WNDR4300配合Shadowsocks及ChinaDNS科学上网

in Shares with 21 comments

<h3>前言</h3>
之前一直在用WR703N作为路由器,但是由于性能瓶颈,很多功能在WR703N上无法实现,寝室一群基友凑钱买了个WNDR4300.于是有了这篇文章.

这篇文章介绍的方法基于aa65535的shadowsocks-spec for openwrt,介绍了如何在OpenWRT下配置自动翻墙,新版本支持在Luci下图形化配置,大大简化了配置过程。配置完成后,路由器本身获得自动翻墙能力,所有连入该路由的设备都可无障碍访问被墙的站点。是运行于路由器的透明代理。 方案根据IP判断是否代理,国内IP不代理,国外IP走代理。代理通过shadowsocks所带ss-redir做TCP转发实现,分国内外IP通过国内IP段列表文件chnroute来区别,并通过iptables规则分别处理(这些功能已经全部集成到shadowsocks-spec里了无需额外配置)。由于是基于IP的判定,故需要解决DNS污染的问题,故搭配使用ChinaDNS来解决。 由于只要国外IP均走代理,而不是被墙才走代理,那么本方案的优缺点也就很明显了。 优点:基本不会有漏网之鱼,保证所有被墙站点能访问;能够一定程度改善国内访问一些国外网站缓慢的问题,如果你的服务器速度很好,那么甚至可以起到加速国外站点访问的作用。 缺点:如果服务器速度一般,访问一些网站甚至会减速;对一些限制IP的站点和软件应用可能会造成麻烦。总之,请酌情选择。 本方案主要涉及到的开源项目 https://github.com/aa65535/openwrt-shadowsocks https://github.com/aa65535/openwrt-chinadns https://github.com/aa65535/openwrt-dist-luci https://github.com/aa65535/openwrt-redsocks2 https://github.com/madeye/shadowsocks-libev https://github.com/clowwindy/ChinaDNS

<h3>准备工作</h3>
文章中所需要的所有包都已经打包上传,包括本人使用的4300的OP固件.
链接:http://pan.baidu.com/s/1bnsBLqZ 密码:bp1o
如果您还不会刷Openwrt,请务必谷歌一下或百毒一下,熟悉刷Openwrt以及4300救砖操作后再来看本文章.
<h3>安装Shadowsocks以及ChinaDNS</h3>
首先opkg update更新一下软件包列表.
我们使用的是 shadowsocks-libev-spec_2.1.4-1_ar71xx.ipk 需要安装必要的依赖包.
opkg install ipset libopenssl resolveip
安装后请重启路由器.
将刚刚下载的全部软件包上传至/tmp目录,一路疯狂安装.
opkg install shadowsocks-libev-spec_2.1.4-1_ar71xx.ipk
opkg install ChinaDNS_1.3.1-1_ar71xx.ipk
opkg install luci-app-shadowsocks-spec_1.3.1-1_all.ipk
opkg install luci-app-chinadns_1.3.1-1_all.ipk

Shadowsocks以及ChinaDNS默认开机启动,平时不要对人家乱动手动脚.
<h3>Shadowsocks ChinaDNS DHCP/DNS的配置</h3>
我们登陆Luci管理界面,指向服务,已经能够看到Shadowsocks和ChinaDNS安静地躺在那等着我们调戏了.
Shadowsocks
我这里使用的是配置文件config.json,格式如下:

{
        "server": "X.X.X.X",
        "server_port": "443",
        "password": "password",
        "local_port": "1080",
        "method": "rc4-md5"
}

习惯问题,也可以选择直接在Luci填写,不多赘述.
ChinaDNS
ChinaDNS也没有特别需要注意的,上游服务器一般填写自己服务商提供的DNS,但是后一个必须要是纯净的DNS服务器.
在这里我使用的是自己在VPS上用Pdnsd搭建的服务器,教程见pdnsd搭建DNS服务器简易教程(需X墙)
设置好ChinaDNS后在Luci管理界面切换至"网络"-"DHCP/DNS"按下图配置:


<h3>补充及参考</h3>
如果出现无法访问自己VPS的情况,请把VPS的IP加入shadowsocks的ignore.list内.
dnsmasq参考了A大的教程,在这里放出,供大家参考:
需先安装完整版的dnsmasq,在打包中找既可.

# Configuration file for dnsmasq.

# Setting this flag forces dnsmasq to send all queries to
# all available servers. The reply from the server which
# answers first will be returned to the original requester.
all-servers

#Disable read or dectect the file resolv.conf
no-poll
no-resolv

# Set a minimum TTL value for entries in the cache.
# For example min-cache-ttl=1800 (ie: 5 minutes).
min-cache-ttl=1800

# Set the size of dnsmasq's cache.
# The default is 150 names,
# Setting the cache size to zero disables caching.
cache-size=5000

# Specify ip address of upstream servers directly.
#server=8.8.8.8
server=127.0.0.1#5353
server=108.61.xx.xx#xxxx

#Define own conf file
conf-dir=/etc/dnsmasq.d

注意dnsmasq.d文件夹是要自己单独建立的,目的是为了方便管理DNSMASQ的自定义规则.

#Fouces Google To Forign IP
server=/.google-analytics.com/108.61.250.x#port
server=/.googletagmanager.com/108.61.250.x#port
server=/google.com/108.61.250.x#port
server=/.gstatic.com/108.61.250.x#port
server=/.googleusercontent.com/108.61.250.x#port
server=/.gvt1.com/108.61.250.x#port
server=/.gvt2.com/108.61.250.x#port
server=/.gvt3.com/108.61.250.x#port
server=/.googleapis.com/108.61.250.x#port
server=/.doubleclick.net/108.61.250.x#port
server=/.doubleclick.com/108.61.250.x#port
server=/.ggpht.com/108.61.250.x#port
server=/.blogspot.com/108.61.250.x#port
server=/.android.com/108.61.250.x#port
server=/.googlecode.com/108.61.250.x#port
server=/.google.com.hk/108.61.250.x#port
server=/.google.com.tw/108.61.250.x#port
server=/.google.com.sg/108.61.250.x#port
server=/.google.co.jp/108.61.250.x#port
server=/.googlelabs.com/108.61.250.x#port
server=/chrome.com/108.61.250.x#port
server=/wikipedia.org/108.61.250.x#port
server=/.gravatar.com/108.61.250.x#port
server=/dropbox.com/108.61.250.x#port
server=/github.com/108.61.250.x#port
server=/github.io/108.61.250.x#port
server=/feedly.com/108.61.250.x#port
server=/.twimg.com/108.61.250.x#port
server=/.twitpic.com/108.61.250.x#port
server=/.tinypic.com/108.61.250.x#port
server=/facebook.com/108.61.250.x#port
server=/youtube.com/108.61.250.x#port
server=/.googlevideo.com/108.61.250.x#port
server=/.googleadservices.com/108.61.250.x#port
server=/.staticflickr.com/108.61.250.x#port

#Heiybb
server=/.v2ex.com/127.0.0.1#5353
server=/.heiybb.com/114.114.114.114
server=/.levtu.com/114.114.114.114
server=/gravatar.eqoe.cn/114.114.114.114
server=/.tfboys.us/108.61.250.x#port
server=/.csdn.net/108.61.250.x#port

#Bilibili
server=/bilibili.com/114.114.114.114
server=/bilibili.tv/114.114.114.114
server=/hdslb.net/114.114.114.114
server=/hdslb.com/114.114.114.114
server=/acgvideo.com/114.114.114.114
server=/acg.tv/114.114.114.114
# Dnsmasq will ignore DNS replies with these ip.
ignore-address=2.1.1.2
ignore-address=4.193.80.0
ignore-address=4.36.66.178
ignore-address=8.105.84.0
ignore-address=8.7.198.45
ignore-address=12.87.133.0
ignore-address=14.102.249.18
ignore-address=16.63.155.0
ignore-address=20.139.56.0
ignore-address=23.89.5.60
ignore-address=24.51.184.0
ignore-address=28.121.126.139
ignore-address=28.13.216.0
ignore-address=37.61.54.158
ignore-address=46.20.126.252
ignore-address=46.38.24.209
ignore-address=46.82.174.68
ignore-address=49.2.123.56
ignore-address=54.76.135.1
ignore-address=59.24.3.173
ignore-address=61.54.28.6
ignore-address=64.33.88.161
ignore-address=64.33.99.47
ignore-address=64.66.163.251
ignore-address=65.104.202.252
ignore-address=65.160.219.113
ignore-address=66.206.11.194
ignore-address=66.45.252.237
ignore-address=72.14.205.104
ignore-address=72.14.205.99
ignore-address=74.117.57.138
ignore-address=74.125.127.102
ignore-address=74.125.155.102
ignore-address=74.125.39.102
ignore-address=74.125.39.113
ignore-address=77.4.7.92
ignore-address=78.16.49.15
ignore-address=89.31.55.106
ignore-address=93.46.8.89
ignore-address=113.11.194.190
ignore-address=118.5.49.6
ignore-address=122.218.101.190
ignore-address=123.126.249.238
ignore-address=123.50.49.171
ignore-address=125.230.148.48
ignore-address=127.0.0.2
ignore-address=128.121.126.139
ignore-address=159.106.121.75
ignore-address=169.132.13.103
ignore-address=173.201.216.6
ignore-address=188.5.4.96
ignore-address=189.163.17.5
ignore-address=192.67.198.6
ignore-address=197.4.4.12
ignore-address=202.106.1.2
ignore-address=202.181.7.85
ignore-address=203.161.230.171
ignore-address=203.199.57.81
ignore-address=203.98.7.65
ignore-address=207.12.88.98
ignore-address=208.109.138.55
ignore-address=208.56.31.43
ignore-address=209.145.54.50
ignore-address=209.220.30.174
ignore-address=209.36.73.33
ignore-address=209.85.229.138
ignore-address=211.5.133.18
ignore-address=211.8.69.27
ignore-address=211.94.66.147
ignore-address=213.169.251.35
ignore-address=213.186.33.5
ignore-address=216.139.213.144
ignore-address=216.221.188.182
ignore-address=216.234.179.13
ignore-address=221.8.69.27
ignore-address=243.185.187.30
ignore-address=243.185.187.39
ignore-address=249.129.46.48
ignore-address=253.157.14.165

本文参考了飞羽博客的文章,在此表示对作者以及各开源项目人员的感谢.
毕竟只用了一个下午来写这篇文章,如有纰漏,请大家指出.我会尽快修改.

Responses
  1. 搞到我都想买一个路由器了

    Reply
    1. @imlonghao

      去吧去吧,4300才300就买到了。

      Reply
  2. 大家一般翻墙后干嘛?我就偶尔用下Google,偶尔刷下Instagram,基本就不干什么了

    Reply
    1. @Betty

      很多科技资讯以及最新的技术都需要FQ看呢,而且做Android开发不FQ几乎没法做了,对于大多数程序员来说FQ是很必备的东西。还有就是Google真的比国内的搜索引擎好太多了。

      Reply
  3. SM

    你好 请问shadowsocks死都无法运行是什么原因造成

    Reply
    1. @SM

      请提供具体配置

      Reply
      1. Zernel
        @予而不语

        安装之后 Shadowsocks 一直启动不了:
        root@OP:~# /etc/init.d/shadowsocks start
        /usr/bin/ss-rules: line 183: resolveip: not found
        ss-rules[1557]: Can't resolve the server hostname.

        Reply
        1. @Zernel

          检查resolv.conf和host或者dhcp设置是否有冲突的地方

          Reply
  4. 感谢,之前一直不能登录VPS,加入列表好了。

    Reply
  5. 折腾

    Reply
    1. @MinonHeart

      不折腾会死星人

      Reply