Skip to content

Instantly share code, notes, and snippets.

@debovema

debovema/.gitignore

Last active February 19, 2024 20:05
Show Gist options
  • Save debovema/bc73b8e80216b37159ab3d39ec44d410 to your computer and use it in GitHub Desktop.
Save debovema/bc73b8e80216b37159ab3d39ec44d410 to your computer and use it in GitHub Desktop.
Download ZIP
OpenWrt custom firmware for Xiaomi Mi Router 3g (with FPU emulator enabled, custom packages preinstalled, AzireVPN preconfigured)
Raw
build_openwrt.sh
#!/bin/sh
OPENWRT_RELEASE_VERSION=22.03.2
if [ ! -d ./openwrt ]; then
git clone --branch v$OPENWRT_RELEASE_VERSION --depth 1 https://git.openwrt.org/openwrt/openwrt.git
cd openwrt
./scripts/feeds update -a
./scripts/feeds install -a
else
cd openwrt
fi
# retrieve configuration from release
wget -q "https://downloads.openwrt.org/releases/$OPENWRT_RELEASE_VERSION/targets/ramips/mt7621/config.buildinfo" -O .config
# customize configuration
cat << 'EOF' >> .config
# additional preinstalled packages
CONFIG_PACKAGE_adblock=y
CONFIG_PACKAGE_ca-bundle=y
CONFIG_PACKAGE_curl=y
CONFIG_PACKAGE_git-http=y
CONFIG_PACKAGE_ip-full=y
CONFIG_PACKAGE_luci-app-adblock=y
CONFIG_PACKAGE_luci-app-commands=y
CONFIG_PACKAGE_luci-app-openvpn=y
CONFIG_PACKAGE_luci-app-wireguard=y
CONFIG_PACKAGE_luci-proto-wireguard=y
CONFIG_PACKAGE_openvpn-openssl=y
CONFIG_PACKAGE_openssh-client=y
CONFIG_PACKAGE_qosify=n
CONFIG_PACKAGE_vim-full=y
CONFIG_PACKAGE_wireguard=y
CONFIG_PACKAGE_zsh=y
# target Xiaomi Mi Router 3g
CONFIG_TARGET_ramips_mt7621_DEVICE_xiaomi_mi-router-3g=y
# enable FPU emulator in Kernel
CONFIG_KERNEL_MIPS_FPU_EMULATOR=y
EOF
rm -rf ./files
# UCI defaults
mkdir -p ./files/etc/uci-defaults
cat > ./files/etc/uci-defaults/90_uci <<'EOF'
[ "$(uci -q get system.@system[0].zonename)" = "Europe/Paris" ] && exit 0
EOF
cat >> ./files/etc/uci-defaults/90_uci <<EOF
uci -q batch << EOI
set network.lan.ipaddr='192.168.88.1'
commit network
set wireless.radio0.disabled=0
set wireless.default_radio0.key='$OPENWRT_WIFI_PASSWORD'
set wireless.default_radio0.ssid='Orwell'
set wireless.default_radio0.encryption='psk2'
set wireless.radio1.disabled=0
set wireless.default_radio1.key='$OPENWRT_WIFI_PASSWORD'
set wireless.default_radio1.ssid='Orwell'
set wireless.default_radio1.encryption='psk2'
commit wireless
set system.@system[0].zonename='Europe/Paris'
commit system
EOI
EOF
# Oh My Zsh
cat > ./files/etc/uci-defaults/91_omz <<'EOF'
sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
sed -i 's/ZSH_THEME=.*/ZSH_THEME=ys/' /root/.zshrc
sed -i 's|/bin/ash|/usr/bin/zsh|' /etc/passwd
EOF
# Azire VPN
if [ ! -z "${OPENWRT_AZIRE_USERNAME}" ] && [ ! -z "${OPENWRT_AZIRE_PASSWORD}" ] && [ ! -z "${OPENWRT_AZIRE_WG_PRIVATE_KEY}" ] && [ ! -z "${OPENWRT_AZIRE_WG_PUBLIC_KEY}" ]; then
AZIRE_CONF=$(curl -s -d list=1 -d username="${OPENWRT_AZIRE_USERNAME}" --data-urlencode password="${OPENWRT_AZIRE_PASSWORD}" --data-urlencode pubkey="${OPENWRT_AZIRE_WG_PUBLIC_KEY}" https://api.azirevpn.com/v1/wireguard/connect/fr1)
AZIRE_ENDPOINT_PUBKEY=$(echo $AZIRE_CONF | jq -r .data.endpoint_pubkey)
AZIRE_IPV4_ADDR=$(echo $AZIRE_CONF | jq -r .data.ipv4_addr)
AZIRE_IPV4_ADDR_NETMASK=$(echo $AZIRE_CONF | jq -r .data.ipv4_addr_netmask)
AZIRE_IPV6_ADDR=$(echo $AZIRE_CONF | jq -r .data.ipv6_addr)
AZIRE_IPV6_ADDR_NETMASK=$(echo $AZIRE_CONF | jq -r .data.ipv6_addr_netmask)
AZIRE_ENDPOINT_IPV4_ADDR=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv4_addr)
AZIRE_ENDPOINT_IPV4_PORT=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv4_port)
AZIRE_IPV6_PD_SUBNET=$(echo $AZIRE_CONF | jq -r .data.ipv6_pd_subnet)
AZIRE_IPV6_PD_NETMASK=$(echo $AZIRE_CONF | jq -r .data.ipv6_pd_netmask)
AZIRE_ENDPOINT_IPV4_DNS_ADDR=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv4_dns_addr)
AZIRE_ENDPOINT_IPV6_DNS_ADDR=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv6_dns_addr)
cat > ./files/etc/uci-defaults/92_azire <<EOF
uci -q batch << EOI
set network.azire=interface
set network.azire.proto='wireguard'
set network.azire.peerdns='0'
add_list network.azire.addresses='$AZIRE_IPV4_ADDR/$AZIRE_IPV4_ADDR_NETMASK'
add_list network.azire.addresses='$AZIRE_IPV6_ADDR/$AZIRE_IPV6_ADDR_NETMASK'
set network.azire.private_key='$OPENWRT_AZIRE_WG_PRIVATE_KEY'
#set network.azire.ip6prefix='$AZIRE_IPV6_PD_SUBNET/$AZIRE_IPV6_PD_NETMASK'
add network wireguard_azire
set network.@wireguard_azire[-1].public_key='$AZIRE_ENDPOINT_PUBKEY'
set network.@wireguard_azire[-1].endpoint_host='$AZIRE_ENDPOINT_IPV4_ADDR'
set network.@wireguard_azire[-1].endpoint_port='$AZIRE_ENDPOINT_IPV4_PORT'
set network.@wireguard_azire[-1].route_allowed_ips='1'
set network.@wireguard_azire[-1].description='Peers'
add_list network.@wireguard_azire[-1].allowed_ips='0.0.0.0/0'
add_list network.@wireguard_azire[-1].allowed_ips='0::/0'
set network.aziretun=interface
set network.aziretun.proto='none'
set network.aziretun.device='tun0'
add firewall zone
set firewall.@zone[-1].name='azirezone'
set firewall.@zone[-1].input='REJECT'
set firewall.@zone[-1].output='ACCEPT'
set firewall.@zone[-1].forward='REJECT'
set firewall.@zone[-1].masq='1'
set firewall.@zone[-1].mtu_fix='1'
add_list firewall.@zone[-1].network='azire'
add_list firewall.@zone[-1].network='aziretun'
set firewall.@forwarding[0].dest='azirezone'
set network.globals.ula_prefix='$AZIRE_IPV6_PD_SUBNET/$AZIRE_IPV6_PD_NETMASK'
set network.wan.peerdns='0'
add_list network.wan.dns='$AZIRE_ENDPOINT_IPV4_DNS_ADDR'
add_list network.wan.dns='1.1.1.1' # Cloudflare DNS
add_list network.wan.dns='1.0.0.1' # Cloudflare DNS
set network.wan6.peerdns='0'
add_list network.wan6.dns='$AZIRE_ENDPOINT_IPV6_DNS_ADDR'
add_list network.wan6.dns='2606:4700:4700::1111'
add_list network.wan6.dns='2606:4700:4700::1001'
EOI
EOF
fi
# authorized SSH key
if [ ! -z "${OPENWRT_SSH_AUTHORIZED_KEY}" ]; then
mkdir -p ./files/etc/dropbear
echo "$OPENWRT_SSH_AUTHORIZED_KEY" > ./files/etc/dropbear/authorized_keys
chmod 600 ./files/etc/dropbear/authorized_keys
cat > ./files/etc/uci-defaults/93_dropbear <<'EOF'
uci -q batch << EOI
set dropbear.@dropbear[-1].RootPasswordAuth='off'
set dropbear.@dropbear[-1].PasswordAuth='off'
commit dropbear
EOI
EOF
fi
# validate and save config
make defconfig
# build firmware
make download
make -j $(($(nproc)+1))
@debovema
Copy link
Author

debovema commented Jul 1, 2020
edited
Loading 

export OPENWRT_WIFI_PASSWORD=changeit

export OPENWRT_AZIRE_USERNAME=changeit
export OPENWRT_AZIRE_PASSWORD=changeit
export OPENWRT_AZIRE_WG_PRIVATE_KEY=$(wg genkey)
export OPENWRT_AZIRE_WG_PUBLIC_KEY=$(echo $OPENWRT_AZIRE_WG_PRIVATE_KEY | wg pubkey)

ssh-keygen -t ed25519 -q -N "" -C "" -f ~/.ssh/openwrt
export OPENWRT_SSH_AUTHORIZED_KEY=$(cat ~/.ssh/openwrt.pub)

sh -c "$(wget https://gist.githubusercontent.com/debovema/bc73b8e80216b37159ab3d39ec44d410/raw/bf365b92b6b1970d941aef57563f310234035a76/build_openwrt.sh -O -)"

In WSL, export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games

@debovema
Copy link
Author

debovema commented Jul 9, 2021
edited
Loading

Testing

git clone https://gist.github.com/bc73b8e80216b37159ab3d39ec44d410.git openwrt-auto
cd openwrt-auto

export OPENWRT_WIFI_PASSWORD=changeit

export OPENWRT_AZIRE_USERNAME=changeit
export OPENWRT_AZIRE_PASSWORD=changeit
export OPENWRT_AZIRE_WG_PRIVATE_KEY=$(wg genkey)
export OPENWRT_AZIRE_WG_PUBLIC_KEY=$(echo $OPENWRT_AZIRE_WG_PRIVATE_KEY | wg pubkey)

ssh-keygen -t ed25519 -q -N "" -C "" -f ~/.ssh/openwrt
export OPENWRT_SSH_AUTHORIZED_KEY=$(cat ~/.ssh/openwrt.pub)

sed -i 's|# build firmware|exit 0\n\n# build firmware|' build_openwrt.sh

./build_openwrt.sh

# check that everything is OK (in openwrt/.config, openwrt/files) then build:

make -C openwrt

# or with separate download step and CPU cores optimization:

make -C openwrt download
make -C openwrt -j $(($(nproc)+1))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment