Current r12269:
1) The kernel 4.19
from here;
2) Returned to normal a tmpfs, for zram now on the zstd and, as experience has shown, much cunning makes no sense;
3) Instead of https-dns-proxy (although
stangri and corrected, but by itself https-dns-proxy is obsolete) stuck dnscrypt-proxy2, where he works in parallel with the old dnscrypt-proxy;
4) For the IPv6 performance of any "provisions" included miredo (had to rasp) plus added NAT6 transparent implementation for IPv6 over miredo (configuration until finalization);
5) At the request added to the firmware openRTSP (
from here,
article), Why and how - who should be sorted out; most importantly, they say, it is working;
6) returned all those services that are necessary to me personally (LuCI / adblock / tsi-auto / tor / miredo / haproxy), an on-state, all the rest (or almost all) after flashing off;
7) Podrihtoval adblock, not to hang the system when booting their lists;
8) are included in the core of KSM and the startup of the router, not the fact that will help, but the tests have shown that does not interfere;
9) A script to download antizapret / rublacklist lists finalized in a tsi-auto service
TSI = Transparently Separated Internet, because later in the default configuration can be added i2p and other buns.
Other improvements on the little things:
1) Improved binary Laid with Breed-ohm: firstly, the aforesaid recently updated, and secondly, the duplicated content unit 128k in the next two blocks; the last block (remember, 128k), as always, contains variables Breed-a, where a line has been added in advance
autoboot.command = boot flash 0x600000;
2) Altered script
create_openwrt_for_breed.cmd: Firstly, all the extras are 0xFF-E, which is better suited for any flash-memory than 0x00; secondly, on the site of the first section sewn signatures only 4 bytes (to Breed did not arise), and then all 0xFF, in the end, if someone forgot about setting
autoboot.command = boot flash 0x600000to the Breed, the last simply will not load on the router, and will wait for instructions on http or telnet on the usual address 192.168.1.1;
3) Made and posted archive
openwrt-ramips-mt7621-xiaomi_mir3g-breed-BLANK.7zwith "Concreting" binaries Breed (such binaries are available on their own, run the update script
create_openwrt_for_breed.cmdwith BLANK parameter), meaning that if there are problems with the router work right after my build firmware, then try to roll the "grouting" binary, and then again - my assembly.
Special instructions:
1) sews better clean. After EEPROM (via Breed, for example) necessary to give the router 5 minutes for the first run, followed by a restart it again. After that it can be used.
2) If there is something wrong after flashing, please.
3) Huge request to experts on IPv6: I know very well that the idea NAT6 not very good, a lot of reading about it, so that the discussion once again it is not necessary; but the idea is great for any environment - that is, the IPv4 external, that it is not, and does not need to be tied to any IPv6 providers. However, recently I have it stopped working, and therefore the
request: please help figure out what is wrong with IPv6 (I hope the dog fumbled it into my default config file), and you need to do to make it work (NAT6 through miredo) immediately and without any additional configuration. Thanks! Also in the archive put all your changes - for those who are interested in what I have there but how to optimize what configs etc.
r12121
1) Experimental paired zram and tmpfs (procd gives this possibility in the settings, but in addition have yet to patch zram);
2) For zram including other Packers - lz4 for tmpfs and lz4hc for swap: lz4 skorostrel with mediocre ratio (for text files, mostly stored in the / tmp, come), lz4hc packs several times slower but decompresses faster than lz4, wherein the ratio on deflate level;
3) Turn off services made at the beginning of the initialization (it was at the end - this is nonsense!);
4) Earn loading lists of banned sites - after the next update OpenWrt source;
5) Make working, "out of the box" configuration for network / mwan3. You can stick a USB adapter<>Ethernet or 4G modems and no steam - mwan3 immediately try to use them as another (peer) Internet connection (the appearance of adapters is expected to eth1 / eth2, and modems - on eth1 / eth2 / usb0);
6) Did the "reserve" to IPv6. Personally, I have set on 6to4 protocol, but did not carry it in the default configuration, as for 6to4 requires an external IP.
r12063
1) All the same yet another embodiment (3 Frequency: 880, 1000 and 1120 MHz). Will be more or less stably manifest itself, will consider the possibility of assembling and lite options for routers with flash-memory SPI-NOR.
2) again jumped to nginx (with uhttpd), like all works, and not even a particularly slow.
3)
What people, then chickens, so I decided to do all(Just kidding), ntpclient replaced the ntpdate, samba4 - to smbd.
4) Redesigned dnsmasq config, now all the listings (including the upstream DNS server dnsmasq relatively) hidden in /etc/dnsmasq.d, there is a manual list of sites to bypass blockages - manuallist.conf. And the other default settings remain in its usual place - / etc / config / dhcp.
The problem arose in November, whenstangri , Maintainer config and startup script for the https-dns-proxy for the OpenWrt, decided that people who use the OpenWrt, poorly versed in the configs, and indeed all very stupid, so come up with "You": at the start of https-dns-proxy breaks dnsmasq config "by itself" (enter his court, and all the other directives list server hides), and when you stop - return everything as it was. I have not once been able to understand why my DNS on the router has become so slow and bad, then still could see - instead of simultaneous request of 20 local servers for different protocols is only 3 and only one protocol (to the braking of all DNS encrypted - DoH). 5) The redesigned firewall configuration (only together with /etc/sysctl.conf) so that it was not necessary to know the address of the router in the network lokalbnoy. Now local the IP-address of the router can be easily changed in the / etc / config / network (or web) without the need to change it somewhere else.
6) OpenSSL settings are aligned with the core settings that worked devcrypto, and afalg. In the near future, probably, Mr.
drbrains will complete their
kriptodrayver And our router will get some acceleration in the ass ...
7) Removed luci-app-noddos, because too lazy to patch it to work with nginx; also removed mjpg-streamer, stopped working, struggling for a long time with him, but the images did not get with any camera, it is necessary to think about moving on
motion.
8)
Does not work automatically download the full list of locks, all renamed scripts dealing with this matter, going beyond them to refine, to work as it should. Renamed because the name or type of blacklist rublock etc. cut my eyes, and itself not to try to hide the original authorship of these scripts.
Features of use:
1) If your provider specific connection - L2TP, PPTP, and the like, first of all, go to the System section of the web interface ->Download and check whether the corresponding service is enabled.
2) To adjust the offer to take advantage of IPv6
this instruction- I have on the computer within the network is now IPv6-connection status - "Internet" ;-)
3) Upgrades from previous firmware on this and save the settings to make it is not necessary, but better to flash the reset (sysupgrade -n or the Breed, the latter being less preferred), and then adjust all over again.
4) For all these reasons, this firmware is "communicating", because I'm waiting for the driver and will finish loading lists, but for those to whom it does not matter, the firmware may well come as a work (I, for example, now on it).
r11582
1) One option: a full set of software, hardware included the NAT, aggressive (but not really) performance optimized for assembly; if the audience will like it, I do light option.
2) returned with nginx on uhttpd, but not from good life, as soon as LuCI web interface no longer hard-boiled eggs, go back to the nginx; and while employed in the configuration workaround for uhttpd, that he somehow stir;
3) With frequent reinsertion I noticed that the router is, straying time, so added ntpclient (with luci-app-ntpc); and then shot down time do not go through the tunnels data, in particular this applies to Tor.
r11215
1) Provides 2 options:
a. fast - everything is the same as in the previous r11001 (a full set of software, included hardware NAT), and with aggressive optimizations for speed in the assembly;
b. lite - similar r11001 recruitment software, but hardware NAT is enabled, also used aggressive optimization when building speed.
Options such as normal, spiXX did, because in normal kind already as it makes no sense (and so all works surprisingly stable) and spiXX, say, no one needs. Write, if anyone will need.
2) If you are upgrading / firmware automatically cut down zhruchie or unnecessary in most cases service: vlmcsd, mjpg-streamer, softethervpnclient, yggdrasil, https_dns_proxy, mdadm, haveged, mwan3, noddos. Also conditionally disabled (not used): relayd, pptpd, xl2tpd.
3) If the update lock bypass list does not work, the new scripts, etc. Files to update rblbypass lists. * Must be manually copied from the / rom / etc in / etc.