BLUA сказал(а):
В самой OpenWRT есть возможность воткнуть впн и раздавать wifi с vpn.
Но как реализовать раздачу прокси ? Точно же уже кто-то сталкивался с этой задачей...
можеть есть какой-то софт? или мб плагины для openWRT?
ShadowSocks, RedSocks2 and ChinaDNS on OpenWrt
In this post, I will set up Shadowsocks, RedSocks2 and ChinaDNS on OpenWrt, install PandoraBox on Xiaomi MiWiFi Mini. ShadowSocks A secure socks5 proxy, designed to protect your Internet traffic. Server side setup reference ShadowSocks Setup Guide. Official Website shadowsocks.org…
xuri.me
In this post, I will set up Shadowsocks, RedSocks2 and ChinaDNS on OpenWrt, install PandoraBox on Xiaomi MiWiFi Mini.
ShadowSocks
A secure socks5 proxy, designed to protect your Internet traffic. Server side setup reference ShadowSocks Setup Guide.
Official Website shadowsocks.org
OpenWRT
OpenWrt is described as a Linux distribution for embedded devices.
Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developer, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
Official Website openwrt.org
PandoraBox
The buildsystem for the OpenWrt Linux distribution. Powered by LuCI, the initial reason for this project was the absence of a free, clean, extensible and easily maintainable web user interface for embedded devices. While most similar configuration interfaces make heavy use of the Shell-scripting language LuCI uses the Lua programming language and splits up the interface into logical parts like models and views, uses object-oriented libraries and templating. That ensures a higher performance, smaller installation size, faster runtimes and what is even more important: better maintainability.
Official Website luci.subsignal.org
RedSocks2
Transparent redirector of any TCP connection to proxy (Customized for Anti-GFW), a modified version of original redsocks. The name is changed to REDSOCKS2 to distinguish with original redsocks. This variant is useful for anti-GFW (Great Fire Wall). REDSOCKS2 contains several new features besides many bug fixes to original redsocks.
Project on GitHub github.com/semigodking/redsocks
ChinaDNS
ChinaDNS automatically queries local DNS servers to resolve Chinese domains and queries foreign DNS servers to resolve foreign domains. It is smart enough to work only with a Chinese IP range file, which doesn't change often.
Project on GitHub github.com/shadowsocks/ChinaDNS
Hardware information and software version in this post
Xiaomi MiWiFi Router
Board : Xiaomi mini Board
CPU : MTK MT7620A (1 Core 580MHz)
Router Setting
Plug in power and Ethernet cable to one of the Ethernet ports.
Direct browser to 192.168.31.1 or miwifi.com.
The first screen will appear. Press blue button (开始) to get to next screen.
The next screen sets up the wifi network name and password. Note that the wifi password is also used later for access to the browser page (192.168.31.1).
Once you have set this up, plug in WAN cable for access to internet. Internet access also enables the Chrome translation and you can confirm that the router works properly before proceeding.
The next few steps involve first loading the development version of the firmware, then loading a firmware version which provides SSH access with the last step being loading the OpenWrt firmware onto the router.
Apparently loading the development version ofthe firmware voids warranty, so beware. Development version can be obtained from www1.miwifi.com/miwifi_download.html. Point to the mini router to get the correct firmware/software. At the same time you can also download the PC Client (although I don't recommend this) and also one of either iOS or Android app. You will NEED one of these to complete the steps. The development ROM that I downloaded was named miwifi_r1cm_firmware_4156a_2.5.22.bin. Apparently the development ROM that is used is important because some of the ROMs may not allow the next step of flashing the SSH firmware. The older ROMs can be found here
www.miui.com/thread-1776173-1-1.html. Try to use the development ROM that has been proven to allow the next step of the process.
Shadowsocks, RedSocks2 and ChinaDNS on OpenWrt
The above downloads the Chinese versions of PC Client and iOS/Android apps. To get the translated software follow these links. The iOS/Android are necessary because they are used to link the hardware to the miwifi account that you are about to set up. Without the link, the SSH version of the ROM (and SSH password) will not be available.
Create and activate a new account at Xiaomi account.xiaomi.com/pass/register. When you have setup the account and logged in, remember the User ID. You will note that there is no device associated with the account. The association has to be done via theiOS/Android app. Unfortunately there does not seem to be a way to do that via the PC Client, which is why I do not recommend installing this.
Using your iOS or Android device, open the app. Login using the ID and password in the step above. The account then recognises the Xiaomi mini router device. This is required for the SSH firmware.
To get the SSH firmware proceed to www1.miwifi.com/miwifi_open.html. Halfway down the page there is a SSH button.
Shadowsocks, RedSocks2 and ChinaDNS on OpenWrt
Click on the button and sign into the Xiaomi account when requested. After signing in you will be presented with a page to download the SSH firmware. Also note the SSH password for root user in the middle of the page. The SSH firmware will have the name miwifi_ssh.bin
Shadowsocks, RedSocks2 and ChinaDNS on OpenWrt
Now that you have all the firmware, it is just a matter of flashing in the correct sequence. First off, get an empty USB drive and format to FAT or FAT32.
Copy the development firmware into the USB drive.
The development firmware and SSH firmware flash both follows the same procedure
Pull the power from router, at the router
Plug USB drive into router.
Press reset button (in the hole to the left ofthe USB drive)
While holding down the reset button, plug in the power. The orange light in front of the router will remain steady for a short while before it starts flashing
Once the orange light starts flashing, releasethe reset button and sit back until the light in front of the router turns blue. Also if there are indicator lights on your USB drive, they will flash as the drive is being read. If the orange light does not flash, try with another USB drive and confirm that the drive is formatted to FAT or FAT32.
The router can be re-set up between each flash just to confirm that it is working, but I generally just flash the firmwares one after the other.
The SSH firmware do not have to be renamed for the flash. Just keep the name as miwifi_ssh.bin.
Once the SSH firmware has been successfully flashed, confirm SSH via port 22, username root and password as noted from download download the SSH firmware page.
The OpenWRT firmware will need to be downloaded from downloads.openwrt.org.cn/PandoraBox/Xiaomi-Mini-R1CM/testing. I used the latest version PandoraBox-ralink-mt7620-xiaomi-mini-squashfs-sysupgrade-r1216-20150721.bin.
Transfer PandoraBox-ralink-mt7620-xiaomi-mini-squashfs-sysupgrade-r1216-20150721.bin to the /tmp directory in the root of the router drive using 192.168.31.1, Port 22
$ scp PandoraBox-ralink-*
root@192.168.31.1:/tmp
Connect to the router using 192.168.31.1, Port 22, via SSH or putty (Microsoft Windows).
Change to the /tmp directory and confirming that the PandoraBox-ralink-mt7620-xiaomi-mini-squashfs-sysupgrade-r1216-20150721.bin file is listed.
# ls -l /tmp
Finally flash the OpenWRT firmware.
# mtd -r write /tmp/PandoraBox-ralink-* OS1
or
# mtd -r write /tmp/PandoraBox-ralink-* firmware
The router will reboot once it has been successfully flashed.
Re-connect Wifi AP named PandoraBox_* and access the OpenWRT router via 192.168.1.1 on your browser. Default account username will be root and password admin.
BusyBox v1.22.1 (2015-07-09 13:52:12 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______________________________________________________________
| ____ _ ____ |
| | _ \ __ _ _ __ __| | ___ _ __ __ _| __ ) _____ __ |
| | |_) / _` | '_ \ / _` |/ _ \| '__/ _` | _ \ / _ \ \/ / |
| | __/ (_| | | | | (_| | (_) | | | (_| | |_) | (_) > < |
| |_| \__,_|_| |_|\__,_|\___/|_| \__,_|____/ \___/_/\_\ |
| |
| PandoraBox SDK Platform |
| The Core of SmartRouter |
| Copyright 2013-2015 D-Team Technology Co.,Ltd.SZ |
|
http://www.pandorabox.org.cn |
|______________________________________________________________|
Base on OpenWrt BARRIER BREAKER (14.09, r1216)
[root@PandoraBox_57B7:/root]#
Setup opkg Source
Backup config file
# mv /etc/opkg.conf /etc/opkg.conf.bak
Edit opkg config file
# vim /etc/opkg.conf
Add following source
dest root /
dest ram /tmp
lists_dir ext /etc/opkg-lists
option overlay_root /overlay
# notice
dest usb /mnt/sdb1/opkg
arch all 100
arch ramips_24kec 200
arch ramips 300
arch mips 400
arch unkown 500
src/gz barrier_breaker_base
http://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7620a/packages/base
src/gz barrier_breaker_luci
http://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7620a/packages/luci
src/gz barrier_breaker_management
http://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7620a/packages/management
src/gz barrier_breaker_oldpackages
http://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7620a/packages/oldpackages
src/gz barrier_breaker_packages
http://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7620a/packages/packages
src/gz barrier_breaker_routing
http://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7620a/packages/routing
src/gz barrier_breaker_telephony
http://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7620a/packages/telephony
src/gz openwrt_dist
http://openwrt-dist.thankgfw.ml/releases/ramips/packages
src/gz openwrt_dist_luci
http://openwrt-dist.thankgfw.ml/releases/luci/packages
Save and update source list and install curl, wget, libpolarssl and redsocks2
# opkg update
# opkg install curl wget libpolarssl redsocks2
Download and install following package with curl or download from website
shadowsocks-libev sourceforge.net/projects/openwrt-dist/files/shadowsocks-libev
chinadns-openwrt sourceforge.net/projects/openwrt-dist/files/chinadns
luci-app-chinadns sourceforge.net/projects/openwrt-dist/files/luci-app/chinadns
redsocks2 sourceforge.net/projects/openwrt-dist/files/redsocks2
luci-app-redsocks2 sourceforge.net/projects/openwrt-dist/files/luci-app/redsocks2
# cd /tmp
# wget
http://jaist.dl.sourceforge.net/pro...adowsocks-libev-spec_2.1.4-1_ramips_24kec.ipk
# wget
http://jaist.dl.sourceforge.net/pro...3.2-21cb752/ChinaDNS_1.3.2-1_ramips_24kec.ipk
# wget
http://iweb.dl.sourceforge.net/proj...pp/chinadns/luci-app-chinadns_1.3.4-1_all.ipk
# wget
http://jaist.dl.sourceforge.net/pro....60-769a5b0/redsocks2_0.60-2_ramips_24kec.ipk
# wget
http://jaist.dl.sourceforge.net/pro.../redsocks2/luci-app-redsocks2_1.3.0-1_all.ipk
# opkg install shadowsocks-libev-spec*
# opkg install ChinaDNS*
# opkg install luci-app-chinadns*
# opkg install redsocks2*
# opkg install luci-app-redsocks2*
Setup ShadowSocks Client
Config ShadowSocks client config file /etc/shadowsocks.json like this
{
"server" : "X.X.X.X",
"server_port" : 8388,
"local" : "0.0.0.0",
"local_port" : 1080,
"password" : "password",
"timeout" : 60,
"method" : "rc4-md5"
}
Enable and restart ShadowSocks service
# /etc/init.d/shadowsocks enable
# /etc/init.d/shadowsocks start
Setup UDP Relay: Relay Mode disable, UDP: Forward enable, UDP Local Port 1053, Forwarding Tunnel 8.8.8.8:53 on Luci → Services → ShadowSocks and click Save & Apply button.
Shadowsocks, RedSocks2 and ChinaDNS on OpenWrt
Setup Redsocks2
Luci → Services → Redsocks2, config params like following and click Save & Apply button.
Enable : Checked
Local Port : 12345
Proxy Type : SOCKS5
Proxy IP : 127.0.0.1
Proxy Port : 1080
Auto Proxy : Enable
Wait Timeout : 5
Redsocks2 config file /etc/init.d/redsocks2, if we wanna to only allow 80 and 443 port connection via redsocks2 service, replace -A REDSOCKS2 -p tcp -j REDIRECT --to-ports $local_port with
-A REDSOCKS2 -p tcp --dport 80 -j REDIRECT --to-ports $local_port
-A REDSOCKS2 -p tcp --dport 443 -j REDIRECT --to-ports $local_port
in config file, and restart service
# /etc/init.d/redsocks2 restart
Shadowsocks, RedSocks2 and ChinaDNS on OpenWrt
Setup ChinaDNS
Luci → Services → ChinaDNS, config params like following
Enable : Checked
Enable Bidirectional Filter : Checked
Local Port : 5353
CHNRoute File : /etc/chinadns_chnroute.txt
Upstream Servers : 114.114.114.114,8.8.8.8
Click Save & Apply button, if service not running, using chinadns command and check config file /etc/init.d/chinadns.
/etc/init.d/chinadns enable
/etc/init.d/chinadns start
Shadowsocks, RedSocks2 and ChinaDNS on OpenWrt
Setup DHCP and DNS
Luci → Network → DHCP and DNS, config params like following and click Save & Apply button.
General settings
DNS forwardings : 127.0.0.1#5353
Resolv and Hosts Files
Ignore resolve file : Checked
Shadowsocks, RedSocks2 and ChinaDNS on OpenWrt
Shadowsocks, RedSocks2 and ChinaDNS on OpenWrt
0.00 avg. rating (0% score) - 0 votes
ChinaDNS, OpenWRT, RedSocks2, ShadowSocks