切勿用作非法用途,国法无情,勿以身试法。
这里只记录一些细节,相关链接见文章末尾,转载请注明出处
0x01.编译 1.编译系统及应用:
1 2 3 4 5 6 7 8 9 $ git clone git://github.com/grugq/portal.git $ git clone https://github.com/shadowsocks/openwrt-shadowsocks.git $ git clone git://git.openwrt.org/15.05/openwrt.git openwrt $ cd openwrt $ cp -r ../portal/feeds/packages/net/tor-alpha/ package/feeds/packages/ $ cp -r ../openwrt-shadowsocks/ ./package/ $ ./scripts/feeds update -a $ ./scripts/feeds install -a $ make menuconfig
2.选择如下:
Target System->X86
3.更新&&安装包
1 2 $ scripts/feeds update -a $ scripts/feeds install -a
4.开始编译
make V=99
编译完成后,挂载…ext4.vmdk到vmware并检查是否安装了以下软件包(直接opkg install PACKNAME即可)
libevent2-openssl libevent2 libminiupnpc libnatpmp tor-alpha tor-alpha-fw-helper tor-alpha-geoip
0x02.配置 1.vmware网卡的配置: 共三块虚拟网卡,拓扑:
网络适配器:LAN区段1:非TOR内网:192.168.6.1
配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 $ vi /etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option ifname 'eth0' option type 'bridge' option proto 'static' option netmask '255.255.255.0' option ip6assign '60' option ipaddr '192.168.6.1' config interface 'wan' option ifname 'eth1' option proto 'dhcp' config interface 'tor' option ifname 'eth2' option proto 'static' option ipaddr '172.16.1.1 option netmask '255.255.255.0'
2.DHCP
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 $ vi /etc/config/dhcp config dnsmasq option domainneeded '1' option boguspriv '1' option filterwin2k '0' option localise\_queries '1' option rebind\_protection '1' option rebind\_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option nonegcache '0' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' option localservice '1' config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option dhcpv6 'server' option ra 'server' config dhcp 'wan' option interface 'wan' option ignore '1' config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' config dhcp 'tor' option interface 'tor' option start '100' option limit '150' option leasetime '1h' option ra 'server
3.firewall
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 $ vi /etc/config/firewall config defaults option syn\_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option network 'lan' config zone option name 'wan' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu\_fix '1' option network 'wan' config zone option name 'tor' option network 'tor' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option conntrack '1' config rule option name 'Allow-Tor-DHCP' option src 'tor' option proto 'udp' option dest\_port '67' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Tor-DNS' option src 'tor' option proto 'udp' option dest\_port '9053' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Tor-Transparent' option src 'tor' option proto 'tcp' option dest\_port '9040' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Tor-SOCKS' option src 'tor' option proto 'tcp' option dest\_port '9050' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest\_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp\_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config forwarding option dest 'wan' option src 'lan' config include option path '/etc/firewall.user' config include 'shadowsocks' option type 'script' option path '/var/etc/shadowsocks.include' option reload '1'
4.增加firewall规则
$ vi /etc/firewall.user
#在最后增加
1 2 3 4 5 enable\_transparent\_tor() { iptables -t nat -A PREROUTING -i eth2 p udp --dport 53 -j REDIRECT --to-ports 9053 iptables -t nat -A PREROUTING -i eth2 -p tcp --syn -j REDIRECT --to-ports 9040 } enable\_transparent\_tor
5.修改shadowsocks配置
1 2 3 4 5 6 7 8 9 10 11 $ vi shadowsocks.json { "server": "SERVER\_IP", "server\_port": SERVER\_PORT, "local\_port": 1080, "password": "SERVER\_PASS", "timeout": 60, "method": "aes-256-cfb" "fast\_open": true }
6.修改tor配置
$ vi /etc/tor/torrc
在最后增加 1 2 3 4 5 6 7 User tor VirtualAddrNetwork 10.192.0.0/10 TransPort 9040 TransListenAddress 172.16.1.1 DNSPort 9053 DNSListenAddress 172.16.1.1 Socks5Proxy 127.0.0.11080 #这里是shadowsocks创建的socks5代理,用来穿过GFW链接TOR
7.重启
$ reboot
8.验证 LAN区段1 用于正常上网,可以管理路由器 LAN区段2 用于匿名上网,不可管理路由器,TOR或SS断线后断开网络连接
0x03.相关链接 openwrt编译相关:
ipk安装包的编译步骤参考这里: