Last active
February 19, 2024 20:05
-
-
Save debovema/bc73b8e80216b37159ab3d39ec44d410 to your computer and use it in GitHub Desktop.
OpenWrt custom firmware for Xiaomi Mi Router 3g (with FPU emulator enabled, custom packages preinstalled, AzireVPN preconfigured)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openwrt/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
OPENWRT_RELEASE_VERSION=22.03.2 | |
if [ ! -d ./openwrt ]; then | |
git clone --branch v$OPENWRT_RELEASE_VERSION --depth 1 https://git.openwrt.org/openwrt/openwrt.git | |
cd openwrt | |
./scripts/feeds update -a | |
./scripts/feeds install -a | |
else | |
cd openwrt | |
fi | |
# retrieve configuration from release | |
wget -q "https://downloads.openwrt.org/releases/$OPENWRT_RELEASE_VERSION/targets/ramips/mt7621/config.buildinfo" -O .config | |
# customize configuration | |
cat << 'EOF' >> .config | |
# additional preinstalled packages | |
CONFIG_PACKAGE_adblock=y | |
CONFIG_PACKAGE_ca-bundle=y | |
CONFIG_PACKAGE_curl=y | |
CONFIG_PACKAGE_git-http=y | |
CONFIG_PACKAGE_ip-full=y | |
CONFIG_PACKAGE_luci-app-adblock=y | |
CONFIG_PACKAGE_luci-app-commands=y | |
CONFIG_PACKAGE_luci-app-openvpn=y | |
CONFIG_PACKAGE_luci-app-wireguard=y | |
CONFIG_PACKAGE_luci-proto-wireguard=y | |
CONFIG_PACKAGE_openvpn-openssl=y | |
CONFIG_PACKAGE_openssh-client=y | |
CONFIG_PACKAGE_qosify=n | |
CONFIG_PACKAGE_vim-full=y | |
CONFIG_PACKAGE_wireguard=y | |
CONFIG_PACKAGE_zsh=y | |
# target Xiaomi Mi Router 3g | |
CONFIG_TARGET_ramips_mt7621_DEVICE_xiaomi_mi-router-3g=y | |
# enable FPU emulator in Kernel | |
CONFIG_KERNEL_MIPS_FPU_EMULATOR=y | |
EOF | |
rm -rf ./files | |
# UCI defaults | |
mkdir -p ./files/etc/uci-defaults | |
cat > ./files/etc/uci-defaults/90_uci <<'EOF' | |
[ "$(uci -q get system.@system[0].zonename)" = "Europe/Paris" ] && exit 0 | |
EOF | |
cat >> ./files/etc/uci-defaults/90_uci <<EOF | |
uci -q batch << EOI | |
set network.lan.ipaddr='192.168.88.1' | |
commit network | |
set wireless.radio0.disabled=0 | |
set wireless.default_radio0.key='$OPENWRT_WIFI_PASSWORD' | |
set wireless.default_radio0.ssid='Orwell' | |
set wireless.default_radio0.encryption='psk2' | |
set wireless.radio1.disabled=0 | |
set wireless.default_radio1.key='$OPENWRT_WIFI_PASSWORD' | |
set wireless.default_radio1.ssid='Orwell' | |
set wireless.default_radio1.encryption='psk2' | |
commit wireless | |
set system.@system[0].zonename='Europe/Paris' | |
commit system | |
EOI | |
EOF | |
# Oh My Zsh | |
cat > ./files/etc/uci-defaults/91_omz <<'EOF' | |
sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" | |
sed -i 's/ZSH_THEME=.*/ZSH_THEME=ys/' /root/.zshrc | |
sed -i 's|/bin/ash|/usr/bin/zsh|' /etc/passwd | |
EOF | |
# Azire VPN | |
if [ ! -z "${OPENWRT_AZIRE_USERNAME}" ] && [ ! -z "${OPENWRT_AZIRE_PASSWORD}" ] && [ ! -z "${OPENWRT_AZIRE_WG_PRIVATE_KEY}" ] && [ ! -z "${OPENWRT_AZIRE_WG_PUBLIC_KEY}" ]; then | |
AZIRE_CONF=$(curl -s -d list=1 -d username="${OPENWRT_AZIRE_USERNAME}" --data-urlencode password="${OPENWRT_AZIRE_PASSWORD}" --data-urlencode pubkey="${OPENWRT_AZIRE_WG_PUBLIC_KEY}" https://api.azirevpn.com/v1/wireguard/connect/fr1) | |
AZIRE_ENDPOINT_PUBKEY=$(echo $AZIRE_CONF | jq -r .data.endpoint_pubkey) | |
AZIRE_IPV4_ADDR=$(echo $AZIRE_CONF | jq -r .data.ipv4_addr) | |
AZIRE_IPV4_ADDR_NETMASK=$(echo $AZIRE_CONF | jq -r .data.ipv4_addr_netmask) | |
AZIRE_IPV6_ADDR=$(echo $AZIRE_CONF | jq -r .data.ipv6_addr) | |
AZIRE_IPV6_ADDR_NETMASK=$(echo $AZIRE_CONF | jq -r .data.ipv6_addr_netmask) | |
AZIRE_ENDPOINT_IPV4_ADDR=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv4_addr) | |
AZIRE_ENDPOINT_IPV4_PORT=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv4_port) | |
AZIRE_IPV6_PD_SUBNET=$(echo $AZIRE_CONF | jq -r .data.ipv6_pd_subnet) | |
AZIRE_IPV6_PD_NETMASK=$(echo $AZIRE_CONF | jq -r .data.ipv6_pd_netmask) | |
AZIRE_ENDPOINT_IPV4_DNS_ADDR=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv4_dns_addr) | |
AZIRE_ENDPOINT_IPV6_DNS_ADDR=$(echo $AZIRE_CONF | jq -r .data.endpoint_ipv6_dns_addr) | |
cat > ./files/etc/uci-defaults/92_azire <<EOF | |
uci -q batch << EOI | |
set network.azire=interface | |
set network.azire.proto='wireguard' | |
set network.azire.peerdns='0' | |
add_list network.azire.addresses='$AZIRE_IPV4_ADDR/$AZIRE_IPV4_ADDR_NETMASK' | |
add_list network.azire.addresses='$AZIRE_IPV6_ADDR/$AZIRE_IPV6_ADDR_NETMASK' | |
set network.azire.private_key='$OPENWRT_AZIRE_WG_PRIVATE_KEY' | |
#set network.azire.ip6prefix='$AZIRE_IPV6_PD_SUBNET/$AZIRE_IPV6_PD_NETMASK' | |
add network wireguard_azire | |
set network.@wireguard_azire[-1].public_key='$AZIRE_ENDPOINT_PUBKEY' | |
set network.@wireguard_azire[-1].endpoint_host='$AZIRE_ENDPOINT_IPV4_ADDR' | |
set network.@wireguard_azire[-1].endpoint_port='$AZIRE_ENDPOINT_IPV4_PORT' | |
set network.@wireguard_azire[-1].route_allowed_ips='1' | |
set network.@wireguard_azire[-1].description='Peers' | |
add_list network.@wireguard_azire[-1].allowed_ips='0.0.0.0/0' | |
add_list network.@wireguard_azire[-1].allowed_ips='0::/0' | |
set network.aziretun=interface | |
set network.aziretun.proto='none' | |
set network.aziretun.device='tun0' | |
add firewall zone | |
set firewall.@zone[-1].name='azirezone' | |
set firewall.@zone[-1].input='REJECT' | |
set firewall.@zone[-1].output='ACCEPT' | |
set firewall.@zone[-1].forward='REJECT' | |
set firewall.@zone[-1].masq='1' | |
set firewall.@zone[-1].mtu_fix='1' | |
add_list firewall.@zone[-1].network='azire' | |
add_list firewall.@zone[-1].network='aziretun' | |
set firewall.@forwarding[0].dest='azirezone' | |
set network.globals.ula_prefix='$AZIRE_IPV6_PD_SUBNET/$AZIRE_IPV6_PD_NETMASK' | |
set network.wan.peerdns='0' | |
add_list network.wan.dns='$AZIRE_ENDPOINT_IPV4_DNS_ADDR' | |
add_list network.wan.dns='1.1.1.1' # Cloudflare DNS | |
add_list network.wan.dns='1.0.0.1' # Cloudflare DNS | |
set network.wan6.peerdns='0' | |
add_list network.wan6.dns='$AZIRE_ENDPOINT_IPV6_DNS_ADDR' | |
add_list network.wan6.dns='2606:4700:4700::1111' | |
add_list network.wan6.dns='2606:4700:4700::1001' | |
EOI | |
EOF | |
fi | |
# authorized SSH key | |
if [ ! -z "${OPENWRT_SSH_AUTHORIZED_KEY}" ]; then | |
mkdir -p ./files/etc/dropbear | |
echo "$OPENWRT_SSH_AUTHORIZED_KEY" > ./files/etc/dropbear/authorized_keys | |
chmod 600 ./files/etc/dropbear/authorized_keys | |
cat > ./files/etc/uci-defaults/93_dropbear <<'EOF' | |
uci -q batch << EOI | |
set dropbear.@dropbear[-1].RootPasswordAuth='off' | |
set dropbear.@dropbear[-1].PasswordAuth='off' | |
commit dropbear | |
EOI | |
EOF | |
fi | |
# validate and save config | |
make defconfig | |
# build firmware | |
make download | |
make -j $(($(nproc)+1)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Testing