wangzhi

wangzhi

狗骑吕步
github
HomeArchives

Xiaomi 4A Router (Gigabit Version) Flashing

199
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document discusses the process of flashing OpenWrt on a Xiaomi 4A router (Gigabit version) to enable remote access and run the xray proxy service. The author aims to avoid the hassle of installing apps on multiple devices by centralizing the proxy on the router. **Preparation:** - Required materials include the Xiaomi 4A router, an SSH cracking tool, and the OpenWrt firmware. **Steps to Flash OpenWrt:** 1. Upload the OpenWrt firmware to the router's `/tmp` directory. 2. Use the command `mtd -e OS1 -r write <firmware_file> OS1` to flash the firmware. **Important Notes:** - Avoid flashing the breed firmware, as it is incompatible and can cause boot loops. - If breed is accidentally flashed, recovery is possible via SSH. **Public Access:** - The author recommends using DDNS for dynamic IP management, as common ports (80 and 443) are blocked by the ISP. - A program is suggested to run on the router to update the domain's IP every few minutes. **Accessing Home Devices:** - Port forwarding is set up to access devices like a Raspberry Pi from a public domain. **Running xray:** - The author encounters memory limitations when trying to install xray on the router. After optimizing xray to reduce its size, it is stored in the `/overlay` directory for persistence across reboots. - The final setup allows for easy access to services like YouTube through the configured proxy.

Origin#

~ I have a desktop computer at home that is not in use, and I want to remotely access and share files, run some programs, etc. The fundamental reason is that xray requires a client app to be installed on each phone, which is cumbersome. I thought about preparing a device to run the proxy on it, allowing other clients to directly configure the address, with config.json for unified management. Initially, I used a mobile app to enable LAN access, but this required the phone to be on all day, and the latency seemed high, as all requests went through the phone, which then redirected them in a roundabout way. Then I learned that OpenWRT can run programs directly, and since xray is written in golang, it can be compiled to run on embedded systems! 🐓 nice!

Preparation Materials#

Operation Steps#

First, upload the OpenWRT firmware to /tmp, and after flashing, wait for it to reboot.

cd /tmp

mtd -e OS1 -r write openwrt-21.02.3-ramips-mt7621-xiaomi_mi-router-4a-gigabit-squashfs-sysupgrade.bin OS1

Precautions#

  • Never flash breed (Phoenix), as the parameters are completely inconsistent with the Xiaomi 4A firmware. Flashing breed will cause the firmware to reboot infinitely. Use the mtd command to flash directly. If you want to revert to the official firmware, use the official recovery tool to restore it easily.
  • If you flash breed and it causes infinite reboot, you can long press the reset button during startup to connect to breed via SSH, and then use mtd to flash OpenWRT firmware under breed. At first, I didn't know this and thought it was bricked, so I bought a gold CH341 programmer from Pinduoduo and flashed it directly onto the flash.
  • After enabling port forwarding, many foreign IPs will attempt to log in. Since my setup has the optical modem in bridge mode, the router's dial-up IP is exposed on the public internet, which is annoying. I turned off all unnecessary configurations, limited port access by MAC address or specified IP, disabled password login on the router, and enabled SSH key login to prevent many attacks.

Public Access#

Commonly used ports 443 and 80 cannot be used at all, as these two ports are directly intercepted by the ISP.

  • How to operate for public access?

    Generally, for ordinary users, DDNS is recommended. The router has built-in options, such as Peanut Shell DDNS, but this free DDNS domain name is very long and hard to remember, so I bought a memorable domain name.

  • General principle of DDNS

    Since the router uses dynamic IP for dial-up, when you restart the router, it will redial, resulting in a new IP. If the domain name is bound, it will become invalid. DDNS checks the current IP and the domain name's resolved IP every 10 or 5 minutes. If they do not match, it re-resolves. Understanding this principle makes it simple. I wrote a program to run on the router, set to start on boot, checking every 5 minutes. If different, it calls the resolution interface to update the domain resolution (the domain bought from Tencent Cloud is supported).

  • Accessing devices at home

    Through port forwarding, for example, 192.168.1.1:22 is the Raspberry Pi, and then you can bind it to the public domain domain.com:2222, forwarding through the router to 192.168.1.1:22, allowing direct access to home devices. Remember to enable the firewall on the device and set a hard-to-crack password. Configure some security restrictions in the OpenWRT firewall forwarding to avoid attacks.

Running xray#

~ After flashing, I definitely want to run xray since this is the main requirement. However, trying to install it through the official OpenWRT software always prompts insufficient memory, which is strange. Upon checking, my router has 128M of RAM and only 16M of storage. After installing OpenWRT, only 8M remains, and even after using UPX compression, xray is still nearly 9M, which cannot fit. Additionally, the router's /tmp is actually a memory mapping. Files in this directory will be cleared after the device restarts. Although the hard drive is only 16M, you can place an 80M file in tmp; it just gets lost after a reboot. Of course, to save memory, it's best to keep it small. The /overlay directory is for persistent storage, which will not be lost after a router reboot, so you can place xray here and configure it to start on boot.

  • Slimming down xray-core Based on the official version 1.8.4, I removed everything that could be deleted while retaining basic functionality. In op, using ls -lh shows it is only 4.2M, which is after UPX.

Then, directly configure manual proxy on the mobile phone's Wi-Fi, fill in the router's address and the corresponding port number for xray to access YouTube.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.