Setup ShadowSocks on OpenWrt

今天shadowsocks-libev发布新版本(2.4.8)了, 我也及时发布了docker镜像, 以及openwrt安装包.

大家在安装openwrt-shadowsocks-spec完毕后, 需要再安装luci-app-shadowsocks-spec, 否则只能在命令行下配置.

另外, 用awk写了一个dnsmasq的日志解析脚本, 用来审查局域网.

$ opkg install iptables-mod-tproxy shadowsocks-libev-spec_2.4.8-1_brcm2708.ipk luci-app-shadowsocks-spec_1.4.0-1_all.ipk

$ wget -qO- http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest | awk -F '|' '$2=="CN" && $3=="ipv4" {printf "%s/%s\n", $4, 32-log($5)/log(2)}' > /etc/ignore.list

$ vi /etc/config/shadowsocks
$ vi /etc/config/dhcp

$ /etc/init.d/shadowsocks start
$ /etc/init.d/shadowsocks enable

$ vi /usr/bin/dnsmasq.awk
$ chmod +x /usr/bin/dnsmasq.awk

$ /etc/init.d/dnsmasq restart
$ tail -f /tmp/dnsmasq.log | dnsmasq.awk

$ iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j REDIRECT --to-port 53

/etc/config/shadowsocks

# /etc/config/shadowsocks

config global  
        option global_server 'jp'
        option udp_relay_server 'same'

config servers 'tw'  
        option alias 'tw'
        option auth_enable '0'
        option server '1.2.3.4'
        option server_port '8388'
        option local_port '1080'
        option password '******'
        option timeout '60'
        option encrypt_method 'aes-256-cfb'

config servers 'jp'  
        option alias 'jp'
        option auth_enable '0'
        option server '5.6.7.8'
        option server_port '8388'
        option local_port '1080'
        option password '******'
        option timeout '60'
        option encrypt_method 'chacha20'

config udp_forward  
        option tunnel_enable '1'
        option tunnel_port '5300'
        option tunnel_forward '8.8.4.4:53'

config access_control  
        option lan_ac_mode '0'
        option wan_bp_list '/etc/ignore.list'
        list wan_bp_ips '1.2.3.4'
        list wan_bp_ips '5.6.7.8'

/etc/config/dhcp

# /etc/config/dhcp

config dnsmasq  
        option noresolv '1'
        list server '127.0.0.1#5300'

/etc/dnsmasq.conf

# /etc/dnsmasq.conf

log-dhcp  
log-queries  
log-facility=/tmp/dnsmasq.log  

/usr/bin/dnsmasq.awk

#!/usr/bin/awk -f
#
# parse dnsmasq log file
#

BEGIN {  
  OFS = ",";
}

$5 == "query[A]" {
  time = mktime( \
    sprintf("%04d %02d %02d %s\n", \
      strftime("%Y", systime()), \
      (match("JanFebMarAprMayJunJulAugSepOctNovDec",$1)+2)/3, \
      $2, \
      gensub(":", " ", "g", $3) \
    ) \
  );
  query = $6;
  host = $8;
  print time, host, query;
}

Read More