Table of Contents

MiWifi with Shadowsocks

/etc/shadowsocks.json

{
  "server":"SERVER", //这里写服务器地址,最好用ip    
  "server_port": 5555, //shadowsocks服务器的端口
  "local_address":"127.0.0.1",
  "local_port":1081, //本地shadows绑定的端口, 
  "password":"PASSWORD",//shdowsocks 密码
  "timeout":600, //不用改
  "method":"aes-256-cfb"//加密算法, 根据服务商要求填写
}

/etc/init.d/myshadowsocks

  vim /etc/init.d/myshadowsocks

#!/bin/sh /etc/rc.common
 
. /lib/functions.sh
 
START=95
 
SS_REDIR_PID_FILE=/var/run/ss-redir.pid
SS_TUNNEL_PID_FILE=/var/run/ss-tunnel.pid
CONFIG=/etc/shadowsocks.json
DNS=8.8.8.8:53
TUNNEL_PORT=5353
 
start() {
    # Client Mode
    #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE
    # Proxy Mode
    service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE
    # Tunnel
    service_start /usr/bin/ss-tunnel -c $CONFIG -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE
}
 
stop() {
    # Client Mode
    #service_stop /usr/bin/ss-local
    # Proxy Mode
    service_stop /usr/bin/ss-redir
    # Tunnel
    service_stop /usr/bin/ss-tunnel
}

/etc/init.d/myshadowsocks enable //add to the auto start jobs
/etc/init.d/myshadowsocks start //start

Everytime after the router restart, it will delete the script, so I put the script to /userdisk/data/bin/myshadowsocks, and do the soft link

chmod +x /userdisk/data/bin/myshadowsocks
ln -s /userdisk/data/bin/myshadowsocks /etc/init.d/myshadowsocks
/etc/init.d/myshadowsocks

To support kcptun with shadowsocks

CONFIG_KCPTUN=/etc/shadowsocks-kcptun.json
#CONFIG=/etc/shadowsocks.json
CONFIG=$CONFIG_KCPTUN
DNS=8.8.8.8:53
TUNNEL_PORT=5353
 
start() {
   # Client Mode
   #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE
   # Proxy Mode
   service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE
   # Tunnel
   service_start /usr/bin/ss-tunnel -c $CONFIG_DEFAULT -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE
}
stop() {
   # Client Mode
   #service_stop /usr/bin/ss-local
   # Proxy Mode
   service_stop /usr/bin/ss-redir
   # Tunnel
   service_stop /usr/bin/ss-tunnel
}

And the shadowsocks-kcptun.json

{
  "server":"127.0.0.1",
  "server_port":8480,
  "local_address":"0.0.0.0",
  "local_port":1081,
  "password":"xxx",
  "timeout":600,
  "method":"aes-256-cfb"
}

And it will depends on the kcptun `cat /userdisk/data/bin/kcptun_start.sh`

#!/bin/sh
 
cd /userdisk/data/bin
echo ./client_linux_arm5  -r ef.pjq.me:4001 -l :8480 -mode fast3
./client_linux_arm5  -r ef.pjq.me:4001 -l :8480 -mode fast3

dnsmasq

https://github.com/cokebar/gfwlist2dnsmasq

gfwlist2dnsmasq.sh -s gfwlist -o /etc/dnsmasq.d/dnsmasq_list.conf

gfwlist iptables

ipset -N gfwlist iphash
iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081

Restart all the service

/etc/init.d/firewall restart
/etc/init.d/myshadowsocks stop
/etc/init.d/myshadowsocks start
/etc/init.d/dnsmasq restart

ssh keys

OpenWrt is not using ~/.ssh for the keys, and it use /etc/dropbear,

scp yourpubkey root@192.168.31.1:/tmp/
cd /etc/dropbear
cat /tmp/yourpubkey >> authorized_keys
chmod 0600 authorized_keys

Then in your local machine

vim ~/.ssh/config

Add the ssh host config

Host miwifi.com 192.168.31.1
    IdentityFile ~/.ssh/yourprivatekey
    User root
Then you can use the follow ssh command to login automatically

ssh root@192.168.31.1

If you want to ssh to the other server in the OpenWRT, you can also add the config file, and use -F to set the ssh config file

ssh -F config username@yourserver

Remote ssh forward

sh /userdisk/data/bin/ssh_forward.sh 22 32222
ssh root@ef.pjq.me -p 32222

cat  /userdisk/data/bin/ssh_forward.sh
#!/bin/bash
 
if [ $# = 2 ];then
    localport=$1
    remoteport=$2
    echo ssh -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
    ssh -F /etc/dropbear/config -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
    #echo autossh -f -M 2"$1"  -NR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
    #autossh -f -M 2"$1" -NR  ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
    echo DONE, Now you can visit it via
    echo http://ef.pjq.me:${remoteport}
else
cat <<EOF
    Usage:
    ./$0 localport remoteport
    For example, forward the localhost port 80 to the remote server 8080
    ssh -gNfR ef.pjq.me:8080:localhost:80 pjq@ef.pjq.me
    Then, you can visit it via: http://ef.pjq.me:8080
EOF
 
fi

Reference