GL-MT6000 custom OpenWrt firmware builder

This repository automates the process of building OpenWrt custom firmware images for MY Flint 2 (GL-MT6000) router, based on MY PREFERENCES and pesa1234's work.

You should not use the firmwares released in this repository unless you have the same preferences/needs. Instead, make a fork and adapt to your needs.

Read this topic in OpenWrt's forum to learn the details about pesa1234's customizations.

Compared to his custom firmware, this firmware adds:

• WiFi UCODE scripts (faster boot)
• Wireguard VPN
• Policy Based Routing (select what goes through VPN and what not)
• AdBlock Fast (ads and malware blocking at DNS level)
• Custom Attended Sysupgrade (install custom firmware from GitHub)

And also:

• REMOVED: odhcp, upnp, iptables, avahi, samba, usb storage and probably more stuff I forgot to mention.
• Added the needed packages to use QoS script cake-wg-pbr
• Some compiler optimizations and build hardening options (cortex-a53+crc+crypto; LTO, MOLD, and more).
• SSH configuration with strong algorithms and key exchange methods. Check the content of ssh_hardening.config and sshd_config.
• Quality-of-life enhancements through UCI configuration. Check the content of 999-QOL_config.
• Some debug and kernel stuff removed.
• upgrade_custom_openwrt script

Check the content of mt6000.config for details.

About Custom Attended Sysupgrade

Using Luci's menu "System" --> "Attended Sysupgrade" it is now possible to select and install custom firmware from GitHub.

_{Custom Attended Sysupgrade}

_{Dropdown list}

_{Installing Custom Firmware}

Notes:

• if you fork this repository, this will be adapted to look for upgrades in your repository.

About upgrade_custom_openwrt script

THIS IS NOW DEPRECATED, ALTHOUGHT THE SCRIPT IS STILL INCLUDED

I added a script to make upgrading OpenWRT super easy. Just run from a SSH terminal:

• upgrade_custom_openwrt --now to check if a newer firmware is available and upgrade if so.
• upgrade_custom_openwrt --wait to wait for clients activity to stop before upgrading.
• upgrade_custom_openwrt --check to check for new versions but not upgrade the router.

IT IS NOT RECOMMENDED to schedule the script to be executed automatically, although the script is very careful and checks sha256sums before trying to upgrade. Don't blame me if something goes wrong with scripts that YOU run in your router!

Notes:

• if you fork this repository, the script will be adapted to look for upgrades in your repository.
• The text output of upgrade_custom_openwrt script will show both in terminal and system logs.

About SSH Hardening

To enhance the security of SSH connections, this firmware includes a hardened SSH configuration. The configuration is derived from recommendations by SSH-Audit and the BSI, it specifies strong key exchange algorithms, ciphers, message authentication codes (MACs), host key algorithms, and public key algorithms. This ensures that only secure and up-to-date algorithms are used for SSH communication.

Contributing

Contributions to this project are welcome. If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request on the GitHub repository.

Acknowledgements

• The OpenWrt project for providing the foundation for this firmware build and support of GL.iNet GL-MT6000 router.
• The community over at the OpenWrt forum for their valuable contributions and resources.
• pesa1234 for his MT6000 custom builds.
• Julius Bairaktaris from whom I "borrowed" much of this project (his repository is about custom builds for Xiaomi AX3600).