Kali Linux TP-Link TP-W772N V.4

Kali Linux 2022.4

rtl8188eus v5.3.9

# apt update && apt -y upgrade
# apt install bc
# apt install linux-headers-$(uname -r)
# apt install dkms
# rmmod r8188eu.ko
# echo "blacklist r8188eu" >> "/etc/modprobe.d/realtek.conf"
# reboot
# git clone https://github.com/aircrack-ng/rtl8188eus
# cd rtl8188eus
# sed -i 's/$(srctree)\/$(src)/$(pwd)\/$(src)/'g Makefile
# make
# make install 
# modprobe 8188eu

Mikrotik script :: Add default route to wireguard for dynamic wan ip

RouterOS7

wireguard server public ip 10.0.0.1
wireguard server private ip 192.168.0.1

/ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1 scope=10 check-gateway=ping

Change dhcp-client "Default Route Distance" to 5 
#### script dhcp-client

:if ($bound=1) do={    

    /ip route remove [/ip route find comment="route-wireguard-wan"]

    /ip route add gateway=$"gateway-address" dst-address="10.0.0.1" scope=10  comment="route-wireguard-wan"
} else={
    /ip route remove [/ip route find comment="route-wireguard-wan"]
}

Mikrotik 2 WAN failover with recursive routing

RouterOS7

WAN1 port ether1 gateway 192.168.1.1
WAN2 port ehter2 gateway 192.168.2.1

/ip/address/
add address=192.168.1.2/24 interface=ether1
add address=192.168.2.2/24 interface=ether2


/ip/route/
add dst-address=1.0.0.1 gateway=192.168.1.1 scope=10 comment="Recursive WAN1"
add dst-address=8.8.4.4 gateway=192.168.2.1 scope=10 comment="Recursive WAN2"
add gateway=1.0.0.1 check-gateway=ping distance=1 target-scope=30 comment="Route WAN1"
add gateway=8.8.4.4 check-gateway=ping distance=2 target-scope=30 comment="Route WAN2"

/ip/firewall/nat/
add chain=srcnat out-interface=ether1 action=masquerade comment="NAT WAN1"
add chain=srcnat out-interface=ether2 action=masquerade comment="NAT WAN2"

Mikrotik Quad9 DOH (update 2023)

RouterOS 7 

/ip/dns/ set servers=9.9.9.9,149.112.112.112

/tool/fetch mode=https url="https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem"

/certificate/import file-name=DigiCertGlobalRootCA.crt.pem

/ip/dns/ set use-doh-server=https://dns.quad9.net/dns-query verify-doh-cert=yes allow-remote-requests=yes

/tool/sniffer/quick port=53,443 ip-address=9.9.9.9,149.112.112.112

https://docs.quad9.net/Setup_Guides/Open-Source_Routers/MikroTik_RouterOS_%28Encrypted%29/

OpenWrt wifi client bridge

Xiaomi Redmi Router AC2100

OpenWrt 22.03.0

In some cases, the wireless drivers used in OpenWrt do not support “Layer 2” bridging in client mode with a specific “upstream” wireless system. When this occurs, one approach is to route the traffic between LAN and the upstream wireless system. Broadcast traffic, such as DHCP and link-local discovery like mDNS are generally not routable. 

LAN Interface
Reset the router to return to default openwrt settings.
Connect a computer to a LAN port and log into LuCI web UI at 192.168.1.1.
Network -> Interfaces -> LAN -> General Settings
Assign an IP address in a different subnet (e.g. 192.168.11.1). Click Save.
Network -> Interfaces -> LAN -> DHCP Server -> General Setup
Check Ignore interface to disable DHCP for the LAN interface.
Network -> Interfaces -> LAN -> DHCP Server -> IPv6 Settings
RA-Service set disabled.
DHCPv6-Service set disabled.
Click Save.
Click Save & apply.
Connect a computer to a LAN port and log into LuCI web UI at 192.168.11.1.
it is recommended to delete the redundant WAN interfaces and firewall zones. 

Wi-Fi
Network -> Wireless
click on Scan button for the desired radio.
Choose the Wi-Fi network you want to connect to from the page and click Join Network.
Enter the Wi-Fi password and select lan firewall zone.
Click Sunmit.
Click Save.
Click Save & Apply.

Installing relayd package
System -> Software
Click Update List button.
Enter luci-proto-relay into the Filter box, and click Install.
Important: Reboot the router.

Creating Relay Interface
Network -> Interfaces
Click on Add New Interface.
Enter a name and select Relay bridge protocol
Click Create Interface
Enter the IP address of WWAN interface.
Select both lan and wwan in the Relay between networks list.
Click Save.
Click Save & Apply.
After you have completed above steps, reboot the router.
Reminder: Remove the static IP address from your computer. ie. change it back to DHCP client mode.
When the Wifi bridge is powered up, your computer should acquire DHCP IP address from your main router.
The Wifi bridge can be managed through its static wwan IP address.

ref :: https://openwrt.org/docs/guide-user/network/wifi/relay_configuration

wireguard :: mikrotik server split tunnel with mikrotik client, android client, ubuntu client

scenario

server ip

192.168.20.1

local network

192.168.70.0/24

192.168.80.0/24

key pair generate script via ubuntu

wg genkey | tee private.key | wg pubkey > public.key

mikrotik server   

private-key="SEzAh6+G7eVcNxSAWD/9KdR28YoXVy58KF6Nvd4YMEM="

public-key="PgFcfWLokU8YjNW0tTrmE3e2tc2rmG8EuXJEhO2Ogzg="

mikrotik client   

private-key="cHfKboloI7SfT2W2dBUVDksLHL9EvmMURcSY6Jm3Ens="

public-key="zwtwrDYy9XmrGDpONawDBZCZRr66CkHDimhaurIgxEc=

android   

private-key="mD/VGj1qBY1+CWyOP/Zr0+cay/D24Z5e/0zsT/rTy0U="

public-key="6six3G4E0rbHNekcHCeUJHRRcGgbvOGW5EgOiXmWQS8="

ubuntu   

private-key="eOCMv9KQGZYm5vwhIjAUMtyjcrIGEksKd5ACx4lm+0E="

public-key="y3MmYwOGbaVpxt7DtbeR82XXnrhyBQ8ARohRT0fK2Qw="

mikrotik server

/interface/wireguard/

add listen-port=13231 mtu=1420 name=wg1 private-key="SEzAh6+G7eVcNxSAWD/9KdR28YoXVy58KF6Nvd4YMEM="

/interface/wireguard/peers/

add allowed-address=10.0.0.2/32 comment="mikrotik peer" interface=wg1 persistent-keepalive=30s public-key="zwtwrDYy9XmrGDpONawDBZCZRr66CkHDimhaurIgxEc="

add allowed-address=10.0.0.3/32 comment="android peer" interface=wg1 persistent-keepalive=30s public-key="6six3G4E0rbHNekcHCeUJHRRcGgbvOGW5EgOiXmWQS8="

add allowed-address=10.0.0.4/32 comment="ubuntu peer" interface=wg1 persistent-keepalive=30s public-key="y3MmYwOGbaVpxt7DtbeR82XXnrhyBQ8ARohRT0fK2Qw="

/ip/address/

add address=10.0.0.1/24 interface=wg1 network=10.0.0.0

mikrotik client

/interface/wireguard/

add listen-port=13231 mtu=1420 name=wg1 private-key="cHfKboloI7SfT2W2dBUVDksLHL9EvmMURcSY6Jm3Ens="

/interface/wireguard/peers/

add allowed-address=0.0.0.0/0 endpoint-address=192.168.20.1 endpoint-port=13231 interface=wg1 persistent-keepalive=30s public-key="PgFcfWLokU8YjNW0tTrmE3e2tc2rmG8EuXJEhO2Ogzg="

/ip/address/

add address=10.0.0.2/24 interface=wg1 network=10.0.0.0

/ip/route/

add dst-address=192.168.70.0/24 gateway=wg1

add dst-address=192.168.80.0/24 gateway=wg1

android

install wireguard from play store and import config file

wg1.conf

[Interface]

Address = 10.0.0.3/32

PrivateKey = mD/VGj1qBY1+CWyOP/Zr0+cay/D24Z5e/0zsT/rTy0U=

[Peer]

AllowedIPs = 10.0.0.0/24, 192.168.70.0/24, 192.168.80.0/24

Endpoint = 192.168.20.1:13231

PersistentKeepalive = 30

PublicKey = PgFcfWLokU8YjNW0tTrmE3e2tc2rmG8EuXJEhO2Ogzg=

ubuntu

sudo apt-get install wireguard

sudo vi /etc/wireguard/wg1.conf

sudo wg-quick up wg1

wg1.conf

[Interface]

Address = 10.0.0.4/32

SaveConfig = true

PrivateKey = eOCMv9KQGZYm5vwhIjAUMtyjcrIGEksKd5ACx4lm+0E=

[Peer]

PublicKey = PgFcfWLokU8YjNW0tTrmE3e2tc2rmG8EuXJEhO2Ogzg=

AllowedIPs = 10.0.0.0/24, 192.168.70.0/24, 192.168.80.0/24

Endpoint = 192.168.20.1:13231

PersistentKeepalive = 30

MikroTik OpenVPN Server and Client

Server ip : 192.168.10.1

OpenVPN server bind ip : 172.28.10.1

protocol : udp

auth : sha512

cipher : aes256

client

username : user1

password : user1

user1's ip : 172.28.10.100

allow one connection per user

verify both server certificate and client certificate

OpenVPN server

/certificate

add name=CA common-name=ca key-usage=key-cert-sign,crl-sign days-valid=3650

add name=Server common-name=server key-usage=digital-signature,key-encipherment,tls-server days-valid=3650

add name=Client common-name=client key-usage=tls-client days-valid=3650

sign CA

sign Server ca=CA

sign Client ca=CA

set Server trusted=yes

export-certificate CA file-name=CA type=pkcs12 export-passphrase=""

export-certificate Client file-name=Client type=pkcs12 export-passphrase=12345678

/ppp 

profile add name=ovpn local-address=172.28.10.1 use-ipv6=no use-encryption=yes only-one=yes

secret add name=user1 password=user1 service=ovpn profile=ovpn remote-address=172.28.10.100

/interface ovpn-server server set enabled=yes protocol=udp default-profile=ovpn certificate=Server require-client-certificate=yes tls-version=only-1.2 auth=sha512 cipher=aes256 

OpenVPN client

/certificate

import name=CA file-name=cert_export_CA.p12 passphrase=""

import name=Client file-name=cert_export_Client.p12 passphrase=12345678

/interface ovpn-client add connect-to=192.168.10.1 protocol=udp user=user1 password=user1 certificate=Client verify-server-certificate=yes tls-version=only-1.2 auth=sha512 cipher=aes256 use-peer-dns=no add-default-route=no disabled=no