Skip to content

Instantly share code, notes, and snippets.

@hkfuertes

hkfuertes/travelmate-cm4.md

Last active May 27, 2025 18:14
Show Gist options
  • Save hkfuertes/edcabea30358cc1f34479c8ffd41269d to your computer and use it in GitHub Desktop.
Save hkfuertes/edcabea30358cc1f34479c8ffd41269d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
travelmate-cm4.md

Build the Image

Simple steps to use with https://firmware-selector.openwrt.org to generate an OpenWrt image for Raspberrypi with Wifi enabled and travelmate for CM4 Router.

Packages:

# Expand root filesystem to whole sdcard
parted losetup resize2fs

# USB Tether for phones
kmod-usb-net-rndis kmod-usb-net-cdc-ncm kmod-usb-net-cdc-eem kmod-usb-net-cdc-ether kmod-usb-net-cdc-subset kmod-nls-base kmod-usb-core kmod-usb-net kmod-usb-net-cdc-ether kmod-usb2

# Extra drivers for usb wifi
kmod-mt7601u

# Wireguard
wireguard-tools luci-proto-wireguard

# Multi WAN Manager
luci-app-mwan3 mwan3 iptables-nft ip6tables-nft

# Travelmate
luci-app-travelmate

# One Line
parted losetup resize2fs kmod-usb-net-rndis kmod-usb-net-cdc-ncm kmod-usb-net-cdc-eem kmod-usb-net-cdc-ether kmod-usb-net-cdc-subset kmod-nls-base kmod-usb-core kmod-usb-net kmod-usb-net-cdc-ether kmod-usb2 kmod-mt7601u wireguard-tools luci-proto-wireguard luci-app-mwan3 mwan3 iptables-nft ip6tables-nft luci-app-travelmate

uci-defaults:

# Configure WLAN
uci set wireless.@wifi-device[0].disabled='0'
uci set wireless.@wifi-iface[0].disabled='0'
uci commit wireless

# Change to not default network
uci set network.lan.ipaddr="192.168.7.1"
uci commit network

# Expand ROOTFS
cat << "EOF" > /etc/uci-defaults/70-rootpt-resize
if [ ! -e /etc/rootpt-resize ] \
&& type parted > /dev/null \
&& lock -n /var/lock/root-resize
then
ROOT_BLK="$(readlink -f /sys/dev/block/"$(awk -e \
'$9=="/dev/root"{print $3}' /proc/self/mountinfo)")"
ROOT_DISK="/dev/$(basename "${ROOT_BLK%/*}")"
ROOT_PART="${ROOT_BLK##*[^0-9]}"
parted -f -s "${ROOT_DISK}" \
resizepart "${ROOT_PART}" 100%
mount_root done
touch /etc/rootpt-resize
reboot
fi
exit 1
EOF

cat << "EOF" > /etc/uci-defaults/80-rootfs-resize
if [ ! -e /etc/rootfs-resize ] \
&& [ -e /etc/rootpt-resize ] \
&& type losetup > /dev/null \
&& type resize2fs > /dev/null \
&& lock -n /var/lock/root-resize
then
ROOT_BLK="$(readlink -f /sys/dev/block/"$(awk -e \
'$9=="/dev/root"{print $3}' /proc/self/mountinfo)")"
ROOT_DEV="/dev/${ROOT_BLK##*/}"
LOOP_DEV="$(awk -e '$5=="/overlay"{print $9}' \
/proc/self/mountinfo)"
if [ -z "${LOOP_DEV}" ]
then
LOOP_DEV="$(losetup -f)"
losetup "${LOOP_DEV}" "${ROOT_DEV}"
fi
resize2fs -f "${LOOP_DEV}"
mount_root done
touch /etc/rootfs-resize
reboot
fi
exit 1
EOF

cat << "EOF" >> /etc/sysupgrade.conf
/etc/uci-defaults/70-rootpt-resize
/etc/uci-defaults/80-rootfs-resize
EOF

reboot

Install Tailscale with luci frontend: luci-app-tailscale

  • Install with Frontend: 
      VERSION=1.1.2 # Version as of Aug 6 2024
  ARCH=arm64 # Use `uname -m` to figure out the arch: https://pkgs.tailscale.com/stable/#static
  wget -O luci-app-tailscale.ipk https://github.com/asvow/luci-app-tailscale/releases/download/v${VERSION}/luci-app-tailscale_${VERSION}_all.ipk
  opkg update
  opkg install ./luci-app-tailscale.ipk
  service tailscale stop
  cd /tmp
  wget https://pkgs.tailscale.com/stable/tailscale_1.70.0_${ARCH}.tgz
  tar -xvzf tailscale_1.70.0_${ARCH}.tgz
  cp tailscale_1.70.0_${ARCH}/tailscale /usr/sbin/tailscale
  cp tailscale_1.70.0_${ARCH}/tailscaled /usr/sbin/tailscaled
  service tailscale start
  reboot

Route traffic through Tailscale

  • Follow this guide to add tailscale zone in firewall: https://openwrt.org/docs/guide-user/services/vpn/tailscale/start 
      Name: tailscale
  Input: ACCEPT (default)
  Output: ACCEPT (default)
  Forward: ACCEPT
  Masquerading: on
  MSS Clamping: on
  Covered networks: tailscale
  Allow forward to destination zones: Ensure that your WAN zone is selected. (Add LAN here as well if you intend to allow hosts in your tailscale network to connect to hosts on your LAN)
  Allow forward from source zones: Select your LAN and/or other internal zones (Leave this blank if you do not want to route LAN traffic to hosts on your tailscale network, e.g a WAN-only exit node)
  • Allow traffic through an exit node:
    1. Disable packet forwarding by default: Network → Firewall → General Settings → Forward: reject
    2. Disable LAN-to-WAN forwarding: Network → Firewall → Zones → lan → Edit Allow forward to destination zones: Ensure that your WAN zone is unselected.
  • Add flags to tailscale, it can be done through luci-app-tailscale interface under "Services"
    • --exit-node=MY-EXIT-NODE --exit-node-allow-lan-access=true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment