Last active
February 19, 2024 20:05
-
-
Save debovema/bc73b8e80216b37159ab3d39ec44d410 to your computer and use it in GitHub Desktop.
OpenWrt custom firmware for Xiaomi Mi Router 3g (with FPU emulator enabled, custom packages preinstalled, AzireVPN preconfigured)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openwrt/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
OPENWRT_RELEASE_VERSION=22.03.2 | |
if [ ! -d ./openwrt ]; then | |
git clone --branch v$OPENWRT_RELEASE_VERSION --depth 1 https://git.openwrt.org/openwrt/openwrt.git | |
cd openwrt | |
./scripts/feeds update -a | |
./scripts/feeds install -a | |
else | |
cd openwrt | |
fi | |
# retrieve configuration from release | |
wget -q "https://downloads.openwrt.org/releases/$OPENWRT_RELEASE_VERSION/targets/ramips/mt7621/config.buildinfo" -O .config | |
# customize configuration | |
cat << 'EOF' >> .config | |
# additional preinstalled packages | |
CONFIG_PACKAGE_adblock=y | |
CONFIG_PACKAGE_ca-bundle=y | |
CONFIG_PACKAGE_curl=y | |
CONFIG_PACKAGE_git-http=y | |
CONFIG_PACKAGE_ip-full=y | |
CONFIG_PACKAGE_luci-app-adblock=y | |
CONFIG_PACKAGE_luci-app-commands=y | |
CONFIG_PACKAGE_luci-app-openvpn=y | |
CONFIG_PACKAGE_luci-app-wireguard=y | |
CONFIG_PACKAGE_luci-proto-wireguard=y | |
CONFIG_PACKAGE_openvpn-openssl=y | |
CONFIG_PACKAGE_openssh-client=y | |
CONFIG_PACKAGE_qosify=n | |
CONFIG_PACKAGE_vim-full=y | |
CONFIG_PACKAGE_wireguard=y | |
CONFIG_PACKAGE_zsh=y | |
# target Xiaomi Mi Router 3g | |
CONFIG_TARGET_ramips_mt7621_DEVICE_xiaomi_mi-router-3g=y | |
# enable FPU emulator in Kernel | |
CONFIG_KERNEL_MIPS_FPU_EMULATOR=y | |
EOF | |
rm -rf ./files | |
# UCI defaults | |
mkdir -p ./files/etc/uci-defaults | |
cat > ./files/etc/uci-defaults/90_uci <<'EOF' | |
[ "$(uci -q get system.@system[0].zonename)" = "Europe/Paris" ] && exit 0 | |
EOF | |
cat >> ./files/etc/uci-defaults/90_uci <<EOF | |
uci -q batch << EOI | |
set network.lan.ipaddr='192.168.88.1' | |
commit network | |
set wireless.radio0.disabled=0 | |
set wireless.default_radio0.key='$OPENWRT_WIFI_PASSWORD' | |
set wireless.default_radio0.ssid='Orwell' | |
set wireless.default_radio0.encryption='psk2' | |
set wireless.radio1.disabled=0 | |
set wireless.default_radio1.key='$OPENWRT_WIFI_PASSWORD' | |
set wireless.default_radio1.ssid='Orwell' | |
set wireless.default_radio1.encryption='psk2' | |
commit wireless | |
set system.@system[0].zonename='Europe/Paris' | |
commit system | |
EOI | |
EOF | |
# Oh My Zsh | |
cat > ./files/etc/uci-defaults/91_omz <<'EOF' | |
sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" | |
sed -i 's/ZSH_THEME=.*/ZSH_THEME=ys/' /root/.zshrc | |
sed -i 's|/bin/ash|/usr/bin/zsh|' /etc/passwd | |
EOF | |
# Azire VPN | |
if [ ! -z "${OPENWRT_AZIRE_USERNAME}" ] && [ ! -z "${OPENWRT_AZIRE_PASSWORD}" ] && [ ! -z "${OPENWRT_AZIRE_WG_PRIVATE_KEY}" ] && [ ! -z "${OPENWRT_AZIRE_WG_PUBLIC_KEY}" ]; then | |
AZIRE_CONF=$(curl -s -d list=1 -d username="${OPENWRT_AZIRE_USERNAME}" --data-urlencode password="${OPENWRT_AZIRE_PASSWORD}" --data-urlencode pubkey="${OPENWRT_AZIRE_WG_PUBLIC_KEY}" https://api.azirevpn.com/v1/wireguard/connect/fr1) | |
AZIRE_ENDPOINT_PUBKEY=$(echo $AZIRE_CONF | jq -r .data.endpoint_pubkey) | |
AZIRE_IPV4_ADDR=$(echo $AZIRE_CONF | jq -r .data.ipv4_addr) | |
AZIRE_IPV4_ADDR_NETMASK=$(echo $AZIRE_CONF | jq -r .data.ipv4_addr_netmask) | |
AZIRE_IPV6_ADDR=$(echo $AZIRE_CONF | jq -r .data.ipv6_addr) | |
AZIRE_IPV6_ADDR_NETMASK=$(echo $AZIRE_CONF | jq -r .data.ipv6_addr_netmask) | |
AZIRE_ENDPOINT_IPV4_ADDR=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv4_addr) | |
AZIRE_ENDPOINT_IPV4_PORT=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv4_port) | |
AZIRE_IPV6_PD_SUBNET=$(echo $AZIRE_CONF | jq -r .data.ipv6_pd_subnet) | |
AZIRE_IPV6_PD_NETMASK=$(echo $AZIRE_CONF | jq -r .data.ipv6_pd_netmask) | |
AZIRE_ENDPOINT_IPV4_DNS_ADDR=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv4_dns_addr) | |
AZIRE_ENDPOINT_IPV6_DNS_ADDR=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv6_dns_addr) | |
cat > ./files/etc/uci-defaults/92_azire <<EOF | |
uci -q batch << EOI | |
set network.azire=interface | |
set network.azire.proto='wireguard' | |
set network.azire.peerdns='0' | |
add_list network.azire.addresses='$AZIRE_IPV4_ADDR/$AZIRE_IPV4_ADDR_NETMASK' | |
add_list network.azire.addresses='$AZIRE_IPV6_ADDR/$AZIRE_IPV6_ADDR_NETMASK' | |
set network.azire.private_key='$OPENWRT_AZIRE_WG_PRIVATE_KEY' | |
#set network.azire.ip6prefix='$AZIRE_IPV6_PD_SUBNET/$AZIRE_IPV6_PD_NETMASK' | |
add network wireguard_azire | |
set network.@wireguard_azire[-1].public_key='$AZIRE_ENDPOINT_PUBKEY' | |
set network.@wireguard_azire[-1].endpoint_host='$AZIRE_ENDPOINT_IPV4_ADDR' | |
set network.@wireguard_azire[-1].endpoint_port='$AZIRE_ENDPOINT_IPV4_PORT' | |
set network.@wireguard_azire[-1].route_allowed_ips='1' | |
set network.@wireguard_azire[-1].description='Peers' | |
add_list network.@wireguard_azire[-1].allowed_ips='0.0.0.0/0' | |
add_list network.@wireguard_azire[-1].allowed_ips='0::/0' | |
set network.aziretun=interface | |
set network.aziretun.proto='none' | |
set network.aziretun.device='tun0' | |
add firewall zone | |
set firewall.@zone[-1].name='azirezone' | |
set firewall.@zone[-1].input='REJECT' | |
set firewall.@zone[-1].output='ACCEPT' | |
set firewall.@zone[-1].forward='REJECT' | |
set firewall.@zone[-1].masq='1' | |
set firewall.@zone[-1].mtu_fix='1' | |
add_list firewall.@zone[-1].network='azire' | |
add_list firewall.@zone[-1].network='aziretun' | |
set firewall.@forwarding[0].dest='azirezone' | |
set network.globals.ula_prefix='$AZIRE_IPV6_PD_SUBNET/$AZIRE_IPV6_PD_NETMASK' | |
set network.wan.peerdns='0' | |
add_list network.wan.dns='$AZIRE_ENDPOINT_IPV4_DNS_ADDR' | |
add_list network.wan.dns='1.1.1.1' # Cloudflare DNS | |
add_list network.wan.dns='1.0.0.1' # Cloudflare DNS | |
set network.wan6.peerdns='0' | |
add_list network.wan6.dns='$AZIRE_ENDPOINT_IPV6_DNS_ADDR' | |
add_list network.wan6.dns='2606:4700:4700::1111' | |
add_list network.wan6.dns='2606:4700:4700::1001' | |
EOI | |
EOF | |
fi | |
# authorized SSH key | |
if [ ! -z "${OPENWRT_SSH_AUTHORIZED_KEY}" ]; then | |
mkdir -p ./files/etc/dropbear | |
echo "$OPENWRT_SSH_AUTHORIZED_KEY" > ./files/etc/dropbear/authorized_keys | |
chmod 600 ./files/etc/dropbear/authorized_keys | |
cat > ./files/etc/uci-defaults/93_dropbear <<'EOF' | |
uci -q batch << EOI | |
set dropbear.@dropbear[-1].RootPasswordAuth='off' | |
set dropbear.@dropbear[-1].PasswordAuth='off' | |
commit dropbear | |
EOI | |
EOF | |
fi | |
# validate and save config | |
make defconfig | |
# build firmware | |
make download | |
make -j $(($(nproc)+1)) |
Author
debovema
commented
Jul 1, 2020
•
Testing
git clone https://gist.github.com/bc73b8e80216b37159ab3d39ec44d410.git openwrt-auto
cd openwrt-auto
export OPENWRT_WIFI_PASSWORD=changeit
export OPENWRT_AZIRE_USERNAME=changeit
export OPENWRT_AZIRE_PASSWORD=changeit
export OPENWRT_AZIRE_WG_PRIVATE_KEY=$(wg genkey)
export OPENWRT_AZIRE_WG_PUBLIC_KEY=$(echo $OPENWRT_AZIRE_WG_PRIVATE_KEY | wg pubkey)
ssh-keygen -t ed25519 -q -N "" -C "" -f ~/.ssh/openwrt
export OPENWRT_SSH_AUTHORIZED_KEY=$(cat ~/.ssh/openwrt.pub)
sed -i 's|# build firmware|exit 0\n\n# build firmware|' build_openwrt.sh
./build_openwrt.sh
# check that everything is OK (in openwrt/.config, openwrt/files) then build:
make -C openwrt
# or with separate download step and CPU cores optimization:
make -C openwrt download
make -C openwrt -j $(($(nproc)+1))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment