linux:miwifi-shadowsocks
Table of Contents
MiWifi with Shadowsocks
/etc/shadowsocks.json
{ "server":"SERVER", //这里写服务器地址,最好用ip "server_port": 5555, //shadowsocks服务器的端口 "local_address":"127.0.0.1", "local_port":1081, //本地shadows绑定的端口, "password":"PASSWORD",//shdowsocks 密码 "timeout":600, //不用改 "method":"aes-256-cfb"//加密算法, 根据服务商要求填写 }
/etc/init.d/myshadowsocks
vim /etc/init.d/myshadowsocks
#!/bin/sh /etc/rc.common . /lib/functions.sh START=95 SS_REDIR_PID_FILE=/var/run/ss-redir.pid SS_TUNNEL_PID_FILE=/var/run/ss-tunnel.pid CONFIG=/etc/shadowsocks.json DNS=8.8.8.8:53 TUNNEL_PORT=5353 start() { # Client Mode #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE # Proxy Mode service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE # Tunnel service_start /usr/bin/ss-tunnel -c $CONFIG -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE } stop() { # Client Mode #service_stop /usr/bin/ss-local # Proxy Mode service_stop /usr/bin/ss-redir # Tunnel service_stop /usr/bin/ss-tunnel }
/etc/init.d/myshadowsocks enable //add to the auto start jobs /etc/init.d/myshadowsocks start //start
Everytime after the router restart, it will delete the script, so I put the script to /userdisk/data/bin/myshadowsocks, and do the soft link
chmod +x /userdisk/data/bin/myshadowsocks ln -s /userdisk/data/bin/myshadowsocks /etc/init.d/myshadowsocks /etc/init.d/myshadowsocks
To support kcptun with shadowsocks
CONFIG_KCPTUN=/etc/shadowsocks-kcptun.json #CONFIG=/etc/shadowsocks.json CONFIG=$CONFIG_KCPTUN DNS=8.8.8.8:53 TUNNEL_PORT=5353 start() { # Client Mode #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE # Proxy Mode service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE # Tunnel service_start /usr/bin/ss-tunnel -c $CONFIG_DEFAULT -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE } stop() { # Client Mode #service_stop /usr/bin/ss-local # Proxy Mode service_stop /usr/bin/ss-redir # Tunnel service_stop /usr/bin/ss-tunnel }
And the shadowsocks-kcptun.json
{ "server":"127.0.0.1", "server_port":8480, "local_address":"0.0.0.0", "local_port":1081, "password":"xxx", "timeout":600, "method":"aes-256-cfb" }
And it will depends on the kcptun `cat /userdisk/data/bin/kcptun_start.sh`
#!/bin/sh cd /userdisk/data/bin echo ./client_linux_arm5 -r ef.pjq.me:4001 -l :8480 -mode fast3 ./client_linux_arm5 -r ef.pjq.me:4001 -l :8480 -mode fast3
dnsmasq
https://github.com/cokebar/gfwlist2dnsmasq
gfwlist2dnsmasq.sh -s gfwlist -o /etc/dnsmasq.d/dnsmasq_list.conf
gfwlist iptables
ipset -N gfwlist iphash iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081
Restart all the service
/etc/init.d/firewall restart /etc/init.d/myshadowsocks stop /etc/init.d/myshadowsocks start /etc/init.d/dnsmasq restart
ssh keys
OpenWrt is not using ~/.ssh for the keys, and it use /etc/dropbear,
scp yourpubkey root@192.168.31.1:/tmp/ cd /etc/dropbear cat /tmp/yourpubkey >> authorized_keys chmod 0600 authorized_keys
Then in your local machine
vim ~/.ssh/config
Add the ssh host config
Host miwifi.com 192.168.31.1 IdentityFile ~/.ssh/yourprivatekey User rootThen you can use the follow ssh command to login automatically
ssh root@192.168.31.1
If you want to ssh to the other server in the OpenWRT, you can also add the config file, and use -F to set the ssh config file
ssh -F config username@yourserver
Remote ssh forward
sh /userdisk/data/bin/ssh_forward.sh 22 32222 ssh root@ef.pjq.me -p 32222
cat /userdisk/data/bin/ssh_forward.sh #!/bin/bash if [ $# = 2 ];then localport=$1 remoteport=$2 echo ssh -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me ssh -F /etc/dropbear/config -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me #echo autossh -f -M 2"$1" -NR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me #autossh -f -M 2"$1" -NR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me echo DONE, Now you can visit it via echo http://ef.pjq.me:${remoteport} else cat <<EOF Usage: ./$0 localport remoteport For example, forward the localhost port 80 to the remote server 8080 ssh -gNfR ef.pjq.me:8080:localhost:80 pjq@ef.pjq.me Then, you can visit it via: http://ef.pjq.me:8080 EOF fi
Reference
/var/www/dokuwiki/wiki/data/pages/linux/miwifi-shadowsocks.txt · Last modified: 2019/03/09 01:35 by percy