- Basics
- Intermediate (requires more resources)
- Optional
-
-
Save AzimsTech/86da77ec0e5da6345ee0d266aef12844 to your computer and use it in GitHub Desktop.
echo 'Updating root password'
NEWPASSWD=123
passwd <<EOF
$NEWPASSWD
$NEWPASSWD
EOF
HOSTNAME="LiNKSYS"
uci set system.@system[0].hostname=$HOSTNAME
uci set network.lan.hostname="`uci get system.@system[0].hostname`"
uci commit system
/etc/init.d/system reload
PPPOE_USERNAME=fadzilahmamat68@unifi
PPPOE_PASSWORD=9XnYz5k2kh5E8
DNS_1=1.1.1.1
DNS_2=8.8.8.8
DNS6_1=2606:4700:4700::1111
DNS6_2=2001:4860:4860::8888
uci set network.wan.proto='pppoe'
uci set network.wan.username=$PPPOE_USERNAME
uci set network.wan.password=$PPPOE_PASSWORD
uci set network.wan.device='wan.500'
uci set network.wan.ipv6='1'
uci set network.wan.peerdns='0'
uci set network.wan.dns="$DNS_1 $DNS_2"
uci set network.wan6.proto='dhcpv6'
uci set network.wan6.device='@wan'
uci set network.wan6.peerdns='0'
uci set network.wan6.dns="$DNS6_1 $DNS6_2"
uci commit network
ifup wan
echo 'Waiting for link to initialize'
sleep 20
opkg update # retrieve updated packages
opkg install luci-app-sqm # install the SQM modules to get fq_codel etc
opkg remove wpad-basic-wolfssl # remove the non-mesh version of wpad
opkg install wpad-mesh-wolfssl # Install the mesh supporting version
TIMEZONE='<+08>-8'
ZONENAME='Asia/Kuala Lumpur'
echo 'Setting timezone to' $TIMEZONE
uci set system.@system[0].timezone="$TIMEZONE"
echo 'Setting zone name to' $ZONENAME
uci set system.@system[0].zonename="$ZONENAME"
uci commit system
/etc/init.d/system reload
uci set network.wan.proto='pppoe'
uci set network.wan.username='fadzilahmamat68@unifi'
uci set network.wan.password='9XnYz5k2kh5E8'
uci set network.wan.device='wan.500'
uci set network.wan.ipv6='1'
uci set network.wan.peerdns='0'
uci set network.wan.dns='8.8.8.8' '8.8.4.4'
uci set network.wan6.proto='dhcpv6'
uci set network.wan6.device='@wan'
uci set network.wan6.peerdns='0'
uci set network.wan6.dns='2001:4860:4860::8888 2001:4860:4860::8844'
uci commit network
uci set system.@system[0].hostname='LiNKSYS'
uci set system.@system[0].zonename='Asia/Kuala Lumpur'
uci set system.@system[0].timezone='<+08>-8'
uci commit system
# Install packages
opkg update; opkg install stubby
# Enable DNS encryption
service dnsmasq stop
uci set dhcp.@dnsmasq[0].noresolv="1"
uci set dhcp.@dnsmasq[0].localuse="1"
uci -q delete dhcp.@dnsmasq[0].server
uci -q get stubby.global.listen_address \
| sed -e "s/\s/\n/g;s/@/#/g" \
| while read -r STUBBY_SERV
do uci add_list dhcp.@dnsmasq[0].server="${STUBBY_SERV}"
done
uci commit dhcp
service dnsmasq start
More on openwrt.org/docs/guide-user/services/dns/dot_dnsmasq_stubby
- Change to DHCP mode after the router is restarted
- The gateway by default is http://192.168.1.1 without password
- System
- Administration
- change router admin password
- modify interface of SSH access to LAN
- SSH Keys
- past the content of your public key file. It will be a long string starting with
ssh-rsa …
- past the content of your public key file. It will be a long string starting with
- Administration
- Network > Wireless > 2.4G AP & 5G AP
- Device Configuration
- Advance Settings: modify country code
- Interface Configuration
- General Setup: modify ESSID
- Wireless Security
- Encryption: WPA2-PSK
- Cipher: Force CCMP
- Key: Your Wi-Fi Password
- Advanced Settings
- uncheck Disassociate On Low Acknowledgement
- check Disable Inactivity Polling
- Time interval for rekeying GTK: 3600
- Device Configuration
- Network > Wireless > 5G AP > Device Configuration
- Operating frequency
- Mode: AC
- Channel: 36
- Width 80mhz
- Operating frequency
- Network > Wireless: Save & Apply
- Network > Interface: modify gateway to 192.168.0.1 if 192.168.1.1 has conflict with upstream
- Network > Interface: Save & Apply
- Network > Firewall > General Settings
- Routing/NAT Offloading
- check Software flow offloading
- check Hardware flow offloading
- Save & Apply
- Routing/NAT Offloading
- Network> Interfaces > Devices: Add device configuration
- Select VLAN (802.1q) as device type
- Select WAN as base device
- Introduce 20 in VLAN ID 20 (This configuration depends on the operator)
- uncheck “Enable IPv6”
- Save
- Save & apply
- Network> Interfaces > Interface: click edit on WAN configuration
- Change protocol to PPPoE
- Select Software VLAN wan.20 as device
- Introduce PPPoE username and password
- Save
- Save & apply
scp root@source_host
:source_path
destination_path
source_host
: Router's IP or hostname.source_path
: File path to copy.destination_path
: Computer's destination path.
Example:
scp root@openwrt.lan:/etc/config/sqm C:\Users\AzimsTech\Desktop\sqm
Example:
scp source_path
root@destination_host
:destination_path
source_path
: File path to copy.destination_host
: Router's IP or hostname.destination_path
: Router's destination path.
Example:
scp C:\Users\AzimsTech\Desktop\sysupgrade.bin root@openwrt.lan:/tmp/
-
Create
.ssh
directory for root usermkdir -p ~/.ssh
-
Create SSH keys on the secondary device
dropbearkey -t rsa -f ~/.ssh/id_dropbear
-
Get generated public key from this command & Copy that to clipboard
dropbearkey -y -f ~/.ssh/id_dropbear
Example output:
Public key portion is: ssh-rsa AAAAB3NzaC1yc2EAdrgdftergdsfgdfgdfgdfgdfgdfgdfgJOYPF6nc41DUWDQdRrv8Ihe/zINq5CaFOsysL3LNOg90C9uDYRIp89nq9ydUIrwvjz9r8U/7HFOkLX6YQUevUZHxEyUexhWRSBLbnoQSKLHlB5WhodghdfgdfgdfgdfgdfgdfgfdgdfgfdgdfasdaaedadfasEUxiDTj74l0dqLpCCM1r9BcQd12hvQwfHvbMAcY/7l3Wb5fdAvXI5mMIXXzWPkLhSLHP1Hw1trEmuUeL2rie+WzSjaOGMzVDjOpEaZD0dT7Ib9yDwem8UDMPFuXnNmsUvpxNHakWbw+465uxlyeAzL root@VM-router Fingerprint: sha1!! ec:66:c1:57:92:c1:ec:66:c1:57:92:c1:c7:9e:71:50:25:65:61:53:dd
-
Add cron jobs on the primary device to copy /tmp/dhcp.leases from primary devices
(crontab -l ; echo "*/5 * * * * scp root@192.168.1.1:/tmp/dhcp.leases /tmp/dhcp.leases")| crontab -
-
Add generated publickey from secondary device using this command here:
echo "Paste that public key here " >> /etc/dropbear/authorized_keys
opkg update; opkg install qosify
uci set qosify.wan.bandwidth_up='50mbit'
uci set qosify.wan.bandwidth_down='100mbit'
uci set qosify.wan.disabled='0'
uci commit qosify
/etc/init.d/qosify start
-
Install Ubuntu WSL & reboot the computer
wsl --install Ubuntu; shutdown -r -t 0
-
Remove windows path from $PATH in WSL (see why)
sudo su echo -e "[interop]\nappendWindowsPath=false" >> /etc/wsl.conf exit
-
Install build requirements for Ubuntu
sudo apt update && sudo apt dist-upgrade sudo apt install build-essential clang flex bison g++ gawk \ gcc-multilib g++-multilib gettext git libncurses-dev libssl-dev \ python3-distutils rsync unzip zlib1g-dev file wget
-
Download image builder based on your
target
& extract itwget https://downloads.openwrt.org/releases/23.05.2/targets/ath79/generic/openwrt-imagebuilder-23.05.2-ath79-generic.Linux-x86_64.tar.xz tar -J -x -f openwrt-imagebuilder-*.tar.xz cd openwrt-imagebuilder-*/
-
(Optional) Create uci-defaults script
mkdir -p files/etc/uci-defaults/ cat << "EOF" > files/etc/uci-defaults/99-custom uci set wireless.@wifi-device[0].disabled="0" uci set wireless.@wifi-iface[0].disabled="0" uci set wireless.@wifi-iface[0].ssid="OpenWrt" uci set wireless.@wifi-iface[0].key="changemeplox" uci set wireless.@wifi-iface[0].encryption="psk2" uci commit wireless EOF
-
Start building image
make image \ PROFILE="dlink_dir-842-c2" \ PACKAGES="luci ath10k-firmware-qca9888 kmod-ath10k -ppp -ppp-mod-pppoe -ath10k-firmware-qca9888-ct -kmod-ath10k-ct" \ FILES="files" \ DISABLED_SERVICES="dnsmasq firewall odhcpd"
Run
make info
to list all avaiablePROFILE
.
See detailed help for more build confirguration. -
Copy & paste built image to desired windows directory
cp -r bin /mnt/d
-
Cleaning up
make clean
(Get-FileHash '.\path\to\foo.zip').Hash -eq (Get-Content .\expected-hash.sha256)
(Get-FileHash .\openwrt-23.05.0-ramips-mt7621-dlink_dir-882-a1-squashfs-sysupgrade.bin).Hash -eq "452b69cc96aff64150e39396e174530ff6634a49b888c450cb713ad0d891f23e"