From a67d4b8b6d8389ad6d97cfe6a47d23765e4c576c Mon Sep 17 00:00:00 2001
From: Alexandr Bogomyakov <ultradesu@hexor.ru>
Date: Mon, 16 Jun 2025 16:30:51 +0100
Subject: [PATCH] Create openwrt-shadowsocks.md

---
 content/posts/openwrt-shadowsocks.md | 92 ++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100644 content/posts/openwrt-shadowsocks.md

diff --git a/content/posts/openwrt-shadowsocks.md b/content/posts/openwrt-shadowsocks.md
new file mode 100644
index 0000000..e9b306b
--- /dev/null
+++ b/content/posts/openwrt-shadowsocks.md
@@ -0,0 +1,92 @@
++++
+title = "Shadowsocks on OpenWRT"
+date = "2025-06-16"
+description = "Setup shadowsocks on OpenWRT for all clients"
+
+[taxonomies]
+tags = ["linux", "networking", "openwrt"]
+
+[extra]
+author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
++++
+
+# Shadowsocks-libev + OpenWRT + Hardware Switch on GL.iNet
+
+## 1. Install packages
+
+```sh
+opkg update
+opkg install luci-app-shadowsocks-libev shadowsocks-libev-ss-redir shadowsocks-libev-config
+```
+
+---
+
+## 2. Add server + redir instance
+
+```sh
+SERVER_NAME='Bulgaria'
+SERVER_ADDRESS='1.1.1.1'
+SERVER_PORT=38583
+SERVER_PROTO='chacha20-ietf-poly1305'
+SERVER_PASS='qrDW4aMdULrT43HT'
+LOCAL_PORT=12345
+
+uci set shadowsocks-libev.$SERVER_NAME=server
+uci set shadowsocks-libev.$SERVER_NAME.server="$SERVER_ADDRESS"
+uci set shadowsocks-libev.$SERVER_NAME.server_port="$SERVER_PORT"
+uci set shadowsocks-libev.$SERVER_NAME.method="$SERVER_PROTO"
+uci set shadowsocks-libev.$SERVER_NAME.password="$SERVER_PASS"
+
+uci set shadowsocks-libev.VPN_redir=ss_redir
+uci set shadowsocks-libev.VPN_redir.disabled='0'
+uci set shadowsocks-libev.VPN_redir.mode='tcp_and_udp'
+uci set shadowsocks-libev.VPN_redir.fast_open='1'
+uci set shadowsocks-libev.VPN_redir.no_delay='1'
+uci set shadowsocks-libev.VPN_redir.reuse_port='1'
+uci set shadowsocks-libev.VPN_redir.server="$SERVER_NAME"
+uci set shadowsocks-libev.VPN_redir.local_port="$LOCAL_PORT"
+```
+
+---
+
+## 3. Enable switch
+
+```sh
+uci set switch-button.@main[0].func='shadowsocks'
+uci commit
+```
+
+Create `/etc/gl-switch.d/shadowsocks.sh`:
+
+```sh
+#!/bin/sh
+action=$1
+port=12345
+chain=SHADOWSOCKS
+
+if [ "$action" = "on" ]; then
+    # Start ss-redir service
+    /etc/init.d/shadowsocks-libev start
+
+    # Add iptables rules
+    iptables -t nat -N $chain 2>/dev/null
+    iptables -t nat -F $chain
+    iptables -t nat -A $chain -d 192.168.0.0/16 -j RETURN
+    iptables -t nat -A $chain -p tcp -j REDIRECT --to-ports $port
+    iptables -t nat -A PREROUTING -i br-lan -p tcp -j $chain
+else
+    # Delete iptables rules
+    iptables -t nat -D PREROUTING -i br-lan -p tcp -j $chain
+    iptables -t nat -F $chain
+    iptables -t nat -X $chain
+
+    # Stop ss-redir service
+    /etc/init.d/shadowsocks-libev stop
+fi
+```
+
+```sh
+chmod +x /etc/gl-switch.d/shadowsocks.sh
+```
+
+Now you can enable Shadowsocks VPN using hardware switch on router. Also it's possible to start and stop VPN by running `/etc/gl-switch.d/shadowsocks.sh on/off`