youtube视频:
2020最简单的无脚本无国产软件的官网软件搭建OpenWrt软路由和V2ray透明代理
1. 下载软件
1.1 必须的软件: openwrt和刻盘软件rufus
https://rufus.ie/
https://openwrt.org/downloads 或:https://downloads.openwrt.org/releases/
如对于工控机,下载的是:https://downloads.openwrt.org/releases/19.07.2/targets/x86/64/
1.2 辅助软件: SSH客户端putty、文件传输软件winscp、文本编辑软件notepad++
https://www.putty.org/
https://winscp.net/eng/index.php
https://notepad-plus-plus.org/downloads/
2. 配置openwrt
2.1 软路由从u盘启动
在软路由机器上插入openwrt的u盘、接上3显示器和键盘.
软路由开机是,按F12(咨询商家)选择U盘启动,可用F2(咨询商家)进入Bios设置路由器第一启动的是硬盘还是u盘。
2.2 用命令passwd设置管理员账户root的密码: `
passwd
2.3 配置网络:
vim /etc/config/network
内容如下:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdde:5bf8:b3d3::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.2.1'
option dns '192.168.2.1 8.8.8.8'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
如果希望软路由接在光猫后面,由软路由的openwrt进行拨号,则上述network里修改wan:
config interface 'wan'
option ifname 'eth1'
option proto 'pppoe'
option ipv6 'auto'
option username '宽带用户名'
option password '宽带密码'
option peerdns '0'
option dns '192.168.2.1 8.8.8.8'
使修改生效
/etc/init.d/network reload
/etc/init.d/network restart
测试是否能上外网:
ping sohu.com
输出下面
root@OpenWrt:~# ping sohu.com
PING sohu.com (x.x.x.x): 56 data bytes
64 bytes from x.x.x.x: seq=0 ttl=55 time=25.043 ms
64 bytes from x.x.x.x: seq=1 ttl=55 time=25.206 ms
64 bytes from x.x.x.x: seq=2 ttl=55 time=25.110 ms
64 bytes from v: seq=3 ttl=55 time=25.288 ms
开始使用Web服务器(uHTTPd)
/etc/init.d/uhttpd start
/etc/init.d/uhttpd enable
将软路由(Lan)和电脑用网线连接,以后可以从电脑端登录操作软路由。
2.4. 用其他电脑登录软路由。
2.4.1 浏览器的luci访问软路由,输入软路由的ip地址即可
2.4.2 用SSH客户端程序putty在软路由上执行命令,如卸载 dnsmasq 并安装 dnsmasq-full。安装iptable,证书等:
opkg update
opkg remove dnsmasq
rm -rf /etc/config/dhcp
opkg install dnsmasq-full
opkg install iptables-mod-nat-extra ipset libopenssl
opkg install bash kmod-ipt-tproxy iptables-mod-tproxy bind-dig
opkg install wget ca-certificates ca-bundle
opkg install libustream-mbedtls libustream-mbedtls
2.4.3 设置wifi
自动检测:
rm -f /etc/config/wireless; wifi detect > /etc/config/wireless
打开WiFi配置文件 vim /etc/config/wireless:
config wifi-device wifi1
option type
option channel 11
option hwmode 11g
option disabled 0
config wifi-iface
option device wifi1
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt' # wifi名称
option encryption 'psk2' # 加密方式
option key 'password' # WiFi密码
附录1: 将openwrt安装到pc机器的硬盘上
执行命令:
opkg update
opkg install wget ca-certificates ca-bundle
wget https://downloads.openwrt.org/releases/19.07.2/targets/x86/64/openwrt-19.07.2-x86-64-combined-ext4.img.gz
gunzip openwrt-19.07.2-x86-64-combined-ext4.img.gz
dd if=openwrt-19.07.2-x86-64-combined-ext4.img.gz of=/dev/sda bs=4M; sync;
附录(可选):OpenWrt 18.06 安装SHADOWSOCKS实现路由器透明代理
路由器实现自动https://leamtrop.com/2017/05/14/shadowsocks-proxy-on-lede/ good 1) 安装缺少的组件:
opkg update
opkg install wget ca-certificates ca-bundle
opkg install iptables-mod-tproxy
1) 我的OpenWrt使用的是哪种架构的CPU?
opkg print-architecture | awk '{print $2}'
或
opkg print-architecture | awk '{print $2}' | grep -v all | grep -v noarch # 精确的命令
x_86_64 得到大致架构信息
uname -m
2) 添加opkg key:
wget http://openwrt-dist.sourceforge.net/openwrt-dist.pub
opkg-key add openwrt-dist.pub
3)(此步不行,应该手动下载,然后用winscp上传到路由器) 添加自定义源:
vi /etc/opkg/customfeeds.conf
在文件里的最后添加:
src/gz openwrt_dist http://openwrt-dist.sourceforge.net/packages/base/x_86_64
src/gz openwrt_dist_luci http://openwrt-dist.sourceforge.net/packages/luci
4) 安装SHADOWSOCKS及ChinaDNS:
opkg update
opkg install ChinaDNS
opkg install luci-app-chinadns
opkg install shadowsocks-libev
opkg install luci-app-shadowsocks
5) 生成中国IP列表:
wget -O /tmp/delegated-apnic-latest 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' && awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' /tmp/delegated-apnic-latest > /etc/chinadns_chnroute.txt
每周更新中国IP列表,运行
crontab -e
添加
0 3 * * 1 wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O /tmp/delegated-apnic-latest && awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' /tmp/delegated-apnic-latest > /etc/chinadns_chnroute.txt
启用:
/etc/init.d/cron start
/etc/init.d/cron enable
然后启动shadowsocks,并设置开机运行:
/etc/init.d/shadowsocks enable
/etc/init.d/shadowsocks start
补充:
最后检查一下是否正常启动了:
netstat -lnp | grep ss-redir
如果未能正确启动,尝试手动执行,看看报什么错:
ss-redir -c /etc/shadowsocks.json -b 0.0.0.0 -v
3. 安装V2ray和透明代理
3.1 下载v2ray-core并上传到软路由中
3.1.1 在软路由机器上为v2ray创建目录:
mkdir /usr/bin/v2ray
cd /usr/bin/v2ray
3.1.2 下载CPU架构对应的v2ray-core
检查软路由的cpu架构:
uname -m
下载对应架构的v2ray-core:https://github.com/v2ray/v2ray-core/releases 如x86-64对应的v2ray-linux-64.zip
将v2ray-linux-64.zip解压到一个目录中。
3.1.3 上传解压的v2ray目录中内容到/usr/bin/v2ray
3.1.4 修改目录/usr/bin/v2ray访问权限 chmod +x v2ray
3.2 修改config.json并上传到v2ray服务器
config.json内容:
{
"policy": null,
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"inbounds": [
{ //任意门,用于透明代理
"protocol": "dokodemo-door",
"port": 1080,
"listen": "0.0.0.0",
"settings": {
"network": "tcp, udp",
"timeout": 30,
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "in-0" //入口0标识
},
{ //socks5,用于浏览器代理
"port":"1081",
"protocol":"socks",
"settings":{
"auth":"noauth",
"udp":true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "in-1" //入口1标识
},
{ //http代理,用于系统代理
"port":"1082",
"protocol":"http",
"settings":{},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "in-2" //入口2标识
},
{ //任意门,备用dns解析
"protocol": "dokodemo-door",
"port": 5353,
"settings": {
"address": "8.8.8.8",
"port": 53,
"network": "udp",
"timeout": 0
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "你的vps域名",
"port": 443,
"users": [
{
"id": "你的v2ray服务器的id",
"alterId": 64,
"security": "chacha20-poly1305"
}
]
}
],
"servers": null,
"response": null
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"allowInsecure": true,
"serverName": "你的vps域名"
},
"tcpSettings": null,
"kcpSettings": null,
"wsSettings": {
"connectionReuse": true,
"path": "/ray",
"headers": {
"Host": "你的vps域名"
}
},
"httpSettings": null,
"quicSettings": null
},
"mux": {
"enabled": true
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"vnext": null,
"servers": null,
"response": null
},
"streamSettings": null,
"mux": null
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"vnext": null,
"servers": null,
"response": {
"type": "http"
}
},
"streamSettings": null,
"mux": null
}
],
"stats": null,
"api": null,
"dns": null,
"routing":{
"domainStrategy":"AsIs",
"rules":[
{ //被屏蔽的域名走代理,可自行添加
"type": "field",
"outboundTag": "proxy",
"domain": [
"google.com",
"youtube.com"
]
},
{ //入口0标识的流量直连
"type":"field",
"inboundTag": ["in-0"],
"outboundTag":"direct"
},
{ //入口1标识的流量直连
"type":"field",
"inboundTag": ["in-1"],
"outboundTag":"direct"
},
{ //入口2标识的流量直连
"type":"field",
"inboundTag": ["in-2"],
"outboundTag":"direct"
}
]
}
}
可以检查上传的v2ray配置文件v2ray.json格式是否正确:
/usr/bin/v2ray/v2ray --test --config /usr/bin/v2ray/config.json
3.3 用notepad++创建一个文件v2ray.service,内容为:
#!/bin/sh /etc/rc.common
# "new(er)" style init script
# Look at /lib/functions/service.sh on a running system for explanations of what other SERVICE_
# options you can use, and when you might want them.
START=80
ROOT=/usr/bin/v2ray
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
start() {
service_start $ROOT/v2ray
iptables -t nat -N v2ray
iptables -t nat -A v2ray -d 192.168.2.0/16 -j RETURN
iptables -t nat -A v2ray -p tcp -j REDIRECT --to-ports 1080
iptables -t nat -A PREROUTING -p tcp -j v2ray
}
stop() {
iptables -t nat -D PREROUTING -p tcp -j v2ray
iptables -t nat -F v2ray
iptables -t nat -X v2ray
service_stop $ROOT/v2ray
}
用winscp上传到软路由的’usr/bin/v2ray’文件夹, 将该文件通过winscp上传到软路由的目录’/usr/bin/v2ray’。
服务自启动:
修改权限并创建符号连接:
chmod +x /usr/bin/v2ray/v2ray.service
ln -s /usr/bin/v2ray/v2ray.service /etc/init.d/v2ray
使能服务和启动服务:
/etc/init.d/v2ray enable
/etc/init.d/v2ray start
下面命令可以停止服务:
/etc/init.d/v2ray stop
检查是否启动了v2ray:
ps | grep v2ray
输出下面信息表示已经启动
2256 root 116m S /usr/bin/v2ray/v2ray
2274 root 3092 S grep v2ray
检查软路由是否能访问谷歌等网站:
curl -x socks5://127.0.0.1:1080 google.com
如果输出下面信息表示可以了:
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
在SSH(putty)执行命令
reboot
重启路由器。也可以在Lcui界面的”syetem”->”syetem”里找到reboot命令重启路由器。
3.4. 防止DNS污染
dnsmasq配置:
可以在luci界面进行配置,也可以直接在dnsmasq.conf文件里配置,luci界面的优先级更高,换句话说就是会覆盖dnsmasq.conf文件里相同的配置项。
下载gfw.conf
https://cokebar.github.io/gfwlist2dnsmasq/dnsmasq_gfwlist_ipset.conf 到/etc/config/proxy/
在/etc/dnsmasq.conf文件最后添加:
vi /etc/dnsmasq.conf
添加/etc/config/proxy/到dnsmasq:
conf-dir=/etc/config/proxy
==========下面作废==================
-
下载软件
1.1 必须的软件: openwrt和刻盘软件rufus
https://rufus.ie/
https://openwrt.org/downloads
1.2 辅助软件: SSH客户端putty、文件传输软件winscp、文本编辑软件notepad++
https://www.putty.org/
https://winscp.net/eng/index.php
https://notepad-plus-plus.org/downloads/
-
配置openwrt
2.1 软路由从u盘启动 在软路由机器上插入openwrt的u盘、接上3显示器和键盘.
软路由开机是,按F12(咨询商家)选择U盘启动,可用F2(咨询商家)进入Bios设置路由器第一启动的是硬盘还是u盘。
2.2 用命令passwd设置管理员账户root的密码:
passwd
2.3 配置网络:
vim /etc/config/network
内容如下:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdde:5bf8:b3d3::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.2.1'
option dns '192.168.2.1 8.8.8.8'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
如果希望软路由接在光猫后面,由软路由的openwrt进行拨号,则上述network里修改wan:
config interface 'wan'
option ifname 'eth1'
option proto 'pppoe'
option ipv6 'auto'
option username '宽带用户名'
option password '宽带密码'
option peerdns '0'
option dns '192.168.2.1 8.8.8.8'
使修改生效
/etc/init.d/network reload
开始使用Web服务器(uHTTPd)
/etc/init.d/uhttpd start
/etc/init.d/uhttpd enable
将软路由(Lan)和电脑用网线连接,以后可以从电脑端登录操作软路由。
2.4. 用其他电脑登录软路由。
2.4.1 浏览器的luci访问软路由,输入软路由的ip地址即可
2.4.2 用SSH客户端程序putty在软路由上执行命令,如卸载 dnsmasq 并安装 dnsmasq-full。安装iptable,证书等:
opkg update
opkg remove dnsmasq
rm -rf /etc/config/dhcp
opkg install dnsmasq-full
opkg install iptables-mod-nat-extra ipset libopenssl
opkg install bash kmod-ipt-tproxy iptables-mod-tproxy bind-dig
opkg install wget
opkg install ca-certificates
libustream-mbedtls libustream-mbedtls
2.4.3 设置wifi
自动检测:
rm -f /etc/config/wireless; wifi detect > /etc/config/wireless
打开WiFi配置文件 vim /etc/config/wireless:
config wifi-device wifi1
option type
option channel 11
option hwmode 11g
option disabled 0
config wifi-iface
option device wifi1
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt' # wifi名称
option encryption 'psk2' # 加密方式
option key 'password' # WiFi密码
- 安装V2ray和透明代理
3.1 下载v2ray-core并上传到软路由中
3.1.1 在软路由机器上为v2ray创建目录:
mkdir /usr/bin/v2ray
cd /usr/bin/v2ray
3.1.2 下载CPU架构对应的v2ray-core
检查软路由的cpu架构:
uname -m
下载对应架构的v2ray-core:https://github.com/v2ray/v2ray-core/releases 如x86-64对应的v2ray-linux-64.zip
将v2ray-linux-64.zip解压到一个目录中。
3.1.3 上传解压的v2ray目录中内容到/usr/bin/v2ray
3.1.4 修改目录/usr/bin/v2ray访问权限 chmod +x v2ray
3.2 修改config.json并上传到v2ray服务器
config.json内容:
{
"policy": null,
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"inbounds": [
{ //任意门,用于透明代理
"protocol": "dokodemo-door",
"port": 1080,
"listen": "0.0.0.0",
"settings": {
"network": "tcp, udp",
"timeout": 30,
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "in-0" //入口0标识
},
{ //socks5,用于浏览器代理
"port":"1081",
"protocol":"socks",
"settings":{
"auth":"noauth",
"udp":true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "in-1" //入口1标识
},
{ //http代理,用于系统代理
"port":"1082",
"protocol":"http",
"settings":{},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "in-2" //入口2标识
},
{ //任意门,备用dns解析
"protocol": "dokodemo-door",
"port": 5353,
"settings": {
"address": "8.8.8.8",
"port": 53,
"network": "udp",
"timeout": 0
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "你的vps域名",
"port": 443,
"users": [
{
"id": "你的v2ray服务器的id",
"alterId": 64,
"security": "chacha20-poly1305"
}
]
}
],
"servers": null,
"response": null
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"allowInsecure": true,
"serverName": "你的vps域名"
},
"tcpSettings": null,
"kcpSettings": null,
"wsSettings": {
"connectionReuse": true,
"path": "/ray",
"headers": {
"Host": "你的vps域名"
}
},
"httpSettings": null,
"quicSettings": null
},
"mux": {
"enabled": true
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"vnext": null,
"servers": null,
"response": null
},
"streamSettings": null,
"mux": null
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"vnext": null,
"servers": null,
"response": {
"type": "http"
}
},
"streamSettings": null,
"mux": null
}
],
"stats": null,
"api": null,
"dns": null,
"routing":{
"domainStrategy":"AsIs",
"rules":[
{ //被屏蔽的域名走代理,可自行添加
"type": "field",
"outboundTag": "proxy",
"domain": [
"google.com",
"youtube.com"
]
},
{ //入口0标识的流量直连
"type":"field",
"inboundTag": ["in-0"],
"outboundTag":"direct"
},
{ //入口1标识的流量直连
"type":"field",
"inboundTag": ["in-1"],
"outboundTag":"direct"
},
{ //入口2标识的流量直连
"type":"field",
"inboundTag": ["in-2"],
"outboundTag":"direct"
}
]
}
}
可以检查上传的v2ray配置文件v2ray.json格式是否正确:
/usr/bin/v2ray/v2ray --test --config /usr/bin/v2ray/config.json
3.3 用notepad++创建一个文件v2ray.service,内容为:
#!/bin/sh /etc/rc.common
# "new(er)" style init script
# Look at /lib/functions/service.sh on a running system for explanations of what other SERVICE_
# options you can use, and when you might want them.
START=80
ROOT=/usr/bin/v2ray
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
start() {
service_start $ROOT/v2ray
iptables -t nat -N v2ray
iptables -t nat -A v2ray -d 192.168.2.0/16 -j RETURN
iptables -t nat -A v2ray -p tcp -j REDIRECT --to-ports 1080
iptables -t nat -A PREROUTING -p tcp -j v2ray
}
stop() {
iptables -t nat -D PREROUTING -p tcp -j v2ray
iptables -t nat -F v2ray
iptables -t nat -X v2ray
service_stop $ROOT/v2ray
}
用winscp上传到软路由的’usr/bin/v2ray’文件夹, 将该文件通过winscp上传到软路由的目录’/usr/bin/v2ray’。
服务自启动:
修改权限并创建符号连接:
chmod +x /usr/bin/v2ray/v2ray.service
ln -s /usr/bin/v2ray/v2ray.service /etc/init.d/v2ray
使能服务和启动服务:
/etc/init.d/v2ray enable
/etc/init.d/v2ray start
下面命令可以停止服务:
/etc/init.d/v2ray stop
检查是否启动了v2ray:
ps | grep v2ray
输出下面信息表示已经启动
2256 root 116m S /usr/bin/v2ray/v2ray
2274 root 3092 S grep v2ray
检查软路由是否能翻墙:
curl -x socks5://127.0.0.1:1080 google.com
如果输出下面信息表示可以了:
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
在SSH(putty)执行命令
reboot
重启路由器。也可以在Lcui界面的”syetem”->”syetem”里找到reboot命令重启路由器。
3.4. 防止DNS污染
dnsmasq配置:
可以在luci界面进行配置,也可以直接在dnsmasq.conf文件里配置,luci界面的优先级更高,换句话说就是会覆盖dnsmasq.conf文件里相同的配置项。
下载gfw.conf
https://cokebar.github.io/gfwlist2dnsmasq/dnsmasq_gfwlist_ipset.conf 到/etc/config/proxy/
在/etc/dnsmasq.conf文件最后添加:
vi /etc/dnsmasq.conf
添加/etc/config/proxy/到dnsmasq:
conf-dir=/etc/config/proxy
安装OpenWrt
1. u盘安装好Openwrt
在http://archive.openwrt.org/里的release目录的/targets/x86/64/即http://archive.openwrt.org/releases/19.07.1/targets/x86/64/里下载最新版本的 “combined-ext4.img.gz”Openwrt安装文件,如:openwrt-19.07.1-x86-64-combined-ext4.img.gz
下载刻盘软件rufus,用rufus将安装映像刻录到u盘。
如果想将openwrt安装到路由器的硬盘中,一种方法是用一个usb硬盘转接线(如图)将路由器的硬盘接到电脑的USB接口。然后采用上述方法安装。
一种方法是用rufus制作一个ubuntu安装u盘,并将openwrt映像文件拷贝到其中,然后用linux的刻盘命令dd直接刻录到软路由中。可参考https://teklager.se/en/knowledge-base/openwrt-installation-instructions/。
注意:启动软路由时可以用F12(咨询商家)选择U盘启动,可用F2(咨询商家)进入Bios设置路由器第一启动的是硬盘还是u盘。
2. 配置openwrt
进入Openwrt系统后,执行命令 passwd创建root的密码
passwd
配置网络
vi /etc/config/network
例如,我的配置是:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdde:5bf8:b3d3::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.2.1'
option dns '192.168.2.1 8.8.8.8'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
如果希望软路由接在光猫后面,由软路由的openwrt进行拨号,则上述network里可以添加如下的内容:
config interface 'wan'
option ifname 'eth1'
option proto 'pppoe'
option ipv6 'auto'
option username '宽带用户名'
option password '宽带密码'
option peerdns '0'
option dns '192.168.2.1 8.8.8.8'
使修改生效
/etc/init.d/network reload
开始使用Web服务器(uHTTPd)
/etc/init.d/uhttpd start
/etc/init.d/uhttpd enable
将软路由(Lan)和电脑用网线连接,以后可以从电脑端登录操作软路由。
用其他电脑登录软路由。
1) 浏览器的luci访问软路由
将软路由的Lan口用网线接到电脑,在电脑浏览器输入192.168.1.1,可以通过luci界面对软路由进行各种配置。如修改Lan、Wan的参数。等同于上述的软路由的命令行的操作。
网络->接口->Lan,可修改软路由的ip地址。
网络->接口->Wan,可设置连接外网的方式,如DHCP或静态ip或ppp2e
2) 下载winscp,以便在其他PC电脑将配置参数文件或其他文件上传到软路由。
3) 用SSH登录软路由,windows系统可用SSH客户端软件putty
用winscp和Putty登录软路由都需要输入软路由的ip地址、root及其密码。
卸载 dnsmasq 并安装 dnsmasq-full。安装iptable,证书等:
opkg update
opkg remove dnsmasq
rm -rf /etc/config/dhcp
opkg install dnsmasq-full
opkg install iptables-mod-nat-extra ipset libopenssl
opkg install wget
opkg install ca-certificates
libustream-mbedtls libustream-mbedtls
b. 修改 /etc/dnsmasq.conf,在最后加入 conf-dir=/etc/dnsmasq.d ,新建并进入目录 /etc/dnsmasq.d ,并将 my_dnsmasq.conf放入该目录。
my_dnsmasq.conf 具体格式如下:
#使用不受污染干扰的DNS解析该域名 可以将此IP改为自己使用的DNS服务器
server=/google.com/208.67.222.222#443
#将解析出来的IP保存到名为gfwlist的ipset表中
ipset=/google.com/gfwlist
自动检测wifi类型:似乎不行
root@OpenWrt:~# rm -f /etc/config/wireless; wifi detect > /etc/config/wireless
打开WiFi配置文件 vim /etc/config/wireless, 注释或者删掉 option disabled 1 这句话以启用WiFi. 在wifi-iface部分修改以下部分:
config wifi-device wifi1
option type
option channel 11
config wifi-iface
option device wifi1
#option network 'lan'
option mode 'ap'
option ssid 'OpenWrt' # wifi名称
option encryption 'psk2' # 加密方式
option key 'password' # WiFi密码
最后重启网络和WiFi, 路由器没必要执行重启操作:
/etc/init.d/network reload
wifi
开始使用Web服务器(uHTTPd)
/etc/init.d/uhttpd start
/etc/init.d/uhttpd enable
Openwrt 修改 LuCI 语言
System->Software->在 Filter 栏里面输入 -zh-cn 点击搜索
找到 luci-i18n-base-zh-cn 点击前面的安装。然后去设置语言即可。
https://www.right.com.cn/forum/thread-938058-1-1.html
https://blog.csdn.net/Tree_in_sea/article/details/100590548
v2ray 安装
上传软件及客户端配置文件
检查软路由的cpu架构:
uname
下载软路由对应的veray。
https://github.com/v2ray/v2ray-core/releases
通过SSH(如putty)登录软路由,执行下面的命令创建v2ray程序的存放目录
mkdir /usr/bin/v2ray
cd /usr/bin/v2ray
将windows系统的v2ray客户端v2ray-core的v2ray文件夹的所有内容通过winscp上传到软路由的目录’/usr/bin/v2ray’
修改目录访问权限
chmod +x v2ray
可以检查上传的v2ray配置文件v2ray.json格式是否正确:
/usr/bin/v2ray/v2ray --test --config /usr/bin/v2ray/config.json
添加服务
用notepad++创建一个文件v2ray.service,内容为:
#!/bin/sh /etc/rc.common
# "new(er)" style init script
# Look at /lib/functions/service.sh on a running system for explanations of what other SERVICE_
# options you can use, and when you might want them.
START=80
ROOT=/usr/bin/v2ray
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
start() {
service_start $ROOT/v2ray
}
stop() {
service_stop $ROOT/v2ray
}
将该文件通过winscp上传到软路由的目录’/usr/bin/v2ray’。
服务自启动:
修改权限并创建符号连接:
chmod +x /usr/bin/v2ray/v2ray.service
ln -s /usr/bin/v2ray/v2ray.service /etc/init.d/v2ray
使能服务和启动服务:
/etc/init.d/v2ray enable
/etc/init.d/v2ray start
下面命令可以停止服务:
/etc/init.d/v2ray stop
检查是否启动了v2ray:
ps | grep v2ray
输出下面信息表示已经启动
2256 root 116m S /usr/bin/v2ray/v2ray
2274 root 3092 S grep v2ray
检查软路由是否能翻墙:
curl -x socks5://127.0.0.1:1080 google.com
如果输出下面信息表示可以了:
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
透明代理(可选)
- 修改config.json
如果你采用的是ws+TLS+web的v2ray,则其中的“你的域名”是你申请的域名,IP地址指向你的vps实例。否则就是vps实例的ip地址。
{
"policy": null,
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"inbounds": [
{ //任意门,用于透明代理
"protocol": "dokodemo-door",
"port": 1080,
"listen": "0.0.0.0",
"settings": {
"network": "tcp, udp",
"timeout": 30,
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "in-0" //入口0标识
},
{ //socks5,用于浏览器代理
"port":"1081",
"protocol":"socks",
"settings":{
"auth":"noauth",
"udp":true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "in-1" //入口1标识
},
{ //http代理,用于系统代理
"port":"1082",
"protocol":"http",
"settings":{},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "in-2" //入口2标识
},
{ //任意门,备用dns解析
"protocol": "dokodemo-door",
"port": 5353,
"settings": {
"address": "8.8.8.8",
"port": 53,
"network": "udp",
"timeout": 0
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "你的vps域名",
"port": 443,
"users": [
{
"id": "你的v2ray服务器的id",
"alterId": 64,
"security": "chacha20-poly1305"
}
]
}
],
"servers": null,
"response": null
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"allowInsecure": true,
"serverName": "你的vps域名"
},
"tcpSettings": null,
"kcpSettings": null,
"wsSettings": {
"connectionReuse": true,
"path": "/ray",
"headers": {
"Host": "你的vps域名"
}
},
"httpSettings": null,
"quicSettings": null
},
"mux": {
"enabled": true
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"vnext": null,
"servers": null,
"response": null
},
"streamSettings": null,
"mux": null
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"vnext": null,
"servers": null,
"response": {
"type": "http"
}
},
"streamSettings": null,
"mux": null
}
],
"stats": null,
"api": null,
"dns": null,
"routing":{
"domainStrategy":"AsIs",
"rules":[
{ //被屏蔽的域名走代理,可自行添加
"type": "field",
"outboundTag": "proxy",
"domain": [
"google.com",
"youtube.com"
]
},
{ //入口0标识的流量直连
"type":"field",
"inboundTag": ["in-0"],
"outboundTag":"direct"
},
{ //入口1标识的流量直连
"type":"field",
"inboundTag": ["in-1"],
"outboundTag":"direct"
},
{ //入口2标识的流量直连
"type":"field",
"inboundTag": ["in-2"],
"outboundTag":"direct"
}
]
}
}
- 修改v2ray.service:
```
#!/bin/sh /etc/rc.common
“new(er)” style init script
Look at /lib/functions/service.sh on a running system for explanations of what other SERVICE_
options you can use, and when you might want them.
START=80 ROOT=/usr/bin/v2ray SERVICE_WRITE_PID=1 SERVICE_DAEMONIZE=1
start() { service_start $ROOT/v2ray iptables -t nat -N v2ray iptables -t nat -A v2ray -d 192.168.2.0/16 -j RETURN iptables -t nat -A v2ray -p tcp -j REDIRECT –to-ports 1080 iptables -t nat -A PREROUTING -p tcp -j v2ray }
stop() { iptables -t nat -D PREROUTING -p tcp -j v2ray iptables -t nat -F v2ray iptables -t nat -X v2ray service_stop $ROOT/v2ray }
用winscp上传到软路由的'usr/bin/v2ray'文件夹,在SSH(putty)执行命令
reboot
重启路由器。也可以在Lcui界面的"syetem"->"syetem"里找到reboot命令重启路由器。
下面的透明代理的iptable似乎不行,所以不需要看。
开启UDP需要 iptables-mod-tproxy 模块,请确保已经安装好。即前面的安装命令:
opkg install ipset iptables-mod-nat-extra
在luci-网络-防火墙-自定义规则下添加iptables规则。也可以用开机自定义脚本(.sh后缀)实现。
规则中局域网的ip段(192.168.2.0)和v2ray监听的端口(12345)请结合实际情况修改。
Only TCP
iptables -t nat -N V2RAY iptables -t nat -A V2RAY -d 0.0.0.0 -j RETURN iptables -t nat -A V2RAY -d 127.0.0.0 -j RETURN iptables -t nat -A V2RAY -d 192.168.2.0/24 -j RETURN
From lans redirect to Dokodemo-door’s local port
iptables -t nat -A V2RAY -s 192.168.2.0/24 -p tcp -j REDIRECT –to-ports 12345 iptables -t nat -A PREROUTING -p tcp -j V2RAY
With UDP support
ip rule add fwmark 1 table 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -N V2RAY iptables -t mangle -A V2RAY -d 0.0.0.0 -j RETURN iptables -t mangle -A V2RAY -d 127.0.0.0 -j RETURN iptables -t mangle -A V2RAY -d 192.168.2.0/24 -j RETURN
From lans redirect to Dokodemo-door’s local port
iptables -t mangle -A V2RAY -p tcp -s 192.168.2.0/24 -j TPROXY –on-port 12345 –tproxy-mark 1 iptables -t mangle -A V2RAY -p udp -s 192.168.2.0/24 -j TPROXY –on-port 12345 –tproxy-mark 1 iptables -t mangle -A PREROUTING -j V2RAY
或则
iptables -t nat -N V2RAY # 新建一个名为 V2RAY 的链 iptables -t nat -A V2RAY -d 192.168.0.0/16 -j RETURN # 直连 192.168.0.0/16 iptables -t nat -A V2RAY -p tcp -j RETURN -m mark –mark 0xff # 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数,数值上等同与上面配置的 255),此规则目的是避免代理本机(网关)流量出现回环问题 iptables -t nat -A V2RAY -p tcp -j REDIRECT –to-ports 12345 # 其余流量转发到 12345 端口(即 V2Ray) iptables -t nat -A PREROUTING -p tcp -j V2RAY # 对局域网其他设备进行透明代理 iptables -t nat -A OUTPUT -p tcp -j V2RAY # 对本机进行透明代理
ip rule add fwmark 1 table 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -N V2RAY_MASK iptables -t mangle -A V2RAY_MASK -d 192.168.0.0/16 -j RETURN iptables -t mangle -A V2RAY_MASK -p udp -j TPROXY –on-port 12345 –tproxy-mark 1 iptables -t mangle -A PREROUTING -p udp -j V2RAY_MASK
[路由器Openwrt安装V2ray简单流程](https://github.com/felix-fly/v2ray-openwrt)
[网件R7800 OpenWrt使用V2Ray+mKcp+透明代理完美翻墙](https://blog.dreamtobe.cn/r7800-openwrt-v2ray/)
[1. 透明代理(TPROXY)](https://toutyrater.github.io/app/tproxy.html)
[1. 透明代理 redirect](https://toutyrater.github.io/app/transparent_proxy.html)
[https://zhuanlan.zhihu.com/p/105569599](https://zhuanlan.zhihu.com/p/105569599)
[V2ray Router Config](https://inpot.github.io/V2ray-Router-Config/)
### openclash
[https://conversun.com/2019/08/19/OpenClash-SmartDns/](https://conversun.com/2019/08/19/OpenClash-SmartDns/)
[https://github.com/frainzy1477/luci-app-clash/releases](https://github.com/frainzy1477/luci-app-clash/releases)
wget https://github.com/frainzy1477/luci-app-clash/releases/download/v1.6.5/luci-app-clash_1.6.5_all.ipk opkg install luci-app-clash_1.6.5_all.ipk mv clash /etc/openclash/clash cd /etc/openclash chmod 0755 clash ```
-
Previous
Configuring C++17 supported compiler on wnidows for CodeBlocks and Visual Studio Code -
Next
《C++17从入门到精通》配套视频课程
支付宝打赏
微信打赏
您的打赏是对我最大的鼓励!
