Welcome to Jianqing's Wiki

User Tools

Site Tools

You are here: Readme » linux » MiWifi with Shadowsocks
Trace:
linux:miwifi-shadowsocks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:miwifi-shadowsocks [2018/09/03 12:28] percylinux:miwifi-shadowsocks [2019/03/09 01:35] (current) percy
Line 1: Line 1:
 ====== MiWifi with Shadowsocks ====== ====== MiWifi with Shadowsocks ======
  
 +===== /etc/shadowsocks.json =====
  
 +<code BASH>
 +{
 +  "server":"SERVER", //这里写服务器地址,最好用ip    
 +  "server_port": 5555, //shadowsocks服务器的端口
 +  "local_address":"127.0.0.1",
 +  "local_port":1081, //本地shadows绑定的端口, 
 +  "password":"PASSWORD",//shdowsocks 密码
 +  "timeout":600, //不用改
 +  "method":"aes-256-cfb"//加密算法, 根据服务商要求填写
 +}
 +</code>
 +
 +===== /etc/init.d/myshadowsocks =====
  
- vi /etc/init.d/myshadowsocks+    vim /etc/init.d/myshadowsocks
  
 <code Bash> <code Bash>
Line 38: Line 52:
 </code> </code>
  
-====== Reference ======+ 
 +<code BASH> 
 +/etc/init.d/myshadowsocks enable //add to the auto start jobs 
 +/etc/init.d/myshadowsocks start //start 
 +</code> 
 + 
 +Everytime after the router restart, it will delete the script, so I put the script to /userdisk/data/bin/myshadowsocks, and do the soft link 
 +  chmod +x /userdisk/data/bin/myshadowsocks 
 +  ln -s /userdisk/data/bin/myshadowsocks /etc/init.d/myshadowsocks 
 +  /etc/init.d/myshadowsocks 
 + 
 + 
 +==== To support kcptun with shadowsocks ===
 + 
 +<code BASH> 
 +CONFIG_KCPTUN=/etc/shadowsocks-kcptun.json 
 +#CONFIG=/etc/shadowsocks.json 
 +CONFIG=$CONFIG_KCPTUN 
 +DNS=8.8.8.8:53 
 +TUNNEL_PORT=5353 
 + 
 +start() { 
 +   # Client Mode 
 +   #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE 
 +   # Proxy Mode 
 +   service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE 
 +   # Tunnel 
 +   service_start /usr/bin/ss-tunnel -c $CONFIG_DEFAULT -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE 
 +
 +stop() { 
 +   # Client Mode 
 +   #service_stop /usr/bin/ss-local 
 +   # Proxy Mode 
 +   service_stop /usr/bin/ss-redir 
 +   # Tunnel 
 +   service_stop /usr/bin/ss-tunnel 
 +
 +</code> 
 + 
 +And the shadowsocks-kcptun.json 
 +<code Bash> 
 +
 +  "server":"127.0.0.1", 
 +  "server_port":8480, 
 +  "local_address":"0.0.0.0", 
 +  "local_port":1081, 
 +  "password":"xxx", 
 +  "timeout":600, 
 +  "method":"aes-256-cfb" 
 +
 +</code> 
 + 
 +And it will depends on the kcptun `cat /userdisk/data/bin/kcptun_start.sh` 
 +<code Bash> 
 + 
 +#!/bin/sh 
 + 
 +cd /userdisk/data/bin 
 +echo ./client_linux_arm5  -r ef.pjq.me:4001 -l :8480 -mode fast3 
 +./client_linux_arm5  -r ef.pjq.me:4001 -l :8480 -mode fast3 
 +</code> 
 + 
 +===== dnsmasq ===== 
 + 
 +https://github.com/cokebar/gfwlist2dnsmasq 
 +  gfwlist2dnsmasq.sh -s gfwlist -o /etc/dnsmasq.d/dnsmasq_list.conf 
 + 
 + 
 +===== gfwlist iptables ===== 
 + 
 +<code BASH> 
 +ipset -N gfwlist iphash 
 +iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081 
 +</code> 
 + 
 +===== Restart all the service ===== 
 +  /etc/init.d/firewall restart 
 +  /etc/init.d/myshadowsocks stop 
 +  /etc/init.d/myshadowsocks start 
 +  /etc/init.d/dnsmasq restart 
 + 
 +===== ssh keys ===== 
 +OpenWrt is not using ~/.ssh for the keys, and it use /etc/dropbear,    
 +  - https://wiki.openwrt.org/oldwiki/dropbearpublickeyauthenticationhowto 
 +  - https://openwrt.org/docs/guide-user/services/ssh/openssh.server 
 + 
 +  scp yourpubkey root@192.168.31.1:/tmp/ 
 +  cd /etc/dropbear 
 +  cat /tmp/yourpubkey >> authorized_keys 
 +  chmod 0600 authorized_keys 
 + 
 +Then in your local machine 
 +  vim ~/.ssh/config 
 +   
 +Add the ssh host config 
 +<code> 
 +Host miwifi.com 192.168.31.1 
 +    IdentityFile ~/.ssh/yourprivatekey 
 +    User root 
 +</code> 
 +Then you can use the follow ssh command to login automatically 
 +  ssh root@192.168.31.1 
 + 
 +If you want to ssh to the other server in the OpenWRT, you can also add the config file, and use -F to set the ssh config file 
 +  ssh -F config username@yourserver 
 +===== Remote ssh forward ===== 
 + 
 +  sh /userdisk/data/bin/ssh_forward.sh 22 32222 
 +  ssh root@ef.pjq.me -p 32222 
 +<code Bash> 
 +cat  /userdisk/data/bin/ssh_forward.sh 
 +#!/bin/bash 
 + 
 +if [ $# = 2 ];then 
 +    localport=$1 
 +    remoteport=$2 
 +    echo ssh -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me 
 +    ssh -F /etc/dropbear/config -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me 
 +    #echo autossh -f -M 2"$1"  -NR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me 
 +    #autossh -f -M 2"$1" -NR  ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me 
 +    echo DONE, Now you can visit it via 
 +    echo http://ef.pjq.me:${remoteport} 
 +else 
 +cat <<EOF 
 +    Usage: 
 +    ./$0 localport remoteport 
 +    For example, forward the localhost port 80 to the remote server 8080 
 +    ssh -gNfR ef.pjq.me:8080:localhost:80 pjq@ef.pjq.me 
 +    Then, you can visit it via: http://ef.pjq.me:8080 
 +EOF 
 + 
 +fi 
 +</code> 
 + 
 +===== Reference =====
   -https://www.pleamon.com/2016/01/01/python/shadowsocks/%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E6%90%AD%E5%BB%BAshadowsocks/   -https://www.pleamon.com/2016/01/01/python/shadowsocks/%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E6%90%AD%E5%BB%BAshadowsocks/
   - http://www.wenlc.cn/%E5%A6%82%E4%BD%95%E8%AE%A9%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E8%81%AA%E6%98%8E%E7%9A%84%E4%BD%BF%E7%94%A8shadowsocks/   - http://www.wenlc.cn/%E5%A6%82%E4%BD%95%E8%AE%A9%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E8%81%AA%E6%98%8E%E7%9A%84%E4%BD%BF%E7%94%A8shadowsocks/
   - https://github.com/pjq/miwifi-ss   - https://github.com/pjq/miwifi-ss
 +  - http://www.miui.com/thread-4408033-1-1.html
  
  
/var/www/dokuwiki/wiki/data/attic/linux/miwifi-shadowsocks.1535948926.txt.gz · Last modified: 2018/09/03 12:28 by percy