Hexor/house-of-vanity.github.io
1
0
Fork 0
mirror of https://github.com/house-of-vanity/house-of-vanity.github.io.git synced 2025-08-21 15:07:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Create openwrt-shadowsocks.md

Browse Source
This commit is contained in:
Alexandr Bogomyakov
2025-06-16 16:30:51 +01:00
committed by GitHub
parent c386cc5584
commit a67d4b8b6d
1 changed files with 92 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
content/posts/openwrt-shadowsocks.md Normal file
View File

@@ -0,0 +1,92 @@
+++
title = "Shadowsocks on OpenWRT"
date = "2025-06-16"
description = "Setup shadowsocks on OpenWRT for all clients"
[taxonomies]
tags = ["linux", "networking", "openwrt"]
[extra]
author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
+++
# Shadowsocks-libev + OpenWRT + Hardware Switch on GL.iNet
## 1. Install packages
```sh
opkg update
opkg install luci-app-shadowsocks-libev shadowsocks-libev-ss-redir shadowsocks-libev-config
```
---
## 2. Add server + redir instance
```sh
SERVER_NAME='Bulgaria'
SERVER_ADDRESS='1.1.1.1'
SERVER_PORT=38583
SERVER_PROTO='chacha20-ietf-poly1305'
SERVER_PASS='qrDW4aMdULrT43HT'
LOCAL_PORT=12345
uci set shadowsocks-libev.$SERVER_NAME=server
uci set shadowsocks-libev.$SERVER_NAME.server="$SERVER_ADDRESS"
uci set shadowsocks-libev.$SERVER_NAME.server_port="$SERVER_PORT"
uci set shadowsocks-libev.$SERVER_NAME.method="$SERVER_PROTO"
uci set shadowsocks-libev.$SERVER_NAME.password="$SERVER_PASS"
uci set shadowsocks-libev.VPN_redir=ss_redir
uci set shadowsocks-libev.VPN_redir.disabled='0'
uci set shadowsocks-libev.VPN_redir.mode='tcp_and_udp'
uci set shadowsocks-libev.VPN_redir.fast_open='1'
uci set shadowsocks-libev.VPN_redir.no_delay='1'
uci set shadowsocks-libev.VPN_redir.reuse_port='1'
uci set shadowsocks-libev.VPN_redir.server="$SERVER_NAME"
uci set shadowsocks-libev.VPN_redir.local_port="$LOCAL_PORT"
```
---
## 3. Enable switch
```sh
uci set switch-button.@main[0].func='shadowsocks'
uci commit
```
Create `/etc/gl-switch.d/shadowsocks.sh`:
```sh
#!/bin/sh
action=$1
port=12345
chain=SHADOWSOCKS
if [ "$action" = "on" ]; then
# Start ss-redir service
/etc/init.d/shadowsocks-libev start
# Add iptables rules
iptables -t nat -N $chain 2>/dev/null
iptables -t nat -F $chain
iptables -t nat -A $chain -d 192.168.0.0/16 -j RETURN
iptables -t nat -A $chain -p tcp -j REDIRECT --to-ports $port
iptables -t nat -A PREROUTING -i br-lan -p tcp -j $chain
else
# Delete iptables rules
iptables -t nat -D PREROUTING -i br-lan -p tcp -j $chain
iptables -t nat -F $chain
iptables -t nat -X $chain
# Stop ss-redir service
/etc/init.d/shadowsocks-libev stop
fi
```
```sh
chmod +x /etc/gl-switch.d/shadowsocks.sh
```
Now you can enable Shadowsocks VPN using hardware switch on router. Also it's possible to start and stop VPN by running `/etc/gl-switch.d/shadowsocks.sh on/off`