-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Welcome to the openwrt wiki!
更新包list
opkg update
开启sftp
opkg install openssh-sftp-server
sftp 上传 ss 客户端,然后本地安装
dowonload from: http://shadowsocks.org/en/download/clients.html
http://shadowsocks.org/nightly/shadowsocks-libev-polarssl_1.4.8-1_ar71xx.ipk
opkg install /root/shadowsocks-libev-polarssl_1.4.8-1_ar71xx.ipk
或在线安装
opkg update
opkg list|grep shadowsocks
opkg install shadowsocks-client
开机启动 ss
/etc/init.d/shadowsocks enable
配置 ss
vi /etc/shadowsocks.json
{
"server": "server.com",
"server_port": 8388,
"local_port": 1080,
"password": "password",
"method": "rc4-md5"
}
配置ss 透明代理
vi /etc/ss-redir.json
{
"server": "server.com",
"server_port": 8388,
"local_port": 1081,
"password": "password",
"method": "rc4-md5"
}
修改默认 ss 启动脚本
vi /etc/init.d/shadowsocks
#!/bin/sh /etc/rc.common
START=95
SERVICE_USE_PID=1
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
CONFIG=/etc/shadowsocks.json
start() {
service_start /usr/bin/ss-local -c $CONFIG
service_start /usr/bin/ss-redir -c /etc/ss-redir.json
}
stop() {
service_stop /usr/bin/ss-local
service_stop /usr/bin/ss-redir
}
启动 ss
/etc/init.d/shadowsocks start
安装ipset, 这里会有些许报错可以无视,重启路由就能正确加载到 kernel
opkg update
opkg install kmod-ipt-ipset ipset ipset-dns
替换默认的 dnsmasq
opkg remove dnsmasq
opkg install dnsmasq-full
设置 firewall
vi /etc/firewall.user
ipset -N setmefree iphash
iptables -t nat -A PREROUTING -p tcp -m set --match-set setmefree dst -j REDIRECT --to-port 1081
设置 dnsmasq / ipset, 防止 dns 污染直接使用 opendns 的 dnscrypt
vi /etc/dnsmasq.conf
address=/gs2.ww.prod.dl.playstation.net/63.219.18.168
server=/.shadowsocks.org/208.67.220.220#443
ipset=/.shadowsocks.org/setmefree
server=/.opendns.com/208.67.222.222#443
server=/.openvpn.net/208.67.222.222#443
ipset=/.opendns.com/setmefree
ipset=/.openvpn.net/setmefree
server=/www.whereisip.net/208.67.222.222#443
ipset=/www.whereisip.net/setmefree
#instagram.com
server=/.instagram.com/208.67.222.222#443
server=/.cloudfront.net/208.67.222.222#443
server=/cdninstagram.com/208.67.222.222#443
ipset=/.instagram.com/setmefree
ipset=/.cloudfront.net/setmefree
ipset=/cdninstagram.com/setmefree
#Google and Youtube
server=/.google.com/208.67.222.222#443
server=/.google.com.hk/208.67.222.222#443
server=/.gstatic.com/208.67.222.222#443
server=/.ggpht.com/208.67.222.222#443
server=/.googleusercontent.com/208.67.222.222#443
server=/.appspot.com/208.67.222.222#443
server=/.googlecode.com/208.67.222.222#443
server=/.googleapis.com/208.67.222.222#443
server=/.gmail.com/208.67.222.222#443
server=/.google-analytics.com/208.67.222.222#443
server=/.youtube.com/208.67.222.222#443
server=/.googlevideo.com/208.67.222.222#443
server=/.youtube-nocookie.com/208.67.222.222#443
server=/.ytimg.com/208.67.222.222#443
server=/.blogspot.com/208.67.222.222#443
server=/.blogger.com/208.67.222.222#443
ipset=/.google.com/setmefree
ipset=/.google.com.hk/setmefree
ipset=/.gstatic.com/setmefree
ipset=/.ggpht.com/setmefree
ipset=/.googleusercontent.com/setmefree
ipset=/.appspot.com/setmefree
ipset=/.googlecode.com/setmefree
ipset=/.googleapis.com/setmefree
ipset=/.gmail.com/setmefree
ipset=/.google-analytics.com/setmefree
ipset=/.youtube.com/setmefree
ipset=/.googlevideo.com/setmefree
ipset=/.youtube-nocookie.com/setmefree
ipset=/.ytimg.com/setmefree
ipset=/.blogspot.com/setmefree
ipset=/.blogger.com/setmefree
#FaceBook
server=/.facebook.com/208.67.222.222#443
server=/.thefacebook.com/208.67.222.222#443
server=/.facebook.net/208.67.222.222#443
server=/.fbcdn.net/208.67.222.222#443
server=/.akamaihd.net/208.67.222.222#443
ipset=/.facebook.com/setmefree
ipset=/.thefacebook.com/setmefree
ipset=/.facebook.net/setmefree
ipset=/.fbcdn.net/setmefree
ipset=/.akamaihd.net/setmefree
#Twitter
server=/.twitter.com/208.67.222.222#443
server=/.t.co/208.67.222.222#443
server=/.bitly.com/208.67.222.222#443
server=/.twimg.com/208.67.222.222#443
server=/.tinypic.com/208.67.222.222#443
server=/.yfrog.com/208.67.222.222#443
ipset=/.twitter.com/setmefree
ipset=/.t.co/setmefree
ipset=/.bitly.com/setmefree
ipset=/.twimg.com/setmefree
ipset=/.tinypic.com/setmefree
ipset=/.yfrog.com/setmefree
重启服务
/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart
/etc/init.d/shadowsocks restart
ss client 监控和自动重启服务
crontab -e
*/2 * * * * isfound=$(ps | grep "ss-redir" | grep -v "grep"); if [ -z "$isfound" ]; then echo "$(date): restart ss-redir...">/tmp/log/ss-monitor.log && /etc/init.d/shadowsocks restart; fi
测试:
用浏览器访问 http://www.whereisip.net/ 出现你 ss server 的 IP 地址表示成功。
Not working?
1. 检查 ss 有无监听
netstat -nlpt|grep 108
tcp 0 0 0.0.0.0:1080 0.0.0.0:* LISTEN 5330/ss-local
tcp 0 0 0.0.0.0:1081 0.0.0.0:* LISTEN 5332/ss-redir
2. ipset 模块有无加载
lsmod |grep ip_set
ip_set 21172 12 xt_set
ip_set_bitmap_ip 6016 0
ip_set_bitmap_ipmac 5808 0
ip_set_bitmap_port 5312 0
ip_set_hash_ip 14944 1
ip_set_hash_ipport 15680 0
ip_set_hash_ipportip 16560 0
ip_set_hash_ipportnet 21584 0
ip_set_hash_net 18576 0
ip_set_hash_netiface 20704 0
ip_set_hash_netport 20240 0
ip_set_list_set 6688 0
nfnetlink 2491 2 ip_set
参考资料
http://blog.berry10086.com/Tech/Openwrt/openwrt-shadowsocks-ipset/
http://hong.im/2014/03/16/configure-an-openwrt-based-router-to-use-shadowsocks-and-redirect-foreign-traffic/
动态DDNS
vi /etc/config/ddns
config service "systemns"
option enabled "1"
option interface "wan"
option service_name "system-ns.com"
option DOMAIN "bar.system-ns.net"
option PASSWORD "1290839120830921839018"
option ip_source "network"
option ip_network "wan"
option force_interval "24"
option force_unit "hours"
option check_interval "5"
option check_unit "minutes"
option update_url "http://system-ns.com/api?type=dynamic&domain=[DOMAIN]&command=set&token=[PASSWORD]&ip=[IP]"
config service "changeip"
option enabled "1"
option interface "wan"
option service_name "changeip.com"
option DOMAIN "foo.changie.com"
option PASSWORD "password"
option USERNAME "[email protected]"
option ip_source "network"
option ip_network "wan"
option force_interval "24"
option force_unit "hours"
option check_interval "5"
option check_unit "minutes"
option update_url "http://[USERNAME]:[PASSWORD]@nic.changeip.com/nic/update?u=[USERNAME]&p=[PASSWORD]&cmd=update&hostname=[DOMAIN]&ip=[IP]"
debug ddns
/usr/lib/ddns/dynamic_dns_updater.sh changeip
/usr/lib/ddns/dynamic_dns_updater.sh systemns
PS:
WDR4300固件安装及升级:
原厂→Openwrt
http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/nand/openwrt-ar71xx-nand-wndr4300-ubi-factory.img
Openwrt升级去下载那个openwrt-ar71xx-nand-wndr4300-squashfs-sysupgrade.tar
PPS:变砖抢救办法:
1.断电
2.按住reset不放
3.通电
4.直到电源灯由黄色闪烁到绿色闪烁,松开reset
5.进入tftp模式上传.img文件
命令行模式:tftp -i 192.168.1.1 put x:\foo.img
或者其它GUI工具.
http://www.shadowsoftware.net/shadowgameworld/downloads/tftp2.exe
参考资料:
http://kb.netgear.com/app/answers/detail/a_id/22688/~/how-to-upload-firmware-to-a-wndr3700v2-router-using-tftp