This project automates the process of building OpenWrt firmware images for the Qualcomm IPQ807x platform, specifically targeting the Xiaomi AX3600 router. The build process incorporates various optimizations, hardening options, and quality-of-life enhancements.
- Automated build process triggered by new commits in the remote repository or manual workflow dispatch
- Compiler optimizations for improved performance
- Hardening build options for enhanced security
- SSH configuration with strong algorithms and key exchange methods. Refer to the
ssh_hardening.config - Additional useful packages. Refer to the
ax3600.config - Full NSS (Network Subsystem) support
- Quality-of-life enhancements through UCI configuration
- Adblock-Fast
- DDNS (FreeDNS)
- HTTPS-DNS-Proxy
- MWAN3 (WAN Load Balance) + all necessary IPTable adjustments
- Nano
- TTYD
- Watchcat
- Wake-on-LAN
- Wireguard
- And more
The automated build process is broken! Build is done through own compilation:
- Clone this and qosmio's NSS repository:
git clone https://github.com/bethnard/Qualcommax_NSS_Builder_AX3600 -b main --single-branch git clone https://github.com/qosmio/openwrt-ipq -b main-nss --single-branch cd openwrt-ipq - Update feeds:
./scripts/feeds update ./scripts/feeds install -a
- Copy AX3600.config file
cd .. cp Qualcommax_NSS_Builder_AX3600/ax3600.config openwrt-ipq/.config cp -r Qualcommax_NSS_Builder_AX3600/files/ openwrt-ipq/ cd openwrt-ipq
- Generate the full config
make defconfig V=s
- Now run full build
make download -j$(nproc) V=s make -j$(nproc) V=s
The project utilizes a custom configuration file ax3600.config to specify the desired settings for the firmware build. This file includes various options such as target platform, compiler optimizations, package selections, and more.
Additionally, the uci commands in the "Quality-of-Life Enhancements" section are used to fine-tune the wireless and network settings for improved performance and functionality. Refer to the 999-QOL_config for the specific configuration.
To enhance the security of SSH connections, the project includes a hardened SSH configuration. The configuration is derived from recommendations by SSH-Audit and the BSI, it specifies strong key exchange algorithms, ciphers, message authentication codes (MACs), host key algorithms, and public key algorithms. This ensures that only secure and up-to-date algorithms are used for SSH communication.
Contributions to this project are welcome. If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request on the GitHub repository.
- The OpenWrt project for providing the foundation for this firmware build.
- The Qualcomm IPQ807x platform and the Xiaomi AX3600 router for the hardware support.
- The community over at the OpenWrt forum for their valuable contributions and resources.
- rodriguezst for his ipq807x-openwrt-builder
- A special thanks to qosmio for the main NSS development
- And JuliusBairaktaris for his amazing project / repo!