Differences

This shows you the differences between two versions of the page.

--- linux:miwifi-shadowsocks [2018/09/01 23:28] – created percy
+++ linux:miwifi-shadowsocks [2019/03/09 01:35] (current) – percy
@@ Line 1: / Line 1: @@
 ====== MiWifi with Shadowsocks ======
-====== Reference ======
+===== /etc/shadowsocks.json =====
+<code BASH>
+{
+  "server":"SERVER", //这里写服务器地址，最好用ip
+  "server_port": 5555, //shadowsocks服务器的端口
+  "local_address":"127.0.0.1",
+  "local_port":1081, //本地shadows绑定的端口,
+  "password":"PASSWORD",//shdowsocks 密码
+  "timeout":600, //不用改
+  "method":"aes-256-cfb"//加密算法, 根据服务商要求填写
+}
+</code>
+===== /etc/init.d/myshadowsocks =====
+    vim /etc/init.d/myshadowsocks
+<code Bash>
+#!/bin/sh /etc/rc.common
+. /lib/functions.sh
+START=95
+SS_REDIR_PID_FILE=/var/run/ss-redir.pid
+SS_TUNNEL_PID_FILE=/var/run/ss-tunnel.pid
+CONFIG=/etc/shadowsocks.json
+DNS=8.8.8.8:53
+TUNNEL_PORT=5353
+start() {
+    # Client Mode
+    #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE
+    # Proxy Mode
+    service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE
+    # Tunnel
+    service_start /usr/bin/ss-tunnel -c $CONFIG -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE
+}
+stop() {
+    # Client Mode
+    #service_stop /usr/bin/ss-local
+    # Proxy Mode
+    service_stop /usr/bin/ss-redir
+    # Tunnel
+    service_stop /usr/bin/ss-tunnel
+}
+</code>
+<code BASH>
+/etc/init.d/myshadowsocks enable //add to the auto start jobs
+/etc/init.d/myshadowsocks start //start
+</code>
+Everytime after the router restart, it will delete the script, so I put the script to /userdisk/data/bin/myshadowsocks, and do the soft link
+  chmod +x /userdisk/data/bin/myshadowsocks
+  ln -s /userdisk/data/bin/myshadowsocks /etc/init.d/myshadowsocks
+  /etc/init.d/myshadowsocks
+==== To support kcptun with shadowsocks ====
+<code BASH>
+CONFIG_KCPTUN=/etc/shadowsocks-kcptun.json
+#CONFIG=/etc/shadowsocks.json
+CONFIG=$CONFIG_KCPTUN
+DNS=8.8.8.8:53
+TUNNEL_PORT=5353
+start() {
+   # Client Mode
+   #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE
+   # Proxy Mode
+   service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE
+   # Tunnel
+   service_start /usr/bin/ss-tunnel -c $CONFIG_DEFAULT -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE
+}
+stop() {
+   # Client Mode
+   #service_stop /usr/bin/ss-local
+   # Proxy Mode
+   service_stop /usr/bin/ss-redir
+   # Tunnel
+   service_stop /usr/bin/ss-tunnel
+}
+</code>
+And the shadowsocks-kcptun.json
+<code Bash>
+{
+  "server":"127.0.0.1",
+  "server_port":8480,
+  "local_address":"0.0.0.0",
+  "local_port":1081,
+  "password":"xxx",
+  "timeout":600,
+  "method":"aes-256-cfb"
+}
+</code>
+And it will depends on the kcptun `cat /userdisk/data/bin/kcptun_start.sh`
+<code Bash>
+#!/bin/sh
+cd /userdisk/data/bin
+echo ./client_linux_arm5  -r ef.pjq.me:4001 -l :8480 -mode fast3
+./client_linux_arm5  -r ef.pjq.me:4001 -l :8480 -mode fast3
+</code>
+===== dnsmasq =====
+https://github.com/cokebar/gfwlist2dnsmasq
+  gfwlist2dnsmasq.sh -s gfwlist -o /etc/dnsmasq.d/dnsmasq_list.conf
+===== gfwlist iptables =====
+<code BASH>
+ipset -N gfwlist iphash
+iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081
+</code>
+===== Restart all the service =====
+  /etc/init.d/firewall restart
+  /etc/init.d/myshadowsocks stop
+  /etc/init.d/myshadowsocks start
+  /etc/init.d/dnsmasq restart
+===== ssh keys =====
+OpenWrt is not using ~/.ssh for the keys, and it use /etc/dropbear,
+  - https://wiki.openwrt.org/oldwiki/dropbearpublickeyauthenticationhowto
+  - https://openwrt.org/docs/guide-user/services/ssh/openssh.server
+  scp yourpubkey root@192.168.31.1:/tmp/
+  cd /etc/dropbear
+  cat /tmp/yourpubkey >> authorized_keys
+  chmod 0600 authorized_keys
+Then in your local machine
+  vim ~/.ssh/config
+Add the ssh host config
+<code>
+Host miwifi.com 192.168.31.1
+    IdentityFile ~/.ssh/yourprivatekey
+    User root
+</code>
+Then you can use the follow ssh command to login automatically
+  ssh root@192.168.31.1
+If you want to ssh to the other server in the OpenWRT, you can also add the config file, and use -F to set the ssh config file
+  ssh -F config username@yourserver
+===== Remote ssh forward =====
+  sh /userdisk/data/bin/ssh_forward.sh 22 32222
+  ssh root@ef.pjq.me -p 32222
+<code Bash>
+cat  /userdisk/data/bin/ssh_forward.sh
+#!/bin/bash
+if [ $# = 2 ];then
+    localport=$1
+    remoteport=$2
+    echo ssh -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
+    ssh -F /etc/dropbear/config -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
+    #echo autossh -f -M 2"$1"  -NR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
+    #autossh -f -M 2"$1" -NR  ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
+    echo DONE, Now you can visit it via
+    echo http://ef.pjq.me:${remoteport}
+else
+cat <<EOF
+    Usage:
+    ./$0 localport remoteport
+    For example, forward the localhost port 80 to the remote server 8080
+    ssh -gNfR ef.pjq.me:8080:localhost:80 pjq@ef.pjq.me
+    Then, you can visit it via: http://ef.pjq.me:8080
+EOF
+fi
+</code>
+===== Reference =====
   -https://www.pleamon.com/2016/01/01/python/shadowsocks/%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E6%90%AD%E5%BB%BAshadowsocks/
   - http://www.wenlc.cn/%E5%A6%82%E4%BD%95%E8%AE%A9%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E8%81%AA%E6%98%8E%E7%9A%84%E4%BD%BF%E7%94%A8shadowsocks/
   - https://github.com/pjq/miwifi-ss
+  - http://www.miui.com/thread-4408033-1-1.html