Welcome to Jianqing's Wiki

User Tools

Site Tools

You are here: Readme » linux » MiWifi with Shadowsocks
Trace:
linux:miwifi-shadowsocks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:miwifi-shadowsocks [2018/09/03 13:26] percylinux:miwifi-shadowsocks [2019/03/09 01:35] (current) percy
Line 1: Line 1:
 ====== MiWifi with Shadowsocks ====== ====== MiWifi with Shadowsocks ======
  
 +===== /etc/shadowsocks.json =====
  
 +<code BASH> 
 +
 +  "server":"SERVER", //这里写服务器地址,最好用ip     
 +  "server_port": 5555, //shadowsocks服务器的端口 
 +  "local_address":"127.0.0.1", 
 +  "local_port":1081, //本地shadows绑定的端口,  
 +  "password":"PASSWORD",//shdowsocks 密码 
 +  "timeout":600, //不用改 
 +  "method":"aes-256-cfb"//加密算法, 根据服务商要求填写 
 +
 +</code>
  
 ===== /etc/init.d/myshadowsocks ===== ===== /etc/init.d/myshadowsocks =====
Line 40: Line 51:
 } }
 </code> </code>
 +
  
 <code BASH> <code BASH>
 /etc/init.d/myshadowsocks enable //add to the auto start jobs /etc/init.d/myshadowsocks enable //add to the auto start jobs
 /etc/init.d/myshadowsocks start //start /etc/init.d/myshadowsocks start //start
 +</code>
 +
 +Everytime after the router restart, it will delete the script, so I put the script to /userdisk/data/bin/myshadowsocks, and do the soft link
 +  chmod +x /userdisk/data/bin/myshadowsocks
 +  ln -s /userdisk/data/bin/myshadowsocks /etc/init.d/myshadowsocks
 +  /etc/init.d/myshadowsocks
 +
 +
 +==== To support kcptun with shadowsocks ====
 +
 +<code BASH>
 +CONFIG_KCPTUN=/etc/shadowsocks-kcptun.json
 +#CONFIG=/etc/shadowsocks.json
 +CONFIG=$CONFIG_KCPTUN
 +DNS=8.8.8.8:53
 +TUNNEL_PORT=5353
 +
 +start() {
 +   # Client Mode
 +   #service_start /usr/bin/ss-local -c $CONFIG -b 0.0.0.0 -f $SERVICE_PID_FILE
 +   # Proxy Mode
 +   service_start /usr/bin/ss-redir -c $CONFIG -b 0.0.0.0 -f $SS_REDIR_PID_FILE
 +   # Tunnel
 +   service_start /usr/bin/ss-tunnel -c $CONFIG_DEFAULT -b 0.0.0.0 -u -l $TUNNEL_PORT -L $DNS -f $SS_TUNNEL_PID_FILE
 +}
 +stop() {
 +   # Client Mode
 +   #service_stop /usr/bin/ss-local
 +   # Proxy Mode
 +   service_stop /usr/bin/ss-redir
 +   # Tunnel
 +   service_stop /usr/bin/ss-tunnel
 +}
 +</code>
 +
 +And the shadowsocks-kcptun.json
 +<code Bash>
 +{
 +  "server":"127.0.0.1",
 +  "server_port":8480,
 +  "local_address":"0.0.0.0",
 +  "local_port":1081,
 +  "password":"xxx",
 +  "timeout":600,
 +  "method":"aes-256-cfb"
 +}
 +</code>
 +
 +And it will depends on the kcptun `cat /userdisk/data/bin/kcptun_start.sh`
 +<code Bash>
 +
 +#!/bin/sh
 +
 +cd /userdisk/data/bin
 +echo ./client_linux_arm5  -r ef.pjq.me:4001 -l :8480 -mode fast3
 +./client_linux_arm5  -r ef.pjq.me:4001 -l :8480 -mode fast3
 </code> </code>
  
Line 56: Line 124:
 <code BASH> <code BASH>
 ipset -N gfwlist iphash ipset -N gfwlist iphash
-iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 8964+iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081
 </code> </code>
  
Line 65: Line 133:
   /etc/init.d/dnsmasq restart   /etc/init.d/dnsmasq restart
  
 +===== ssh keys =====
 +OpenWrt is not using ~/.ssh for the keys, and it use /etc/dropbear,   
 +  - https://wiki.openwrt.org/oldwiki/dropbearpublickeyauthenticationhowto
 +  - https://openwrt.org/docs/guide-user/services/ssh/openssh.server
 +
 +  scp yourpubkey root@192.168.31.1:/tmp/
 +  cd /etc/dropbear
 +  cat /tmp/yourpubkey >> authorized_keys
 +  chmod 0600 authorized_keys
 +
 +Then in your local machine
 +  vim ~/.ssh/config
 +  
 +Add the ssh host config
 +<code>
 +Host miwifi.com 192.168.31.1
 +    IdentityFile ~/.ssh/yourprivatekey
 +    User root
 +</code>
 +Then you can use the follow ssh command to login automatically
 +  ssh root@192.168.31.1
 +
 +If you want to ssh to the other server in the OpenWRT, you can also add the config file, and use -F to set the ssh config file
 +  ssh -F config username@yourserver
 +===== Remote ssh forward =====
 +
 +  sh /userdisk/data/bin/ssh_forward.sh 22 32222
 +  ssh root@ef.pjq.me -p 32222
 +<code Bash>
 +cat  /userdisk/data/bin/ssh_forward.sh
 +#!/bin/bash
 +
 +if [ $# = 2 ];then
 +    localport=$1
 +    remoteport=$2
 +    echo ssh -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
 +    ssh -F /etc/dropbear/config -gNfR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
 +    #echo autossh -f -M 2"$1"  -NR ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
 +    #autossh -f -M 2"$1" -NR  ef.pjq.me:${remoteport}:localhost:${localport} pjq@ef.pjq.me
 +    echo DONE, Now you can visit it via
 +    echo http://ef.pjq.me:${remoteport}
 +else
 +cat <<EOF
 +    Usage:
 +    ./$0 localport remoteport
 +    For example, forward the localhost port 80 to the remote server 8080
 +    ssh -gNfR ef.pjq.me:8080:localhost:80 pjq@ef.pjq.me
 +    Then, you can visit it via: http://ef.pjq.me:8080
 +EOF
 +
 +fi
 +</code>
  
-====== Reference ======+===== Reference =====
   -https://www.pleamon.com/2016/01/01/python/shadowsocks/%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E6%90%AD%E5%BB%BAshadowsocks/   -https://www.pleamon.com/2016/01/01/python/shadowsocks/%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E6%90%AD%E5%BB%BAshadowsocks/
   - http://www.wenlc.cn/%E5%A6%82%E4%BD%95%E8%AE%A9%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E8%81%AA%E6%98%8E%E7%9A%84%E4%BD%BF%E7%94%A8shadowsocks/   - http://www.wenlc.cn/%E5%A6%82%E4%BD%95%E8%AE%A9%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E8%81%AA%E6%98%8E%E7%9A%84%E4%BD%BF%E7%94%A8shadowsocks/
   - https://github.com/pjq/miwifi-ss   - https://github.com/pjq/miwifi-ss
 +  - http://www.miui.com/thread-4408033-1-1.html
  
  
/var/www/dokuwiki/wiki/data/attic/linux/miwifi-shadowsocks.1535952384.txt.gz · Last modified: 2018/09/03 13:26 by percy