Skip to content
ThinkZ edited this page Jan 15, 2015 · 24 revisions

Welcome to the openwrt wiki!
更新包list
opkg update

开启sftp
opkg install openssh-sftp-server

sftp 上传 ss 客户端,然后本地安装
dowonload from: http://shadowsocks.org/en/download/clients.html
http://shadowsocks.org/nightly/shadowsocks-libev-polarssl_1.4.8-1_ar71xx.ipk

opkg install /root/shadowsocks-libev-polarssl_1.4.8-1_ar71xx.ipk

或在线安装
opkg update
opkg list|grep shadowsocks
opkg install shadowsocks-client

开机启动 ss
/etc/init.d/shadowsocks enable

配置 ss
vi /etc/shadowsocks.json


{
        "server": "server.com",
        "server_port": 8388,
        "local_port": 1080,
        "password": "password",
        "method": "rc4-md5"
}

配置ss 透明代理
vi /etc/ss-redir.json

 
{
        "server": "server.com",
        "server_port": 8388,
        "local_port": 1081,
        "password": "password",
        "method": "rc4-md5"
}

修改默认 ss 启动脚本
vi /etc/init.d/shadowsocks


#!/bin/sh /etc/rc.common

START=95

SERVICE_USE_PID=1
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1

CONFIG=/etc/shadowsocks.json

start() {
service_start /usr/bin/ss-local -c $CONFIG
service_start /usr/bin/ss-redir -c /etc/ss-redir.json
}

stop() {
service_stop /usr/bin/ss-local
service_stop /usr/bin/ss-redir
}

启动 ss
/etc/init.d/shadowsocks start

安装ipset, 这里会有些许报错可以无视,重启路由就能正确加载到 kernel
opkg update
opkg install kmod-ipt-ipset ipset ipset-dns

替换默认的 dnsmasq
opkg remove dnsmasq
opkg install dnsmasq-full

设置 firewall
vi /etc/firewall.user

ipset -N setmefree iphash
iptables -t nat -A PREROUTING -p tcp -m set --match-set setmefree dst -j REDIRECT --to-port 1081

设置 dnsmasq / ipset, 防止 dns 污染直接使用 opendns 的 dnscrypt
vi /etc/dnsmasq.conf

 
address=/gs2.ww.prod.dl.playstation.net/63.219.18.168

server=/.shadowsocks.org/208.67.220.220#443
ipset=/.shadowsocks.org/setmefree

server=/.opendns.com/208.67.222.222#443
server=/.openvpn.net/208.67.222.222#443
ipset=/.opendns.com/setmefree
ipset=/.openvpn.net/setmefree

server=/www.whereisip.net/208.67.222.222#443
ipset=/www.whereisip.net/setmefree

#instagram.com
server=/.instagram.com/208.67.222.222#443
server=/.cloudfront.net/208.67.222.222#443
server=/cdninstagram.com/208.67.222.222#443
ipset=/.instagram.com/setmefree
ipset=/.cloudfront.net/setmefree
ipset=/cdninstagram.com/setmefree

#Google and Youtube
server=/.google.com/208.67.222.222#443
server=/.google.com.hk/208.67.222.222#443
server=/.gstatic.com/208.67.222.222#443
server=/.ggpht.com/208.67.222.222#443
server=/.googleusercontent.com/208.67.222.222#443
server=/.appspot.com/208.67.222.222#443
server=/.googlecode.com/208.67.222.222#443
server=/.googleapis.com/208.67.222.222#443
server=/.gmail.com/208.67.222.222#443
server=/.google-analytics.com/208.67.222.222#443
server=/.youtube.com/208.67.222.222#443
server=/.googlevideo.com/208.67.222.222#443
server=/.youtube-nocookie.com/208.67.222.222#443
server=/.ytimg.com/208.67.222.222#443
server=/.blogspot.com/208.67.222.222#443
server=/.blogger.com/208.67.222.222#443
ipset=/.google.com/setmefree
ipset=/.google.com.hk/setmefree
ipset=/.gstatic.com/setmefree
ipset=/.ggpht.com/setmefree
ipset=/.googleusercontent.com/setmefree
ipset=/.appspot.com/setmefree
ipset=/.googlecode.com/setmefree
ipset=/.googleapis.com/setmefree
ipset=/.gmail.com/setmefree
ipset=/.google-analytics.com/setmefree
ipset=/.youtube.com/setmefree
ipset=/.googlevideo.com/setmefree
ipset=/.youtube-nocookie.com/setmefree
ipset=/.ytimg.com/setmefree
ipset=/.blogspot.com/setmefree
ipset=/.blogger.com/setmefree

#FaceBook
server=/.facebook.com/208.67.222.222#443
server=/.thefacebook.com/208.67.222.222#443
server=/.facebook.net/208.67.222.222#443
server=/.fbcdn.net/208.67.222.222#443
server=/.akamaihd.net/208.67.222.222#443
ipset=/.facebook.com/setmefree
ipset=/.thefacebook.com/setmefree
ipset=/.facebook.net/setmefree
ipset=/.fbcdn.net/setmefree
ipset=/.akamaihd.net/setmefree

#Twitter
server=/.twitter.com/208.67.222.222#443
server=/.t.co/208.67.222.222#443
server=/.bitly.com/208.67.222.222#443
server=/.twimg.com/208.67.222.222#443
server=/.tinypic.com/208.67.222.222#443
server=/.yfrog.com/208.67.222.222#443
ipset=/.twitter.com/setmefree
ipset=/.t.co/setmefree
ipset=/.bitly.com/setmefree
ipset=/.twimg.com/setmefree
ipset=/.tinypic.com/setmefree
ipset=/.yfrog.com/setmefree

重启服务
/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart
/etc/init.d/shadowsocks restart

ss client 监控和自动重启服务
crontab -e

*/2 * * * * isfound=$(ps | grep "ss-redir" | grep -v "grep"); if [ -z "$isfound" ]; then echo "$(date): restart ss-redir...">/tmp/log/ss-monitor.log && /etc/init.d/shadowsocks restart; fi

测试:
用浏览器访问 http://www.whereisip.net/ 出现你 ss server 的 IP 地址表示成功。

Not working?
1. 检查 ss 有无监听
netstat -nlpt|grep 108

tcp        0      0 0.0.0.0:1080            0.0.0.0:*               LISTEN      5330/ss-local
tcp        0      0 0.0.0.0:1081            0.0.0.0:*               LISTEN      5332/ss-redir

2. ipset 模块有无加载
lsmod |grep ip_set

ip_set                 21172 12 xt_set
ip_set_bitmap_ip        6016  0 
ip_set_bitmap_ipmac     5808  0 
ip_set_bitmap_port      5312  0 
ip_set_hash_ip         14944  1 
ip_set_hash_ipport     15680  0 
ip_set_hash_ipportip   16560  0 
ip_set_hash_ipportnet   21584  0 
ip_set_hash_net        18576  0 
ip_set_hash_netiface   20704  0 
ip_set_hash_netport    20240  0 
ip_set_list_set         6688  0 
nfnetlink               2491  2 ip_set

参考资料
http://blog.berry10086.com/Tech/Openwrt/openwrt-shadowsocks-ipset/
http://hong.im/2014/03/16/configure-an-openwrt-based-router-to-use-shadowsocks-and-redirect-foreign-traffic/

动态DDNS

vi /etc/config/ddns

config service "systemns"
    option enabled "1"
    option interface "wan"

    option service_name "system-ns.com"
    option DOMAIN "bar.system-ns.net"
    option PASSWORD "1290839120830921839018"

    option ip_source "network"
    option ip_network "wan"

    option force_interval "24"
    option force_unit "hours"
    option check_interval "5"
    option check_unit "minutes"

    option update_url "http://system-ns.com/api?type=dynamic&domain=[DOMAIN]&command=set&token=[PASSWORD]&ip=[IP]"


config service "changeip"                                     
    option enabled "1"                                         
    option interface "wan"
 
    option service_name "changeip.com"                                 
    option DOMAIN "foo.changie.com"                              
    option PASSWORD "password"              
    option USERNAME "[email protected]"
 
    option ip_source "network"                                     
    option ip_network "wan"                                       
                                                                 
    option force_interval "24"         
    option force_unit "hours"
    option check_interval "5"                                   
    option check_unit "minutes"                                 
    option update_url "http://[USERNAME]:[PASSWORD]@nic.changeip.com/nic/update?u=[USERNAME]&p=[PASSWORD]&cmd=update&hostname=[DOMAIN]&ip=[IP]" 

debug ddns
/usr/lib/ddns/dynamic_dns_updater.sh changeip
/usr/lib/ddns/dynamic_dns_updater.sh systemns

PS:
WDR4300固件安装及升级:
原厂→Openwrt
http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/nand/openwrt-ar71xx-nand-wndr4300-ubi-factory.img

Openwrt升级去下载那个openwrt-ar71xx-nand-wndr4300-squashfs-sysupgrade.tar

PPS:变砖抢救办法:
1.断电
2.按住reset不放
3.通电
4.直到电源灯由黄色闪烁到绿色闪烁,松开reset
5.进入tftp模式上传.img文件
命令行模式:tftp -i 192.168.1.1 put x:\foo.img
或者其它GUI工具.
http://www.shadowsoftware.net/shadowgameworld/downloads/tftp2.exe
参考资料:
http://kb.netgear.com/app/answers/detail/a_id/22688/~/how-to-upload-firmware-to-a-wndr3700v2-router-using-tftp

Clone this wiki locally