Welcome to Jianqing's Wiki

User Tools

Site Tools

You are here: Readme » linux » MiWifi with Shadowsocks
Trace:
linux:miwifi-shadowsocks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
linux:miwifi-shadowsocks [2018/09/03 12:30] percylinux:miwifi-shadowsocks [2019/03/09 01:32] percy
Line 1: Line 1:
 ====== MiWifi with Shadowsocks ====== ====== MiWifi with Shadowsocks ======
  
 +===== /etc/shadowsocks.json =====
  
 +<code BASH> 
 +
 +  "server":"SERVER", //这里写服务器地址,最好用ip     
 +  "server_port": 5555, //shadowsocks服务器的端口 
 +  "local_address":"127.0.0.1", 
 +  "local_port":1081, //本地shadows绑定的端口,  
 +  "password":"PASSWORD",//shdowsocks 密码 
 +  "timeout":600, //不用改 
 +  "method":"aes-256-cfb"//加密算法, 根据服务商要求填写 
 +
 +</code>
  
 ===== /etc/init.d/myshadowsocks ===== ===== /etc/init.d/myshadowsocks =====
Line 40: Line 51:
 } }
 </code> </code>
 +
  
 <code BASH> <code BASH>
Line 45: Line 57:
 /etc/init.d/myshadowsocks start //start /etc/init.d/myshadowsocks start //start
 </code> </code>
 +
 +Everytime after the router restart, it will delete the script, so I put the script to /userdisk/data/bin/myshadowsocks, and do the soft link
 +  chmod +x /userdisk/data/bin/myshadowsocks
 +  ln -s /userdisk/data/bin/myshadowsocks /etc/init.d/myshadowsocks
 +  /etc/init.d/myshadowsocks
 +
 +
 +==== To support kcptun with shadowsocks ====
 +
 +<code BASH>
 +CONFIG_KCPTUN=/etc/shadowsocks-kcptun.json
 +#CONFIG=/etc/shadowsocks.json
 +CONFIG=$CONFIG_KCPTUN
 +DNS=8.8.8.8:53
 +TUNNEL_PORT=5353
 +
 +start() {
 +   # Client Mode
 +   #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE
 +   # Proxy Mode
 +   service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE
 +   # Tunnel
 +   service_start /usr/bin/ss-tunnel -c $CONFIG_DEFAULT -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE
 +}
 +stop() {
 +   # Client Mode
 +   #service_stop /usr/bin/ss-local
 +   # Proxy Mode
 +   service_stop /usr/bin/ss-redir
 +   # Tunnel
 +   service_stop /usr/bin/ss-tunnel
 +}
 +</code>
 +
 +And the shadowsocks-kcptun.json
 +<code Bash>
 +{
 +  "server":"127.0.0.1",
 +  "server_port":8480,
 +  "local_address":"0.0.0.0",
 +  "local_port":1081,
 +  "password":"pjq",
 +  "timeout":600,
 +  "method":"aes-256-cfb"
 +}
 +</code>
 +
 +===== dnsmasq =====
 +
 +https://github.com/cokebar/gfwlist2dnsmasq
 +  gfwlist2dnsmasq.sh -s gfwlist -o /etc/dnsmasq.d/dnsmasq_list.conf
 +
  
 ===== gfwlist iptables ===== ===== gfwlist iptables =====
Line 50: Line 114:
 <code BASH> <code BASH>
 ipset -N gfwlist iphash ipset -N gfwlist iphash
-iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 8964+iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081
 </code> </code>
-====== Reference ======+ 
 +===== Restart all the service ===== 
 +  /etc/init.d/firewall restart 
 +  /etc/init.d/myshadowsocks stop 
 +  /etc/init.d/myshadowsocks start 
 +  /etc/init.d/dnsmasq restart 
 + 
 +===== ssh keys ===== 
 +OpenWrt is not using ~/.ssh for the keys, and it use /etc/dropbear,    
 +  - https://wiki.openwrt.org/oldwiki/dropbearpublickeyauthenticationhowto 
 +  - https://openwrt.org/docs/guide-user/services/ssh/openssh.server 
 + 
 +  scp yourpubkey root@192.168.31.1:/tmp/ 
 +  cd /etc/dropbear 
 +  cat /tmp/yourpubkey >> authorized_keys 
 +  chmod 0600 authorized_keys 
 + 
 +Then in your local machine 
 +  vim ~/.ssh/config 
 +   
 +Add the ssh host config 
 +<code> 
 +Host miwifi.com 192.168.31.1 
 +    IdentityFile ~/.ssh/yourprivatekey 
 +    User root 
 +</code> 
 +Then you can use the follow ssh command to login automatically 
 +  ssh root@192.168.31.1 
 + 
 +If you want to ssh to the other server in the OpenWRT, you can also add the config file, and use -F to set the ssh config file 
 +  ssh -F config username@yourserver 
 +===== Remote ssh forward ===== 
 + 
 +  sh /userdisk/data/bin/ssh_forward.sh 22 32222 
 +  ssh root@ef.pjq.me -p 32222 
 +<code Bash> 
 +cat  /userdisk/data/bin/ssh_forward.sh 
 +#!/bin/bash 
 + 
 +if [ $# = 2 ];then 
 +    localport=$1 
 +    remoteport=$2 
 +    echo ssh -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me 
 +    ssh -F /etc/dropbear/config -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me 
 +    #echo autossh -f -M 2"$1"  -NR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me 
 +    #autossh -f -M 2"$1" -NR  ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me 
 +    echo DONE, Now you can visit it via 
 +    echo http://ef.pjq.me:${remoteport} 
 +else 
 +cat <<EOF 
 +    Usage: 
 +    ./$0 localport remoteport 
 +    For example, forward the localhost port 80 to the remote server 8080 
 +    ssh -gNfR ef.pjq.me:8080:localhost:80 pjq@ef.pjq.me 
 +    Then, you can visit it via: http://ef.pjq.me:8080 
 +EOF 
 + 
 +fi 
 +</code> 
 + 
 +===== Reference =====
   -https://www.pleamon.com/2016/01/01/python/shadowsocks/%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E6%90%AD%E5%BB%BAshadowsocks/   -https://www.pleamon.com/2016/01/01/python/shadowsocks/%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E6%90%AD%E5%BB%BAshadowsocks/
   - http://www.wenlc.cn/%E5%A6%82%E4%BD%95%E8%AE%A9%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E8%81%AA%E6%98%8E%E7%9A%84%E4%BD%BF%E7%94%A8shadowsocks/   - http://www.wenlc.cn/%E5%A6%82%E4%BD%95%E8%AE%A9%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E8%81%AA%E6%98%8E%E7%9A%84%E4%BD%BF%E7%94%A8shadowsocks/
   - https://github.com/pjq/miwifi-ss   - https://github.com/pjq/miwifi-ss
 +  - http://www.miui.com/thread-4408033-1-1.html
  
  
/var/www/dokuwiki/wiki/data/pages/linux/miwifi-shadowsocks.txt · Last modified: 2019/03/09 01:35 by percy