|
本帖最后由 99010 于 2020-3-28 22:18 编辑
参考https://www.atrandys.com/2020/2343.html的教程,完善了一些不足。
以openwrt官方19.07.2的mt7621为例。
下载openwrt官方SDK
- wget https://mirrors.tuna.tsinghua.edu.cn/openwrt/releases/19.07.2/targets/ramips/mt7621/openwrt-sdk-19.07.2-ramips-mt7621_gcc-7.5.0_musl.Linux-x86_64.tar.xz
复制代码 解压SDK
- tar xvJf openwrt-sdk-19.07.2-ramips-mt7621_gcc-7.5.0_musl.Linux-x86_64.tar.xz
复制代码 进入SDK编译目录
- cd openwrt-sdk-19.07.2-ramips-mt7621_gcc-7.5.0_musl.Linux-x86_64
复制代码 拉取openwrt组件
下载github上的openwrt-trojan、dns-forwarder
- git clone https://github.com/trojan-gfw/openwrt-trojan.git package/trojan
复制代码- git clone https://github.com/aa65535/openwrt-dns-forwarder.git package/dns-forwarder
复制代码 进入组件目录,再退出并保存
编译Trojan、dns-forwarder,可以用 -j4 参数加快编译
- make package/trojan/compile V=s
复制代码- make package/dns-forwarder/compile V=s
复制代码 bin目录里面有编译好的ipk。
-----------------------------------------------------------------------------------------------------------
将trojan、dns-forwarder的ipk上传到路由器tmp目录并安装
- opkg update
- opkg install /tmp/*.ipk
复制代码 编辑dns-forwarder配置文件
- vi /etc/config/dns-forwarder
复制代码 内容如下
- config dns-forwarder
- option listen_addr '0.0.0.0'
- option listen_port '5353'
- option dns_servers '8.8.8.8'
- option enable '1'
复制代码 编辑trojan.配置文件
内容如下
- {
- "run_type": "nat", //可选client、forward、nat,要在路由器上做透明代理就用nat,注:nat需要1.15.1以上版本的trojan
- "local_addr": "0.0.0.0",
- "local_port": 1080,
- "remote_addr": "example.com", //你的服务器域名
- "remote_port": 443,
- "password": [
- "password1" //密码
- ],
- "log_level": 1,
- "ssl": {
- "verify": true,
- "verify_hostname": true,
- "cert": "", //证书,可选自定义证书。
- "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA",
- "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
- "sni": "",
- "alpn": [
- "h2",
- "http/1.1"
- ],
- "reuse_session": true,
- "session_ticket": false,
- "curves": ""
- },
- "tcp": {
- "no_delay": true,
- "keep_alive": true,
- "reuse_port": false,
- "fast_open": false,
- "fast_open_qlen": 20
- }
- }
复制代码 修改/etc/config/trojan
- config trojan
- option enabled '1'
复制代码
到此,trojan安装完成。
---------------------------------------------------------------------------------------------------------------------
要实现透明代理,还需要做如下步骤。
安装必要的组件
- opkg update
- opkg remove dnsmasq
- rm -rf /etc/config/dhcp
- opkg install dnsmasq-full ipset iptables-mod-nat-extra
复制代码 修改/etc/firewall.user,添加如下
- ipset -N gfwlist iphash
- iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080
- iptables -t nat -A PREROUTING -p tcp -d 8.8.8.8/32 -j REDIRECT --to-ports 1080
- iptables -t nat -A OUTPUT -p tcp -d 8.8.8.8/32 -j REDIRECT --to-ports 1080
复制代码 修改/etc/dnsmasq.conf,添加如下
创建/etc/dnsmasq.d/gfwlist.conf文件
- mkdir -p /etc/dnsmasq.d
- vi /etc/dnsmasq.d/gfw.conf
复制代码 内容如下(可自行添加或者找网上分享的gfwlist列表,注意一下格式)
- server=/google.com/127.0.0.1#5353
- ipset=/google.com/gfwlist
- server=/gstatic.com/127.0.0.1#5353
- ipset=/gstatic.com/gfwlist
- server=/googleusercontent.com/127.0.0.1#5353
- ipset=/googleusercontent.com/gfwlist
- server=/ggpht.com/127.0.0.1#5353
- ipset=/ggpht.com/gfwlist
- server=/ytimg.com/127.0.0.1#5353
- ipset=/ytimg.com/gfwlist
- server=/googlevideo.com/127.0.0.1#5353
- ipset=/googlevideo.com/gfwlist
- server=/twitter.com/127.0.0.1#5353
- ipset=/twitter.com/gfwlist
- server=/twimg.com/127.0.0.1#5353
- ipset=/twimg.com/gfwlist
- server=/t.co/127.0.0.1#5353
- ipset=/t.co/gfwlist
- server=/facebook.com/127.0.0.1#5353
- ipset=/facebook.com/gfwlist
- server=/fbcdn.net/127.0.0.1#5353
- ipset=/fbcdn.net/gfwlist
复制代码
重启路由让所有配置生效即可。
编译好的ipk,mt762x、ar71xx、x86_64 for openwrt 19.07.2
链接: https://share.weiyun.com/5FNekfL (密码:y5lD)
|
评分
-
查看全部评分
|