Openwrt 18.06.1 configuration on the science network
openwrt 18.06.1 配置科学上网 - Shuyi Yuan - Medium
openwrt 安装不缀述,网上教程很多,可以刷在路由器上、小主机上、甚至VirtualBox的虚拟机里。本文假定openwrt已经设置好并上网,电脑连接路由器LAN口。
medium.com
Openwrt 18.06.1 configuration on the science network
Shuyi Yuan
Shuyi Yuan
Follow
Oct 19, 2018 · 4 min read
Openwrt installation is not described, there are many online tutorials, you can brush on the router, small host, and even VirtualBox virtual machine. This article assumes that openwrt is already set up and connected to the Internet, and the computer is connected to the LAN port of the router.
1. Install the shadowsocks-libev related package
Opkg update
(multiple runs a few times, I have encountered the shadowsocks related package after the first update)
Opkg install shadowsocks-libev-config shadowsocks-libev-ss-local shadowsocks-libev-ss-redir shadowsocks-libev-ss-rules shadowsocks-libev-ss-tunnel luci-app-shadowsocks-libev
2. Basic configuration
Go to the openwrt web configuration interface and select Service->shadowsocks-libev
Click Remote Servers, which has configured a server sss0 by default, modify the address, port, password, encryption mode, and most importantly, remove the disabled hook and click the save&apply button.
Click Local Instances, click the Disabled button corresponding to the ss-local.cfgXXXXX (XXX is a random number) entry, change it to Enabled, and click Save & Apply. After the configuration save takes effect, the running state of the ss-local.cfgXXXX entry changes from no to yes. At this point, a SOCKS5 server is running on the router, port 1080. Set the proxy server of the computer browser to the router address, port 1080, try to access Google. If successful, the ss client works fine on openwrt.
Next, test the function of iptables+ss-redir automatic forwarding proxy (transparent proxy). In Local Instances, set ss-redir.hi to Enabled. Click Redir Rules, Disabled to remove it, click on Destination Settings, and dst default is changed from bypass to forward. Click Save&Apply to make the configuration take effect. Cancel the proxy settings of the computer browser, visit Google, if successful, the unconditional transparent proxy settings are successful. All packets are forwarded by the router to the ss server.
3. Advanced configuration
The last configured transparent proxy forwards all traffic to the remote SS server, which is obviously a waste of traffic, and the efficiency of domestic websites going abroad is very low. Therefore, we need to identify domestic and foreign traffic on the router and treat it differently.
1. First set dst forward in Destination Settings to bypass.
2. Change the opkg list update from http to https, http is not updated, maybe GFW is a ghost
Opkg install libustream-mbedtls (if the prompt is not found, opkg update runs a few more times)
Sed -i s/http:/https:/g /etc/opkg/distfeeds.conf
Opkg update
3. Install various dependencies
Opkg remove dnsmasq
Opkg install dnsmasq-full
Opkg install coreutils-base64 curl ca-certificates ca-bundle
4.
==================
Too many steps are too annoying, write a one-click script, and execute it:
Cd /tmp && opkg update && opkg install curl ca-bundle && curl -s -L https://github.com/ysy/ss/raw/master/openwrt_tproxy.tgz -ot.tgz && tar x -z -f t .tgz && cd openwrt_tproxy && ./setup.sh