初始化脚本里最稳的做法是:安装 LuCI 中文语言包(luci-i18n-base-zh-cn),可选再装 firewall/opkg 的中文包,然后把 LuCI 默认语言强制设为 zh_cn
opkg update
opkg install luci-i18n-base-zh-cn
# 可选:把常用页面也中文化(装不上就会跳过,不影响)
opkg install luci-i18n-firewall-zh-cn luci-i18n-opkg-zh-cn || true
# 强制 LuCI 用中文(否则有时跟随浏览器语言)
uci set luci.main.lang='zh_cn' || true
uci commit luci || true
/etc/init.d/uhttpd restart
✅ 初始提速优化(DNS、flow offload、rebind 白名单)
✅ Wi-Fi 配置:5G SSID=OpenWrt5G,2.4G 保持原 SSID(OpenWrt),两者密码=你的密码,WPA2(AES)
✅ 生成 fast/clash/status 三个脚本(方便以后一键切换)
✅ 可选:关闭 LAN IPv6 RA/DHCPv6(减少日志/干扰)
cat >/root/init_optimize.sh <<'EOF'
#!/bin/sh
set -eu
PASS='kaixinit'
SSID_5G='OpenWrt5G'
echo "==[1/6] WAN DNS 优化(手动指定公共 DNS)=="
uci set network.wan.peerdns='0' || true
uci -q delete network.wan.dns || true
uci add_list network.wan.dns='223.5.5.5'
uci add_list network.wan.dns='119.29.29.29'
uci add_list network.wan.dns='1.1.1.1'
uci commit network
/etc/init.d/network restart >/dev/null 2>&1 || true
echo "==[2/6] 防火墙加速(fw4 flow offload:软+硬)=="
uci set firewall.@defaults[0].flow_offloading='1'
uci set firewall.@defaults[0].flow_offloading_hw='1'
uci commit firewall
/etc/init.d/firewall restart >/dev/null 2>&1 || /etc/init.d/firewall restart
echo "==[3/6] DNS Rebind 白名单(解决 Windows NCSI 告警)=="
uci -q del_list dhcp.@dnsmasq[0].rebind_domain='msftncsi.com' || true
uci -q del_list dhcp.@dnsmasq[0].rebind_domain='msftconnecttest.com' || true
uci -q del_list dhcp.@dnsmasq[0].rebind_domain='dns.msftncsi.com' || true
uci add_list dhcp.@dnsmasq[0].rebind_domain='msftncsi.com'
uci add_list dhcp.@dnsmasq[0].rebind_domain='msftconnecttest.com'
uci add_list dhcp.@dnsmasq[0].rebind_domain='dns.msftncsi.com'
uci commit dhcp
/etc/init.d/dnsmasq restart >/dev/null 2>&1 || true
echo "==[4/6] Wi-Fi:WPA2(AES) + 统一密码;5G SSID 改为 ${SSID_5G} =="
# 启用 2.4G / 5G
uci set wireless.radio0.disabled='0'
uci set wireless.radio1.disabled='0'
# 2.4G 稳定(HT20 + channel 1)
uci set wireless.radio0.channel='1'
uci set wireless.radio0.htmode='HT20'
# 5G 稳+快(HE80 + channel 36)
uci set wireless.radio1.channel='36'
uci set wireless.radio1.htmode='HE80'
# SSID:只改 5G
uci set wireless.default_radio1.ssid="${SSID_5G}"
# WPA2-AES
uci set wireless.default_radio0.encryption='psk2'
uci set wireless.default_radio1.encryption='psk2'
uci set wireless.default_radio0.key="${PASS}"
uci set wireless.default_radio1.key="${PASS}"
uci commit wireless
wifi reload >/dev/null 2>&1 || wifi reload
echo "==[5/6] 生成一键模式脚本:fast / clash / st =="
cat >/root/fast_mode.sh <<'E1'
#!/bin/sh
set -eu
uci set firewall.@defaults[0].flow_offloading='1'
uci set firewall.@defaults[0].flow_offloading_hw='1'
uci commit firewall
/etc/init.d/firewall restart >/dev/null 2>&1 || /etc/init.d/firewall restart
echo "[FAST] offload:"
uci show firewall.@defaults[0] | grep -E 'flow_offloading|flow_offloading_hw' || true
E1
chmod +x /root/fast_mode.sh
cat >/root/clash_mode.sh <<'E2'
#!/bin/sh
set -eu
uci set firewall.@defaults[0].flow_offloading='1'
uci set firewall.@defaults[0].flow_offloading_hw='0'
uci commit firewall
/etc/init.d/firewall restart >/dev/null 2>&1 || /etc/init.d/firewall restart
if [ -x /etc/init.d/openclash ]; then
/etc/init.d/openclash restart >/dev/null 2>&1 || true
fi
echo "[CLASH] offload:"
uci show firewall.@defaults[0] | grep -E 'flow_offloading|flow_offloading_hw' || true
E2
chmod +x /root/clash_mode.sh
cat >/root/status_check.sh <<'E3'
#!/bin/sh
set -eu
echo "=== WAN (IPv4) ==="
ubus call network.interface.wan status 2>/dev/null | sed -n '1,120p' || true
echo
echo "=== DNS (resolv.conf.auto) ==="
cat /tmp/resolv.conf.d/resolv.conf.auto 2>/dev/null || true
echo
echo "=== Offload ==="
uci show firewall.@defaults[0] 2>/dev/null | grep -E 'flow_offloading|flow_offloading_hw' || true
echo
echo "=== fw4 flowtable ==="
fw4 print 2>/dev/null | grep -i flowtable | head -n 10 || true
echo
echo "=== Wi-Fi (iwinfo brief) ==="
iwinfo 2>/dev/null | grep -E 'ESSID|Channel|HT Mode|Encryption' || true
echo
echo "=== 5G Station (wl1-ap0) ==="
iw dev wl1-ap0 station dump 2>/dev/null | sed -n '1,40p' || true
E3
chmod +x /root/status_check.sh
ln -sf /root/fast_mode.sh /usr/bin/fast
ln -sf /root/clash_mode.sh /usr/bin/clash
ln -sf /root/status_check.sh /usr/bin/st
echo "==[6/6] 可选:关闭 LAN IPv6 RA/DHCPv6(减少提示/干扰)=="
uci set dhcp.lan.ra='disabled' || true
uci set dhcp.lan.dhcpv6='disabled' || true
uci commit dhcp
/etc/init.d/odhcpd restart >/dev/null 2>&1 || true
echo
echo "✅ 全部完成。"
echo "Wi-Fi:2.4G SSID 保持原值;5G SSID=${SSID_5G};WPA2 密码=${PASS}"
echo "命令:fast(最快模式) / clash(OpenClash稳模式) / st(查看状态)"
EOF
chmod +x /root/init_optimize.sh
/root/init_optimize.sh
一键验证
iwinfo | grep -A3 -E 'wl0-ap0|wl1-ap0' | grep -E 'ESSID|Encryption|Channel|HT Mode'
你期望看到类似:
- 2.4G:ESSID 还是 OpenWrt(你说不改名)、Encryption: WPA2(或显示 “WPA2 PSK”)
- 5G:ESSID OpenWrt5G、HE80、Channel 36、WPA2
在运行
日常最快(不开 OpenClash):
fast
开 OpenClash 更稳(建议用这个):
clash
看当前状态:
st如果你暂时不用 IPv6,去掉 wan6 fe80::1%wan(减少偶发 DNS 走 IPv6 的可能)
uci set network.wan6.disabled='1'
uci commit network
/etc/init.d/network restart
把下面整段复制到 SSH(OpenWrt)里执行:
cat >/root/lan_uplink_wizard_v2.sh <<'SH'
#!/bin/sh
set -eu
OKFLAG="/tmp/lanwizard_ok"
ROLLBACK_SECS=120
need_cmd() { command -v "$1" >/dev/null 2>&1; }
pause() { printf "\n按回车继续..."; read _ || true; }
title() {
echo "=================================================="
echo "$1"
echo "=================================================="
}
get_lan_dev() {
DEV="$(uci -q get network.lan.device || true)"
[ -z "$DEV" ] && DEV="br-lan"
echo "$DEV"
}
show_current() {
DEV="$(get_lan_dev)"
echo "LAN 设备: $DEV"
echo "当前 LAN 协议: $(uci -q get network.lan.proto || echo unknown)"
ip -4 -o addr show dev "$DEV" 2>/dev/null | awk '{print "当前LAN地址: "$4}' || true
echo "当前默认路由:"
ip route | grep -E '^default' || echo " (无默认路由)"
}
# -------- 输入校验 --------
is_ipv4() {
echo "$1" | awk -F. '
NF!=4 {exit 1}
{for(i=1;i<=4;i++){if($i!~/^[0-9]+$/||$i<0||$i>255) exit 1}}
END{exit 0}'
}
read_nonempty() {
# $1 prompt
while true; do
printf "%s" "$1"
read v || true
[ -n "${v:-}" ] && { echo "$v"; return 0; }
echo "❌ 不能为空,请重新输入。"
done
}
read_ipv4_required() {
# $1 prompt
while true; do
v="$(read_nonempty "$1")"
if is_ipv4 "$v"; then echo "$v"; return 0; fi
echo "❌ 不是合法 IPv4(示例 10.0.0.1),请重输。"
done
}
read_ipv4_optional_default() {
# $1 prompt, $2 default
while true; do
printf "%s" "$1"
read v || true
[ -z "${v:-}" ] && { echo "$2"; return 0; }
if is_ipv4 "$v"; then echo "$v"; return 0; fi
echo "❌ 不是合法 IPv4(示例 10.0.0.2),请重输或直接回车用默认。"
done
}
read_mask_default() {
# $1 prompt, $2 default
while true; do
printf "%s" "$1"
read v || true
[ -z "${v:-}" ] && { echo "$2"; return 0; }
# 简单校验:像 255.255.255.0 这样的 IPv4 形式
if is_ipv4 "$v"; then echo "$v"; return 0; fi
echo "❌ 掩码格式应类似 255.255.255.0,请重输或直接回车用默认。"
done
}
# -------- 回滚保护(网络改崩了自动救回来)--------
backup_configs() {
mkdir -p /tmp/lanwizard_backup
cp -f /etc/config/network /tmp/lanwizard_backup/network
cp -f /etc/config/dhcp /tmp/lanwizard_backup/dhcp
rm -f "$OKFLAG"
}
schedule_rollback() {
# 后台回滚:ROLLBACK_SECS 秒后如果没有 OKFLAG 就恢复
( sleep "$ROLLBACK_SECS"
if [ ! -f "$OKFLAG" ]; then
echo "[lanwizard] 未确认,开始自动回滚..." >/dev/kmsg 2>/dev/null || true
cp -f /tmp/lanwizard_backup/network /etc/config/network || true
cp -f /tmp/lanwizard_backup/dhcp /etc/config/dhcp || true
/etc/init.d/network restart || true
/etc/init.d/dnsmasq restart || true
fi
) >/dev/null 2>&1 &
}
confirm_cancel_rollback_hint() {
echo ""
echo "🛡️ 已启动回滚保护:$ROLLBACK_SECS 秒内如果你没确认,系统会自动恢复原配置。"
echo "✅ 确认新配置可用后,在路由器上执行:"
echo " touch $OKFLAG"
echo "(执行后就不会回滚)"
}
# -------- 网络信息提取 --------
get_lan_cidr() {
DEV="$(get_lan_dev)"
ip -4 -o addr show dev "$DEV" 2>/dev/null | awk '{print $4}' | head -n1 || true
}
get_ifstatus_gateway() {
ifstatus lan 2>/dev/null | grep -m1 '"nexthop"' | sed -E 's/.*"nexthop"[[:space:]]*:[[:space:]]*"([^"]+)".*/\1/' || true
}
get_ifstatus_dns() {
ifstatus lan 2>/dev/null | grep -A2 -m1 '"dns-server"' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | head -n1 || true
}
ensure_arping() {
if need_cmd arping; then return 0; fi
opkg update >/dev/null 2>&1 || true
opkg install iputils-arping >/dev/null 2>&1 || true
}
scan_free_ips_24() {
DEV="$1"
CIDR="$2"
MAX="${3:-10}"
IP="${CIDR%/*}"
PREFIX="${CIDR#*/}"
if [ "$PREFIX" != "24" ]; then
echo "(当前前缀不是/24:$CIDR,跳过扫描)"
return 0
fi
ensure_arping
if ! need_cmd arping; then
echo "(无 arping,跳过扫描)"
return 0
fi
BASE="$(echo "$IP" | awk -F. '{print $1"."$2"."$3}')"
echo "扫描 $BASE.2 ~ $BASE.254(无 ARP 回复视为可能空闲)..."
FOUND=0
for i in $(seq 2 254); do
CAND="$BASE.$i"
[ "$CAND" = "$IP" ] && continue
if arping -c 1 -w 1 -I "$DEV" "$CAND" >/dev/null 2>&1; then
:
else
echo " ✅ 可能可用: $CAND"
FOUND=$((FOUND+1))
[ "$FOUND" -ge "$MAX" ] && break
fi
done
}
# -------- 三种模式 --------
mode1_ap_dhcp() {
title "模式1:LAN 上联 DHCP(AP/旁路)"
echo "LAN 从上级路由获取 IP;关闭本机 DHCP 以免冲突。"
backup_configs
schedule_rollback
uci set network.lan.proto='dhcp'
uci commit network
uci set dhcp.lan.ignore='1'
uci set dhcp.lan.ra='disabled' 2>/dev/null || true
uci set dhcp.lan.dhcpv6='disabled' 2>/dev/null || true
uci commit dhcp
/etc/init.d/odhcpd disable 2>/dev/null || true
/etc/init.d/odhcpd stop 2>/dev/null || true
/etc/init.d/network restart
/etc/init.d/dnsmasq restart || true
confirm_cancel_rollback_hint
echo "提示:你可以用上级路由 DHCP 客户端列表查 OpenWrt 新 IP,或执行:ifstatus lan"
}
mode2_uplink_static() {
title "模式2:LAN 静态(仍在上级网段)"
echo "先确保 LAN 已接上级路由,且当前已能拿到 DHCP 地址(用于识别网段/网关)。"
DEV="$(get_lan_dev)"
CIDR="$(get_lan_cidr || true)"
if [ -z "$CIDR" ]; then
echo "❌ 当前 $DEV 没有 IPv4 地址。请先跑【模式1】让 LAN DHCP 拿到地址,再回来设置静态。"
return 1
fi
echo "当前检测到: $CIDR"
GW_DET="$(get_ifstatus_gateway || true)"
DNS_DET="$(get_ifstatus_dns || true)"
[ -n "$GW_DET" ] && echo "检测到上级网关: $GW_DET" || echo "未检测到上级网关:稍后必须手动输入"
[ -n "$DNS_DET" ] && echo "检测到 DNS: $DNS_DET" || echo "未检测到 DNS:默认用网关"
echo ""
scan_free_ips_24 "$DEV" "$CIDR" 12
echo ""
# 新IP:允许你直接回车用当前 DHCP 的 IP(更安全)
CURIP="${CIDR%/*}"
NEWIP="$(read_ipv4_optional_default "请输入要设置的静态管理IP(回车=用当前 $CURIP): " "$CURIP")"
MASK="$(read_mask_default "请输入子网掩码(回车=255.255.255.0): " "255.255.255.0")"
if [ -n "$GW_DET" ]; then
GW="$(read_ipv4_optional_default "上级网关(回车=用检测值 $GW_DET): " "$GW_DET")"
else
GW="$(read_ipv4_required "请输入上级网关IP(必填,例如 10.0.0.1): ")"
fi
# DNS:允许空,默认=GW
if [ -n "$DNS_DET" ]; then
DNS="$(read_ipv4_optional_default "DNS(回车=用检测值 $DNS_DET;留空不行): " "$DNS_DET")"
else
DNS="$(read_ipv4_optional_default "DNS(回车=用网关 $GW): " "$GW")"
fi
echo ""
echo "将应用以下配置:"
echo " 静态IP: $NEWIP"
echo " 掩码: $MASK"
echo " 网关: $GW"
echo " DNS: $DNS"
echo " DHCP: 关闭(避免与上级冲突)"
echo ""
printf "确认应用?(y/N): "
read yes || true
[ "${yes:-}" = "y" ] || [ "${yes:-}" = "Y" ] || { echo "已取消。"; return 0; }
backup_configs
schedule_rollback
# 关闭 DHCP server
uci set dhcp.lan.ignore='1'
uci set dhcp.lan.ra='disabled' 2>/dev/null || true
uci set dhcp.lan.dhcpv6='disabled' 2>/dev/null || true
uci commit dhcp
uci set network.lan.proto='static'
uci set network.lan.ipaddr="$NEWIP"
uci set network.lan.netmask="$MASK"
uci set network.lan.gateway="$GW"
uci del network.lan.dns 2>/dev/null || true
uci add_list network.lan.dns="$DNS"
uci commit network
/etc/init.d/network restart
/etc/init.d/dnsmasq restart || true
confirm_cancel_rollback_hint
echo "✅ 已应用。新的管理地址: http://$NEWIP/"
}
mode3_private_lan_router() {
title "模式3:单独网段(主路由/NAT)"
echo "LAN 使用独立网段并开启 DHCP 给下游分配地址。"
LANIP="$(read_ipv4_optional_default "LAN 网关地址(回车=192.168.8.1): " "192.168.8.1")"
MASK="$(read_mask_default "子网掩码(回车=255.255.255.0): " "255.255.255.0")"
echo "DHCP 起始地址最后一段(回车=100,例如 *.100):"
read START || true
[ -z "${START:-}" ] && START="100"
echo "DHCP 数量(回车=100):"
read LIMIT || true
[ -z "${LIMIT:-}" ] && LIMIT="100"
echo ""
echo "将应用以下配置:"
echo " LAN网关: $LANIP"
echo " 掩码: $MASK"
echo " DHCP: 开启(start=$START limit=$LIMIT)"
echo ""
printf "确认应用?(y/N): "
read yes || true
[ "${yes:-}" = "y" ] || [ "${yes:-}" = "Y" ] || { echo "已取消。"; return 0; }
backup_configs
schedule_rollback
uci set network.lan.proto='static'
uci set network.lan.ipaddr="$LANIP"
uci set network.lan.netmask="$MASK"
uci commit network
uci set dhcp.lan.ignore='0'
uci set dhcp.lan.start="$START"
uci set dhcp.lan.limit="$LIMIT"
uci set dhcp.lan.leasetime='12h'
uci set dhcp.lan.ra='disabled' 2>/dev/null || true
uci set dhcp.lan.dhcpv6='disabled' 2>/dev/null || true
uci commit dhcp
/etc/init.d/odhcpd disable 2>/dev/null || true
/etc/init.d/odhcpd stop 2>/dev/null || true
/etc/init.d/network restart
/etc/init.d/dnsmasq restart || true
confirm_cancel_rollback_hint
echo "✅ 已应用。新的管理地址: http://$LANIP/"
}
main_menu() {
while true; do
title "LAN 模式一键配置向导(v2,带校验与回滚保护)"
show_current
echo ""
echo "请选择:"
echo " 1) LAN 上联 DHCP(AP/旁路,关闭本机 DHCP)"
echo " 2) LAN 静态(仍在上级网段,扫描空闲IP,关闭本机 DHCP)"
echo " 3) 单独网段(主路由模式,LAN 静态 + 开启 DHCP)"
echo " 8) 我已确认新配置可用(取消回滚)"
echo " 9) 退出"
echo ""
printf "输入编号: "
read CHOICE || true
case "${CHOICE:-}" in
1) mode1_ap_dhcp; pause ;;
2) mode2_uplink_static; pause ;;
3) mode3_private_lan_router; pause ;;
8) touch "$OKFLAG"; echo "✅ 已确认,回滚保护已取消。"; pause ;;
9) exit 0 ;;
*) echo "输入无效"; pause ;;
esac
done
}
main_menu
SH
chmod +x /root/lan_uplink_wizard_v2.sh
/root/lan_uplink_wizard_v2.sh
用法说明(你要的“选择 + 扫描可用IP + 让你输入”都包含了)
- 选 1:自动把 LAN 改成 DHCP 客户端,并关闭本机 DHCP。然后输出:让你用
ifstatus lan或上级路由设备列表找新管理 IP。 - 选 2:要求你先接上级路由,并且 LAN 已经拿到 DHCP 地址(如果没有,脚本会提醒你先跑模式1)。脚本会:
- 显示检测到的上级网关/DNS
- 扫描同网段可能空闲IP(/24 网段效果最好)
- 让你输入想用的 IP,然后一键改成静态并输出新的管理地址
- 选 3:让 OpenWrt 做主路由,LAN 用独立网段(默认 192.168.8.1),并开启 DHCP 给下游分配地址。
原创文章,作者:开心电脑网,如若转载,请注明出处。
