XiaoMi Router - chaolunner/CloudNotes GitHub Wiki

安装 OpenWrt

  • 下载安装开发者 ROM

  • 下载安装 SSH

    按照以下步骤安装:

  • 下载 Putty

  • 使用 Putty 连接小米路由器:

    Account Name: root

    Initial Password:

  • 安装 breed

    • 下载 breed-mt7621-xiaomi-r3g.binhttps://breed.hackpascal.net/。

    • 重命名 breed-mt7621-xiaomi-r3g.binbreed.bin 然后移动 breed.bin 到U盘。

    • 将U盘连接到路由器,并使用命令行 mv /extdisks/sda1/breed.bin /tmp/breed.binbreed.bin 移动到 /tmp 目录下。

    • 输入 mtd -r write /tmp/breed.bin Bootloader 开始安装 breed.

    • 安装完成之后,路由器会重启, 按住重置按钮启动路由器,当路由器的指示灯开始闪烁时,松开重置按钮,通过浏览器访问 192.168.1.1 就会进入到breed。

    • 备份并重启路由器。

  • 安装 OpenWrt

    • Xiaomi Mi WiFi R3G

    • 打开这个链接 https://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/ 下载如下文件 mir3g-squashfs-kernel1.bin, mir3g-squashfs-rootfs0.bin, mir3g-squashfs-sysupgrade.tar 并上传到U盘。

    • 二刷或升级注意事项:

      cat /proc/mtd

      这是 OpenWrt 的默认设置:

      dev: size erasesize name
mtd0: 00080000 00020000 "Bootloader"
mtd1: 00040000 00020000 "Config"
mtd2: 00040000 00020000 "Bdata"
mtd3: 00040000 00020000 "Factory"
mtd4: 00040000 00020000 "crash"
mtd5: 00040000 00020000 "crash_syslog"
mtd6: 00040000 00020000 "reserved0"
mtd7: 00400000 00020000 "kernel_erase"
mtd8: 00400000 00020000 "kernel"
mtd9: 07580000 00020000 “ubi”

      如果你看到 mtd10: 00400000 00020000 "kernel1"mtd11: 00400000 00020000 "rootfs0"

      你需要先执行命令行 mtd erase kernel1mtd erase rootfs0 在你开始下面的操作之前。

    • 将U盘连接到路由器,使用SSH进行安装:

      cd /extdisks/sda1

mtd write mir3g-squashfs-kernel1.bin kernel1

mtd write mir3g-squashfs-rootfs0.bin rootfs0

nvram set flag_try_sys1_failed=1

nvram commit

reboot

      使用Putty访问 192.168.1.1

      输入 passwd 来设置账号的密码。

      输入如下命令来连接网络:

      uci set network.wan.proto=pppoe
uci set network.wan.username=<account>
uci set network.wan.password=<password>
uci commit
/etc/init.d/network restart

    • 安装 luci

      opkg update
opkg install luci
opkg install luci-i18n-base-zh-cn

    • 使用浏览器登录 192.168.1.1,选择 System -> Backup / Flash Firmware,上传 mir3g-squashfs-sysupgrade.tar,升级系统版本,然后重新安装 luci。

    • Enabling a Wi-Fi access point on OpenWrt

    • 挂载移动硬盘:

      opkg update
opkg install e2fsprogs kmod-usb-storage kmod-fs-ext4 block-mount samba36-client samba36-server samba36-hotplug samba36-net luci-app-samba luci-i18n-samba-zh-cn luci-app-hd-idle luci-i18n-hd-idle-zh-cn luci-app-ddns luci-i18n-ddns-zh-cn
mkfs.ext4 /dev/sda
mkdir -p /mnt/sda
mount -o defaults /dev/sda /mnt/sda

      Enable System -> Mount Point -> Global Settings -> Anonymous Mount

    • Samba

      如何在Win10中从本地网络退出帐户:cmd + net use * /del /y.

      smbpasswd -a newuser # if you want to use root account, you also need to set password for root.
<password>

    • FTP Server - vsftpd

      opkg install vsftpd-tls
opkg install openssl-util
mkdir -p /etc/vsftpd
chmod 700 /etc/vsftpd
# /C= Country; /ST= State; /L= Location; /O= Organization; /OU= Organizational Unit; /CN= Common Name;
openssl req -x509 -nodes -days 365 -subj "/C=CN/ST=ShangHai/L=ShangHai/O=Upsurge/OU=Server/CN=OpenWorld" -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd_privkey.pem -out /etc/vsftpd/vsftpd_cert.pem

      vim /etc/vsftpd.conf

      local_root=/mnt/sda

# Turn on SSL
ssl_enable=YES

# Allow anonymous users to use secured SSL connections
allow_anon_ssl=NO

# All non-anonymous logins are forced to use a secure SSL connection in order to
# send and receive data on data connections.
force_local_data_ssl=NO

# All non-anonymous logins are forced to use a secure SSL connection in order to send the password.
force_local_logins_ssl=NO

# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES

# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=NO

# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=NO

# Disable SSL session reuse (required by WinSCP)
require_ssl_reuse=NO

# Select which SSL ciphers vsftpd will allow for encrypted SSL connections (required by FileZilla)
ssl_ciphers=HIGH

# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/vsftpd/vsftpd_cert.pem
rsa_private_key_file=/etc/vsftpd/vsftpd_privkey.pem

      /etc/init.d/vsftpd start

    • Enable Virtual Users on vsftpd

      • Create Guest User - All virtual users are directory permissions that map the guest user.

        useradd -d /mnt/sda/ -s /sbin/nologin vsftp

      • vsftpd.conf - vsftpd main configuration file.

        vim /etc/vsftpd.conf-opkg

        anonymous_enable=NO

# Restrict users leaving from FTP home directory, enable and set exceptional user lists.
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

# Whether the virtual user rights are the same as those of local users,
# If No, the virtual user rights are the same as those of anonymous users,
# The permissions of setting anonymous users in each virtual user profile equals the permissions of virtual users.
virtual_use_local_privs=NO

guest_enable=YES
guest_username=vsftp

user_config_dir=/etc/vsftpd/vuser_conf

      • Create the chroot_list - Users who in this list can leaving from the home directory.

        touch /etc/vsftpd/chroot_list

      • Create the vuser.db - Set virtual user password.

        opkg install db4 db4-util

        vim /etc/vsftpd/vuser

        <user1>
<user1-password>
<user2>
<user2-password>

        db_load -T -t hash -f /etc/vsftpd/vuser /etc/vsftpd/vuser.db
chmod 600 /etc/vsftpd/vuser.db
rm /etc/vsftpd/vuser

      • Virtual User PAM(Pluggable Authentication Modules)

        Comment out the content of other local user pam because when guest_enable is enabled, the local user will fail and all non-anonymous users will become virtual users.

        # cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
# vim /etc/pam.d/vsftpd
# comment out the content of other local user pam.

+ auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser
+ account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser

      • Virtual User Profile

        # mkdir /etc/vsftpd/vuser_conf/
# vim /etc/vsftpd/vuser_conf/<user name> # The filename is identical to the corresponding FTP virtual user.

local_root=/var/vsftp/<user name>  # virtual user home directory, user and group must be specified as guest user (vsftp).
# The vsftpd.conf has stipulated that the permissions of virtual users are the same as those of anonymous users,
# So the following permission configuration for anonymous users is the permission of virtual users.
anon_umask=077
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES # Allow delete file and directory.

      • Restart and Take effect

        /etc/init.d/vsftpd restart

NATAPP (NAT traversal)

PS: /mnt/sda/ is my router's usb disk path.

  • Install php7

    opkg update
opkg install php7 php7-cgi php7-cli php7-mod-json
alias php="php-cli"

  • Install natapp client

    cat /proc/cpuinfo - check out your router's CPU information.

    Download the corresponding natapp version according to your router's CPU.

    Download config.ini

    Move natapp to /mnt/sda/

    Move config.ini to /mnt/sda/

    mv /mnt/sda/natapp /usr/natapp/natapp
mv /mnt/sda/config.ini /usr/natapp/config.ini
chmod a+x /mnt/sda/natapp
cd /mnt/sda/
vim config.ini
authtoken=<Your authtoken from NATAPP>
./natapp

  • Install natapp-php client

    Download natapp.php

    mkdir /mnt/sda/www

    Move natapp.php to /mnt/sda/www

    php /mnt/sda/www/natapp.php -authtoken=<Your authtoken from NATAPP>

Transmission

  • How to Install

    opkg update
opkg install transmission-daemon-openssl
opkg install transmission-web
opkg install luci-app-transmission
opkg install luci-i18n-transmission-zh-cn

  • How to Setup

    vim /etc/config/transmission

    config transmission
      option enabled '1'
      option user 'root'
      option download_dir '/mnt/sda/downloads'
      option incomplete_dir '/mnt/sda/incomplete'
      option incomplete_dir_enabled false
      ...

  • How to Start

    Enter http://192.168.1.1:9091/transmission/web/ in the browser

DD-Wrt Router + Astrill VPN

  • Buy & Setup a DD-Wrt Router

    I select is TP-Link 150Mbps TL-WR710N, with 1 LAN/WAN port + 1 LAN port + 1 usb port.

    • Use tplogin.cn login in.

    • Wifi mode select Router mode (AP mode like a mobile hotspot).

    • Use Quick Setup Wizard to Change Internet Mode to PPPoE.

  • Install DD-Wrt Firmware onto TL-WR710N

    • Search Model = WR710N, select Revision = 2.1.

    • Download the latest firmware version for your device.

    • Click on System Tools-Firmware Upgrade (or Firmware), click on Browse/Choose File to find the extracted firmware file and click open.

      If your router using TP-link firmware, you need to install factory-to-ddwrt.bin first.

      Then you can install tl-wr710v2.1-webflash.bin onto router.

    • Click the Upgrade button. The device will reboot automatically after the upgrade has been finished.

      Unsuccessful upgrade, prompting error code 18000 - Check the model and version write on the bottom label of the router, secure uniform.

  • Install Astrill onto TL-WR710N

  • Connect the OpenWrt Router to TL-WR710N LAN port

OpenVPN Not available in China because of GFW

How to build OpenWrt

  • What you need to know before build:

    OpenWrt build system – Installation

    HOWTO: Compile Openwrt in Windows 10's embedded Ubuntu Linux subsystem

    Techdata: Xiaomi MiWiFi 3G

    cat /etc/openwrt_release check the OpenWrt version about your XiaoMi Router.

    cat /proc/cpuinfo check CPU information about your XiaoMi Router.

  • Install Ubuntu in Win10

    • Click restart now button, restart Win10 after modify completed.

    • Start-Up Ubuntu app use Microsoft Store or Search bar enter 'Ubuntu'.

    • First start-up you will see Installing, this may take a few minutes..., then you need to create your account.

    • After that, You can use Enter win + R and Enter bash to enter the Ubuntu app.

    • sudo passwd root Set root password.

    • su Switch to root account.

  • Compile Openwrt

    • Install packages needed to configure compilation:

      apt-get update
apt-get upgrade
apt autoremove
apt-get install unzip
apt-get install git
apt-get install attr
apt-get install make
apt-get install gcc
apt-get install subversion
apt-get install zlib1g-dev
apt-get install libssl-dev
apt-get install libncurses5-dev
apt-get install python
exit

    • Only Win10 subsystem for linux error (Build dependency: OpenWrt can only be built on a case-sensitive filesystem)

      mkdir /mnt/c/Users/<username>/AppData/Local/lxss
cd /mnt/c/Users/<username>/AppData/Local
setfattr -n system.wsl_case_sensitive -v 1 lxss
cd lxss

    • Download OpenWrt Xiaomi MiWiFi 3G commit:

      git clone https://git.openwrt.org/openwrt/openwrt.git;a=commit;h=6e283cdc0da25928f8148805ebef7f8f2b769ee8

    • Update Source

      cd openwrt
./scripts/feeds update -a
./scripts/feeds install -a

    • Make OpenWrt build system check for missing packages on your build-system using ONE of the following commands:

      make menuconfig (most likely you would like to use this)
-OR-
make defconfig
-OR-
make prereq
//Note: If you use these in order, or use more than one, the **compilation will fail**.//

    • Build OpenWrt system make -j1 V=99 (-j* * mean the number of CPU kernels used for compile, V=99 mean output all debug information, if build success then you can use V=s replace)

    • Errors you may encounter in building:

      • Build dependency: Please install Git (git-core) >= 1.6.5

        # vim include/prereq-build.mk
- git clone 2>&1 | grep -- --recursive))
+ git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule))

        Origin:

        Modified:

        Save and Exit.

      • error: RPC failed; curl 56 GnuTLS recv error (-9): A TLS packet with unexpected length was received.

        Most time just network problem

    • Opkg file path: openwrt/build_dir/target-mipsel_24kc_musl/linux-ramips_mt7621/opkg-2019-01-31-d4ba162b/.pkgdir/opkg/bin/opkg

    • How to save your openwrt repository:

      su
<root password>
apt-get install unzip
exit
zip -s 4g -r openwrt.zip openwrt/
⚠️ **GitHub.com Fallback** ⚠️