└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # 重要!纯萌新小白慎入!~~现在关闭网页还来得及~~ 2 | 3 | 4 | 本文记录借鉴 [使用 RouterOS,OSPF 和树莓派为国内外 IP 智能分流](https://idndx.com/use-routeros-ospf-and-raspberry-pi-to-create-split-routing-for-different-ip-ranges/),稍作调整,直接通过隧道从vps接收路由。 5 | 6 | 关于DNS分流,详见[mosdns-debian-install](https://github.com/allanchen2019/mosdns-debian-install/blob/master/README_zh-CN.md) 7 | 8 | ## 环境概述: 9 | 10 | 本地Mikrotik设备(hapac2 v7.3)负责拨号,远程vps Debian 11 Linux,之间通过wireguard隧道连接,具体配置方法不再赘述,这里仅对和本文相关的配置做必要说明。 11 | 12 | 13 | 假设vps wg接口名称 `wg0`,地址:`10.0.1.0/31`, 14 | 网卡名 `eth0`,公网ip地址:`1.2.3.4` 15 | 16 | 本地ROS wg接口名称`wg-dc1` ,地址:`10.0.1.1/31` 17 | 18 | ## 0.配置VPS WireGuard: 19 | 20 | 在`[Interface]`段最后加入: 21 | `Table = off` 22 | 23 | 24 | `[Peer]`段修改: 25 | `AllowedIPs = 0.0.0.0/0` 26 | 27 | 修改完毕wg0.conf如下所示,应该只有这些行, 28 | 29 | 其他行全部删除: 30 | 31 | ``` 32 | [Interface] 33 | PrivateKey = ***= 34 | Address = 10.0.1.0/31 35 | ListenPort = 65535 36 | Table = off 37 | 38 | [Peer] 39 | PublicKey = ***= 40 | AllowedIPs = 0.0.0.0/0 41 | ``` 42 | 43 | 执行`wg-quick down wg0 && wg-quick up wg0`重启接口。 44 | 45 | ## 1.配置VPS非cn路由表、iptables、bird 46 | 47 | 首先安装bird2: 48 | 49 | `apt update && apt install bird2` 50 | 51 | 拉取生成!cn静态路由表的库: 52 | ``` 53 | git clone https://github.com/dndx/nchnroutes.git 54 | cd nchnroutes 55 | ``` 56 | 编辑Makefile文件,假设公网ip是1.2.3.4,在`python3 produce.py`后加入` --next eth0 --exclude 1.2.3.4/32`,保存退出。 57 | 58 | 生成路由表并复制到bird配置目录: 59 | ``` 60 | make 61 | cp routes4.conf /etc/bird/routes4.conf 62 | cd /etc/bird 63 | mv bird.conf bird.conf.orig 64 | touch bird.conf 65 | ``` 66 | 编辑/etc/bird.conf内容如下 67 | ``` 68 | log syslog all; 69 | debug protocols all; 70 | router id 10.0.1.0; 71 | protocol device { 72 | } 73 | 74 | protocol static { 75 | ipv4; 76 | include "routes4.conf"; 77 | } 78 | 79 | protocol ospf v2 { 80 | ipv4 { 81 | export all; 82 | import none; 83 | }; 84 | area 0.0.0.0 { 85 | interface "wg*" { 86 | type ptp; 87 | hello 10; 88 | dead 40; 89 | }; 90 | }; 91 | } 92 | ``` 93 | 94 | 开启ip转发,修改`/etc/sysctl.conf`,添加或修改为: 95 | 96 | `net.ipv4.ip_forward = 1` 97 | 98 | 执行`sysctl -p`生效。 99 | 100 | 101 | 安装防火墙规则持久化包 102 | `apt install iptables-persistent` 103 | 104 | 过程中询问是否保存当前规则,选两次No。 105 | 106 | 107 | 新建`/etc/iptables/rules.v4`文件,写入如下内容: 108 | 109 | ``` 110 | *nat 111 | :PREROUTING ACCEPT 112 | :INPUT ACCEPT 113 | :OUTPUT ACCEPT 114 | :POSTROUTING ACCEPT 115 | -A POSTROUTING -o eth0 -j MASQUERADE 116 | COMMIT 117 | 118 | *filter 119 | :INPUT ACCEPT 120 | :FORWARD ACCEPT 121 | :OUTPUT ACCEPT 122 | -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 123 | COMMIT 124 | 125 | *mangle 126 | :PREROUTING ACCEPT 127 | :INPUT ACCEPT 128 | :FORWARD ACCEPT 129 | :OUTPUT ACCEPT 130 | :POSTROUTING ACCEPT 131 | -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 132 | COMMIT 133 | ``` 134 | 其中`-A POSTROUTING -o eth0 -j MASQUERADE`的 `eth0` 按vps网卡名实际情况替换。 135 | 136 | 保存退出,执行`iptables-restore < /etc/iptables/rules.v4`让配置生效。 137 | 138 | 启动BIRD: 139 | 140 | `birdc c` 141 | 142 | 检查BIRD状态: 143 | 144 | `birdc s p a` 145 | 146 | 可以在static1协议下看到如下消息: 147 | 148 | ``` 149 | static1 Static master4 up 2022-01-06 150 | Channel ipv4 151 | State: UP 152 | Table: master4 153 | Preference: 200 154 | Input filter: ACCEPT 155 | Output filter: REJECT 156 | Routes: 12888 imported, 0 exported, 12888 preferred 157 | Route change stats: received rejected filtered ignored accepted 158 | Import updates: 12893 0 0 0 12893 159 | Import withdraws: 5 0 --- 0 5 160 | Export updates: 0 0 0 --- 0 161 | Export withdraws: 0 --- --- --- 0 162 | ``` 163 | 说明静态路由条目已经注入BIRD。 164 | 165 | ## 2.配置ROS 166 | 167 | 打开ROS命令行依次执行下列命令: 168 | 169 | Change MSS: 170 | ``` 171 | /ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn 172 | ``` 173 | SRCNAT: 174 | 175 | `/ip firewall nat add action=src-nat chain=srcnat out-interface=wg-dc1 to-addresses=10.0.1.1` 176 | 177 | 创建OSPF实例: 178 | ``` 179 | /routing ospf instance add name=dc1 router-id=10.0.1.1 180 | /routing ospf area add instance=dc1 name=ospf-area-dc1 181 | /routing ospf interface-template add area=ospf-area-dc1 hello-interval=10s interfaces=wg-dc1 type=ptp 182 | ``` 183 | 184 | 运气好的话`/routing ospf neighbor pr`就可以看到邻居状态,过几十秒状态应该为full 185 | 186 | 187 | `/ip route pr`可以看到vps端发来的路由: 188 | 189 | ``` 190 | # DST-ADDRESS GATEWAY DISTANCE 191 | ... 192 | DAo 1.0.0.0/24 10.0.1.1%wg-dc1 110 193 | DAo 1.0.4.0/22 10.0.1.1%wg-dc1 110 194 | DAo 1.0.16.0/20 10.0.1.1%wg-dc1 110 195 | DAo 1.0.64.0/18 10.0.1.1%wg-dc1 110 196 | DAo 1.0.128.0/17 10.0.1.1%wg-dc1 110 197 | DAo 1.1.1.0/24 10.0.1.1%wg-dc1 110 198 | ... 199 | ``` 200 | 同时vps端执行`birdc s p a`也能看到ospf1协议已经UP状态: 201 | ``` 202 | ospf1 OSPF master4 up 2022-01-06 Running 203 | Channel ipv4 204 | State: UP 205 | Table: master4 206 | Preference: 150 207 | Input filter: ACCEPT 208 | Output filter: ACCEPT 209 | Routes: 1 imported, 12888 exported, 1 preferred 210 | Route change stats: received rejected filtered ignored accepted 211 | Import updates: 2 0 0 0 2 212 | Import withdraws: 1 0 --- 0 1 213 | Export updates: 12895 2 0 --- 12893 214 | Export withdraws: 6 --- --- --- 5 215 | ``` 216 | 217 | ## 3.分流验证: 218 | 219 | ROS: 220 | 221 | `/tool/traceroute 1.1.1.1`第一跳为10.0.1.1 222 | 223 | `/tool/traceroute 223.5.5.5`第一跳不是10.0.1.1 224 | 225 | 终于改完了,~~喝杯咖啡压压惊~~ 你学废了吗:upside_down_face: 226 | --------------------------------------------------------------------------------