张无忌

OpenWrt + PassWall + WireGuard + 安装

安装PassWall于ImmortalWrt比较简单，但是在OpenWrt v24.10.1要改动"dnsmasq"为"dnsmasq-full"。有个YouTube介绍安装过程 [1]。PassWall版本25.5.16-1 [2]。

有了OpenWrt，如果大陆安装packages就要大陆以外的OpenWrt repository server，比较时间长，在晚上可能有errors。在大陆有repository server代用，但是要改动一下：

1. sed -i 's_https\?://downloads.openwrt.org_https://mirrors.tuna.tsinghua.edu.cn/openwrt_' /etc/opkg/distfeeds.conf

複製代碼

PassWall安装：
需要"dnsmasq"改变到"dnsmasq-full"：

1. opkg update
   
2. opkg remove dnsmasq && opkg install dnsmasq-full

複製代碼

去到[2], "Assets", get

1. luci-24.10_luci-app-passwall_25.5.16-r1_all.ipk
   
2. luci-24.10_luci-i18n-passwall-zh-cn_25.135.62106.7b4fe5f_all.ipk
   
3. passwall_packages_ipk_aarch64_cortex-a53.zip

複製代碼

Unzip "passwall_packages_ipk_aarch64_cortex-a53.zip" 成为 "passwall_packages_ipk_aarch64_cortex-a53", 然后把另外两个luci放在里面。然后用WinSCP，把"passwall_packages_ipk_aarch64_cortex-a53"放在"/root"。

1. cd passwall_packages_ipk_aarch64_cortex-a53
   
2. opkg install *.ipk --force-reinstall

複製代碼

Goto OpenWrt click "Log out", and passward. You will see the "Services"->"Pass Wall"。

WireGuard (香港WireGuard server)使用
1. "Service"->"Pass Wall"，
2. "Node List", any "Add"，
3. "Node Remarks" fill in any remarks, e.g. "hkg"，
4. "Type"="Sing-Box"，
5. "Protocol"="WireGuard"，
6. "Address (Support Domain Name)"=<endpoint address>，
7. "Port"=<endpoint port number>，
8. "Public Key"，
9. "Private Key"
10. "Pre shared key"，
11. "Local Address"=<address>, press "+"，
12. "Save & Apply"，

13. Click "Basic Settings"，
14. "TCP Node"=select "Sing-Box WG: [hkg]"，
15. "Main switch"=<tick>，
16. "Save & Apply"，

17. "Systems"->"Reboot", wait 2 minutes for turning green。

测试：
看看YouTube and CCTV5能否看到。

Remarks:

1. wget -O pw-1.ipk https://github.com/xiaorouji/openwrt-passwall/releases/download/25.9.3-1/luci-24.10_luci-app-passwall_25.9.3-r1_all.ipk
   
2. wget -O pw-2.ipk https://github.com/xiaorouji/openwrt-passwall/releases/download/25.9.3-1/luci-24.10_luci-i18n-passwall-zh-cn_25.245.60910.793e860_all.ipk
   
3. opkg install *.ipk --force-reinstall

複製代碼

1. 当有"Passwall Version" update，要在"https://github.com/xiaorouji/openwrt-passwall/releases/download/25.8.26-1/luci-24.10_luci-app-passwall_25.8.26-r1_all.ipk"下载和"https://github.com/xiaorouji/openwrt-passwall/releases/download/25.8.26-1/luci-24.10_luci-i18n-passwall-zh-cn_25.238.12513.368371e_all.ipk"下载，用WinSCP copy到root，然后opkg install *.ipk --force-reinstall，然后再PassWall App Update看看PassWall Version是否有updated到！！！
2. System->Software, Filter=passwall, Installed=luci-app-passwall

References:
[1] OpenWrt的核心插件之passwall的安装
[2] Openwrt-Passwall / openwrt-passwall

Old:
[2] xiaorouji openwrt-passwall releases

目录帖子GL.iNet and OpenWrt Contents

张无忌

回覆 82# fakeman

谢谢你的鼓励终于成功OpenWrt + Passwall + WireGuard。

下一个阶段就是OpenWrt + OpenClash + 机场。

fakeman

回覆  fakeman

谢谢你的鼓励终于成功OpenWrt + Passwall + WireGuard。

下一个阶段就是OpenWrt + OpenCl ...
张无忌 發表於 2025-5-18 14:18

    恭喜成功安裝

张无忌

ImmortalWrt temperature records of GL.iNet GL-MT6000

Date              RM temp. range(°C)  CPU range(°C)   WLAN1/WLAN2 range(°C)
2025-MAY                17 - 33                  24 - 57                27 - 60
2025-JUN                 17 - 34                  23 - 57                27 - 60

因为停止使用ImmortalWrt，这里将会停止。

目录帖子GL.iNet and OpenWrt Contents

张无忌

OpenWrt + OpenClash + 机场安装

安装OpenClash要先安装PassWall，router能科学上网。OpenClash的详细可以看官网[1]，里面很多广告，但是还有值得参考东西，而OpenClash的官网在[2]。

OpenWrt repository server, (如果在大陆不安装，中间下载比较慢; 安装过可以skip)

1. sed -i 's_https\?://downloads.openwrt.org_https://mirrors.tuna.tsinghua.edu.cn/openwrt_' /etc/opkg/distfeeds.conf

複製代碼

OpenClash安装需要"dnsmasq"改变到"dnsmasq-full"；安装过可以skip：

1. opkg update
   
2. opkg remove dnsmasq && opkg install dnsmasq-full

複製代碼

正式安装OpenClash[3]，

1. #iptables
   
2. #opkg update
   
3. 
   
4. opkg install bash iptables dnsmasq-full curl ca-bundle ipset ip-full iptables-mod-tproxy iptables-mod-extra ruby ruby-yaml kmod-tun kmod-inet-diag unzip luci-compat luci luci-base

複製代碼

有关网站信息[3]，在Assets "https://github.com/vernesong/OpenClash/releases/download/v0.46.079/luci-app-openclash_0.46.079_all.ipk"可以离线下载到电脑，然WinSCP copy到电脑，再用putty打开OpenWrt terminal进行操作，但是我们在router里直接下载[4]

1. wget https://github.com/vernesong/OpenClash/releases/download/v0.46.079/luci-app-openclash_0.46.079_all.ipk -O openclash.ipk
   
2. opkg install openclash.ipk

複製代碼

"[Meta] Current Core"的安装

1. wget https://raw.githubusercontent.com/vernesong/OpenClash/core/master/meta/clash-linux-arm64.tar.gz
   
2. tar -xvzf clash-linux-arm64.tar.gz
   
3. mv clash /etc/openclash/core/clash_meta
   
4. reboot

複製代碼

在这里我们安装机场：
"Services"->"OpenClash"
"Config Subscribe", "Add"
"Config Alias=666", "Subscribe Address=URL"
"Commit Settings", "Update Config"

If OpenClash is OK see the following figure then off PassWall.



测试：
OpenClash能看YouTube and CCTV5。

References:
[1] https://openclash.org/
[2] https://github.com/vernesong/OpenClash
[3] https://github.com/vernesong/OpenClash/releases
[4] https://openclash.org/openclash-download/

目录帖子GL.iNet and OpenWrt Contents

张无忌

ImmortalWrt + OpenClash + 机场

ImmortalWrt v24.10.1
OpenClash v0.46.079

我们可以"Download ImmortalWrt firmware for your device"，输入"GL.iNet GL-MT6000"，点击"Customize installed packages and/or first boot script"，加入"luci-app-passwall luci-app-openclash"，再按"REQUEST REBUILD"，等到"SYSUPGRADE"。

1. Load SYSUPGRADE firmware, update root password, change “语言=English 主题=BootStrapDark",
2. "Services"->"OpenClash", pop up message disregard
3. 用putty "[Meta] Current Core" 的安装

1. wget https://raw.githubusercontent.com/vernesong/OpenClash/core/master/meta/clash-linux-arm64.tar.gz
   
2. tar -xvzf clash-linux-arm64.tar.gz
   
3. mv clash /etc/openclash/core/clash_meta
   
4. reboot

複製代碼

4. "Overviews", "Config Subscribe", "Add"
   - "Config Alias=666"
   - "Subscribe Address=机场URL"
5. "Commit Settings", "Update Config"
6. "Enable OpenClash" and wait for 30 seconds
7. 有flow，disable PassWall

测试：
YouTube and CCTV5可以播放

目录帖子GL.iNet and OpenWrt Contents

张无忌

2010年用过TL-WR1043ND v1.x， flash 8M，RAM 32M，USB 2.0，之后就停止用OpenWrt，就开始使用MikroTik RouterOS。在2025年4月6日开GL-MT6000帖子，到今天5月21日，终于把GL-MT6000能到WireGuard，ZeroTier，PassWall and OpenClash on OpenWrt and ImmoertalWrt，在这段期间得到@fakeman，@bunch，@robotmaster，@pbodq及其他members的信息帮助。

将来继续使用PassWall and OpenClash；还有Hong Kong MikroTik hAP ac3 + container使用方法；大陆的PassWall and OpenClash连接container。

张无忌

用interface安装WireGuard一定要dnsmasq-full

如果你用原装dnsmasq，安装interface WireGuard到香港，连接都没有问题，如果你用完要关机，第二天开机连不到香港，要把"Disable this interface=tick"，再去"System"->"Startup"，在"Start priority=20"，右手边click "Restart"一次后才能成功。

安装方法：

1. opkg remove dnsmasq && opkg install dnsmasq-full

複製代碼

平时照常关机，明天正常开机，都自动连上。

目录帖子GL.iNet and OpenWrt Contents

张无忌

MikroTik container startups

There are two video clips [1,2] describing the features of container in MikroTik.

### Part 1 [1] ###
打开"system resource print"是否arm或arm64。

1. /system resource print
   
2. [admin@MikroTik] > /system resource print                  
   
3.                    uptime: 6d5h9m8s           
   
4.                   version: 7.18.2 (stable)   
   
5.                build-time: 2025-03-11 11:59:04
   
6.          factory-software: 6.46.6            
   
7.               free-memory: 120.7MiB           
   
8.              total-memory: 256.0MiB           
   
9.                       cpu: ARM               
   
10.                 cpu-count: 4                  
    
11.             cpu-frequency: 672MHz            
    
12.                  cpu-load: 2%                 
    
13.            free-hdd-space: 86.7MiB            
    
14.           total-hdd-space: 128.0MiB           
    
15.   write-sect-since-reboot: 2778               
    
16.          write-sect-total: 465588            
    
17.                bad-blocks: 0%                 
    
18.         architecture-name: arm               
    
19.                  platform: MikroTik           
    
20. 
    
21. [admin@MikroTik] >

複製代碼

如果是arm或arm64，把USB手指插入，输入

1. [admin@MikroTik] > /system device-mode update container=yes

複製代碼

### Part 2 [2] ###
Network configuration

1. /interface/bridge add name=dockers
   
2. /ip/address add address=172.17.0.1 interface=dockers
   
3. /interface/veth add name=veth1 address=172.17.0.2/24 gateway=172.17.0.1
   
4. /interface/bridge/port add bridge=dockers interface=veth1
   
5. /ip/firewall/nat add chain=scrnat action=masquerade src-address=172.17.0.0/24

複製代碼

A Pi-hole program setup environment variables

1. /container envs
   
2. add key=TZ name=pihole_envs value=Europe/Riga
   
3. add key=WEBPASSWORD name=pihole_envs value=mysecurepasswaord
   
4. add key=DNSMASQ_USER name=pihole_envs value=root

複製代碼

Container mount point

1. /container mount
   
2. add dst=/etc/pihole name=etc_pihole src=/disk1/etc
   
3. add dst=/etc/dnsmasq.d name=dnsmasq_pihole src=/disk1/etc-dnsmasq.d

複製代碼

Container configuration

1. /container config
   
2. add registry-url=https//registry-1.docker.to tmpdir=disk1/pull

複製代碼

1st simplest method - pulling image from registry

1. /container add remote-image=piholr/pihole:latest interface=veth1 root-dir=disk1/pihole mounts=dnsmasq_pihole.d,etc_pihole envlist=pihole_envs

複製代碼

Extracting, stopped or running status

1. /container print
   
2. 0 ... status=extracting
   
3. 
   
4. /container print
   
5. 0 ... status=stopped
   
6. 
   
7. /container start 0
   
8. 0 ... status=running

複製代碼

2nd alternative method for custom images and isolated setups.

1. /container add file=disk1/pihole.tar

複製代碼

Linux Docker operation

1. sudo docker pull pihole/pihole:latest@<DIGEST=sha256...>
   
2. sudo docker save pihole/pihole > ./Desktop/pihole.tar

複製代碼

Pi-hole to operate with network

1. /ip/firewall/nat add chain=dstnat action=dst-nat protocol=tcp to-address=172.17.0.2 to-ports=80 dst-address=192.168.88.1 dst-port=888
   
2. /ip dns set servers=172.17.0.2

複製代碼

Browser to open Pi-hole

1. 192.168.88.1:888

複製代碼

Refereces:
[1] Impossible, docker containers on Mikrotik? Part 1
[2] Docker containers on Mikrotik? Part 2: PiHole

目录帖子GL.iNet and OpenWrt Contents

张无忌

Sub-content ImmortalWrt + PassWall + WireGuard/机场/Load Balancing/others

Offical ImmortalWrt + PassWall安装
ImmortalWrt + PassWall + WireGuard
ImmortalWrt + PassWall + 机场
ImmortalWrt + PassWall + Load Balancing
ImmortalWrt + PassWall + HK WireGuard server (MikroTik/ASUS/GL.iNet)

目录帖子GL.iNet and OpenWrt Contents