG9ja19kZXZpY2UgIiQyIiAiJDMiCiAgICAgICAgOzsKICAgIHVuYmxvY2spCiAgICAgICAgdW5ibG9ja19kZXZpY2UgIiQyIiAiJDMiCiAgICAgICAgOzsKICAgIGxpc3QpCiAgICAgICAgbGlzdF9kZXZpY2VzCiAgICAgICAgOzsKICAgIHN0YXR1cykKICAgICAgICBjaGVja19zdGF0dXMgIiQyIgogICAgICAgIDs7CiAgICBsb2cpCiAgICAgICAgdmlld19sb2cKICAgICAgICA7OwogICAgY2xlYXIpCiAgICAgICAgY2xlYXJfYWxsCiAgICAgICAgOzsKICAgIGhlbHB8LS1oZWxwfC1oKQogICAgICAgIHNob3dfaGVscAogICAgICAgIDs7CiAgICAqKQogICAgICAgIGVjaG8gIkVycm9yOiBJbnZhbGlkIGNvbW1hbmQiCiAgICAgICAgc2hvd19oZWxwCiAgICAgICAgZXhpdCAxCiAgICAgICAgOzsKZXNhYwpgYGAKCioqSW5zdGFsbCB0aGUgc2NyaXB0OioqCgpgYGBiYXNoCiMgU1NIIGludG8gT3BlbldSVApzc2ggcm9vdEAxMC4wLjAuMjQ2CgojIENyZWF0ZSB0aGUgc2NyaXB0CnZpIC9yb290L2RldmljZS1jb250cm9sLnNoCiMgUGFzdGUgdGhlIGNvbnRlbnQgYWJvdmUKCiMgTWFrZSBleGVjdXRhYmxlCmNobW9kICt4IC9yb290L2RldmljZS1jb250cm9sLnNoCgojIEluaXRpYWxpemUgdGhlIHN5c3RlbQovcm9vdC9kZXZpY2UtY29udHJvbC5zaCBpbml0CmBgYAoKIyMjIDMuMiBNYWtlIEJsb2NraW5nIFBlcnNpc3RlbnQKCkFkZCB0byBgL2V0Yy9maXJld2FsbC51c2VyYCB0byBzdXJ2aXZlIHJlYm9vdHM6CgpgYGBiYXNoCnZpIC9ldGMvZmlyZXdhbGwudXNlcgpgYGAKCkFkZDoKYGBgYmFzaAojIERldmljZSBibG9ja2luZyBzeXN0ZW0gLSBwZXJzaXN0ZW50IGFjcm9zcyByZWJvb3RzCmlwc2V0IGNyZWF0ZSBibG9ja2VkX2RldmljZXMgaGFzaDppcCB0aW1lb3V0IDAgY29tbWVudCAtZXhpc3QKaXB0YWJsZXMgLUkgRk9SV0FSRCAtbSBzZXQgLS1tYXRjaC1zZXQgYmxvY2tlZF9kZXZpY2VzIHNyYyAtaiBSRUpFQ1QKYGBgCgpSZXN0YXJ0IGZpcmV3YWxsOgpgYGBiYXNoCi9ldGMvaW5pdC5kL2ZpcmV3YWxsIHJlc3RhcnQKYGBgCgojIyMgMy4zIFVzYWdlIEV4YW1wbGVzCgpgYGBiYXNoCiMgQmxvY2sga2lkcyB0YWJsZXQgYXQgYmVkdGltZQovcm9vdC9kZXZpY2UtY29udHJvbC5zaCBibG9jayAxMC4wLjAuMTAwICJLaWRzIFRhYmxldCIKCiMgVW5ibG9jayBpbiB0aGUgbW9ybmluZwovcm9vdC9kZXZpY2UtY29udHJvbC5zaCB1bmJsb2NrIDEwLjAuMC4xMDAKCiMgQ2hlY2sgaWYgZGV2aWNlIGlzIGJsb2NrZWQKL3Jvb3QvZGV2aWNlLWNvbnRyb2wuc2ggc3RhdHVzIDEwLjAuMC4xMDAKCiMgTGlzdCBhbGwgY3VycmVudGx5IGJsb2NrZWQgZGV2aWNlcwovcm9vdC9kZXZpY2UtY29udHJvbC5zaCBsaXN0CgojIFZpZXcgYWN0aW9uIGhpc3RvcnkKL3Jvb3QvZGV2aWNlLWNvbnRyb2wuc2ggbG9nCmBgYAoKIyMjIDMuNCBTY2hlZHVsZWQgQWNjZXNzIENvbnRyb2wgKEF1dG9tYXRpYyBCbG9ja2luZykKClNldCB1cCBhdXRvbWF0aWMgYmxvY2tpbmcvdW5ibG9ja2luZyB2aWEgY3JvbjoKCmBgYGJhc2gKY3JvbnRhYiAtZQpgYGAKCkFkZCBlbnRyaWVzOgpgYGBjcm9uCiMgQmxvY2sga2lkcyBkZXZpY2VzIGF0IDkgUE0gZXZlcnkgZGF5CjAgMjEgKiAqICogL3Jvb3QvZGV2aWNlLWNvbnRyb2wuc2ggYmxvY2sgMTAuMC4wLjEwMCAiS2lkcyBUYWJsZXQiCjAgMjEgKiAqICogL3Jvb3QvZGV2aWNlLWNvbnRyb2wuc2ggYmxvY2sgMTAuMC4wLjExMCAiR2FtaW5nIENvbnNvbGUiCgojIFVuYmxvY2sga2lkcyBkZXZpY2VzIGF0IDcgQU0gZXZlcnkgZGF5CjAgNyAqICogKiAvcm9vdC9kZXZpY2UtY29udHJvbC5zaCB1bmJsb2NrIDEwLjAuMC4xMDAKMCA3ICogKiAqIC9yb290L2RldmljZS1jb250cm9sLnNoIHVuYmxvY2sgMTAuMC4wLjExMAoKIyBCbG9jayBnYW1pbmcgZGV2aWNlcyBkdXJpbmcgc2Nob29sIGhvdXJzIChNb24tRnJpIDggQU0gLSAzIFBNKQowIDggKiAqIDEtNSAvcm9vdC9kZXZpY2UtY29udHJvbC5zaCBibG9jayAxMC4wLjAuMTEwICJHYW1pbmcgQ29uc29sZSIKMCAxNSAqICogMS01IC9yb290L2RldmljZS1jb250cm9sLnNoIHVuYmxvY2sgMTAuMC4wLjExMAoKIyBXZWVrZW5kIGdhbWluZyBsaW1pdHMgKG5vb24tOHBtIG9ubHkgb24gU2F0L1N1bikKMCAyMCAqICogNiwwIC9yb290L2RldmljZS1jb250cm9sLnNoIGJsb2NrIDEwLjAuMC4xMTAgIkdhbWluZyBDb25zb2xlIgowIDEyICogKiA2LDAgL3Jvb3QvZGV2aWNlLWNvbnRyb2wuc2ggdW5ibG9jayAxMC4wLjAuMTEwCmBgYAoKLS0tCgojIyBQYXJ0IDQ6IFRQLUxpbmsgQXJjaGVyIEFYNzIgUHJvIENvbmZpZ3VyYXRpb24gKEFQIE1vZGUpCgoqKkFib3V0IFdpRmkgNiAoODAyLjExYXgpOioqCgpUaGUgVFAtTGluayBBcmNoZXIgQVg3MiBQcm8gaXMgYSBXaUZpIDYgcm91dGVyIHdpdGggc2lnbmlmaWNhbnQgYWR2YW50YWdlcyBvdmVyIG9sZGVyIFdpRmkgNSAoODAyLjExYWMpIGRldmljZXM6CgoqKkJlbmVmaXRzOioqCi0gKipGYXN0ZXIgc3BlZWRzKio6IFVwIHRvIDI0MDIgTWJwcyBvbiA1R0h6LCA1NzQgTWJwcyBvbiAyLjRHSHoKLSAqKkJldHRlciBlZmZpY2llbmN5Kio6IE9GRE1BIGFsbG93cyBtdWx0aXBsZSBkZXZpY2VzIHRvIHNoYXJlIGNoYW5uZWxzIGVmZmljaWVudGx5Ci0gKipJbXByb3ZlZCByYW5nZSoqOiBCZXR0ZXIgcGVyZm9ybWFuY2UgYXQgZGlzdGFuY2UKLSAqKlJlZHVjZWQgaW50ZXJmZXJlbmNlKio6IEJTUyBDb2xvcmluZyBoZWxwcyBkaXN0aW5ndWlzaCB5b3VyIG5ldHdvcmsgZnJvbSBuZWlnaGJvcnMKLSAqKkJhdHRlcnkgc2F2aW5ncyoqOiBUYXJnZXQgV2FrZSBUaW1lIChUV1QpIGZvciBJb1QgZGV2aWNlcwotICoqTW9yZSBkZXZpY2VzKio6IEJldHRlciBoYW5kbGluZyBvZiBtYW55IHNpbXVsdGFuZW91cyBjb25uZWN0aW9ucwoKKipDb21wYXRpYmlsaXR5IE5vdGVzOioqCi0gRnVsbHkgYmFja3dhcmQgY29tcGF0aWJsZSB3aXRoIFdpRmkgNSwgV2lGaSA0IGRldmljZXMKLSBPbGRlciBkZXZpY2VzIHdpbGwgY29ubmVjdCBidXQgdXNlIHRoZWlyIG5hdGl2ZSBXaUZpIHN0YW5kYXJkCi0gV1BBMyByZWNvbW1lbmRlZCBidXQgV1BBMi9XUEEzIE1peGVkIG1vZGUgZW5zdXJlcyBvbGRlciBkZXZpY2UgY29tcGF0aWJpbGl0eQotIEFsbCB5b3VyIGV4aXN0aW5nIGRldmljZXMgd2lsbCB3b3JrLCBidXQgV2lGaSA2IGRldmljZXMgZ2V0IHRoZSBmdWxsIGJlbmVmaXQKCiMjIyA0LjEgSW1wb3J0YW50OiBSZWNvbmZpZ3VyZSBUUC1MaW5rIGFzIEFjY2VzcyBQb2ludAoKVGhlIFRQLUxpbmsgbXVzdCBiZSBzZXQgdG8gKipBY2Nlc3MgUG9pbnQgbW9kZSoqIHRvIGF2b2lkIGNvbmZsaWN0cyB3aXRoIE9wZW5XUlQuCgoxLiAqKkNvbm5lY3QgdG8gVFAtTGluazoqKgogICAtIENvbm5lY3QgY29tcHV0ZXIgZGlyZWN0bHkgdG8gVFAtTGluayBMQU4gcG9ydAogICAtIEFjY2VzczogYGh0dHA6Ly8xOTIuMTY4LjAuMWAgb3IgYGh0dHA6Ly90cGxpbmt3aWZpLm5ldGAKICAgLSBEZWZhdWx0IGxvZ2luOiBgYWRtaW4vYWRtaW5gCgoyLiAqKkNoYW5nZSBPcGVyYXRpb24gTW9kZToqKgogICBgYGAKICAgQWR2YW5jZWQg4oaSIFN5c3RlbSBUb29scyDihpIgT3BlcmF0aW9uIE1vZGUKICAgU2VsZWN0OiAiQWNjZXNzIFBvaW50IgogICBDbGljayAiU2F2ZSIKICAgYGBgCiAgIAogICAqKk9SIE1hbnVhbCBDb25maWd1cmF0aW9uOioqCiAgIAozLiAqKkRpc2FibGUgREhDUCBTZXJ2ZXI6KioKICAgYGBgCiAgIEFkdmFuY2VkIOKGkiBOZXR3b3JrIOKGkiBESENQIFNlcnZlcgogICBVbmNoZWNrICJFbmFibGUgREhDUCBTZXJ2ZXIiCiAgIFNhdmUKICAgYGBgCgo0LiAqKlNldCBTdGF0aWMgSVA6KioKICAgYGBgCiAgIEFkdmFuY2VkIOKGkiBOZXR3b3JrIOKGkiBMQU4KICAgSVAgQWRkcmVzczogMTAuMC4wLjI1NAogICBTdWJuZXQgTWFzazogMjU1LjI1NS4yNTUuMAogICBHYXRld2F5OiAxMC4wLjAuMjQ2CiAgIFByaW1hcnkgRE5TOiAxMC4wLjAuMjQ1CiAgIFNlY29uZGFyeSBETlM6IDEwLjAuMC4yNDYKICAgU2F2ZSAmIFJlYm9vdAogICBgYGAKCjUuICoqUmVjb25uZWN0IGFmdGVyIHJlYm9vdDoqKgogICAtIE5ldyBhZGRyZXNzOiBgaHR0cDovLzEwLjAuMC4yNTRgCgojIyMgNC4yIENvbmZpZ3VyZSBXaUZpIG9uIFRQLUxpbmsgQVg3MiBQcm8gKFdpRmkgNikKCioqSW1wb3J0YW50IFdpRmkgNiBGZWF0dXJlczoqKgotIDgwMi4xMWF4IHN1cHBvcnQgKFdpRmkgNikKLSBPRkRNQSBmb3IgYmV0dGVyIGVmZmljaWVuY3kKLSBNVS1NSU1PIChNdWx0aS1Vc2VyIE1JTU8pCi0gVGFyZ2V0IFdha2UgVGltZSAoVFdUKSBmb3IgSW9UIGRldmljZXMKLSAxMDI0LVFBTSBMB3IgaGlnaGVyIHNwZWVkcwotIEJTUyBDb2xvcmluZyB0byByZWR1Y2UgaW50ZXJmZXJlbmNlCgoxLiAqKjIuNEdIeiBXaUZpIDY6KioKICAgYGBgCiAgIFdpcmVsZXNzIOKGkiBXaXJlbGVzcyBTZXR0aW5ncyAoMi40R0h6KQogICBTU0lEOiBZb3VyTmV0d29ya05hbWUKICAgQ2hhbm5lbDogMSwgNiwgb3IgMTEgKGxlYXN0IGNvbmdlc3RlZCkKICAgQ2hhbm5lbCBXaWR0aDogMjBNSHogb3IgNDBNSHogKDIwTUh6IHJlY29tbWVuZGVkIGZvciBjb21wYXRpYmlsaXR5KQogICBNb2RlOiA4MDIuMTFheCgoV2lGaSA2KQogICBNYXggVFggUmF0ZTogNTc0IE1icHMKICAgRW5hYmxlIFdpcmVsZXNzOiDinJMKICAgRW5hYmxlIFNTSUQgQnJvYWRjYXN0OiDinJMKICAgRW5hYmxlIE9GRE1BOiDinJMKICAgRW5hYmxlIE1VLU1JTU86IOKckwogICBFbmFibGUgVGFyZ2V0IFdha2UgVGltZTog4pyTIChnb29kIGZvciBJb1QgZGV2aWNlcykKICAgYGBgCgoyLiAqKjVHSHogV2lGaSA2OioqCiAgIGBgYAogICBXaXJlbGVzcyDihpIgV2lyZWxlc3MgU2V0dGluZ3MgKDVHSHopCiAgIFNTSUQ6IFlvdXJOZXR3b3JrTmFtZS01RyAob3Igc2FtZSBhcyAyLjRHSHogZm9yIHNlYW1sZXNzIHJvYW1pbmcpCiAgIENoYW5uZWw6IDM2LCA0MCwgNDQsIDQ4LCAxNDksIDE1MywgMTU3LCAxNjEgKGNoZWNrIGxvY2FsIHJlZ3VsYXRpb25zKQogICBDaGFubmVsIFdpZHRoOiA4ME1IeiAob3IgMTYwTUh6IGlmIHN1cHBvcnRlZCBhbmQgbm8gaW50ZXJmZXJlbmNlKQogICBNb2RlOiA4MDIuMTFheCggV2lGaSA2KQogICBNYXggVFggUmF0ZTogMjQwMiBNYnBzICh3aXRoIDgwTUh6KSBvciA0ODA0IE1icHMgKHdpdGggMTYwTUh6KQogICBFbmFibGUgV2lyZWxlc3M6IOKckwogICBFbmFibGUgU1NJRCBCcm9hZGNhc3Q6IOKckwogICBFbmFibGUgT0ZETUE6IOKckwogICBFbmFibGUgTVUtTUlNTzog4pyTCiAgIEVuYWJsZSBCU1MgQ29sb3Jpbmc6IOKckwogICBFbmFibGUgVGFyZ2V0IFdha2UgVGltZTog4pyTCiAgIEVuYWJsZSBCZWFtZm9ybWluZzog4pyTCiAgIGBgYAoKKipXaUZpIDYgQ2hhbm5lbCBXaWR0aCBSZWNvbW1lbmRhdGlvbnM6KioKLSAqKjIuNEdIeioqOiBVc2UgMjBNSHogZm9yIGJldHRlciBjb21wYXRpYmlsaXR5IGFuZCBsZXNzIGludGVyZmVyZW5jZQotICoqNUdIeioqOiBVc2UgODBNSHogZm9yIGJlc3QgYmFsYW5jZSBvZiBzcGVlZCBhbmQgY29tcGF0aWJpbGl0eQotICoqNUdIeioqOiBVc2UgMTYwTUh6IG9ubHkgaWYgeW91IGhhdmUgY2xlYXIgY2hhbm5lbHMgYW5kIG5lZWQgbWF4aW11bSBzcGVlZAotIENoZWNrIGZvciBpbnRlcmZlcmVuY2U6IDE2ME1IeiByZXF1aXJlcyA4IGNvbnRpZ3VvdXMgY2hhbm5lbHMKCjMuICoqV2lGaSBTZWN1cml0eSAoYm90aCBiYW5kcyk6KioKICAgYGBgCiAgIFdpcmVsZXNzIOKGkiBXaXJlbGVzcyBTZWN1cml0eQogICBWZXJzaW9uOiBXUEEzLVBlcnNvbmFsIChvciBXUEEyL1dQQTMgTWl4ZWQgZm9yIG9sZGVyIGRldmljZXMpCiAgIEVuY3J5cHRpb246IEFFUwogICBXaXJlbGVzcyBQYXNzd29yZDogW1N0cm9uZyBwYXNzd29yZCAxMisgY2hhcmFjdGVyc10KICAgR3JvdXAgS2V5IFVwZGF0ZSBQZXJpb2Q6IDM2MDAgc2Vjb25kcwogICBFbmFibGUgTWFuYWdlbWVudCBGcmFtZSBQcm90ZWN0aW9uOiDinJMgKFdQQTMgZmVhdHVyZSkKICAgYGBgCgoqKldpRmkgNiBPcHRpbWl6YXRpb24gU2V0dGluZ3M6KioKICAgYGBgCiAgIEFkdmFuY2VkIOKGkiBXaUZpIDYgU2V0dGluZ3MKICAgRW5hYmxlIE9GRE1BOiDinJMgKGltcHJvdmVzIGVmZmljaWVuY3kgd2l0aCBtYW55IGRldmljZXMpCiAgIEVuYWJsZSBNVS1NSU1POiDinJMgKHNpbXVsdGFuZW91cyBkYXRhIHRvIG11bHRpcGxlIGRldmljZXMpCiAgIEVuYWJsZSBCU1MgQ29sb3Jpbmc6IOKckwKocmVkdWNlcyBpbnRlcmZlcmVuY2UgZnJvbSBuZWFyYnkgbmV0d29ya3MpCiAgIEVuYWJsZSBUV1Q6IOKckwKoc2F2ZXMgYmF0dGVyeSBvbiBJb1QvbW9iaWxlIGRldmljZXMpCiAgIFRyYW5zbWl0IFBvd2VyOiBIaWdoIChhZGp1c3QgaWYgbmVlZGVkKQogICBTbWFydCBDb25uZWN0OiBEaXNhYmxlZCAobGV0IGRldmljZXMgY2hvb3NlIGJhbmQgYmFzZWQgb24geW91ciBTU0lEIHNldHVwKQogICBgYGAKCiMjIyA0LjMgUGh5c2ljYWwgQ29ubmVjdGlvbgoKKipDb25uZWN0IFRQLUxpbmsgdG8gT3BlbldSVDoqKgoKYGBgCk9wZW5XUlQgTEFOIFBvcnQg4oaSIFRQLUxpbmsgTEFOIFBvcnQgKE5PVCBXQU4gcG9ydCEpCmBgYAoK4pqg77iPICoqQ1JJVElDQUwqKjogQ29ubmVjdCB0byBhICoqTEFOIHBvcnQqKiBvbiB0aGUgVFAtTGluaywgTk9UIHRoZSBXQU4vSW50ZXJuZXQgcG9ydC4KCiMjIyA0LjQgVGVzdCBUUC1MaW5rIENvbm5lY3Rpb24KCjEuIENvbm5lY3QgZGV2aWNlIHRvIFRQLUxpbmsgV2lGaQoyLiBDaGVjayB5b3UgcmVjZWl2ZToKICAgLSBJUDogMTAuMC4wLnggKGZyb20gT3BlbldSVCBESENQKQogICAtIEdhdGV3YXk6IDEwLjAuMC4yNDYgKE9wZW5XUlQpCiAgIC0gRE5TOiAxMC4wLjAuMjQ1IChBZEd1YXJkKQozLiBUZXN0IGludGVybmV0IGFjY2VzcwogIDQuIEFjY2VzcyBUUC1MaW5rIGFkbWluOiBgaHR0cDovLzEwLjAuMC4yNTRgCgotLS0KCiMjIFBhcnQgNTogQWRHdWFyZCBIb21lIC0gQ29tcGxldGUgU2V0dXAKCiMjIyA1LjEgSW5zdGFsbGF0aW9uIE9wdGlvbnMKCioqT3B0aW9uIEE6IERvY2tlciAoUmVjb21tZW5kZWQpKioKCmBgYGJhc2gKZG9ja2VyIHJ1biAtZCBcCiAgLS1uYW1lIGFkZ3VhcmRob21lIFwKICAtLXJlc3RhcnQgdW5sZXNzLXN0b3BwZWQgXAogIC0taG9zdG5hbWUgYWRndWFyZCBcCiAgLXYgL29wdC9hZGd1YXJkaG9tZS93b3JrOi9vcHQvYWRndWFyZGhvbWUvd29yayBcCiAgLXYgL29wdC9hZGd1YXJkaG9tZS9jb25mOi9vcHQvYWRndWFyZGhvbWUvY29uZiBcCiAgLXAgMTAuMC4wLjI0NTo1Mzo1My90Y3AgXAogIC1wIDEwLjAuMC4yNDU6NTM6NTMvdWRwIFwKICAtcCAxMC4wLjAuMjQ1OjMwMDA6MzAwMC90Y3AgXAogIC1wIDEwLjAuMC4yNDU6NDQzOjQ0My90Y3AgXAogIC1wIDEwLjAuMC4yNDU6ODUzOjg1My90Y3AgXAogIC1lIFRaPUF1c3RyYWxpYS9NZWxib3VybmUgXAogIGFkZ3VhcmQvYWRndWFyZGhvbWUKYGBgCgoqKk9wdGlvbiBCOiBOYXRpdmUgTGludXggSW5zdGFsbCoqCgpgYGBiYXNoCmN1cmwgLXMgLVMgLUwgaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0FkZ3VhcmRUZWFtL0FkR3VhcmRIb21lL21hc3Rlci9zY3JpcHRzL2luc3RhbGwuc2ggfCBzaCAtcyAtLSAtdgpgYGAKCioqT3B0aW9uIEM6IFdpbmRvd3MqKgoKMS4gRG93bmxvYWQgZnJvbTogaHR0cHM6Ly9naXRodWIuY29tL0FkZ3VhcmRUZWFtL0FkR3VhcmRIb21lL3JlbGVhc2VzCjIuIEV4dHJhY3QgdG8gYEM6XEFkR3VhcmRIb21lYAozLiBSdW4gYEFkR3VhcmR \ No newline at end of file +# OpenWRT Gateway & AdGuard Home - Complete Configuration Guide + +## Network Overview + +**New Network Topology:** +``` +Cable Modem → OpenWRT (Main Gateway) → TP-Link Archer AX72 Pro (AP Mode) → Devices + ↓ + AdGuard Home (10.0.0.245) - DNS Filtering +``` + +**IP Configuration:** +- OpenWRT WAN: DHCP from Cable Modem (Public IP) +- OpenWRT LAN: **10.0.0.254** (Main Gateway) +- AdGuard Home: **10.0.0.245** (DNS Server) +- TP-Link Archer AX72 Pro: **10.0.0.246** (AP Mode, no routing/DHCP) +- DHCP Range: **10.0.0.1 - 10.0.0.200** +- Subnet: **10.0.0.0/24** + +**Roles:** +- **OpenWRT**: Main router, gateway, firewall, NAT, DHCP server, access control +- **AdGuard**: DNS filtering, ad blocking, phishing protection, parental controls +- **TP-Link AX72 Pro**: WiFi 6 access point + Ethernet switch only (no routing/DHCP) + +--- + +## Part 1: OpenWRT Initial Setup as Main Gateway + +### 1.1 Physical Connection Setup + +**Connection Order:** +1. **DO NOT connect cable modem yet** +2. Connect computer to OpenWRT LAN port via Ethernet +3. Power on OpenWRT +4. Configure OpenWRT completely first +5. Then connect to cable modem + +### 1.2 First Login and Basic Configuration + +1. **Connect to OpenWRT:** + - Connect via Ethernet to any LAN port + - Default IP: `192.168.1.1` + - Access via browser: `http://192.168.1.1` + - Default login: `root` (no password initially) + +2. **Set Root Password:** + ``` + System → Administration → Router Password + ``` + Set a strong password immediately (e.g., 16+ characters with numbers/symbols). + +3. **Set Timezone:** + ``` + System → System → General Settings + Timezone: Australia/Melbourne + ``` + +### 1.3 Configure WAN Interface (Internet Connection) + +**This connects OpenWRT to your cable modem.** + +1. **Navigate to Network → Interfaces** + +2. **Edit WAN interface:** + - Protocol: `DHCP client` (most cable modems use DHCP) + - Leave everything default initially + - Advanced Settings: + - ✓ Use DNS servers advertised by peer (we'll change this later) + - Firewall Settings: + - Create/Assign to firewall zone: `wan` + - Click "Save" + +3. **If your ISP requires specific settings:** + - Some ISPs bind to your old router's MAC address + - Advanced → Override MAC address (use your old router's MAC) + - VLAN tagging + - PPPoE (username/password) + - Check with your ISP if connection fails + +### 1.4 Configure LAN Interface + +1. **Navigate to Network → Interfaces → LAN → Edit** + +2. **Edit LAN interface:** + - Protocol: `Static address` + - IPv4 address: `10.0.0.254` + - IPv4 netmask: `255.255.255.0` + - IPv4 gateway: (leave empty - this IS the gateway) + - Use custom DNS servers: `10.0.0.245` + - Click "Save" + +3. **Wait 30 seconds**, then reconnect to: `http://10.0.0.254` + +### 1.5 Configure Firewall & NAT + +1. **Network → Firewall → General Settings tab:** + - ✓ Authoritative (OpenWRT is now the only DHCP server) + - DNS forwardings: `10.0.0.245` + - DNS server port: `53` + - Local server: `/lan/` + - Local domain: `lan` (or your preference like `home.local`) + - Use custom DNS servers: `10.0.0.245` + - Click "Save" + +2. **Zone: WAN** + - Input: `reject` + - Output: `accept` + - Forward: `reject` + - ✓ Masquerading (NAT) + - ✓ MSS clamping + - Covered networks: `wan` `wan6` + +3. **Zone: LAN** + - Input: `accept` + - Output: `accept` + - Forward: `accept` + - Masquerading: unchecked + - Covered networks: `lan` + +4. **Forwarding Rules:** + - Add: LAN → WAN (Allow) - should exist by default + - Verify this rule exists + +5. **Advanced Settings:** + - Enable SYN-flood protection: ✓ + - Drop invalid packets: ✓ + +6. **Save & Apply** + +### 1.6 Test Internet Connection + +**Now connect the cable modem:** +1. Connect cable modem to OpenWRT WAN port +2. Wait 60 seconds for modem to assign IP +3. Check connection: + ``` + Network → Interfaces → WAN + ``` + - Should show public IP addresses + - Should show "Connected" status + +4. **Test from OpenWRT:** + - Go to Network → Diagnostics + - Ping test: `8.8.8.8` (should work) + - Ping test: `google.com` (should work) + +5. **If connection fails:** + - Check cable modem is online (lights stable) + - Try rebooting cable modem (unplug 30 seconds) + - Check WAN interface settings + - Some ISPs require MAC cloning (see Section 1.9) + +### 1.7 Update OpenWRT + +**Before continuing, update packages:** + +SSH into OpenWRT: +```bash +ssh root@10.0.0.254 +``` + +Update package lists: +```bash +opkg update +opkg list-upgradable +opkg upgrade [package-name] +``` + +Or update all (be careful, test first): +```bash +opkg update +opkg list-upgradable | cut -d ' ' -f 1 | xargs opkg upgrade +``` + +### 1.8 Install Essential Packages + +```bash +# Firewall and network tools +opkg install luci-app-firewall +opkg install iptables-mod-extra + +# HTTPS for web interface (recommended) +opkg install luci-ssl-openssl + +# Monitoring tools +opkg install luci-app-nlbwmon # Bandwidth monitoring +opkg install luci-app-statistics # System stats + +# Additional useful tools +opkg install tcpdump # Network debugging +opkg install iperf3 # Speed testing +``` + +### 1.9 MAC Address Cloning (If Required) + +Some ISPs bind to your old router's MAC address. + +1. **Find your old router's WAN MAC address** + - Usually on a sticker on TP-Link + - Or from TP-Link admin interface + +2. **Clone MAC in OpenWRT:** + ``` + Network → Interfaces → WAN → Edit + Advanced Settings: + Override MAC address: [ENTER OLD ROUTER'S MAC] + Save & Apply + ``` + +3. **Reboot cable modem and OpenWRT:** + +--- + +## Part 2: DHCP Server Configuration + +### 2.1 Basic DHCP Settings + +1. **Navigate to Network → DHCP and DNS** + +2. **General Setup tab:** + - ✓ Authoritative (CRITICAL - ensures OpenWRT is the only DHCP server) + - DNS forwardings: `10.0.0.245` + - DNS server port: `53` + - Local server: `/lan/` + - Local domain: `lan` (or your preference like `home.local`) + - Use custom DNS servers: `10.0.0.245` + - Click "Save" + +3. **Advanced Settings:** + - Rebind protection: ✓ + - Domain whitelist: (leave empty unless needed) + - Strict order: ✓ (uses DNS servers in order) + +### 2.2 DHCP Pool Configuration + +1. **Navigate to Network → Interfaces → LAN → Edit → DHCP Server** + +2. **General Setup:** + - ✓ Enable DHCP server + - Ignore interface: Unchecked (Enable DHCP) + - Start: `1` + - Limit: `200` + - Lease time: `12h` (or `24h` for stability) + +### 2.3 Advanced DHCP Options - Comprehensive Guide + +**Understanding DHCP Options:** +DHCP options allow you to configure various network parameters automatically for clients. OpenWRT uses dnsmasq for DHCP, which supports extensive option configuration. + +#### 2.3.1 DNS Configuration (Multiple DNS Servers) + +**Dual DNS Setup: Filtered + Unfiltered** + +To provide both filtered DNS (AdGuard) and unfiltered DNS (OpenWRT bypass), we configure DHCP option 6: + +1. **Navigate to Network → DHCP and DNS → Advanced** + +2. **Add DHCP Option for Dual DNS:** + ``` + DHCP Options: + 6,10.0.0.245,10.0.0.254 + ``` + +**Explanation:** +- Option 6 = DNS servers +- `10.0.0.245` = AdGuard (filtered DNS, first priority) +- `10.0.0.254` = OpenWRT (unfiltered DNS, fallback) + +**Client Behavior:** +- Most devices will use the first DNS (AdGuard) by default +- If AdGuard is down, devices fall back to OpenWRT direct DNS +- Users can manually configure devices to use only 10.0.0.254 for unfiltered access + +#### 2.3.2 Boot Options (TFTP, PXE Network Boot) + +**For network booting computers (useful for IT labs, diskless workstations):** + +``` +DHCP Options: +66,10.0.0.100 +67,pxeboot/bootfile.efi +``` + +**Explanation:** +- Option 66 = TFTP server IP address +- Option 67 = Boot filename path +- Replace `10.0.0.100` with your TFTP server IP +- Replace `bootfile.efi` with your boot file + +**Complete PXE Boot Setup:** +``` +# TFTP Server +66,10.0.0.100 + +# Boot filename +67,pxelinux.0 + +# Alternative: UEFI boot +67,bootx64.efi +``` + +#### 2.3.3 Common DHCP Options Reference + +**Network Time Protocol (NTP) Servers:** +``` +42,10.0.0.254 +``` +- Option 42 = NTP server +- Provides time synchronization to all network devices + +**Windows WINS Server:** +``` +44,10.0.0.254 +46,8 +``` +- Option 44 = WINS (NetBIOS) server +- Option 46 = NetBIOS node type (8 = h-node) + +**Domain Name:** +``` +15,home.local +``` +- Option 15 = Domain name +- Used for hostname resolution + +**Static Routes:** +``` +121,24,10,0,1,10,0,0,254 +``` +- Option 121 = Classless static routes +- Format: prefix_length,network_bytes,gateway_bytes +- Example routes traffic for 10.0.1.0/24 via 10.0.0.254 + +**MTU Configuration:** +``` +26,1500 +``` +- Option 26 = Interface MTU +- Adjust if you have jumbo frames or specific network requirements + +**Vendor-Specific Options:** +``` +43,hex:01:04:192:168:1:100 +``` +- Option 43 = Vendor-specific information +- Used for IP phones, wireless controllers, etc. + +#### 2.3.4 Complete DHCP Options Configuration Example + +**In OpenWRT, add to Network → DHCP and DNS → Advanced:** + +``` +DHCP Options: +6,10.0.0.245,10.0.0.254 +15,home.local +42,10.0.0.254 +``` + +**This provides:** +- Primary DNS: 10.0.0.245 (AdGuard filtered) +- Secondary DNS: 10.0.0.254 (OpenWRT unfiltered) +- Domain: home.local +- NTP Server: 10.0.0.254 + +#### 2.3.5 Testing DHCP Options + +**On Windows:** +```cmd +ipconfig /all +``` +Look for: +- DNS Servers: Should show both 10.0.0.245 and 10.0.0.254 +- DHCP Server: Should show 10.0.0.254 +- Connection-specific DNS Suffix: home.local + +**On Linux:** +```bash +nmcli device show +``` + +**On macOS:** +```bash +scutil --dns +``` + +### 2.4 Static Leases Configuration + +**Critical Static Leases:** + +``` +Hostname: adguard +MAC Address: [AdGuard server MAC] +IPv4 address: 10.0.0.245 +Lease time: infinite +``` + +``` +Hostname: tplink-ap +MAC Address: [TP-Link WAN/LAN MAC] +IPv4 address: 10.0.0.246 +Lease time: infinite +``` + +``` +Hostname: homeassistant (if applicable) +MAC Address: [HA MAC] +IPv4 address: 10.0.0.55 +Lease time: infinite +``` + +**Other servers/devices:** +``` +NAS: 10.0.0.60 +Printer: 10.0.0.70 +Desktop: 10.0.0.101 +Laptop: 10.0.0.102 +``` + +### 2.5 Per-Device DNS Configuration (For Parental Controls) + +**Method: Via Config File** + +SSH into OpenWRT and edit `/etc/config/dhcp`: + +```bash +vi /etc/config/dhcp +``` + +Add host configuration: +``` +# Standard adult device - uses AdGuard with full filtering +config host + option name 'laptop' + option mac '11:22:33:44:55:66' + option ip '10.0.0.100' + option dns '10.0.0.245' + option tag 'kids' + +# Kids tablet - uses AdGuard with parental controls +config host + option name 'kids-tablet' + option mac 'AA:BB:CC:DD:EE:FF' + option ip '10.0.0.100' + option dns '10.0.0.245' + option tag 'kids' + +# Work/unfiltered device - bypasses AdGuard +config host + option name 'work-laptop' + option mac '77:88:99:AA:BB:CC' + option ip '10.0.0.150' + option dns '1.1.1.1 8.8.8.8' +``` + +Restart dnsmasq: +```bash +/etc/init.d/dnsmasq restart +``` + +**Note:** We'll configure AdGuard to handle different filtering levels for kids vs adults in Part 5. + +--- + +## Part 3: Access Control & Device Blocking + +### 3.1 Create Device Blocking System + +This allows you to block internet access for specific devices. + +**Install the script:** + +```bash +# SSH into OpenWRT +ssh root@10.0.0.254 + +# Create the script (use the existing device-control.sh in your repository) + +# Make executable +chmod +x /root/device-control.sh + +# Initialize the system +/root/device-control.sh init +``` + +### 3.2 Make Blocking Persistent + +Add to `/etc/firewall.user` to survive reboots: + +```bash +vi /etc/firewall.user +``` + +Add these lines: +```bash +ipset create blocked_devices hash:ip timeout 0 comment -exist +iptables -I FORWARD -m set --match-set blocked_devices src -j REJECT +``` + +Restart firewall: +```bash +/etc/init.d/firewall restart +``` + +### 3.3 Usage Examples + +```bash +# Block kids tablet at bedtime +/root/device-control.sh block 10.0.0.100 "Kids Tablet" + +# Unblock in the morning +/root/device-control.sh unblock 10.0.0.100 + +# Check if device is blocked +/root/device-control.sh status 10.0.0.100 + +# List all currently blocked devices +/root/device-control.sh list + +# View action log +/root/device-control.sh log + +# Clear all blocks (with confirmation) +/root/device-control.sh clear +``` + +### 3.4 Scheduled Access Control (Automatic Blocking) + +For automatic blocking/unblocking via cron: + +```bash +crontab -e +``` + +Add entries: +```bash +# Block kids devices at 9 PM every day +0 21 * * * /root/device-control.sh block 10.0.0.100 "Kids Tablet" +0 21 * * * /root/device-control.sh block 10.0.0.110 "Gaming Console" + +# Unblock kids devices at 7 AM every day +0 7 * * * /root/device-control.sh unblock 10.0.0.100 +0 7 * * * /root/device-control.sh unblock 10.0.0.110 + +# Block gaming console during school hours (Mon-Fri 8 AM - 3 PM) +0 8 * * 1-5 /root/device-control.sh block 10.0.0.110 "Gaming Console" +0 15 * * 1-5 /root/device-control.sh unblock 10.0.0.110 + +# Weekend gaming limits (noon-8pm only on Sat/Sun) +0 20 * * 6,0 /root/device-control.sh block 10.0.0.110 "Gaming Console" +0 12 * * 6,0 /root/device-control.sh unblock 10.0.0.110 +``` + +--- + +## Part 4: TP-Link Archer AX72 Pro Configuration (AP Mode) + +### 4.1 Important: Reconfigure TP-Link as Access Point + +The TP-Link Archer AX72 Pro is a WiFi 6 router with significant advantages over older WiFi 5 (802.11ac) devices: + +**Benefits:** +- Faster speeds: Up to 2402 Mbps on 5GHz, 574 Mbps on 2.4GHz +- Better efficiency: OFDMA allows multiple devices to share channels efficiently +- Reduced interference: BSS Coloring helps distinguish your network from neighbors +- Battery savings: Target Wake Time (TWT) for IoT devices +- More devices: Handles simultaneous connections more efficiently +- Beamforming: Improves range and speed + +**Compatibility Notes:** +- Fully backward compatible with WiFi 5, WiFi 4 devices +- Older devices will use their native standard +- WPA2/WPA3 Mixed mode ensures older devices can connect +- All your existing devices will work, but WiFi 6 devices get the benefits + +### 4.2 Connect to TP-Link + +1. **Connect computer directly to TP-Link LAN port** +2. Access: `http://192.168.0.1` or `http://tplinwifi.net` +3. Default login: `admin/admin` (or on sticker) + +### 4.3 Change Operation Mode + +1. **Advanced → System Tools → Operation Mode** +2. Select: "Access Point Mode" +3. Click "Save" + +### 4.4 Set Static IP + +``` +Advanced → Network → LAN +IP address: 10.0.0.246 +Subnet Mask: 255.255.255.0 +Gateway: 10.0.0.254 +Primary DNS: 10.0.0.245 +Secondary DNS: 10.0.0.254 +Save +``` + +### 4.5 Reconnect after reboot + +- New address: `http://10.0.0.246` + +### 4.6 WiFi 6 Settings (2.4GHz WiFi) + +``` +Wireless → Wireless Settings (2.4GHz) +SSID: YourNetworkName +Channel: 1, 6, or 11 (check local regulations) +Channel Width: 20MHz or 40MHz (20MHz recommended for compatibility) +Mode: 802.11ax(WiFi 6) +Max Tx Rate: 574 Mbps +Enable Wireless: ✓ +Enable SSID Broadcast: ✓ +Enable OFDMA: ✓ +Enable MU-MIMO: ✓ +Enable BSS Coloring: ✓ +Enable Target Wake Time: ✓ (good for IoT devices) +Enable Beamforming: ✓ +``` + +### 4.7 WiFi 6 Settings (5GHz WiFi) + +``` +Wireless → Wireless Settings (5GHz) +SSID: YourNetworkName-5G (or same as 2.4GHz for seamless roaming) +Channel: 36, 40, 44, 48, 149, 153, 157, 161 (check local regulations) +Channel Width: 80MHz (or 160MHz if supported and no interference) +Mode: 802.11ax (WiFi 6) +Max Tx Rate: 2402 Mbps (with 80MHz) or 4804 Mbps (with 160MHz) +Enable Wireless: ✓ +Enable SSID Broadcast: ✓ +Enable OFDMA: ✓ +Enable MU-MIMO: ✓ +Enable BSS Coloring: ✓ +Enable Target Wake Time: ✓ +Enable Smart Connect: ✗ (disable unless needed) +``` + +**WiFi 6 Channel Width Recommendations:** +- **2.4GHz**: 20MHz for better efficiency and less interference +- **5GHz**: 80MHz for balance of speed and compatibility +- **5GHz**: 160MHz only if you have clear channels and WiFi 6 devices + +### 4.8 WiFi Security (both bands): + +``` +Wireless → Wireless Security +Version: WPA3-Personal or WPA2/WPA3-Mixed (recommended) +Encryption: AES +Wireless Password: [Strong password 12+ characters] +Group Key Update Period: 3600 seconds +``` + +**WPA3 benefits but WPA2/WPA3 Mixed ensures older devices work.** + +### 4.9 Optimization Settings + +``` +Advanced → Wireless → Advanced +Transmit Power: High (adjust if needed) +Smart Connect: Disabled (let devices choose band based on their SSID setup) +Fast Roaming: ✓ (if multiple APs) +``` + +### 4.10 Verify After Reconfiguration + +- Access: `http://10.0.0.246` + +--- + +## Part 5: AdGuard Home Setup + +### 5.1 Install AdGuard + +Choose your installation method: +- **Option A**: Docker installation on __________ +- **Option B**: Native Linux installation on __________ +- **Option C**: Windows installation on __________ + +### 5.2 Initial Configuration +- Access: http://10.0.0.245:3000 +- Complete setup wizard +- Admin interface port: `3000` +- DNS server port: `53` +- Set admin username: _________________ +- Set admin password: _________________ +- Save credentials in password manager + +### 5.3 Configure Upstream DNS +- Settings → DNS settings +- Add upstream servers: + - `https://dns.cloudflare.com/dns-query` + - `https://dns.google/dns-query` + - `1.1.1.1` + - `8.8.8.8` +- Enable parallel queries +- Save + +### 5.4 Add Blocklists +- Filters → DNS blocklists +- Add OISD Big List: `https://big.oisd.nl/` +- Add AdGuard DNS: `https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt` +- Add Steven Black: `https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts` +- Save and Apply + +### 5.5 Local DNS Entries +- Filters → DNS rewrites +- Add: `openwrt.local` → `10.0.0.254` +- Add: `adguard.local` → `10.0.0.245` +- Add: `homeassistant.local` → `10.0.0.55` +- Add: `tplink.local` → `10.0.0.246` + +--- + +## Testing & Verification + +### Test DHCP +- Connect test device to network +- Verify IP received in range 10.0.0.1-200 +- Verify DNS servers shows 10.0.0.245 and 10.0.0.254 +- Verify gateway is 10.0.0.254 + +### Test DNS Resolution +From test device: +```bash +nslookup google.com 10.0.0.245 +``` +- DNS query successful +- Response received + +### Test AdGuard Filtering +- Access http://10.0.0.245:3000 +- Dashboard → Query Log +- Browse to a website from test device +- Verify queries appear in log +- Try accessing known ad domain +- Verify ads are blocked + +### Test Dual DNS Configuration +```bash +# Test filtered DNS (AdGuard) +nslookup doubleclick.net 10.0.0.245 +# Should be blocked + +# Test unfiltered DNS (OpenWRT) +nslookup doubleclick.net 10.0.0.254 +# Should resolve normally +``` + +### Test Access Control +- Get test device IP: _________________ +- Run: `/root/device-control.sh block [IP] "Test Device"` +- Verify internet access is blocked +- Run: `/root/device-control.sh unblock [IP]` +- Verify internet access restored + +### Verify Static Leases +- Check each static device is getting correct IP +- HomeAssistant: 10.0.0.55 ✓ +- AdGuard: 10.0.0.245 ✓ +- TP-Link AP: 10.0.0.246 ✓ + +--- + +## Backup & Documentation + +### Create Backups +- OpenWRT: System → Backup/Flash → Generate Archive +- Save backup file: openwrt-backup-[DATE].tar.gz +- AdGuard: Settings → General → Export Settings +- Save backup file: adguard-backup-[DATE].yaml + +### Document Your Setup +Create a file with: +- OpenWRT admin password +- AdGuard admin credentials +- List of static IP assignments +- List of blocked devices (if any) +- Any custom firewall rules +- Backup file locations + +--- + +## Troubleshooting + +### Can't access OpenWRT web interface +```bash +/etc/init.d/uhttpd restart +netstat -tulpn | grep :80 +``` + +### DHCP not giving out addresses +```bash +/etc/init.d/dnsmasq restart +logread | grep -i dhcp +``` + +### DNS not resolving +```bash +nslookup google.com 10.0.0.245 +ping 10.0.0.245 +``` + +### Device blocking not working +```bash +ipset list blocked_devices +iptables -L FORWARD -v -n +/etc/init.d/firewall restart +``` + +--- + +## Maintenance Schedule + +### Weekly +- Check AdGuard query logs for anomalies +- Review blocked devices list +- Check OpenWRT system log for errors + +### Monthly +- Update AdGuard blocklists +- Review and update static leases +- Check for OpenWRT updates: System → Software +- Create fresh backups + +### Quarterly +- Review all firewall rules +- Audit device access permissions +- Update OpenWRT firmware if available +- Test backup restoration procedure + +--- + +## Emergency Contacts & Resources + +### Reset Instructions +**OpenWRT Hard Reset:** +- Press and hold reset button for 10 seconds +- Default IP will be 192.168.1.1 + +**AdGuard Reset:** +- Stop AdGuard service +- Delete config files +- Restart and run setup wizard + +### Support Resources +- OpenWRT Forum: https://forum.openwrt.org/ +- AdGuard Forum: https://forum.adguard.com/ +- This documentation folder: _________________ + +--- + +## Completion + +Setup completed by: _________________ +Date: _________________ +Time taken: ________ minutes + +All phases completed successfully: ☐ YES ☐ NO + +Notes/Issues encountered: +_____________________________________________ +_____________________________________________ +_____________________________________________ + +Next review date: _________________