====== MiWifi with Shadowsocks ======

===== /etc/shadowsocks.json =====

<code BASH>
{
  "server":"SERVER", //这里写服务器地址，最好用ip    
  "server_port": 5555, //shadowsocks服务器的端口
  "local_address":"127.0.0.1",
  "local_port":1081, //本地shadows绑定的端口, 
  "password":"PASSWORD",//shdowsocks 密码
  "timeout":600, //不用改
  "method":"aes-256-cfb"//加密算法, 根据服务商要求填写
}
</code>

===== /etc/init.d/myshadowsocks =====

    vim /etc/init.d/myshadowsocks

<code Bash>

#!/bin/sh /etc/rc.common

. /lib/functions.sh

START=95

SS_REDIR_PID_FILE=/var/run/ss-redir.pid
SS_TUNNEL_PID_FILE=/var/run/ss-tunnel.pid
CONFIG=/etc/shadowsocks.json
DNS=8.8.8.8:53
TUNNEL_PORT=5353

start() {
    # Client Mode
    #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE
    # Proxy Mode
    service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE
    # Tunnel
    service_start /usr/bin/ss-tunnel -c $CONFIG -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE
}

stop() {
    # Client Mode
    #service_stop /usr/bin/ss-local
    # Proxy Mode
    service_stop /usr/bin/ss-redir
    # Tunnel
    service_stop /usr/bin/ss-tunnel
}
</code>


<code BASH>
/etc/init.d/myshadowsocks enable //add to the auto start jobs
/etc/init.d/myshadowsocks start //start
</code>

Everytime after the router restart, it will delete the script, so I put the script to /userdisk/data/bin/myshadowsocks, and do the soft link
  chmod +x /userdisk/data/bin/myshadowsocks
  ln -s /userdisk/data/bin/myshadowsocks /etc/init.d/myshadowsocks
  /etc/init.d/myshadowsocks


==== To support kcptun with shadowsocks ====

<code BASH>
CONFIG_KCPTUN=/etc/shadowsocks-kcptun.json
#CONFIG=/etc/shadowsocks.json
CONFIG=$CONFIG_KCPTUN
DNS=8.8.8.8:53
TUNNEL_PORT=5353

start() {
   # Client Mode
   #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE
   # Proxy Mode
   service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE
   # Tunnel
   service_start /usr/bin/ss-tunnel -c $CONFIG_DEFAULT -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE
}
stop() {
   # Client Mode
   #service_stop /usr/bin/ss-local
   # Proxy Mode
   service_stop /usr/bin/ss-redir
   # Tunnel
   service_stop /usr/bin/ss-tunnel
}
</code>

And the shadowsocks-kcptun.json
<code Bash>
{
  "server":"127.0.0.1",
  "server_port":8480,
  "local_address":"0.0.0.0",
  "local_port":1081,
  "password":"xxx",
  "timeout":600,
  "method":"aes-256-cfb"
}
</code>

And it will depends on the kcptun `cat /userdisk/data/bin/kcptun_start.sh`
<code Bash>

#!/bin/sh

cd /userdisk/data/bin
echo ./client_linux_arm5  -r ef.pjq.me:4001 -l :8480 -mode fast3
./client_linux_arm5  -r ef.pjq.me:4001 -l :8480 -mode fast3
</code>

===== dnsmasq =====

https://github.com/cokebar/gfwlist2dnsmasq
  gfwlist2dnsmasq.sh -s gfwlist -o /etc/dnsmasq.d/dnsmasq_list.conf


===== gfwlist iptables =====

<code BASH>
ipset -N gfwlist iphash
iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081
</code>

===== Restart all the service =====
  /etc/init.d/firewall restart
  /etc/init.d/myshadowsocks stop
  /etc/init.d/myshadowsocks start
  /etc/init.d/dnsmasq restart

===== ssh keys =====
OpenWrt is not using ~/.ssh for the keys, and it use /etc/dropbear,   
  - https://wiki.openwrt.org/oldwiki/dropbearpublickeyauthenticationhowto
  - https://openwrt.org/docs/guide-user/services/ssh/openssh.server

  scp yourpubkey root@192.168.31.1:/tmp/
  cd /etc/dropbear
  cat /tmp/yourpubkey >> authorized_keys
  chmod 0600 authorized_keys

Then in your local machine
  vim ~/.ssh/config
  
Add the ssh host config
<code>
Host miwifi.com 192.168.31.1
    IdentityFile ~/.ssh/yourprivatekey
    User root
</code>
Then you can use the follow ssh command to login automatically
  ssh root@192.168.31.1

If you want to ssh to the other server in the OpenWRT, you can also add the config file, and use -F to set the ssh config file
  ssh -F config username@yourserver
===== Remote ssh forward =====

  sh /userdisk/data/bin/ssh_forward.sh 22 32222
  ssh root@ef.pjq.me -p 32222
<code Bash>
cat  /userdisk/data/bin/ssh_forward.sh
#!/bin/bash

if [ $# = 2 ];then
    localport=$1
    remoteport=$2
    echo ssh -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
    ssh -F /etc/dropbear/config -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
    #echo autossh -f -M 2"$1"  -NR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
    #autossh -f -M 2"$1" -NR  ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
    echo DONE, Now you can visit it via
    echo http://ef.pjq.me:${remoteport}
else
cat <<EOF
    Usage:
    ./$0 localport remoteport
    For example, forward the localhost port 80 to the remote server 8080
    ssh -gNfR ef.pjq.me:8080:localhost:80 pjq@ef.pjq.me
    Then, you can visit it via: http://ef.pjq.me:8080
EOF

fi
</code>

===== Reference =====
  -https://www.pleamon.com/2016/01/01/python/shadowsocks/%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E6%90%AD%E5%BB%BAshadowsocks/
  - http://www.wenlc.cn/%E5%A6%82%E4%BD%95%E8%AE%A9%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E8%81%AA%E6%98%8E%E7%9A%84%E4%BD%BF%E7%94%A8shadowsocks/
  - https://github.com/pjq/miwifi-ss
  - http://www.miui.com/thread-4408033-1-1.html