本文在网件wndr3700 v4下测试通过。
由于我之前刷的是openwrt14,这次我通过升级的方式更新到15.升级包在此:http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/nand/
http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/nand/openwrt-15.05-ar71xx-nand-wndr3700v4-squashfs-sysupgrade.tar
刚刷完之后系统是英文,先装中文包:
opkg update opkg install luci-i18n-base-zh-cn
注意!官方的语言包改成luci-i18n-base-zh-cn了。
如果更新是出现”ipaddress download.openwrt.org bad”之类的提示的话,尝试执行下/etc/init.d/dnsmasq stop
下面开始安装自动爬墙
1.安装shadowsocks客户端
cd /tmp/ opkg install libpolarssl opkg install libopenssl opkg install wget wget http://jaist.dl.sourceforge.net/project/openwrt-dist/shadowsocks-libev/2.4.0-bd77b7b/ar71xx/shadowsocks-libev-spec-polarssl_2.4.0-1_ar71xx.ipk wget http://nchc.dl.sourceforge.net/project/openwrt-dist/luci-app/shadowsocks-spec/luci-app-shadowsocks-spec_1.3.2-1_all.ipk opkg install shadowsocks-libev-spec-polarssl_2.4.0-1_ar71xx.ipk opkg install luci-app-shadowsocks-spec_1.3.2-1_all.ipk
shadowsocks界面大概如下:
上面两个最新版本在
http://sourceforge.net/projects/openwrt-dist/files/shadowsocks-libev/2.4.0-bd77b7b/
http://sourceforge.net/projects/openwrt-dist/files/luci-app/shadowsocks-spec/
根据自己路由固件版本下载
2.安装老源里的pdnsd
wgethttp://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/nand/packages/pdnsd_1.2.9a-par-a8e46ccba7b0fa2230d6c42ab6dcd92926f6c21d_ar71xx.ipk opkg install pdnsd_1.2.9a-par-a8e46ccba7b0fa2230d6c42ab6dcd92926f6c21d_ar71xx.ipk
编辑/etc/pdnsd.conf
内容如下
global {
perm_cache=1024;
cache_dir="/var/pdnsd";
run_as="nobody";
server_port = 1053;
server_ip = 127.0.0.1;
status_ctl = on;
query_method=tcp_only;
min_ttl=15m;
max_ttl=1w;
timeout=10;
}
server {
label= "googledns";
ip = 8.8.8.8;
root_server = on;
uptest = none;
}
因为是老源里的pdnsd,所以用/etc/init.d/pdnsd enable是不能设置开机启动的,添加路由启动脚本即可
/etc/init.d/pdnsd restart &
或者放到/etc/rc.local都可以
3.安装ipset和dnsmasq
opkg update opkg install kmod-ipt-ipset ipset ipset-dns opkg remove dnsmasq opkg install dnsmasq-full
编辑/etc/dnsmasq.conf,添加规则,下面是我的规则
server=/google.com/127.0.0.1#1053 server=/googleapis.com/127.0.0.1#1053 server=/google-analytics.com/127.0.0.1#1053 server=/youtube.com/127.0.0.1#1053 server=/ytimg.com/127.0.0.1#1053 server=/facebook.com/127.0.0.1#1053 server=/twitter.com/127.0.0.1#1053 server=/twimg.com/127.0.0.1#1053 server=/tokyo-hot.com/127.0.0.1#1053 server=/twitch.tv/127.0.0.1#1053 server=/ttvnw.net/127.0.0.1#1053 server=/jtvnw.net/127.0.0.1#1053 server=/akamaihd.net/127.0.0.1#1053 server=/1pondo.tv/127.0.0.1#1053 server=/caribbeancom.com/127.0.0.1#1053 server=/blogspot.com/127.0.0.1#1053 server=/blogspot.hk/127.0.0.1#1053 server=/googlevideo.com/127.0.0.1#1053 server=/googleusercontent.com/127.0.0.1#1053 server=/gstatic.com/127.0.0.1#1053 server=/googlehosted.com/127.0.0.1#1053 server=/golang.org/127.0.0.1#1053 server=/hkbici.com/127.0.0.1#1053 server=/ubisoft.com/127.0.0.1#1053 server=/ubi.com/127.0.0.1#1053 server=/uplay.com/127.0.0.1#1053 server=/ea.com/127.0.0.1#1053 #server=/rockstargames.com/127.0.0.1#1053 server=/akamaihd.net/127.0.0.1#1053 server=/fbcdn.net/127.0.0.1#1053 server=/ign.com/127.0.0.1#1053 server=/dropbox.com/127.0.0.1#1053 #server=/playstation.net/127.0.0.1#1053 server=/instagram.com/127.0.0.1#1053 server=/facebook.net/127.0.0.1#1053 server=/cdninstagram.com/127.0.0.1#1053 server=/canonical.com/127.0.0.1#1053 server=/gravatar.com/127.0.0.1#1053 server=/hktv.com.hk/127.0.0.1#1053 server=/hktvmall.com/127.0.0.1#1053 server=/wordpress.org/127.0.0.1#1053 server=/w.org/127.0.0.1#1053 server=/gravatar.com/127.0.0.1#1053 #server=/kali.org/127.0.0.1#1053 server=/flickr.com/127.0.0.1#1053 ipset=/google.com/letitgo ipset=/googleapis.com/letitgo ipset=/google-analytics.com/letitgo ipset=/youtube.com/letitgo ipset=/ytimg.com/letitgo ipset=/twitter.com/letitgo ipset=/twimg.com/letitgo ipset=/tokyo-hot.com/letitgo ipset=/twitch.tv/letitgo ipset=/ttvnw.net/letitgo ipset=/jtvnw.net/letitgo ipset=/akamaihd.net/letitgo ipset=/1pondo.tv/letitgo ipset=/caribbeancom.com/letitgo ipset=/blogspot.com/letitgo ipset=/blogspot.hk/letitgo ipset=/googlevideo.com/letitgo ipset=/googleusercontent.com/letitgo ipset=/gstatic.com/letitgo ipset=/googlehosted.com/letitgo ipset=/golang.org/letitgo ipset=/hkbici.com/letitgo ipset=/ubisoft.com/letitgo ipset=/ubi.com/letitgo ipset=/uplay.com/letitgo ipset=/ea.com/letitgo #ipset=/rockstargames.com/letitgo ipset=/akamaihd.net/letitgo ipset=/fbcdn.net/letitgo ipset=/ign.com/letitgo ipset=/dropbox.com/letitgo #ipset=/playstation.net/letitgo ipset=/instagram.com/letitgo ipset=/facebook.net/letitgo ipset=/cdninstagram.com/letitgo ipset=/canonical.com/letitgo ipset=/gravatar.com/letitgo ipset=/hktv.com.hk/letitgo ipset=/hktvmall.com/letitgo ipset=/wordpress.org/letitgo ipset=/w.org/letitgo ipset=/gravatar.com/letitgo #ipset=/kali.org/letitgo ipset=/flickr.com/letitgo
4.开启服务,添加防火墙规则
路由管理界面下 服务—shadowsocks 添加好ss服务器信息,然后保存并应用
/etc/init.d/shadowsocks restart /etc/init.d/shadowsocks enable /etc/init.d/chinadns start /etc/init.d/chinadns enable /etc/init.d/dnsmasq restart /etc/init.d/dnsmasq enable
在路由界面 网络—防火墙—Custom Rules 添加
ipset -N letitgo iphash iptables -t nat -A PREROUTING -p tcp -m set --match-set letitgo dst -j REDIRECT --to-port 1080
最后重启路由器测试。
参考:
http://blog.berry10086.com/Tech/Openwrt/openwrt-shadowsocks-ipset/
http://hong.im/2014/07/08/use-ipset-with-shadowsocks-on-openwrt/
——————————————-一些tips————————————————-
1.直接用ss转发的dns端口解析指定的域名
这需要ss server支持udp relay,将8.4.4.4 53端口转发到本地5300.对应的ss自动执行的命令是
ss-tunnel -c /var/etc/shadowsocks.json -u -l 5300 -L 8.8.4.4:53 -f /var/run/ss-tunnel.pid
用dig 命令检测转发命令是否成功
dig @192.168.1.1 -p 5300 www.google.com
之后在dnsmasq的luci app界面里设置(openwrt界面—网络—dhcp/dns—dns转发)
按照此添加即可,里面的IP地址不能写成127.0.0.1,要写路由器的内网地址。
————————————–可能存在的问题———————————-
我用了
http://jaist.dl.sourceforge.net/project/openwrt-dist/shadowsocks-libev/2.4.0-bd77b7b/ar71xx/shadowsocks-libev-spec-polarssl_2.4.0-1_ar71xx.ipk
这个所谓的特别优化版一段时间后发现不能爬墙哦,到路由下netstat -antl看了下出现好多ESTABLISHED状态的连接,openwrt日志显示TCP: too many orphaned sockets……应该是程序bug,于是换用
http://jaist.dl.sourceforge.net/project/openwrt-dist/shadowsocks-libev/2.4.0-bd77b7b/ar71xx/shadowsocks-libev-polarssl_2.4.0-1_ar71xx.ipk
问题得到了解决。