├── .bookignore ├── .gitignore ├── LICENSE ├── README.md ├── SUMMARY.md ├── bin ├── dnsmasq-restart ├── dnsmasq-start ├── dnsmasq-stop ├── feeds-cn ├── router-reboot ├── ss-asia ├── ss-china ├── ss-global ├── ss-restart ├── ss-start └── ss-stop ├── book.json ├── cover.jpg ├── cover_small.jpg ├── ebook ├── 01.0.md ├── 01.1.md ├── 01.2.md ├── 01.3.md ├── 02.0.md ├── 02.1.md ├── 02.10.md ├── 02.15.md ├── 02.2.md ├── 02.3.md ├── 02.4.md ├── 02.5.md ├── 02.6.md ├── 02.7.md ├── 02.8.md ├── 02.9.md ├── 03.0.md ├── 03.1.md ├── 03.10.md ├── 03.11.md ├── 03.12.md ├── 03.2.md ├── 03.3.md ├── 03.4.md ├── 03.5.md ├── 03.6.md ├── 03.7.md ├── 03.8.md ├── 03.9-1.md ├── 03.9.md ├── 04.0.md ├── 04.1.md ├── 04.2.md ├── 04.3.md ├── 04.4.md ├── 04.5.md ├── 04.6.md ├── 04.7.md ├── 04.8.md ├── 04.9.md ├── 05.0.md ├── 05.1.md ├── 05.2.md ├── 05.3.md ├── 05.4.md ├── 05.42.md ├── 05.43.md ├── 05.44.md ├── 05.45.md ├── 05.46.md ├── 06.0.md ├── 06.01.md ├── 06.1.md ├── 06.2.md ├── 06.3.md ├── 06.4.md ├── 09.0.md ├── 09.1.md ├── 09.2.md ├── 09.3.md ├── 09.4.md ├── dir505 │ ├── 1.connect-dir505-openwrt.md │ ├── 2.dir505-install-openwrt.md │ ├── 3.enable-dir505-gpio.md │ ├── 4.dir505-router-mode.md │ ├── 5.dir505-ap-mode.md │ ├── 6.dir505-build-image.md │ ├── 7.dir505-flash-fanqiang-image.md │ ├── 8.login-setup-dir505-fanqiang.md │ ├── README.md │ └── images │ │ ├── 2.dir505-login.png │ │ ├── 2.dir505a1-hex-cn.png │ │ ├── 2.dir505a1-hex-def.png │ │ ├── 2.upload-image-cn.png │ │ ├── 2.upload-openwrt-factory.png │ │ ├── 3.dir505-enable-gpio.png │ │ └── 3.dir505a1-image-profile.png ├── images │ ├── 1.2.wr2543n.png │ ├── 1.3.admin.png │ ├── 1.3.backup.png │ ├── 2.10.openwrt-ap-iphone-dns.jpeg │ ├── 2.10.openwrt-ap-iphone-ipv4.jpeg │ ├── 2.2.factory-upgrade.png │ ├── 2.2.luci-login.png │ ├── 2.3.pppoe-switch.png │ ├── 2.3.pppoe-username-password.png │ ├── 2.3.wan-edit.png │ ├── 2.4.admin-password.png │ ├── 2.4.wifi-edit.png │ ├── 2.4.wifi-enable.png │ ├── 2.4.wifi-security.png │ ├── 2.5.backup-config.png │ ├── 2.6.luci-sysupgrade.png │ ├── 2.7.busybox.png │ ├── 2.7.editing-wired-connection.png │ ├── 2.7.enter-failsafe.png │ ├── 2.7.passwd.png │ ├── 2.8.free-ram.png │ ├── 2.8.snapshots-trunk.png │ ├── 2.8.ssh-login.png │ ├── 3..9-1.droplets-click-one.png │ ├── 3.10.androd-shadowsocks-bao-cun-she-zhi.png │ ├── 3.10.androd-shadowsocks-fan-lui-pei-zhi-wen-jian.png │ ├── 3.10.androd-shadowsocks-gao-ji-she-zhi.png │ ├── 3.10.android-shadowsocks-assets.png │ ├── 3.10.android-shadowsocks-fanqiang-can-shu.png │ ├── 3.10.android-shadowsocks-google-search-download.png │ ├── 3.10.android-shadowsocks-kai-shi-fan-qiang.png │ ├── 3.10.android-shadowsocks-kai-shi-lian-jie.png │ ├── 3.10.android-shadowsocks-m.youtube.com.png │ ├── 3.10.android-shadowsocks-release-page.png │ ├── 3.10.android-shadowsocks-service-mode-vpn.png │ ├── 3.10.android-shadowsocks-she-zhi-xuan-xiang.png │ ├── 3.10.android-shadowsocks-xin-jian-pei-zhi.png │ ├── 3.10.shadowsocks-android-simple-obfs-plugin.png │ ├── 3.11.execute-bash-command.png │ ├── 3.11.run-git-bash-for-windows.png │ ├── 3.3.autoproxy.png │ ├── 3.7.tcp-ipv6.png │ ├── 3.9-1.click-destroy.png │ ├── 3.9-1.destroy-this-droplet.png │ ├── 3.9-1.destroy-vps.png │ ├── 3.9-1.off-button.png │ ├── 3.9-1.on-button.png │ ├── 3.9-1.take-snapshot.png │ ├── 3.9-1.turn-off-do-vps.png │ ├── 3.9.choose-a-datacenter-region.png │ ├── 3.9.choose-advanced-options.png │ ├── 3.9.choose-an-image-snapshots.png │ ├── 3.9.choose-an-image.png │ ├── 3.9.choose-cpu-options-1.png │ ├── 3.9.choose-cpu-options-2.png │ ├── 3.9.choose-droplet-type.png │ ├── 3.9.console-access-fanqiang-vps.png │ ├── 3.9.console.png │ ├── 3.9.create-droplet-on-digital-ocean.png │ ├── 3.9.create-droplets-on-digital-ocean.png │ ├── 3.9.finalize-details.png │ ├── 3.9.jinru-fanqiang-vps-guanli-jiemian.png │ ├── 3.9.jinru-fanqiang-vps-guanli.png │ ├── 3.9.reset-password.png │ ├── 4.1.make-menuconfig.png │ ├── 4.1.network-shadowsocks-libev-polarssl.png │ ├── 4.3.image-profile.png │ ├── 4.8.chrome-proxy-server-socks5.png │ ├── 4.8.click-internet-protocol-ipv4.png │ ├── 4.8.click-wifi-connection.png │ ├── 4.8.obtain-an-ip-address-automatically.png │ ├── 4.8.view-network-status.png │ ├── 4.8.wifi-connection-properties.png │ ├── 4.8.window10-winver.png │ ├── 4.8.windows-check-tcp-fast-open-enabled.png │ ├── 4.9.windows-shadowsocks-simple-obfs.png │ ├── 5.1.1.lantern-fanqiang-dizhi.png │ ├── 5.1.2.lantern-fanqiang-peizhi.png │ ├── 5.1.3.lantern-fanqiang-tuichu.png │ ├── 5.1.4.lantern-fanqiang-full.png │ ├── 5.1.5.lantern-fanqiang-dropbox.png │ ├── 5.2.niming-chrome-lantern-webrtc.png │ ├── 5.2.niming-chrome-lantern.png │ ├── 5.2.niming-chrome-openwrt-shadowsocks.png │ ├── 5.2.niming-firefox-lantern.png │ ├── 5.2.niming-firefox-openwrt-shadowsocks.png │ ├── 6.01.tcp-fast-open-fo-cookie.png │ └── 9.2.read-book-locally.png └── wndr4300 │ ├── 1.download-imagebuilder-for-netgear-wndr4300.md │ ├── 2.build-shadowsocks-libev-ipk-for-netgear-wndr4300.md │ ├── 3.config-fanqiang-for-netgear-wndr4300.md │ ├── 4.build-fanqiang-img-for-netgear-wndr4300.md │ ├── 5.wndr4300-flash-fanqiang-img.md │ ├── 6.login-setup-netgear-wndr4300-fanqiang.md │ ├── README.md │ └── images │ ├── 1.modifiy-firmware-space.png │ ├── 1.profile-netgear-wndr4300.png │ ├── 2.shadowsocks-libev-ipk-menuconfig.png │ ├── 5.openwrt-change-root-password-and-ssh-config.png │ ├── 5.openwrt-set-pppoe-pap-chap-username-passoword.png │ ├── 5.tftp-flash-fanqiang-img-windows.png │ ├── 5.turn-windows-features-on-off.png │ ├── 5.windows-10-turn-tftp-feature-on.png │ └── 6.netgear-wndr4300-luci.png ├── openwrt ├── default │ ├── etc │ │ ├── banner │ │ ├── dnsmasq.conf │ │ ├── dnsmasq.d │ │ │ ├── accelerated-domains.china.conf │ │ │ ├── ad-cn.conf │ │ │ ├── ad-en.conf │ │ │ ├── apple.china.conf │ │ │ ├── bogus-nxdomain.china.conf │ │ │ ├── custom.china.conf │ │ │ ├── gfwlist.conf │ │ │ └── google.china.conf │ │ ├── init.d │ │ │ └── shadowsocks │ │ ├── shadow │ │ ├── shadowsocks-libev │ │ │ ├── config.json │ │ │ ├── info-ip_custom.txt │ │ │ ├── ip_asia.txt │ │ │ ├── ip_china.txt │ │ │ ├── ip_custom.txt │ │ │ ├── ip_lan.txt │ │ │ └── ip_server.txt │ │ ├── sysctl.conf │ │ └── uci-defaults │ │ │ └── defaults │ └── usr │ │ └── bin │ │ ├── blockad-cn │ │ ├── blockad-en │ │ ├── chinalist │ │ ├── ss-firewall-asia │ │ ├── ss-firewall-china │ │ └── ss-firewall-global ├── dir505 │ ├── etc │ │ ├── dnsmasq.d │ │ │ └── blockad.conf │ │ ├── rc.local │ │ └── uci-defaults │ │ │ └── defaults │ └── usr │ │ └── bin │ │ ├── ap │ │ ├── hotspot │ │ ├── repeater │ │ └── router ├── tlwr2543 │ └── etc │ │ └── uci-defaults │ │ └── defaults └── wndr4300 │ └── etc │ ├── config │ └── wireless │ └── uci-defaults │ └── defaults └── ubuntu └── etc ├── security └── limits.d │ └── 98-nofiles.conf ├── shadowsocks-libev └── config.json └── sysctl.d ├── 98-bbr.conf ├── 98-file-max.conf ├── 98-network-custom.conf ├── 98-swap.conf └── 98-tcp_fastopen.conf /.bookignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | z_resource -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.ico 2 | *.toml 3 | zz_* -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014, 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | * Neither the name of the {organization} nor the names of its 15 | contributors may be used to endorse or promote products derived from 16 | this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 最好的翻墙教程:sing-box, overtls, OpenWrt 2 | 3 | * [简单、高速、稳定的翻墙软件 overtls 安装、使用教程](./ebook/05.4.md) 4 | * [overtls + tun2proxy 实现全局翻墙,所有流量走代理](./ebook/05.42.md) 5 | * [overtls Android 手机翻墙上网教程](./ebook/05.43.md) 6 | * [把 overtls、tun2proxy 设置成开机自动启动的系统服务](./ebook/05.44.md) 7 | * [overtls 搭配 sing-box 翻墙的方法](./ebook/05.45.md) 8 | * [overtls + sing-box,分享一个比较完美的 sing-box 配置](./ebook/05.46.md) 9 | * [翻墙软件、教程大全集](./ebook/09.1.md) 10 | 11 | 12 | ## 最好的 OpenWrt 路由器 shadowsocks 自动翻墙、科学上网教程 13 | 14 | 手把手教你路由器刷OpenWrt固件,自动穿越万里长城 15 | 16 | ### 本科学上网方案的特点 17 | 18 | 放弃建立被墙网站黑名单的方案吧,被墙的网站每天在增加,黑名单永远无法完善 19 | 20 | 大道至简,一劳永逸! 21 | 22 | - [建立国内重要网站白名单](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/openwrt/default/etc/dnsmasq.d/accelerated-domains.china.conf),在国内进行dns查询 23 | - [其他网站通过通过 shadowsocks 服务端进行dns查询](ebook/03.5.md) 24 | - 亚洲或国内的IP流量走国内通道 25 | - 其他流量通过shadowsocks服务端转发 26 | - [路由器屏蔽国内外的广告](ebook/03.6.md) 27 | - [利用 Bash 一键切换翻墙模式](ebook/03.11.md) 28 | - [Windows 电脑 Shadowsocks + Simple-obfs 科学上网教程](ebook/04.9.md) 29 | - [Android 安卓手机安装 shadowsocks 科学上网教程](ebook/03.10.md) 30 | - [预编译翻墙固件的设置和使用 (WNDR4300为例)](ebook/wndr4300/6.login-setup-netgear-wndr4300-fanqiang.md) 31 | - [Digital Ocean 创建VPS教程](ebook/03.9.md) 32 | - [有哪些翻墙软件](ebook/09.1.md) 33 | - [翻墙失败的原因分析](ebook/03.7.md) 34 | 35 | ### 知识若不分享,实在没有意义 36 | 37 | 2014年6月 Dropbox壮烈被墙 38 | 39 | 查资料发现,著名的开源路由器固件OpenWrt支持家里的路由器 TP-Link WR2543N V1 ,于是就给路由器安装了OpenWrt并设置为自动智能翻墙 40 | 41 | 再也没有打不开的网站了,自由的感觉真好: YouTube, twitter, FaceBook, Google... 42 | 43 | 什么是圣人,**圣人就是得到和付出比较均衡的人**: 44 | 45 | - 天地生我,我敬天地 46 | - 父母育我,我养父母 47 | - 网上获得知识,网上分享知识 48 | 49 | 于是,花了许多天,查资料,写教程,调试固件,不知不觉一天就过去了 50 | 51 | 希望你应用本教程后,也把你的过程写下来,合并到这个项目中来: 52 | [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang) 53 | 54 | ### Linux下如何编译OpenWrt shadowsocks自动翻墙固件 55 | 56 | - 首先把本项目clone到本地目录,如 ~/Downloads/openwrt-fanqiang 57 | - 原始配置文件 58 | - ~/Downloads/openwrt-fanqiang/openwrt/default 默认配置文件夹 59 | - ~/Downloads/openwrt-fanqiang/openwrt/wndr4300 针对特定路由器型号的配置文件,此处以wndr4300为例 60 | - 复制配置文件 61 | - 本地建立配置文件目录,如 ~/Downloads/openwrt-wndr4300 62 | - 复制默认配置文件夹下面的文件到 ~/Downloads/openwrt-wndr4300/ 下 63 | - 如果有针对特定路由器的配置文件,也复制到~/Downloads/openwrt-wndr4300/,并覆盖同名文件 64 | - 修改配置文件,编译后就直接可以用了。否则刷上固件后登录路由器再修改。主要修改: 65 | - openwrt-wndr4300/etc/shadowsocks-libev/config.json 66 | - openwrt-wndr4300/usr/bin/ss-firewall-asia 67 | - openwrt-wndr4300/etc/uci-defaults/defaults 68 | - 编译自定义固件,设置FILES=~/Downloads/openwrt-wndr4300 69 | 70 | ### 本项目规定的默认值 71 | 72 | shadowsocks server: 1.0.9.8 73 | shadowsocks server_port: 1098 74 | shadowsocks local_port: 7654 75 | shadowsocks tunnel_port: 3210 76 | shadowsocks password: killgfw 77 | root login password: fanqiang 78 | WIFI password: icanfly9876 79 | 80 | ### 关于 IPv6 81 | 82 | 默认翻墙固件不支持IPv6 83 | 84 | 有的软件如 Dropbox 桌面客户端默认连接到服务端 IPv6 地址,`ping dropbox.com` 出来的是IPv6 地址, 可能导致客户端连接服务器失败,浏览器导航到 www.Dropbox.com 连接被重置 (可用 [Mega](https://mega.nz/aff=-iGudwBMHKw) 替代 Dropbox) 85 | 86 | 解决办法:网络连接的属性,不要勾选 `Internet Protocol Version 6 (TCP/IPv6)` 87 | 88 | ### 相关资源 89 | 90 | - Netgear WNDR4300 预编译翻墙固件,支持xchacha20-ietf-poly1305(2018-10-22): 91 | [https://software-download.name/2015/netgear-wndr4300-openwrt-fanqiang-gujian/](https://software-download.name/2015/netgear-wndr4300-openwrt-fanqiang-gujian/) 92 | 93 | - shadowsocks-libev_3.2.0-1_mips_24kc.ipk, simple-obfs_0.0.5-3_mips_24kc.ipk (2018-10-22): 94 | [https://software-download.name/2014/shadowsocks-libev-polarssl-ar71xx-ipk-latest/](https://software-download.name/2014/shadowsocks-libev-polarssl-ar71xx-ipk-latest/) 95 | 96 | - 史上最详细的OpenWrt路由器翻墙教程下载 PDF epub (2018-10) 97 | [https://software-download.name/2014/fanqiang-jiaocheng/](https://software-download.name/2014/fanqiang-jiaocheng/) 98 | 99 | - Shadowsocks-libev Windows 客户端下载: ss-redir ss-tunnel obfs-local (2018-08 by cokebar) 100 | [https://software-download.name/2018/shadowsocks-libev-windows-binary-download/](https://software-download.name/2018/shadowsocks-libev-windows-binary-download/) 101 | 102 | - D-Link DIR-505 预编译翻墙固件 (2018-10-22): 103 | [https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/](https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/) 104 | 105 | - TP-Link TLWR2543 预编译翻墙固件 (2018-10-22): 106 | [https://software-download.name/2014/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade-bin-with-shadowsocks/](https://software-download.name/2014/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade-bin-with-shadowsocks/) 107 | 108 | --- 109 | 110 | ## 在线阅读史上最详细的[科学上网教程](https://fanqiang.software-download.name) 111 | 112 | - 113 | - 114 | 115 | ---- 116 | 117 | Thanks to [Easy Software Download](https://software-download.name) for hosting the firmware -------------------------------------------------------------------------------- /SUMMARY.md: -------------------------------------------------------------------------------- 1 | [最好的翻墙教程:sing-box, overtls, OpenWrt](./README.md) 2 | 3 | * [最好的翻墙软件使用教程:sing-box, overtls](./ebook/05.0.md) 4 | * [简单、高速、稳定的翻墙软件 overtls 安装、使用教程](./ebook/05.4.md) 5 | * [overtls + tun2proxy 实现全局翻墙,所有流量走代理](./ebook/05.42.md) 6 | * [overtls Android 手机翻墙上网教程](./ebook/05.43.md) 7 | * [把 overtls、tun2proxy 设置成开机自动启动的系统服务](./ebook/05.44.md) 8 | * [overtls 搭配 sing-box 翻墙的方法](./ebook/05.45.md) 9 | * [overtls + sing-box,分享一个比较完美的 sing-box 配置](./ebook/05.46.md) 10 | * [翻墙软件、教程大全集](./ebook/09.1.md) 11 | * [利用lantern 蓝灯实现浏览器自动翻墙](./ebook/05.1.md) 12 | * [加强翻墙上网的匿名性](./ebook/05.2.md) 13 | * [浏览器使用 DNS over HTTPS (DoH) 进行安全DNS](./ebook/05.3.md) 14 | 15 | * [shadowsocks-libev 翻墙教程](./ebook/03.0.md) 16 | * [什么是shadowsocks-libev翻墙软件](./ebook/03.1.md) 17 | * [翻墙软件Shadowsocks-libev服务端设置](./ebook/03.2.md) 18 | * [OpenWrt路由器运行shadowsocks-libev ss-local 客户端](./ebook/03.3.md) 19 | * [史上最通俗易懂的OpenWrt翻墙路由器解释](./ebook/03.4.md) 20 | * [配置OpenWrt路由器智能自动翻墙](./ebook/03.5.md) 21 | * [OpenWrt自动更新设置和屏蔽广告](./ebook/03.6.md) 22 | * [OpenWrt连接失败,可以上网但无法科学上网,为什么](./ebook/03.7.md) 23 | * [Shodowsocks不同加密算法的区别](./ebook/03.8.md) 24 | * [零起点 DO VPS shadowsocks-libev 翻墙设置教程](./ebook/03.9.md) 25 | * [快速、极省钱更换 DO VPS IP 地址](./ebook/03.9-1.md) 26 | * [Android 安卓手机安装 shadowsocks 科学上网教程](./ebook/03.10.md) 27 | * [OpenWrt + Git Bash for Windows 快速切换翻墙模式](./ebook/03.11.md) 28 | * [编译、使用shadowsocks 翻墙软件](./ebook/04.0.md) 29 | * [编译shadowsocks-libev for OpenWrt ipk安装包](./ebook/04.1.md) 30 | * [下载和设置翻墙配置文件](./ebook/04.2.md) 31 | * [使用Image Builder编译自动翻墙OpenWrt固件](./ebook/04.3.md) 32 | * [如何使用预编译的OpenWrt翻墙固件](./ebook/04.4.md) 33 | * [Ubuntu 服务器安装 shadowsocks Simple-obfs 插件客户端配置](./ebook/04.5.md) 34 | * [shadowsocks simple-obfs 是什么意思,有什么用](./ebook/04.6.md) 35 | * [OpenWrt shadowsocks Simple-obfs 混淆教程](./ebook/04.7.md) 36 | * [Windows翻墙最好方法:shadowsocks-libev + simple-obfs + TFO教程](./ebook/04.8.md) 37 | * [Windows shadowsocks 客户端配置 simple-obfs 翻墙](./ebook/04.9.md) 38 | * [无线路由器刷OpenWrt固件的准备工作](./ebook/01.0.md) 39 | * [什么是无线路由器固件](./ebook/01.1.md) 40 | * [支持刷OpenWrt路由器列表推荐](./ebook/01.2.md) 41 | * [备份原厂路由器配置文件](./ebook/01.3.md) 42 | * [路由器怎样刷OpenWrt固件 (WR2543N为例)](./ebook/02.0.md) 43 | * [怎样从官网下载OpenWrt固件](./ebook/02.1.md) 44 | * [进管理页面刷OpenWrt教程](./ebook/02.2.md) 45 | * [管理页面OpenWrt自动拨号上网设置教程](./ebook/02.3.md) 46 | * [管理页面OpenWrt开启、设置Wifi教程](./ebook/02.4.md) 47 | * [管理页面备份OpenWrt系统固件](./ebook/02.5.md) 48 | * [管理页面升级OpenWrt固件内核版本](./ebook/02.6.md) 49 | * [怎样进入OpenWrt安全恢复模式](./ebook/02.7.md) 50 | * [命令行 OpenWrt sysupgrade 升级固件版本](./ebook/02.8.md) 51 | * [命令行uci设置OpenWrt Router模式拨号上网](./ebook/02.9.md) 52 | * [命令行uci设置OpenWrt ap模式上网](./ebook/02.10.md) 53 | * [OpenWrt 国内镜像源下载固件](./ebook/02.15.md) 54 | * [应用: Netgear WNDR4300刷OpenWrt翻墙教程](./ebook/wndr4300/README.md) 55 | * [WNDR4300 下载和设置Image Builder](./ebook/wndr4300/1.download-imagebuilder-for-netgear-wndr4300.md) 56 | * [WNDR4300 编译shadowsocks-libev ipk](./ebook/wndr4300/2.build-shadowsocks-libev-ipk-for-netgear-wndr4300.md) 57 | * [WNDR4300 修改翻墙配置文件](./ebook/wndr4300/3.config-fanqiang-for-netgear-wndr4300.md) 58 | * [WNDR4300 编译自动翻墙固件](./ebook/wndr4300/4.build-fanqiang-img-for-netgear-wndr4300.md) 59 | * [WNDR4300 怎样刷自动翻墙固件](./ebook/wndr4300/5.wndr4300-flash-fanqiang-img.md) 60 | * [WNDR4300 登录并设置翻墙固件](./ebook/wndr4300/6.login-setup-netgear-wndr4300-fanqiang.md) 61 | * [应用:D-Link DIR-505刷OpenWrt翻墙教程](./ebook/dir505/README.md) 62 | * [如何进入 DIR-505 恢复模式](./ebook/dir505/1.connect-dir505-openwrt.md) 63 | * [DIR-505 刷OpenWrt固件过程](./ebook/dir505/2.dir505-install-openwrt.md) 64 | * [DIR-505 启用工作模式开关](./ebook/dir505/3.enable-dir505-gpio.md) 65 | * [DIR-505 Router 模式翻墙教程](./ebook/dir505/4.dir505-router-mode.md) 66 | * [DIR-505 AP 模式翻墙教程](./ebook/dir505/5.dir505-ap-mode.md) 67 | * [DIR-505 编译OpenWrt全自动翻墙固件](./ebook/dir505/6.dir505-build-image.md) 68 | * [DIR-505 刷预编译OpenWrt翻墙固件](./ebook/dir505/7.dir505-flash-fanqiang-image.md) 69 | * [登录并设置 DIR-505 OpenWrt 翻墙固件](./ebook/dir505/8.login-setup-dir505-fanqiang.md) 70 | * [全面优化 Linux 系统](./ebook/06.0.md) 71 | * [Ubuntu OpenWrt 开启 TCP Fast Open,检查是否启用](./ebook/06.01.md) 72 | * [Shadowsocks 服务端 Ubuntu 开启BBR加速](./ebook/06.1.md) 73 | * [Ubuntu server 最大打开文件数目优化](./ebook/06.2.md) 74 | * [Linux TCP UDP 网络性能优化](./ebook/06.3.md) 75 | * [Linux swap 交换文件优化](./ebook/06.4.md) 76 | * [附录](./ebook/09.0.md) 77 | * [本机阅读本教程的方法](./ebook/09.2.md) 78 | * [知识若不分享,实在没有意义](./ebook/09.3.md) 79 | * [如何贡献本项目](./ebook/09.4.md) -------------------------------------------------------------------------------- /bin/dnsmasq-restart: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | /etc/init.d/dnsmasq restart 6 | 7 | ENDSSH -------------------------------------------------------------------------------- /bin/dnsmasq-start: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | /etc/init.d/dnsmasq stop 6 | 7 | ENDSSH -------------------------------------------------------------------------------- /bin/dnsmasq-stop: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | /etc/init.d/dnsmasq stop 6 | 7 | ENDSSH -------------------------------------------------------------------------------- /bin/feeds-cn: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | sed -i s/downloads.openwrt.org/openwrt.proxy.ustclug.org/ /etc/opkg/distfeeds.conf 6 | 7 | ENDSSH -------------------------------------------------------------------------------- /bin/router-reboot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | reboot 6 | 7 | ENDSSH -------------------------------------------------------------------------------- /bin/ss-asia: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | sed -i -e 's@^\(\s*\)\(/.\+ss-firewall\)@\1#\2@g' -e 's@^\(\s*\)#\(/.\+ss-firewall-asia$\)@\1\2@' /etc/init.d/shadowsocks 6 | /etc/init.d/shadowsocks restart 7 | 8 | ENDSSH -------------------------------------------------------------------------------- /bin/ss-china: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | sed -i -e 's@^\(\s*\)\(/.\+ss-firewall\)@\1#\2@g' -e 's@^\(\s*\)#\(/.\+ss-firewall-china$\)@\1\2@' /etc/init.d/shadowsocks 6 | /etc/init.d/shadowsocks restart 7 | 8 | ENDSSH -------------------------------------------------------------------------------- /bin/ss-global: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | sed -i -e 's@^\(\s*\)\(/.\+ss-firewall\)@\1#\2@g' -e 's@^\(\s*\)#\(/.\+ss-firewall-global$\)@\1\2@' /etc/init.d/shadowsocks 6 | /etc/init.d/shadowsocks restart 7 | 8 | ENDSSH -------------------------------------------------------------------------------- /bin/ss-restart: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | /etc/init.d/shadowsocks restart 6 | 7 | ENDSSH -------------------------------------------------------------------------------- /bin/ss-start: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | /etc/init.d/shadowsocks start 6 | 7 | ENDSSH -------------------------------------------------------------------------------- /bin/ss-stop: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh router <<'ENDSSH' 4 | 5 | /etc/init.d/shadowsocks stop 6 | 7 | ENDSSH -------------------------------------------------------------------------------- /book.json: -------------------------------------------------------------------------------- 1 | { 2 | "language":"zh-hans", 3 | "title":"OpwnWrt路由器自动翻墙、科学上网教程", 4 | "description":"史上最详细的路由器科学上网、翻墙教程,OpenWrt,shadowsocks", 5 | "author":"fanqiang.software-download.name", 6 | "links" : { 7 | "sidebar" : { 8 | "翻墙教程 Github" : "https://github.com/softwaredownload/openwrt-fanqiang" 9 | } 10 | }, 11 | 12 | "plugins": [ 13 | "search", 14 | "splitter", 15 | "page-footer-ex", 16 | "sitemap-general", 17 | "anchors", 18 | "expandable-chapters", 19 | "neo-navigator" 20 | ], 21 | 22 | "pluginsConfig": { 23 | "page-footer-ex": { 24 | "copyright": "版权所有,转载请注明出处: [https://fanqiang.software-download.name](https://fanqiang.software-download.name)", 25 | "markdown": true, 26 | "update_label": "", 27 | "update_format": "YYYY-MM-DD" 28 | }, 29 | "sitemap-general": { 30 | "prefix": "https://fanqiang.softwaredownload.name/" 31 | }, 32 | "page-toc" : { 33 | "selector": ".markdown-section h1, .markdown-section h2", 34 | "position": "before-first", 35 | "showByDefault": true 36 | } 37 | } 38 | } -------------------------------------------------------------------------------- /cover.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/cover.jpg -------------------------------------------------------------------------------- /cover_small.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/cover_small.jpg -------------------------------------------------------------------------------- /ebook/01.0.md: -------------------------------------------------------------------------------- 1 | 无线路由器刷OpenWrt固件的准备工作 2 | =========================== 3 | 4 | 在给你的路由器刷新固件之前,有必要先了解: 5 | 6 | 1. 什么是无线路由器固件 7 | 2. 准备支持OpenWrt路由器 8 | 3. 如何备份路由器配置 9 | 10 | --- 11 | 12 | **最简单的路由器刷OpenWrt翻墙方案:** 13 | 14 | - [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang "最简单的路由器刷OpenWrt固件翻墙教程") 15 | 16 | **在线阅读OpenWrt路由器翻墙、科学上网器教程:** 17 | 18 | - [https://fanqiang.software-download.name](https://fanqiang.software-download.name) 19 | - [https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md) -------------------------------------------------------------------------------- /ebook/01.1.md: -------------------------------------------------------------------------------- 1 | 什么是无线路由器固件 2 | =============== 3 | 4 | 网络的本质是知识的开放与共享。人类社会进步速度,如果原来是自行车速,加上网络后,就坐上了火箭 5 | 6 | 一个热爱学习的人,必然要查找一些英文学习资料,在某个国家的某个阶段必然会遇到一个问题:怎么Google搜索这么烂,经常打不开,YouTube真差劲,加载半天还在打转... 7 | 8 | 后来,可能会发现,不是人家烂,而是有人故意为之 9 | 10 | 怎么办呢?有很多种办法解决这个问题,其中一个较好的方案是从家用无线路由器上解决,然后全部有线和无线设备都可以无障碍上网了 11 | 12 | 路由器的原厂固件限制了用户自行开发功能,我们必须要给路由器刷上特定的固件,并进行一些设置才可以翻墙 13 | 14 | 无线路由器就好比是一台小电脑。电脑上安装了Windows XP, Windows 7, Windows 8,或者Ubuntu等操作系统就可以使用了。固件就是给路由器使用的操作系统,是固化在路由器芯片内的操作系统 15 | 16 | 常用的开源第三方无线路由器固件 17 | -------- 18 | 19 | - 开源OpenWRT路由器固件:部署复杂、灵活性高 20 | 21 | 这也是本文系列所用的固件。发展成熟,支持的硬件多 22 | 23 | - 开源DD-WRT路由器固件:支持广泛、功能全面 24 | 25 | DD-WRT比较实用,通过网页对固件进行配置的功能强大,但是定制和扩展比较困难 26 | 27 | - 开源Tomato路由器固件:衍生版本众多 28 | 29 | 原始版本固件代码自2010年后就再没有更新 30 | 31 | 本系列教程使用OpenWrt来讲解路由器翻墙方法 32 | 33 | **相关资源**: 34 | 35 | - -------------------------------------------------------------------------------- /ebook/01.2.md: -------------------------------------------------------------------------------- 1 | 支持刷OpenWrt路由器列表推荐 2 | ================ 3 | 4 | 现在移动设备已经普及,一般情况下读者家里都已经有无线路由器了,到底能不能刷上OpenWrt固件呢?到OpenWrt官方网站查一下就知道了 5 | 6 | 打开 [支持OpenWrt无线路由器列表](https://openwrt.org/toh/start) 这个页面,搜索一下。比如我家原来的无线路由器型号是 TP-LINK TL-WR2543N, 同时按下Ctrl+F, 输入 **WR2543** 就可以找到,如下图: 7 | 8 | ![OpenWrt推荐路由器:WR2543N](images/1.2.wr2543n.png) 9 | 10 | 从上图可以看出,OpenWrt支持 WR2543N 无线路由器版本1。此外,还可以看出更多信息,比如芯片类型是ar71xx, 芯片型号是Atheros AR7242,CPU频率是400 MHz,原厂带8MB Flash, 64MB RAM内存 11 | 12 | 目前 WR2543N已经比较少见。如果你购买其他品牌,建议Flash在8 MB或以上, RAM在64MB以上 13 | 14 | 如果你准备买新路由器,可以在上面列表中查找OpenWrt推荐路由器型号,能买到的话,再以关键词 **型号 OpenWrt** 在搜索引擎搜索相关信息,确保你想购买的型号能比较容易地刷上 OpenWrt固件 15 | 16 | 作为新手来说,推荐使用 D-Link DIR-505, 可能是最便宜的适合学习OpenWrt的路由器 17 | 18 | **相关资源**: 19 | 20 | - -------------------------------------------------------------------------------- /ebook/01.3.md: -------------------------------------------------------------------------------- 1 | 怎样备份原厂路由器配置文件 2 | ==================== 3 | 4 | 提示,刷机有风险,如果不当操作,或者有其他意外发生,路由器可能变成砖头,本文系列旨在提供参考,刷机风险由读者自负,作者不承担任何责任,也没有义务提供个别指导 5 | 6 | 本文作者给 WR2543N 刷 OpenWrt 固件不下10次,因为完全没有经验,有几次刷了后不能进入管理界面,只能用手机3G上网查找解决方案,还好 WR2543N 非常容易进入安全模式,然后重新刷固件,解决了问题。作为初学者,一定要购买容易进入安全模式的路由器 7 | 8 | 对于本文作者来说,现在已经不需要原厂固件了,但是在第一次刷OpenWrt前,我还是把原厂固件的配置文件作备份,建议读者也是如此 9 | 10 | 怎样备份原厂固件,WR2543N的原厂说明书说得很详细,建议找出来详细阅读 11 | 12 | LAN 和WAN的区别 13 | -------- 14 | 15 | 什么是LAN和WAN,第一次听到这种专业名词容易让人头大 16 | 17 | LAN并不是一个单词,而是三个英文单词的缩写:Local Area Network,查出这三个单词的意思,就比较好理解了,就是 **本地区域网络** 的意思。**本地**,比如是室内,公司内,办公室内都是本地,也就是LAN是用来连接本地电脑的 18 | 19 | WAN,Wide Area Network,广泛区域网络,也就是连向更广泛的外部的网络,一般家用就是通向ADSL modem,再通过ADSL modem连接互联网 20 | 21 | 路由器通常有多个LAN口,一个WAN口 22 | 23 | 在WR2543N路由器的后背,有并排4个的网线插口,叫LAN口,单独的一个网线插口叫WAN口,WAN口旁边还有个USB插口。把ADSL的线插在WAN口。备好一根网线,一头插路由器的任意一个LAN口,另一头插电脑 24 | 25 | 设置电脑LAN口IP地址 26 | -------- 27 | 28 | 路由器和电脑都处在本地网络里面,为了互相区分,本地网络的每台设备都需要有不同的IP地址 29 | 30 | 本路由器默认 LAN 口 IP 地址是 192.168.1.1, 默认子网掩码是 255.255.255.0 31 | 32 | 电脑的IP地址要和路由器的不同,我们可以设置电脑的本地IP地址为动态获取。如果手动设置IP地址,那么计算机IP地址必须为192.168.1.X 33 | (X)是2到254之间的任意整数),子网掩码须设置为255.255.255.0,默认网关须设置为192.168.1.1 34 | 35 | 以Windows XP 系统为例,介绍计算机参数的设置步骤 36 | 37 | 右键单击桌面上的 **网上邻居** 图标,选择 **属性**,在打开的 **网络连接**页面中,右键单击“本地连接”,选择状态,打开“本地连接状态”进行操作。详细步骤请见购机时附带的手册 38 | 39 | 登录路由器管理界面 40 | -------- 41 | 42 | 打开网页浏览器,在浏览器的地址栏中输入路由器的 43 | IP地址:192.168.1.1,可以看到下图: 44 | ![路由器 admin管理界面](images/1.3.admin.png) 45 | 46 | 所示登录界面,输入用户名和密码(用户名和密码的出厂默认值均为admin),单击确定按钮 47 | 48 | 备份原厂路由器固件配置文件 49 | -------- 50 | 51 | 登录路由器管理界面后,选择菜单,系统工具→备份和载入配置,可以在如下图所示备份或载入路由器配置文件 52 | 53 | 配置备份功能可以将路由器的设置以文件形式保存到电脑中,以备下次使用;在升级路由器软件或在载入新的配置文件前备份路由器的原有配置,可以有效防止升级软件或载入新配置文件过程中丢失原有配置的问题 54 | 55 | 配置载入功能则可以将先前保存的或已编辑好的配置文件重新载入 56 | ![路由器管理界面备份配置文件](images/1.3.backup.png) 57 | 58 | **相关资源**: 59 | 60 | - -------------------------------------------------------------------------------- /ebook/02.0.md: -------------------------------------------------------------------------------- 1 | 路由器怎么刷 OpenWrt 固件教程 2 | ======================== 3 | 4 | 经过前面的准备,终于要给亲自给路由器刷OpenWrt固件了。有可能失败,有可能成功。一连嘴里念叨FGW (=fuck great wall),一边给自己打气 5 | 6 | OpenWrt有必要装中文管理界面吗 7 | -------- 8 | 9 | 我认为不需要。网上最新最全面的信息都是英文的。GFW在不断进步,我们也要不停地学习。我们要感谢GFW,让我们每天多记几个单词。一些步骤的操作,我特意截图并加上了步骤标识,实在记不住就每次打开这个教程照着图示来 10 | 11 | 在开源的Linux类操作系统里连接OpenWrt进行操作 12 | -------- 13 | 14 | 我认为有必要从现在开始切换到Linux类操作系统了。Windows已经开始走向没落,开源操作系统渐渐赶上闭源商业操作系统 15 | 16 | 为什么呢?随着技术的不断进化,开源的技术合作越来越方便。打个比方,如果佛教老大释珈牟尼,基督教创始人耶稣在世,不开源恐怕也会穷途末路 17 | 18 | 再说OpenWrt就是微型的Linux操作系统,熟悉了Linux,学习OpenWrt就很容易了 19 | 20 | 在以后的教程里,都是在Ubuntu下对OpenWrt进行管理。如果有两台电脑,建议一台装Ubuntu,如果只有一台电脑,可以装Ubuntu和Windows双启动 21 | 22 | --- 23 | 24 | **最简单的路由器刷OpenWrt翻墙方案:** 25 | 26 | - [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang "最简单的路由器刷OpenWrt固件翻墙教程") 27 | 28 | **在线阅读OpenWrt路由器翻墙、科学上网器教程:** 29 | 30 | - [https://fanqiang.software-download.name](https://fanqiang.software-download.name) 31 | - [https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md) -------------------------------------------------------------------------------- /ebook/02.1.md: -------------------------------------------------------------------------------- 1 | 怎样从官网下载OpenWrt固件 2 | ====================== 3 | 4 | 从官网下载最新版的适合自己路由器的OpenWRT固件 5 | -------- 6 | 7 | - 进入OpenWrt固件下载主页面: 8 | 9 | http://downloads.openwrt.org/ 10 | 11 | 截止2018-09,最新稳定发行版: 12 | 13 | OpenWrt 18.06.1 14 | Released: Sat, 18 Aug 2018 15 | 16 | Development Snapshots是开发版,包含最新的功能,但可能不够稳定 17 | 18 | http://downloads.openwrt.org/snapshots/targets/ 19 | 20 | 如果使用Snapshots没有什么问题,当然是最好的选择,否则可以尝试一下稳定发行版 21 | 22 | 下面以稳定版和WR2543举例 23 | 24 | - 选择路由器的CPU类型 25 | 26 | 打开页面后,选择你的路由器的芯片型号进入,很多是ar71xx系列,于是进入了: 27 | 28 | http://downloads.openwrt.org/snapshots/targets/ar71xx/ 29 | 30 | - 选择路由器的 Flash类型 31 | 32 | 再选择Flash类型,比如WR2543是generic,网件WNDR4300路由器是nand 33 | 34 | http://downloads.openwrt.org/snapshots/targets/ar71xx/generic/ 35 | 36 | 再选择你的路由器型号,页面搜索 wr2543,找到了吗。有两个文字供下载,一个文件结尾是 factory.bin,适合原厂固件下刷,另一个文件名结尾是sysupgrade.bin,适合已经是OpenWrt系统下刷 37 | 38 | OpenWrt官方wiki下载OpenWrt固件 for WR2543 39 | -------- 40 | 41 | OpenWrt官方网页上有WR2543N的专页,详细介绍了刷机步骤及注意事项. 42 | 43 | 打开官方Wiki页面 [TP-Link TL-WR2543ND](https://openwrt.org/toh/tp-link/tl-wr2543nd) 44 | 45 | 上面列出了支持的版本: v1.0和v1.2。我的路由器是v1.0的,可以刷,你的版本如果不是这两个,不能确保能刷成功 46 | 47 | 这两个固件都带LuCI 网页管理界面。有时候,如果你升级了不带LuCI的固件,命令行方式又无法搞定OpenWRT上网参数设置,就需要先在电脑里下载带LuCI的固件,scp复制到路由器升级,再通过网页设置 48 | 49 | 有两个固件供下载: 50 | 51 | - [openwrt-ar71xx-generic-tl-wr2543n-v1-squashfs-factory.bin](http://downloads.openwrt.org/snapshots/targets/ar71xx/generic/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-factory.bin) - Installing OpenWRT from factory 52 | - [openwrt-ar71xx-generic-tl-wr2543n-v1-squashfs-sysupgrade.bin](http://downloads.openwrt.org/snapshots/targets/ar71xx/generic/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade.bin) - Upgrading an existing OpenWRT install 53 | 54 | 一定要注意: 55 | 56 | - 在原厂固件上刷OpenWrt, 要用固件文件名带 **factory** 的.bin文件 57 | - 已经刷了OpenWrt固件, 再升级 OpenWrt固件时就要用文件名带 **sysupgrade** 的 .bin文件 58 | 59 | 现在我们是在原厂固件基础上刷 OpenWrt, 自然是下载第一个文件,也就是 openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-factory.bin 60 | 61 | 要确保下载下来的文件完整,下载过程没有中断,如果下载下来的文件不完整,并把这个不完整的文件刷进机器,恢复起来很麻烦,有可能变砖 62 | 63 | - Netgear WNDR4300 预编译翻墙固件,支持xchacha20-ietf-poly1305(2018-10-22): 64 | [https://software-download.name/2015/netgear-wndr4300-openwrt-fanqiang-gujian/](https://software-download.name/2015/netgear-wndr4300-openwrt-fanqiang-gujian/) 65 | 66 | - D-Link DIR-505 预编译翻墙固件 (2018-10-22): 67 | [https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/](https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/) 68 | 69 | - TP-Link TLWR2543 预编译翻墙固件 (2018-10-22): 70 | [https://software-download.name/2014/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade-bin-with-shadowsocks/](https://software-download.name/2014/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade-bin-with-shadowsocks/) -------------------------------------------------------------------------------- /ebook/02.10.md: -------------------------------------------------------------------------------- 1 | 命令行 uci设置OpenWrt ap模式上网参数 2 | ========================== 3 | 4 | 前面章节已经说过了router模式上网的设置方法,主要是设置OpenWrt路由器wan口的拨号上网参数 5 | 6 | OpenWrt路由器工作在ap模式下时,自身不需要拨号上网了,设置稍有不同 7 | 8 | 什么时候需要用到OpenWrt ap模式上网 9 | ---------------------- 10 | 11 | 光纤包月或包年上网时,通信公司一般会给一个猫,如果猫里没有设置自动拨号上网,那么OpenWrt路由器就要用router模式,我们自己手动在OpenWrt里设置拨号上网 12 | 13 | 如果猫里已经设置好拨号上网,从猫的lan拉出一根网线插到电脑的网线接口,电脑直接可以上网了,再把这根网线插到路由器上,这时OpenWrt路由器就要设置成ap模式 14 | 15 | 如果是公司里或者家里有多个路由器,上级路由器里拉出一根网线插到电脑网线接口,电脑直接可以上网了,再把这根网线插到路由器上,这时OpenWrt路由器作为下级路由器,需要设置成ap模式 16 | 17 | OpenWrt路由器AP模式网络设置 18 | ------------------------ 19 | 20 | - **从光猫或上级路由器拉出网线,插到OpenWrt路由器的lan口(注意不是插到wan口)** 21 | 22 | - **命令行登录OpenWrt路由器,设置参数** 23 | 24 | 假设光猫或上级路由器的IP地址是192.168.1.1,我们设置OpenWrt路由器的lan地址是 192.168.1.254,这也是登录OpenWrt路由器的的地址 25 | 26 | uci set network.lan.gateway=192.168.1.1 27 | uci set network.lan.dns=192.168.1.1 28 | uci set network.lan.ipaddr=192.168.1.254 29 | 30 | uci set network.wan.proto=none 31 | 32 | uci commit network 33 | 34 | uci set dhcp.lan.ignore=1 35 | uci commit dhcp 36 | 37 | uci set wireless.@wifi-device[0].disabled=0 38 | uci set wireless.@wifi-iface[0].mode='ap' 39 | uci set wireless.@wifi-iface[0].ssid='eastking' 40 | uci set wireless.@wifi-iface[0].encryption='psk2' 41 | uci set wireless.@wifi-iface[0].key='icanfly9876' 42 | 43 | uci commit wireless 44 | wifi 45 | 46 | /etc/init.d/network restart 47 | 48 | **客户端连接OpenWrt路由器**: 49 | 50 | 如果不需要翻墙,客户端连上OpenWrt路由器后,直接就可以上网了 51 | 52 | 如果上级路由器没有翻墙,客户端需要通过OpenWrt路由器翻墙,客户端连接到OpenWrt路由器后,按照下面设置: 53 | 54 | - 设置客户端连接的的IPv4地址是 192.168.1.6(最后的6不和其他设备的地址相同即可) 55 | - 设置子网掩码为255.255.255.0 56 | - Router(网关)和DNS设为路由器lan口的地址,此处为192.168.1.254 57 | 58 | 原理:以OpenWrt路由器作为DNS服务器,我们已经把OpenWrt设置成翻墙路由器,连上的客户端自然就可以打败功夫网了 59 | 60 | ![OpenWrt路由器AP模式IPV4网络设置](images/2.10.openwrt-ap-iphone-ipv4.jpeg) 61 | 62 | iPhone连接ap模式的翻墙路由器,IPV4设置如上图 63 | 64 | ![OpenWrt路由器AP模式网络设置](images/2.10.openwrt-ap-iphone-dns.jpeg) 65 | 66 | iPhone连接ap模式的翻墙路由器,DNS设置如上图 67 | 68 | **相关资源**: 69 | 70 | - -------------------------------------------------------------------------------- /ebook/02.15.md: -------------------------------------------------------------------------------- 1 | OpenWrt 国内镜像源下载固件 2 | ======================= 3 | 4 | 从国内下载 OpenWrt 官方仓库的软件会比较慢,解决办法是使用国内镜像 5 | 6 | 我们来调整一下 OpenWrt 存储库的设置 7 | 8 | OpenWrt Feed 在 `/etc/opkg/distfeeds.conf` 中设置 9 | 10 | kige@openwrt:~# cd /etc/opkg 11 | kige@openwrt:/etc/opkg# ls 12 | customfeeds.conf distfeeds.conf keys 13 | 14 | kige@openwrt:/etc/opkg# cat dist* 15 | src/gz openwrt_core http://downloads.openwrt.org/releases/18.06.1/targets/ar71xx/nand/packages 16 | src/gz openwrt_base http://downloads.openwrt.org/releases/18.06.1/packages/mips_24kc/base 17 | src/gz openwrt_luci http://downloads.openwrt.org/releases/18.06.1/packages/mips_24kc/luci 18 | src/gz openwrt_packages http://downloads.openwrt.org/releases/18.06.1/packages/mips_24kc/packages 19 | src/gz openwrt_routing http://downloads.openwrt.org/releases/18.06.1/packages/mips_24kc/routing 20 | src/gz openwrt_telephony http://downloads.openwrt.org/releases/18.06.1/packages/mips_24kc/telephony 21 | 22 | 我们更换成中科大的镜像,地址是:http://openwrt.proxy.ustclug.org 23 | 24 | kige@openwrt:/etc/opkg# cp dist* distfeeds.conf.bak 25 | kige@openwrt:/etc/opkg# sed -i s/downloads.openwrt.org/openwrt.proxy.ustclug.org/ /etc/opkg/distfeeds.conf 26 | 27 | 接下来还要做二件事: 28 | 29 | - 把中科大镜像站域名加入 [/etc/dnsmasq.d/custom.china.conf](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/openwrt/default/etc/dnsmasq.d/custom.china.conf) 30 | 31 | 直接修改 [accelerated-domains.china.conf](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/openwrt/default/etc/dnsmasq.d/accelerated-domains.china.conf) 不是好主意,更新文件时我们的修改会被覆盖。`custom.china.conf` 包含了自定义的在国内DNS的域名 32 | 33 | - 把中科大 OpenWrt 镜像的IP地址 `202.141.178.13` 加入 [/etc/shadowsocks-libe/ip_custom.txt](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/openwrt/default/etc/shadowsocks-libev/ip_custom.txt) 34 | 35 | `ip_custom.txt` 是自定义的路由器防火墙忽略的地址,这样即使全局翻墙,中科大OpenWrt镜像还是直连 36 | 37 | 如果你已经把本项目 clone 到了 Windows 下 C 盘根目录,并且按照 [OpenWrt + Git Bash for Windows 快速切换翻墙模式](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/ebook/03.11.md) 设置好了一键切换翻墙模式,那么你不用自己修改以上设置,只要如下操作就行了: 38 | 39 | 调出 Git Bash for Windows,执行命令: 40 | 41 | MinGW64 ~$ cd /C/openwrt-fanqiang/openwrt/default 42 | $ scp etc/dnsmasq.d/custom.china.conf router:/etc/dnsmasq.d/ 43 | $ scp etc/shadowsocks-libev/ip_custom.txt router:/etc/shadowsocks-libev/ 44 | $ ss-restart 45 | $ feeds-cn 46 | 47 | 你可能猜到了 [ss-restart](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/bin/ss-restart) 是自动登录路由器并重启 shadowsocks, 而 [feeds-cn](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/bin/feeds-cn) 则自动登录路由器并修改OpenWrt软件仓库 feeds 为国内镜像 48 | 49 | 这种直接在 OpenWrt 里执行命令的方法可比登录界面再去修改设置高效100倍。快点把你心爱的脚本分享出来,并提交到 https://github.com/softwaredownload/openwrt-fanqiang 这样任何人都可以一键使用你的脚本而不用去研究技术细节了 50 | 51 | **相关资源**: 52 | 53 | - 54 | - 55 | - 56 | - 57 | - -------------------------------------------------------------------------------- /ebook/02.2.md: -------------------------------------------------------------------------------- 1 | 进管理页面刷OpenWrt教程:WR2543路由器为例 2 | =========================== 3 | 4 | 通过有线或无线登录WR2543路由器管理页面 5 | -------- 6 | 7 | 打开浏览器,输入路由器的IP地址: [192.168.1.1](http://192.168.1.1) 8 | -------- 9 | 10 | 回车,在密码验证框,输入用户名: **admin** 密码也是 **admin** 11 | 12 | 进路由器管理页面进行器固件升级 13 | -------- 14 | 15 | 选择菜单系统工具→ 软件升级 16 | ![路由器管理界面升级固件](images/2.2.factory-upgrade.png) 17 | 18 | 点击 **浏览** 按钮选择下载的文件 **openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-factory.bin** 19 | 20 | 注意,文件名必须是...factory.bin 21 | 22 | 再单击 **升级** 进行软件升级。要注意,在刷固件过程中不可停电或其他原因造成中断,否则路由器就变砖了 23 | 24 | 等待几分钟 25 | 26 | 等锁形的指示灯不闪了,在浏览器输入地址: [192.168.1.1](http://192.168.1.1) 回车,如果正常的话,就进入了 OpenWrt 的LuCI网页管理界面了 27 | ![登录OpenWrt luCI管理界面](images/2.2.luci-login.png) 28 | 29 | 默认用户名是root,默认密码是空。点 **Login** 直接登录 30 | 31 | **相关资源**: 32 | 33 | - -------------------------------------------------------------------------------- /ebook/02.3.md: -------------------------------------------------------------------------------- 1 | 管理页面OpenWrt PPPOE自动拨号上网设置教程 2 | ========================== 3 | 4 | 见面界面登录路由器后,就可以设置上网参数了 5 | 6 | 管理后台编辑OpenWrt WAN上网设置 7 | -------- 8 | 9 | 选择上面的 Network,在 Interface里,WAN右边,选择Edit。WAN和ADSL moderm相连,设置拨号上网自然是在WAN而不是LAN. 10 | 11 | ![OpenWrtluCI设置网络](images/2.3.wan-edit.png) 12 | 13 | 管理页面配置OpenWrt PPPOE 自动拨号上网 14 | -------- 15 | 16 | 进去后,在协议 Protocol 下拉列框里,选择拨号上网的协议,也就是 PPPoE, 再点击下面的 Switch Protocol切换协议 17 | 18 | ![OpenWrt路由器luCI设置PPPoE拨号上网](images/2.3.pppoe-switch.png) 19 | 20 | 管理后台设置 OpenWrt PPPOE 自动拨号上网用户名、密码 21 | -------- 22 | 23 | 1. PAP/CHAP username: 拨号上网用户名 24 | 2. PAP/CHAP password: 拨号上网密码 25 | 3. 点击 **Save & Apply** 保存并应用设置 26 | 27 | ![OpenWrt路由器luCI设置PPPoE拨号上网用户名和密码](images/2.3.pppoe-username-password.png) 28 | 29 | 这时,连接LAN的电脑应该已经可以上网了,但无线设备还不行 30 | 31 | **相关资源**: 32 | 33 | - -------------------------------------------------------------------------------- /ebook/02.4.md: -------------------------------------------------------------------------------- 1 | 管理页面OpenWrt开启、设置Wifi教程 2 | ================================ 3 | 4 | 登录OpenWrt路由器管理后台后: 5 | 6 | 选择 Network, Wifi, Edit 7 | -------- 8 | 9 | ![OpenWrt路由器luCI编辑WIFI](images/2.4.wifi-edit.png) 10 | 11 | 点击Enable按钮,这时无线设备已经可以连上Wifi 12 | 13 | -------- 14 | ![OpenWrt路由器luCI启用WIFI](images/2.4.wifi-enable.png) 15 | 16 | 默认ESSID就是OpenWrt,没有密码。不想做活雷锋的加个密码吧 17 | 18 | OpenWrt Wifi密码设置 19 | -------- 20 | 21 | 把ESSID改成 eastking-wr2543,然后: 22 | 23 | - 点击Wireless Security进入OpenWrt无线安全设置 24 | - Encryption加密方式,WPA2-PSK 25 | - Key密码:killgfw 26 | - Save & Apply 保存并应用设置 27 | 28 | ![OpenWrt路由器luCI设置WIFI密码](images/2.4.wifi-security.png) 29 | 30 | 这时,所有无线设备都可以通过OpenWrt路由器上网了 31 | 32 | 33 | OpenWrt管理界面登录密码设置 34 | -------- 35 | 36 | 你注意到没有,网页上方有一个红色的框框(No password set!)一直在提示我们: **小人不得不防,OpenWrt叫你设一个路由器管理界面登录密码呢!** 37 | 38 | 1. 点击最上面的System进入系统设置 39 | 2. 再点击Administration进入管理员设置 40 | 3. 密码Password: fanqiang 41 | 4. 确认密码Confirmation: fanqiang 42 | ![OpenWrt路由器luCI设置管理员密码](images/2.4.admin-password.png) 43 | 5. 其他设置:下面的: 44 | 45 | Gateway ports,勾选 **Allow remote hosts to connect to local SSH forwarded ports**(允许远程主机连接本地SSH转发端口),这样我们就可以用SSH命令行的方式管理路由器。最后点击右下角 Save & Apply保存并应用设置 46 | 47 | **相关资源**: 48 | 49 | - -------------------------------------------------------------------------------- /ebook/02.5.md: -------------------------------------------------------------------------------- 1 | 管理页面备份OpenWrt系统固件 2 | ======================= 3 | 4 | 现在有线和无线上网都正常了。应该把现有的OpenWrt设置备份一下,因为我们还要经常折腾OpenWrt,有时一个设置错误,可能就上不了网,有了备份,就可以快速恢复 5 | 6 | **选择System系统设置** 7 | **选择Backup / Flash Firmware备份恢复固件** 8 | **Actions动作** 9 | **Generate生成备份文件并保存到电脑** 10 | **如果以后你要恢复备份,就点击Browse...浏览并选择先前备份的文件来恢复** 11 | ![OpenWrt路由器luCI备份设置](images/2.5.backup-config.png) 12 | 13 | **相关资源**: 14 | 15 | - -------------------------------------------------------------------------------- /ebook/02.6.md: -------------------------------------------------------------------------------- 1 | 管理页面LuCI升级OpenWrt固件内核版本 2 | =========================== 3 | 4 | 我们现在已经给TP-Link WR2543N刷上了OpenWrt固件,并且可以正常上网了。如果要升级OpenWrt固件,又该怎么做呢? 5 | 6 | 有两个途径升级固件: 7 | 8 | - LuCI web界面升级 9 | - SSH命令行登录路由器升级 10 | 11 | 本节就讲 web管理界面LuCI升级固件的方法 12 | 13 | 下载OpenWrt升级用固件sysupgrade.bin 14 | -------- 15 | 16 | 下载用于WR2543N路由器的升级固件,升级用固件文件名中有sysupgrade字样 17 | 18 | 还是到OpenWrt Wiki页面 [TP-Link TL-WR2543ND](https://openwrt.org/toh/tp-link/tl-wr2543nd) 19 | 20 | 点击下载链接,比如 [http://downloads.openwrt.org/releases/18.06.1/targets/ar71xx/generic/openwrt-18.06.1-ar71xx-generic-tl-wr2543-v1-squashfs-factory.bin](http://downloads.openwrt.org/releases/18.06.1/targets/ar71xx/generic/openwrt-18.06.1-ar71xx-generic-tl-wr2543-v1-squashfs-factory.bin) 21 | 其实这个固件的核心和我们先前安装的...factory.bin一样,我们是出于实验目的,演示升级固件的方法, 22 | 23 | 用前文讲过的方法从网页登录OpenWrt路由器 24 | -------- 25 | 26 | LuCI 开始升级OpenWrt固件内核版本 27 | -------- 28 | 29 | 1. System系统 30 | 2. Backup / Flash Firmware备份或刷新固件 31 | 3. Flash new firmware, Browse...选择我们刚下载下来的固件 32 | 4. Flash image...刷新固件 33 | 34 | 注:如果Keep settings保持勾选,升级固件后,原来的设置就会保留,不用重新设置拨号上网参数 35 | ![OpenWrt路由器luCI界面升级固件](images/2.6.luci-sysupgrade.png) 36 | 37 | **相关资源**: 38 | 39 | - -------------------------------------------------------------------------------- /ebook/02.7.md: -------------------------------------------------------------------------------- 1 | 怎样进入OpenWrt 安全恢复模式(WR2543N为例) 2 | ==================================== 3 | 4 | 有时候,我们可能操作失误,无法进入LuCI网页界面管理恢复固件,这时就需要进入安全模式来恢复了 5 | 6 | 不同的路由器,进入安全模式的方法可能有所差别,本文系列适用于 TP-LINK WR2543N 7 | 8 | 安全模式是玩OpenWrt的救命仙丹。能熟练进入安全模式来恢复设置,是OpenWrt已经上手的一个标志 9 | 10 | 进入安全模式时,没有无线连接可用,所以我们要有线的方式登录OpenWrt。OpenWrt默认的IP地址是192.168.1.1,我们要设置电脑有线连接的IP地址类似于192.168.1.x, 其中x是2至255的数字 11 | 12 | WR2543N无线路由器进入OpenWrt安全模式的方法: 13 | 14 | 1. 用网线把路由器和电脑连接起来,设置电脑网卡的IPv4地址 15 | 16 | 以Ubuntu为例,点击桌面右上角连接符号,选择 **Edit Connections**, 再选择 Ethernet连接,点击 Edit 按钮,在弹出的窗口中选择 IPv4 Settings, Method选择Manual,Address栏点击Add,设置如下: 17 | * Address: 192.168.1.97 18 | * Netmask: 255.255.255.0 19 | * Gateway: 192.168.1.1 20 | 21 | ![Ubuntu设置有线连接IPv4地址](images/2.7.editing-wired-connection.png) 22 | 23 | 2. 在Ubuntu运行命令: 24 | 25 | sudo tcpdump -Ani eth0 port 4919 and udp 26 | 27 | 3. 重启路由器,当WR2543N的锁形指示灯刚一开始闪烁时,立即按路由器背面的wps按钮3次 28 | 29 | 4. Ubuntu命令行界面出现: 30 | > Please press button now to enter failsafe 31 | 32 | ![WR2543路由器进入安全恢复模式](images/2.7.enter-failsafe.png) 33 | 34 | 5. Ubuntu命令行执行(有时可以不需tcpdump直接telnet): 35 | 36 | telnet 192.168.1.1 37 | 38 | 这时就成功登录了OpenWrt,如下图: 39 | ![telenet登录wr2543路由器](images/2.7.busybox.png) 40 | 41 | 6. 设置登录OpenWrt SSH登录密码: 42 | 43 | passwd 44 | #输入密码 fanqiang 45 | 46 | 如果出现: 47 | 48 | passwd: /etc/passwd: Read-only file system 49 | passwd: can't update passwd file /etc/passwd 50 | 51 | 就输入 `mount_root` 再重新passwd设置管理员密码 52 | 53 | 如下图: 54 | 55 | ![OpenWrt路由器mount_root](images/2.7.passwd.png) 56 | 57 | telnet登录路由器后,可以用vi命令修改设置 58 | 59 | 这时如果你试图用浏览器登录192.168.1.1进入管理界面的话,可能失败 60 | 61 | 重启路由器,路由器锁形指示灯先是慢闪,到变成常亮时,你又可以登录 192.168.1.1管理界面。一切恢复正常 62 | 63 | **相关资源**: 64 | 65 | - -------------------------------------------------------------------------------- /ebook/02.8.md: -------------------------------------------------------------------------------- 1 | OpenWrt sysupgrade 命令行升级固件内核版本 2 | ==================================== 3 | 4 | 下面我们要使用 sysupgrade 更新固件到新版 5 | 6 | 要注意的是,如果刷的是开发版,可能不稳定,刷机风险自己承担 7 | 8 | 在浏览器里登录 192.168.1.1 进行固件升级是比较简单的。今天我们要尝试的的是命令行刷机升级。命令行的方式更强大 9 | 10 | SSH登录路由器 11 | -------- 12 | 13 | 在Ubuntu里,按Ctrl+Alt+T打开命令行终端,输入: 14 | 15 | ssh root@192.168.1.1 16 | 17 | 输入密码,登录成功 18 | 19 | ![openwrt ssh login](images/2.8.ssh-login.png) 20 | 21 | 进入OpenWrt /tmp目录 22 | -------- 23 | 24 | cd /tmp 25 | 26 | 检查OpenWrt路由器是否有足够的内存 27 | -------- 28 | 29 | df -h 30 | 31 | 可以看出, **/tmp** 还有29.5MB可用空间,而升级固件在3MB左右,足够了 32 | 33 | ![check free RAM](images/2.8.free-ram.png) 34 | 35 | 下载OpenWrt最新trunk版本固件 36 | -------- 37 | 38 | - 在Ubuntu里浏览器打开 [http://downloads.openwrt.org/snapshots/targets/](http://downloads.openwrt.org/snapshots/targets/) 39 | 40 | - TP-LINK WR2543N路由器的芯片类型是ar71xx,就点击 [ar71xx](http://downloads.openwrt.org/snapshots/targets/ar71xx/) 目录进入。要注意,路由器的芯片类型千万不能搞错,不同路由器很可能是不同的 41 | 42 | ![OpenWrt snapshots trunk](images/2.8.snapshots-trunk.png) 43 | 44 | - TP-LINK WR2543路由器的Flash类型为 generic,于是进入了 http://downloads.openwrt.org/snapshots/targets/ar71xx/generic/ 45 | 46 | - 按Ctrl+F查找自己的路由器型号。比如我输入的是 **wr2543**, 有两个固件,升级用的是 **sysupgrade.bin**文件。右键点击该链接,复制下载地址。在FireFox里是 **Copy Link Location**复制链接地址 47 | 48 | - 回到Ubuntu命令行终端, 下载固件到 **/tmp** 目录。TP-LINK wr2543路由器是这样的: 49 | 50 | root@OpenWrt:/tmp# wget http://downloads.openwrt.org/snapshots/targets/ar71xx/generic/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade.bin 51 | 52 | sha256校验,确保下载的固件完整 53 | -------- 54 | 55 | root@OpenWrt:/tmp# wget http://downloads.openwrt.org/snapshots/targets/ar71xx/generic/sha256sums 56 | root@OpenWrt:/tmp# sha256sum -c sha256sums 2> /dev/null | grep OK 57 | openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade.bin: OK 58 | 59 | 输出结尾是OK,说明固件是完整的 60 | 61 | OpenWrt sysupgrade命令升级OpenWrt固件 62 | -------- 63 | 64 | root@OpenWrt:/tmp# sysupgrade -v openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade.bin 65 | ... 66 | Upgrade completed 67 | Rebooting system... 68 | 69 | 过约2分钟,等路由器重启成功,如果没有意外,会发现有线和无线上网都正常。但浏览器192.168.1.1无法登录,因为snapshots版本固件是不带LuCI网页管理界面的。没有也好,可以节省路由器的存储空间,也可以学习一下命令行管理OpenWrt路由器 70 | 71 | **相关资源**: 72 | 73 | - 74 | - -------------------------------------------------------------------------------- /ebook/02.9.md: -------------------------------------------------------------------------------- 1 | 命令行 uci设置 OpenWrt router 模式拨号上网 2 | =========================== 3 | 4 | 如果路由器可以正常上网的前提,我们可以ssh登录路由器,直接在路由器的/tmp目录wget下载最新版固件并sysupgrade命令进行固件升级 5 | 6 | 有时候,路由器无法上网,这时候,可以在电脑里下载好固件,再把固件复制到路由器,再sysupgrade升级或设置其他参数 7 | 8 | 只要能进入路由器的安全模式,并ssh登录路由器,一切都不是问题 9 | 10 | Ubuntu下载OpenWrt for TP-LINK wr2543N trunk版固件 11 | -------- 12 | 13 | cd ~/Downloads 14 | wget http://downloads.openwrt.org/snapshots/targets/ar71xx/generic/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade.bin 15 | 16 | scp复制固件到OpenWrt路由器 /tmp目录 17 | -------- 18 | 19 | scp openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/ 20 | 21 | ssh登录OpenWrt路由器 22 | -------- 23 | 24 | ssh root@192.168.1.1 25 | cd /tmp 26 | 27 | sysupgrade升级固件并取消保留原来配置文件 28 | -------- 29 | 30 | 注意,升级后将无法上网,也没有LuCI网页界面可以设置,必须以命令行方式设置好上网参数 31 | 32 | 如果在下面的实验中,命令行方式无法搞定路由器上网,就只能在电脑里下载好带luCI的固件,scp复制固件到路由器升级固件,然后以网页方式设置上网 33 | 34 | 在进行这一步前,确保你熟练掌握以前部分教程 35 | 36 | root@OpenWrt:/tmp# sysupgrade -n openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade.bin 37 | 38 | 参数 `-n` 表示升级时不保留原来的配置文件。固件刷好后会自动重启,这时要用前文教程讲过的方法进入OpenWrt安全模式,登录路由器并重新设置root密码 39 | 40 | 下面假设你已经登录了路由器并设好了root密码 41 | 42 | OpenWrt uci命令行设置拨号上网: 43 | -------- 44 | 45 | root@OpenWrt: uci set network.wan.proto='pppoe' 46 | root@OpenWrt: uci set network.wan.username='wan-username' 47 | root@OpenWrt: uci set network.wan.password='wan-password' 48 | root@OpenWrt: uci set network.wan.peerdns=0 49 | 50 | wan-username替换成你自己的拨号上网用户名,wan-password替换成你自己的密码 51 | 52 | 以上命令行的操作对象是文件 /etc/config/network 53 | 54 | OpenWrt uci命令行设置无线上网: 55 | -------- 56 | 57 | root@OpenWrt: uci set wireless.@wifi-device[0].channel=11 58 | root@OpenWrt: uci set wireless.@wifi-device[0].txpower=17 59 | root@OpenWrt: uci set wireless.@wifi-device[0].disabled=0 60 | root@OpenWrt: uci set wireless.@wifi-device[0].country='CN' 61 | root@OpenWrt: uci set wireless.@wifi-iface[0].mode='ap' 62 | root@OpenWrt: uci set wireless.@wifi-iface[0].ssid='eastking-tlwr2543' 63 | root@OpenWrt: uci set wireless.@wifi-iface[0].encryption='psk2' 64 | root@OpenWrt: uci set wireless.@wifi-iface[0].key='icanfly9876' 65 | root@OpenWrt: uci commit wireless >/dev/null 66 | 67 | 以上命令实际上是应用在 /etc/config/wireless 文件上 68 | 69 | **uci设置说明**: 70 | 71 | - channel 信道 72 | - txpower 功率 73 | - disabled 是否启用无线,0表示启用 74 | - ssid 名称,推荐后面以路由器型号结尾,这样调试多个路由器时不会混淆 75 | - encryption 加密方式 76 | - key 无线密码,如果你照上文的设置不动,好处是忘记密码时可以上 [http://www.github.com/softwaredownload/openwrt-fanqiang](http://www.github.com/softwaredownload/openwrt-fanqiang) 来查看 77 | 78 | 允许远程主机用ssh的方式登录路由器及设置时区 79 | -------- 80 | 81 | root@OpenWrt: uci set dropbear.@dropbear[0].GatewayPorts='on' 82 | root@OpenWrt: uci set system.@system[0].zonename='Asia/Shanghai' 83 | root@OpenWrt: uci set system.@system[0].timezone='CST-8' 84 | root@OpenWrt: uci commit system 85 | 86 | ssh登录OpenWrt相关高级设置(你可能暂时用不到) 87 | -------- 88 | 89 | root@OpenWrt: uci set dropbear.@dropbear[0].Port=22 90 | root@OpenWrt: uci set dropbear.@dropbear[0].PasswordAuth=off 91 | root@OpenWrt: uci set dropbear.@dropbear[0].RootPasswordAuth=off 92 | root@OpenWrt: uci commit dropbear 93 | 94 | **说明(不懂千万别乱设)**: 95 | 96 | - Port ssh默认端口就是22,可以改成其他的提高安全性 97 | - PasswordAuth ssh是否启用密钥登录。如果你改成off,又没有设置好ssh私钥和安装好LuCI,你将无法ssh方式登录路由器,唯一的办法就是安全恢复模式登录重新开始设置 98 | - RootPasswordAuth 是否允许root用密码登录,如果已经设置好了ssh私钥就可以改成off增加安全性 99 | 100 | 启用新的网络和无线设置 101 | -------- 102 | 103 | root@OpenWrt: /etc/init.d/dropbear restart 104 | root@OpenWrt: /etc/init.d/system restart 105 | root@OpenWrt: /etc/init.d/network restart 106 | 107 | 怎么样,有线和无线上网又都回来了吧! 108 | 109 | 注意,有的人在网上贴出了他的完整配置文件/etc/config/network 和/etc/config/wireless, 如果你复制他的文件覆盖你的文件,再修改用户名和密码,可能会出问题,因为不同路由器的硬件配置可能不同 110 | 111 | **相关资源**: 112 | 113 | - 114 | -------------------------------------------------------------------------------- /ebook/03.0.md: -------------------------------------------------------------------------------- 1 | OpenWrt + shadowsocks-libev 实现路由器自动翻墙 2 | ======================================= 3 | 4 | 相信经过前面的教程,大家对OpenWrt和Linux Ubuntu有一定的熟悉了。如果还不熟悉Ubuntu,就安装Ubuntu,实际使用一个月 5 | 6 | 前面的文章都是技术准备,有基础的读者可以略过。在本章中,我们要OpenWrt路由器安装 shadowsocks-libev来实践翻墙 7 | 8 | --- 9 | 10 | **最简单的路由器刷OpenWrt翻墙方案:** 11 | 12 | - [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang "最简单的路由器刷OpenWrt固件翻墙教程") 13 | 14 | **在线阅读OpenWrt路由器翻墙、科学上网器教程:** 15 | 16 | - [https://fanqiang.software-download.name](https://fanqiang.software-download.name) 17 | - [https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md) -------------------------------------------------------------------------------- /ebook/03.1.md: -------------------------------------------------------------------------------- 1 | 什么是shadowsocks-libev翻墙软件 2 | ============================ 3 | 4 | shadowsocks-libev 是一个 shadowsocks 协议的轻量级实现,是 shadowsocks-android, shadowsocks-ios 以及 shadowsocks-openwrt 的上游项目。其具有以下特点: 5 | 6 | 1. 体积小巧。静态编译并打包后只有 100 KB 7 | 2. 高并发。基于 libev 实现的异步 I/O,以及基于线程池的异步 DNS,同时连接数可上万 8 | 3. 低资源占用。几乎不占用 CPU 资源,服务器端内存占用一般在 3MB 左右 9 | 4. 跨平台。适用于所有常见硬件平台,已测试通过的包括 x86,ARM 和 MIPS。也适用于大部分 POSIX 的操作系统或平台,包括 Linux,OS X 和 Cygwin 等 10 | 5. 协议及配置兼容。完全兼容 shadowsocks 协议,且兼容标准实现中的 JSON 风格配置文件,可与任意实现的 shadowsocks 客户端或服务端搭配使用 11 | 12 | shadowsocks-libev 包括服务端和客户端两部分,一共三个模块 13 | 14 | 1. ss-server:服务器端,部署在远程服务器,提供 shadowsocks 服务 15 | 2. ss-local:客户端,提供本地 socks5 协议代理 16 | 3. ss-redir:客户端,提供本地透明代理,需要与 iptables NAT 表配合使用 17 | 4. ss-tunnel: 客户端,本地端口转发 18 | 19 | **相关资源**: 20 | 21 | - 22 | - -------------------------------------------------------------------------------- /ebook/03.11.md: -------------------------------------------------------------------------------- 1 | OpenWrt + Git Bash for Windows 快速切换翻墙模式:全局翻墙或局部翻墙 2 | ============== 3 | 4 | [本项目](https://github.com/softwaredownload/openwrt-fanqiang) [/openwrt-fanqiang/bin](https://github.com/softwaredownload/openwrt-fanqiang/tree/master/bin) 下有三个文件,用来切换不同的翻墙模式,分别是: 5 | 6 | - 翻墙时忽略亚洲IP: ss-firewall-asia 7 | 8 | - 全局翻墙模式,所有流量加密:ss-firewall-global 9 | 10 | - 翻墙时忽略中国IP: ss-firewall-china 11 | 12 | 为什么要作这样的细分? 13 | 14 | - 有些外网,如果不是全局翻墙,可能打不开 15 | - 如果翻墙时忽略中国IP,因中国区IP列表较长,对有些路由器压力较大,因此默认翻墙时忽略亚洲IP 16 | 17 | 如果你的路由器里面没有这几个文件,请先把它们复制到路由器里 18 | 19 | 怎样手动切换翻墙模式 20 | ----------------- 21 | 22 | 本项目 `/openwrt/default/etc/init.d/shadowsocks` 文件里有如下代码: 23 | 24 | /usr/bin/ss-firewall-asia 25 | #/usr/bin/ss-firewall-global 26 | #/usr/bin/ss-firewall-china 27 | 28 | 切换方法是命令行登录路由器,修改这四行代码,把不需要行的注释掉(以#开始),把需要的行启用(去掉开始处#) 29 | 30 | 如果是一次性修改,命令行切换翻墙模式也不麻烦 31 | 32 | 更常用的场景是,平时设置翻墙时忽略中国或亚洲IP,浏览外网时,某些外网可能打不开,这时需要切换到全局翻墙模式,如果每次都命令行登录路由器手动切换,就有点费时了 33 | 34 | 有没有更加简单的方便,特别是在 Windows 下? 35 | 36 | OpenWrt 路由器设置 ssh 免密码登录原理 37 | ----------------- 38 | 39 | 网上教程很多,可以用 `openwrt 免密码` 搜索教程了解详细原理,这里略过 40 | 41 | 安装 Git for Windows 42 | -------------- 43 | 44 | 安装并设置 Git for Windows后,我们就有了一个类似 Linux 下的 bash 环境,做到不同系统操作习惯类似,带来了很大的便利 45 | 46 | - 下载地址: https://git-scm.com/download/win 47 | 48 | - Select Components 49 | 50 | 选择组件 步骤时,确认选中以几项(默认已经选中) 51 | 52 | - Windows Explorer integration 53 | 54 | 和 Windows 资源管理器整合,安装完成后,在文件夹右击,就可以 `Git Bash here` 打开当前目录下的 bash,十分方便 55 | 56 | - Associate .sh files to be run with Bash 57 | 58 | .sh 文件由 Bash 执行,和Linux 下一样,双击 .sh 文件可以运行了 59 | 60 | - Choosing the default editor used by Git 61 | 62 | 选择默认编辑器,默认是Vim,联准了:) 63 | 64 | - Adjusting your PATH environment 65 | 66 | 调整 PATH 环境变量,默认是选中第一项 `Use Git from Git Bash onley`,如果只是从 Git Bash使用Git,那么选中这项就可以了 67 | 68 | 选中 `Use Git from the Windows Command Prompt` 好处是可以让安装程序把 git.exe 的目录加入系统 Path 环境变量,于是其他软件也可以从命令行调用 git 了 69 | 70 | - Choosing the SSH executable 71 | 72 | 默认是 `Use OPenSSH`,很好,我们正需要和 Linux 下 ssh 操作习惯一致 73 | 74 | 最简单安装方法,全部安装默认。如果有需要修改的地方,可以重新再安装一次 75 | 76 | 配置 ssh config,实现自动登录路由器 77 | ----------------- 78 | 79 | 64位系统,安装64位git,默认安装目录是: 80 | 81 | C:\Program Files\Git 82 | 83 | ssh 系统config文件是: 84 | 85 | C:\Program Files\Git\etc\ssh\ssh_config 86 | 87 | 不建议把自定义设置写在这个文件里,以免重装Git后被覆盖。下面把自定义设置放在用户设置里 88 | 89 | 按 Windows 键,输入 git bash 回车,默认进入的是 $HOME 目录 90 | 91 | 以下操作是 Linux 下一样的 92 | 93 | # 列出当前目录,也就是 C:\Users\your_name 下的内容 94 | $ ls 95 | 96 | $ mkdir .ssh 97 | $ cd .ssh 98 | $ ls 99 | $ touch config 100 | $ vi config 101 | 102 | 输入下面内容: 103 | 104 | Host router 105 | HostName 192.168.1.1 106 | User root 107 | Port 22 108 | IdentityFile /path/to/rsa 109 | 110 | 如果配置正确,运行下面命令就可以自动登录路由器(router)了 111 | 112 | # 自动登录路由器 113 | $ ssh router 114 | 115 | 如果你电脑里的所有重要文件都保存在云盘,那么可以创建链接文件,这时 $HOME/.ssh/config 只是个链接,实际文件在云盘里,删除链接文件并不会删除实际文件 116 | 117 | - 按 Windws + X 118 | - Command Prompt(Admin) 控制台(管理员) 119 | 120 | 执行如下命令: 121 | 122 | C:\WINDOWS\system32> cd %homepath% 123 | C:\Users\name> cd .ssh 124 | C:\Users\name\.ssh> del config 125 | C:\Users\name\.ssh> mklink config C:\cloud_app\ssh\config 126 | 127 | 路由器一键切换四种翻墙模式 128 | ---------------------- 129 | 130 | 配置好免密码登录路由器后,大功已经成就了一半 131 | 132 | 创建一个 test.sh,内容如下: 133 | 134 | #!/bin/sh 135 | 136 | ssh router <<'ENDSSH' 137 | 138 | # Arbitrary commands here execute on router 139 | 140 | ENDSSH 141 | 142 | 前面我们在安装 Git for Windows 的时候,已经选中 .sh 文件由 Bash 执行,这时双击 test.sh,就会自动登录路由器并执行中间的命令 143 | 144 | 比如,我们创建 ss-global.sh,双击,就能自动切换到路由器全局翻墙模式: 145 | 146 | **ss-global.sh**: 147 | 148 | #!/bin/sh 149 | 150 | ssh router <<'ENDSSH' 151 | 152 | sed -i -e 's@^\(\s*\)\(/.\+ss-firewall\)@\1#\2@g' -e 's@^\(\s*\)#\(/.\+ss-firewall-global$\)@\1\2@' /etc/init.d/shadowsocks 153 | /etc/init.d/shadowsocks restart 154 | 155 | ENDSSH 156 | 157 | 2018-10 起,本项目 openwrt-fanqiang/bin 下新增几个文件用来切换路由器的翻墙模式: 158 | 159 | - ss-asia 翻墙时忽略亚洲IP 160 | - ss-global 切换到全局翻墙模式 161 | - ss-china 翻墙时忽略中国IP 162 | 163 | 给它们加上 .sh 后缀并放在桌面,就可以一键切换翻墙模式了 164 | 165 | git bash 快速切换四种翻墙模式 166 | --------------------- 167 | 168 | 如果上面几个文件不是放在桌面,就要先进入特定目录才能执行命令,这种情况下有没有更加简便的办法呢 169 | 170 | 办法有很多,我们可以把这四个文件的目录加入到 git bash 的 $PATH 环境变量中,然后在 bash 中输入文件名就可以自动执行命令了 171 | 172 | 按 Windos 键,输入 `git bash` 回车 调出 bash 173 | 174 | 假设你把本项目 https://github.com/softwaredownload/openwrt-fanqiang clone 到了 C 盘根目录,在 Git Bash 里执行如下命令: 175 | 176 | $ vi ~/.bashrc 177 | 178 | # add line to it 179 | PATH="$PATH:/c/openwrt-fanqiang/bin" 180 | 181 | 也就是在 bash 环境变量 PATH 后面加上特定目录,设置好后关闭 Git Bash 再调出以使修改生效 182 | 183 | ![调出Git Bash for Windows](images/3.11.run-git-bash-for-windows.png) 184 | 185 | 上图,Windows 10 下快速调出 Git Bash for Windows 186 | 187 | ![Git Bash for Windows里执行命令](images/3.11.execute-bash-command.png) 188 | 189 | 上图,在 Git Bash 命令提示符里输入命令,回车执行。一般的 Linux 脚本,都可以这样在Windows下执行 190 | 191 | 切换翻墙模式应用场景: 192 | ---------- 193 | 194 | - 浏览外网,某网打不开或打开很慢 195 | 196 | - 按Windows键,输入关键词,回车,调出 Git Bash 197 | - 输入 `ss-global` 回车开始全局翻墙 198 | - 浏览外网结束,调出 Git Bash 199 | - 输入 `ss-asia` 回车,翻墙忽略亚洲IP 200 | 201 | **相关资源**: 202 | 203 | - 204 | - 205 | - 206 | - -------------------------------------------------------------------------------- /ebook/03.2.md: -------------------------------------------------------------------------------- 1 | 翻墙软件Shadowsocks-libev服务端设置 2 | =============================== 3 | 4 | 要利用 shadowsocks-libev翻墙,首先要有一台国外的服务器安装并运行shadowsocks 服务端。如果还没有服务器,可以到业界著名的 [Digital Ocean](https://m.do.co/c/89497bd485e0) 购买一台SSD虚拟服务器VPS,全SSD硬盘,速度极快 5 | 6 | Ubuntu安装 shadowsocks-libev服务端 7 | -------- 8 | 9 | for Debian 9("Stretch"), unstable, Ubuntu 16.10 and later derivatives: 10 | 11 | sudo apt-get update 12 | sudo apt-get install shadowsocks-libev 13 | 14 | for other versions: 15 | 16 | #Add GPG public key: 17 | wget -O- http://shadowsocks.org/debian/1D27208A.gpg | sudo apt-key add - 18 | 19 | # Ubuntu 14.04 or above 20 | sudo add-apt-repository "deb http://shadowsocks.org/ubuntu trusty main" 21 | 22 | # Debian Wheezy, Ubuntu 12.04 or any distribution with libssl > 1.0.1 23 | sudo add-apt-repository "deb http://shadowsocks.org/debian wheezy main" 24 | 25 | sudo apt-get update 26 | sudo apt-get install shadowsocks-libev 27 | 28 | Ubuntu 16.10上确认shadows-libev已经运行: 29 | 30 | sudo systemctl status shadowsocks-libev 31 | 32 | 上述命令的效果: 33 | 34 | - 安装ss-local ss-redir ss-server ss-tunnel...到 /usr/bin 35 | - 启动文件 /etc/init.d/shadowsocks-libev 36 | - 配置文件 /etc/shadowsocks-libev/config.json (旧版是/etc/shadowsocks/config.json) 37 | - 一些默认启动配置 /etc/default/shadowsocks-libev (旧版是/etc/default/shadowsocks) 38 | 39 | 编辑shadowsocks-libev配置文件 40 | -------- 41 | 42 | sudo vi /etc/shadowsocks-libev/config.json 43 | 44 | 改成类似如下: 45 | 46 | { 47 | "server":["[::0]","0.0.0.0"], 48 | "server_port":1098, 49 | "password":"killgfw", 50 | "method":"chacha20-ietf-poly1305", 51 | "ipv6_first":true, 52 | "dns_ipv6":true, 53 | "fast_open":true, 54 | "timeout":600 55 | } 56 | 57 | 简要解释如下: 58 | 59 | - "server":["[::0]","0.0.0.0"] 60 | 61 | 监听本机IPv6和IPv4地址 62 | 63 | - "server_port":1098 64 | 65 | shadowsocks-libev 服务端 ss-server 监听的端口 66 | 67 | - "password":"killgfw" 68 | 69 | shadowsocks-libev客户端加密通信的密码,有以下几个要求: 70 | 71 | - shadowsocks服务端和客户端密码必须一致 72 | - 密码长度不少于6位 73 | 74 | - "method":"chacha20-ietf-poly1305" 75 | 76 | 加密算法,详见 [Shodowsocks不同加密算法的区别](03.8.md) 77 | 78 | - "fast_open":true 79 | 80 | 一种加速数据传送的优化,必须要设置好才能启用这个选项。如果没有设置过,值先改成 false 81 | 82 | 详见 [Ubuntu OpenWrt 开启 TCP Fast Open (TFO)流量加速](06.01.md) 83 | 84 | 防火墙 ufw 设置 85 | -------- 86 | 87 | ufw 是Ubuntu设置防火墙的工具,查看 ufw 是否已经启用: 88 | 89 | sudo systemctl status ufw 90 | 91 | 在 [Digital Ocean](https://m.do.co/c/89497bd485e0) 创建 VPS 后,默认没有启用 ufw,可以这样启用: 92 | 93 | sudo ufw enable 94 | 95 | 启用了ufw以后,那么要用如下命令开放server_port,注意把下面的1098换成你的实际端口: 96 | 97 | sudo ufw allow 1098 98 | 99 | 查看 ufw 状态 100 | 101 | sudo ufw status 102 | 103 | 查看 ss-server 监听的端口: 104 | 105 | netstat -lnp 106 | 107 | 你可以给 ss-server 启动参数加上或去掉 `-u` 运行 netstat 命令看看区别 108 | 109 | 给 shadowsocks-libev 创建 ufw profile 110 | -------------- 111 | 112 | 我们也可以换一种方式开放 1098 端口 给 shadowsocks-libev 服务端 ss-server 113 | 114 | $ cd /etc/ufw/applications.d/ 115 | $ sudo vi shadowsocks 116 | 117 | # add lines 118 | [shadowsocks-libev] 119 | title=shadowsocks-libev 120 | description=shadowsocks-libev server 121 | ports=1098/udp|1098/tcp 122 | 123 | 然后我们可以这样给shadowsocks-libev添加防火墙规则: 124 | 125 | $ sudo ufw allow shadowsocks-libev 126 | Rule added 127 | Rule added (v6) 128 | 129 | $ sudo ufw status verbose | grep 1098 130 | 1098/udp (shadowsocks-libev) ALLOW IN Anywhere 131 | 1098/tcp (shadowsocks-libev) ALLOW IN Anywhere 132 | 1098/udp (shadowsocks-libev (v6)) ALLOW IN Anywhere (v6) 133 | 1098/tcp (shadowsocks-libev (v6)) ALLOW IN Anywhere (v6) 134 | 135 | 更加清楚地显示了谁监听在什么端口 136 | 137 | 如果前面已经运行了 `sudo ufw allow 1098` 可以这样删除重复规则: 138 | 139 | sudo ufw delete allow 1098 140 | 141 | 再用 netstat 命令查看一下 shadowsocks-libev 监听的端口: 142 | 143 | $ sudo netstat -lnp | grep ss-server 144 | tcp 0 0 0.0.0.0:1098 0.0.0.0:* LISTEN 2414/ss-server 145 | tcp6 0 0 :::1098 :::* LISTEN 2414/ss-server 146 | udp 0 0 0.0.0.0:1098 0.0.0.0:* 2414/ss-server 147 | udp6 0 0 :::1098 :::* 2414/ss-server 148 | 149 | 控制shadowsocks-libev的方法 150 | -------- 151 | 152 | 在Ubuntu 16.10上安装shadows-libev后,默认已经随机启动了 153 | 154 | sudo service shadowsocks-libev restart 155 | sudo service shadowsocks-libev start 156 | sudo service shadowsocks-libev stop 157 | 158 | 查看ss-server是否已经启动并且带有 -u启动参数 159 | -------- 160 | 161 | ps ax | grep ss-server 162 | 163 | 如果启动正常,返回结果类似如下: 164 | 165 | /usr/bin/ss-server -c /etc/shadowsocks-libev/config.json -u 166 | 167 | 注意其中有-u。如果shadowsocks客户端启用了udp relay, 而服务端启动时不带-u参数,翻墙自然就失败了 168 | 169 | **相关资源**: 170 | 171 | - 172 | - 173 | - -------------------------------------------------------------------------------- /ebook/03.3.md: -------------------------------------------------------------------------------- 1 | OpenWrt路由器运行 shadowsocks-libev ss-local 客户端 2 | ==================================== 3 | 4 | shadowsocks-libev for OpenWrt 要和 OpenWrt 版本一致,否则可能无法安装,或者安装了不能启动 5 | 6 | shadowsocks-libev选择 OpenSSL 版还是 PolarSSL 版 7 | -------- 8 | 9 | 根据依赖的 SSL 库可分为 OpenSSL 和 PolarSSL 两种版本OpenSSL 版依赖 libopenssl, 支持加密方式多, 体积大 10 | PolarSSL 版依赖 libpolarssl, 体积小, 加密方式少 11 | 12 | 如果内存大就选OpenSSL版,反之则选PolarSSL版 13 | 14 | 安装shadowsocks-libev客户端到OpenWrt路由器(星号替换成实际的字符) 15 | -------- 16 | 17 | ~/Downloads$ scp shadowsocks-libev-polarssl_*_ar71xx.ipk root@192.168.1.1:/tmp/ 18 | ~/Downloads$ ssh root@192.168.1.1 19 | root@OpenWrt:~# cd /tmp 20 | root@OpenWrt:~# opkg install shadowsocks-libev-polarssl_1.*.*_ar71xx.ipk 21 | 22 | 修改shadowsocks-libev客户端配置 23 | -------- 24 | 25 | root@OpenWrt:~# vi /etc/shadowsocks-libev/config.json 26 | 27 | 改成类似如下: 28 | 29 | { 30 | "server":"1.0.9.8", 31 | "server_port":1098, 32 | "local_port":7654, 33 | "password":"killgfw", 34 | "method": "chacha20-ietf-poly1305" 35 | } 36 | 37 | 注意,server IP必须修改你的实际IP。其他可以保持默认 38 | 39 | shadowsocks代理上网测试 40 | -------- 41 | 42 | - 启动shadowsocks 客户端: 43 | 44 | root@OpenWrt:~# ss-local -c /etc/shadowsocks-libev/config.json 45 | 46 | - Ubuntu浏览器代理上网设置,以FireFox配合AutoProxy为例,增加Proxy Server, Proxy Host填192.168.1.1,Port是7654, 勾选Sock5.如下图: 47 | 48 | ![FireFox设置 socks5代理上网](images/3.3.autoproxy.png) 49 | 50 | Ubuntu设置AutoProxy的默认代理是shadowsocks,就可以打开被墙的网站如[YouTube.com](http://www.youtube.com) 51 | 52 | Windows 电脑使用 shadowsocks-libev 客户端 ss-local 翻墙的方法见下面链接: 53 | 54 | [https://fanqiang.software-download.name/ebook/04.8.html](https://fanqiang.software-download.name/ebook/04.8.html) 55 | 56 | 以前我在每台电脑上都运行一个shadowsocks客户端,每台电脑都要像上面这样配置浏览器代理上网翻墙。但是还是太复杂,如果家里有十台上网设备,所有要连国外网站的软件都可能要配置代理访问,有些软件还根本没有设置代理的接口。有没有更简单的方法呢? 57 | 58 | 现在路由器里安装了shadowsocks,所有有线和无线上网设备都不用分别安装shadowsocks了,非常方便 59 | 60 | **相关资源**: 61 | 62 | - 63 | -------------------------------------------------------------------------------- /ebook/03.4.md: -------------------------------------------------------------------------------- 1 | 史上最通俗易懂的OpenWrt翻墙路由器解释 2 | =============================== 3 | 4 | 什么是域名和IP地址 5 | -------- 6 | 7 | 每个网站都可以有两个唯一标识:域名和IP地址。域名相当于人的名字,IP地址相当于该人使用的电话号码。(不同之处:域名是唯一的,人的名字会有重名) 8 | 9 | 网站为什么要有两个标识?域名是为了方便人类记忆的,比如[YouTube.com](https://www.youtube.com),而电脑处理却喜欢处理数字,纯数字格式的IP地址就是为了让电脑查找计算方便些 10 | 11 | 通过域名查询IP的那些事情 12 | -------- 13 | 14 | 我们在浏览器地址栏里输入 [www.youtube.com](https://www.youtube.com) 并回车,到底会发生哪些不可思议的事情呢: 15 | 16 | - 浏览器问就近的某台电脑(叫域名服务器):Hi, youtube.com的IP地址是什么? 17 | - 域名服务器:不就是 74.125.239.98 18 | - 浏览器:谢谢。我就到你给我的地址去找内容了 19 | 20 | 还有种情况,浏览器第一次问的域名服务器不知道某域名的IP地址: 21 | 22 | - 浏览器问就近的域名服务器:Hi, youtube.com的IP地址是什么? 23 | - 域名服务器:这个我不知道哇,我帮你问问我的上线 24 | - 上线服务器:我也不知道哇,我也只好问我的上线,等等,别挂掉 25 | - 某域名服务器:这么简单还来问我,不就是 74.125.239.98 26 | - 浏览器:谢谢。我就到你给我的地址 74.125.239.98 去找内容 27 | 28 | 白脸很忙,不看YouTube(看不懂?) 29 | -------- 30 | 31 | 在中国,YouTube为什么被封?YouTube有几千万,上亿个视频,如果某几个视频让某些人看了不爽,就来个宁可错杀百万,不可放过一个,把整个YouTube给封了,全国人民都无法正常访问YouTube了 32 | 33 | 这个时候,又发生了哪些不可告人的事情呢? 34 | 35 | 1. 浏览器问就近的域名服务器:喂, youtube.com的IP地址是什么? 36 | 2. 中国的某域名服务器:这我知道,44.44.44.44,(心里嘀咕,我给你的是太平洋海底的地址,你能找到内容才怪呢,白脸(领导)很忙,天朝很好,访问这种破网站干啥,满屏洋文,我怎么看得懂,哼) 37 | 3. 浏览器:谢谢。我这就去找主人需要的内容。。。找了好久,还是什么也没找到,我的命怎么这么苦。。 38 | 39 | 阳光底下,每时每刻每秒,这样龌龊的事情在发生千次,万次,亿次... 40 | 41 | 深刻理解 TCP UPD 通信协议 42 | -------------------- 43 | 44 | **UDP是什么意思**: 45 | 46 | UDP 是User Datagram Protocol的简称, 中文名是用户数据报协议,是OSI(Open System Interconnection,开放式系统互联) 参考模型中一种无连接的传输层协议,提供面向事务的简单不可靠信息传送服务,IETF RFC 768是UDP的正式规范。UDP在IP报文的协议号是17 47 | UDP协议全称是用户数据报协议[1] ,在网络中它与TCP协议一样用于处理数据包,是一种无连接的协议。在OSI模型中,在第四层——传输层,处于IP协议的上一层。UDP有不提供数据包分组、组装和不能对数据包进行排序的缺点,也就是说,当报文发送之后,是无法得知其是否安全完整到达的。UDP用来支持那些需要在计算机之间传输数据的网络应用。包括网络视频会议系统在内的众多的客户/服务器模式的网络应用都需要使用UDP协议。UDP协议从问世至今已经被使用了很多年,虽然其最初的光彩已经被一些类似协议所掩盖,但是即使是在今天UDP仍然不失为一项非常实用和可行的网络传输层协议 48 | 与所熟知的TCP(传输控制协议)协议一样,UDP协议直接位于IP(网际协议)协议的顶层。根据OSI(开放系统互连)参考模型,UDP和TCP都属于传输层协议。UDP协议的主要作用是将网络数据流量压缩成数据包的形式。一个典型的数据包就是一个二进制数据的传输单位。每一个数据包的前8个字节用来包含报头信息,剩余字节则用来包含具体的传输数据 49 | 50 | **缺点就是优点,UDP通信效更高**: 51 | 52 | 既然 UDP 数据发送之后,是无法得知其是否安全完整到达的,那么为什么 在 shodowsocks 中还要用 UDP 呢?不用校验数据是否完整,数据传递的速度自然更快。所以在游戏界,基于 UDP 协议的网络通信又被称作高性能网络。联机游戏要在服务端和客户端之间传递大量数据,对通信要效率要很求很高,因此多用 UDP 53 | 54 | UDP的数据可能不完整,这限制了 UDP 协议的用途,更多的地方用的是 TCP 协议。但是也有例外,QQ 就是采用 UDP 协议通信的。一般来说即时通信适合用 TCP,腾讯在 UDP 的基础上进行了高度的封装、优化,使之一定程度兼具 TCP UDP 两者的优点 55 | 56 | UDP 最常见的用途是 DNS 查询。我们打开一个网页,会有多次的 DNS 查询动作,在进行 DNS 查询的时候,通信流量默认就是走 UDP 协议。DNS 规范中包含了 TCP 协议,但是 TCP 只是一种备选方案,很多公共 DNS 查询提供商并不提供 TCP 查询的接口 57 | 58 | Shadowsocks 是一个优秀的 Socks 代理工具,在很长的一段时间里它仅支持 TCP 代理,后来在 Shadowsocks-libev 上实现了 UDP 转发的功能,然后我们才能在 shadowsocks 客户端把 DNS 查询请求转发到 shadowsocks 服务端,由服务端把查询到的数据返回到客户端,这就避免了 GFW 的域名污染 59 | 60 | shadowsocks 如果使用 TCP 协议转发域名查询请求到服务端,客户端和服务端的通信会被 GFW 直接重置 61 | 62 | 太阳要升起,网民要雄起 63 | -------- 64 | 65 | 但是,还有问题没有解决: 66 | 67 | 网站有两种,国内的和国外的。如果不分国内国外全部都到国外去查询域名的IP,访问国内的网站就会变慢。虽然有心逃离,还是无法割断哪 68 | 69 | 有几种解决方案: 70 | 71 | 1. 建国外重要网站名单,简称外单(黑名单,gfwlist),外单上的域名都到国外去查询IP,其他就在国内查询 72 | 73 | 如果IP地址在外单上,就加密访问,领导不知道我访问了这个地址,这样领导的心情可能会好些 74 | 75 | 2. 同样是建立外单。不同的是,我不想花费精力去区分某个IP是不是在外单上,IP地址可能经常在变,这样做不怕累吗。我的办法是,不是中国的IP,全部加密访问 76 | 77 | 3. 每个人的用途不同,谁有本事建立通用的外单? 78 | 79 | 即使有人建立了包含很多域名的外单,网站内容往往是互相引用的,某外单上网站引用了不在外单上的被封网站,导致打网站贼慢,这个该怎么办?难道要手动查看网页源代码,一个个地搜索查找,逐个测试? 80 | 81 | 最简单有交的方法,是给国内重要网站建立名单,简称内单。内单上的网站都在国内dns,其他网站全部到国外dns。访问非中国的IP都流量加密 82 | 83 | 我曾经用过第一种方案,试图用网友整理的外单(ChinaDNS),但是,在实际使用过程中,经常需要临时增加外单域名并重启路由器,有时一天要重复好多次,不胜其烦. 84 | 85 | 第三种方案,就是本教程使用的方案,是目前来说比较好的方案 86 | 87 | **OpenWrt翻墙路由器内部发生的故事(千万别告诉白脸)**: 88 | 89 | 1. 浏览器:喂,谁知道YouTube.com的IP,主人要用 90 | 2. 路由器:稍等,我查下主人设置的内单,稍等。。。不在内单,我通过秘密通道查 91 | 3. 浏览器:喂,告诉我baidu.com的IP 92 | 4. 路由器:哇,内单,马上就给你 93 | 5. 浏览器:请给我IP地址60.188.5.6的内容 94 | 6. 路由器:等下,立即就好。。。中国IP,该那就那去取内容。不是中国IP,借道主人的秘密通道去取内容 95 | 96 | **相关资源**: 97 | 98 | - -------------------------------------------------------------------------------- /ebook/03.8.md: -------------------------------------------------------------------------------- 1 | Shodowsocks翻墙不同加密算法的区别 2 | ============================== 3 | 4 | Shodowsocks翻墙不同加密方法,哪一种速度最快最好: 5 | -------- 6 | 7 | - 翻墙不稳定,有的能上,有的不能上,有时能上,有时不能上,可能是加密方式的特征被识别,从而被干扰,方法是更换加密方式 8 | - rc4-md5加解密速度虽然快,但是加密强度不够大,容易被干扰 9 | - 无论哪一种加密方式,只要使用的人多了,就可能被重点研究,从而受到干扰 10 | - [目前推荐使用 AEAD 加密方式](https://shadowsocks.org/en/spec/AEAD-Ciphers.html) 11 | - xchacha20-ietf-poly1305 12 | - chacha20-ietf-poly1305 13 | - aes-256-gcm 14 | - aes-192-gcm 15 | - aes-128-gcm 16 | 17 | **[下列加密方法存在已知的弱点,不要使用](https://shadowsocks.org/en/spec/Stream-Ciphers.html):** 18 | 19 | bf-cfb 20 | chacha20 21 | salsa20 22 | rc4-md5 23 | 24 | **下列加密方法已经不推荐了,可能会被探测到:** 25 | 26 | aes-128-ctr 27 | aes-192-ctr 28 | aes-256-ctr 29 | aes-128-cfb 30 | aes-192-cfb 31 | aes-256-cfb 32 | camellia-128-cfb 33 | camellia-192-cfb 34 | camellia-256-cfb 35 | chacha20-ietf 36 | 37 | 什么是 AEAD 加密方法 38 | -------- 39 | 40 | 缩写易忘是因为不知道原形,复杂之所以复杂是因为缺少细节的了解。世事莫不如此 41 | 42 | AEAD 就是 Authenticated Encryption with Associated Data,使用关联数据进行身份验证加密,是一种同时具备保密性、完整性和可认证性的加密方法 43 | 44 | 201809 预编译 WNDR4300 翻墙固件已经 支持目前最受推荐的 AEAD 加密实现之一: xchacha20-ietf-poly1305 45 | 46 | 那么什么是 xchacha20-ietf-poly1305 加密 47 | 48 | 推荐使用 xchacha20-ietf-poly1305 加密 49 | -------- 50 | 51 | xchacha20-ietf-poly1305 加密算法被 [libsodium 官方推荐](https://download.libsodium.org/doc/secret-key_cryptography/aead#tldr-which-one-should-i-use) 52 | 53 | > which one should I use? 54 | > XChaCha20-Poly1305-IETF is the safest choice. 55 | 56 | 我应该选择哪种加密算法? 57 | 58 | XChaCha20-Poly1305-IETF是最安全的选择 59 | 60 | 怎样开启XChaCha20-Poly1305-IETF 加密算法 61 | -------- 62 | 63 | - 服务端,Ubuntu 17.10 或更新版本安装 shadowsocks-libev后,自动支持 64 | 65 | 我通常习惯把服Ubuntu更新到最新版,登录的欢迎页面显示是 18.04.1 66 | 67 | 再看下 shadowsocks-libev 的版本: 68 | 69 | ss-server --help 70 | shadowsocks-libev 3.1.3 71 | 72 | -m Encrypt method: rc4-md5, 73 | aes-128-gcm, aes-192-gcm, aes-256-gcm, 74 | aes-128-cfb, aes-192-cfb, aes-256-cfb, 75 | aes-128-ctr, aes-192-ctr, aes-256-ctr, 76 | camellia-128-cfb, camellia-192-cfb, 77 | camellia-256-cfb, bf-cfb, 78 | chacha20-ietf-poly1305, 79 | xchacha20-ietf-poly1305, 80 | salsa20, chacha20 and chacha20-ietf. 81 | The default cipher is rc4-md5. 82 | 83 | - 路由器是否支持 xchacha20-ietf-poly1305 84 | 85 | 路由器要支持xchacha20-ietf-poly1305加密,需要满足二个条件: 86 | 87 | - shadowsocks-libev 3.0+ (2017 年 2 月 1 日) 88 | - libsodium 1.0.12+ 89 | 90 | 实际上,编译shadowsocks-libev for OpenWrt时会同时编译依赖库,只要shadowsocks-libev 的版本满足条件就可以了 91 | 92 | 登录201809编译固件的 wndr4300 路由器查看 93 | 94 | root@eastking:/etc# ss-redir -h 95 | 96 | 97 | shadowsocks-libev 3.2.0 98 | 99 | 100 | -m Encrypt method: rc4-md5, 101 | aes-128-gcm, aes-192-gcm, aes-256-gcm, 102 | aes-128-cfb, aes-192-cfb, aes-256-cfb, 103 | aes-128-ctr, aes-192-ctr, aes-256-ctr, 104 | camellia-128-cfb, camellia-192-cfb, 105 | camellia-256-cfb, bf-cfb, 106 | chacha20-ietf-poly1305, 107 | xchacha20-ietf-poly1305, 108 | salsa20, chacha20 and chacha20-ietf. 109 | The default cipher is rc4-md5. 110 | 111 | 考虑到 wndr4300 性能并不强悍,可以使用chacha20-ietf-poly1305,应该比 xchacha20-ietf-poly1305 节省一些资源 112 | 113 | - Windows PC 客户端 114 | 115 | [shadowsocks-windows](https://github.com/shadowsocks/shadowsocks-windows) 自 4.0.9 版本(2018 年 3 月 14 日)起支持 xchacha20-ietf-poly1305 加密算法 116 | 117 | - Android 客户端 118 | 119 | [shadowsocks-android](https://github.com/shadowsocks/shadowsocks-android) 自 4.1.4 版本(2017 年 4 月 12 日)起支持 xchacha20-ietf-poly1305 加密算法 120 | 121 | **相关资源**: 122 | 123 | - 124 | - 125 | - 126 | - 127 | - 128 | - -------------------------------------------------------------------------------- /ebook/04.0.md: -------------------------------------------------------------------------------- 1 | OpenWrt路由器编译翻墙固件教程 2 | ==================== 3 | 4 | 实践前面的教程,翻墙已经不是问题,白脸也很happy。在这一章中,我们要定制自己OpenWrt固件,刷上定制的固件,不用任何设置就自动翻墙并自动更新规则 5 | 6 | --- 7 | 8 | **最简单的路由器刷OpenWrt翻墙方案:** 9 | 10 | - [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang "最简单的路由器刷OpenWrt固件翻墙教程") 11 | 12 | **在线阅读OpenWrt路由器翻墙、科学上网器教程:** 13 | 14 | - [https://fanqiang.software-download.name](https://fanqiang.software-download.name) 15 | - [https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md) -------------------------------------------------------------------------------- /ebook/04.2.md: -------------------------------------------------------------------------------- 1 | 下载和设置OpenWrt路由器翻墙配置文件 2 | ================= 3 | 4 | 自己手工收集编辑翻墙所用到的配置文件是件比较累的事情。最快的方法是 git clone 本项目,修改其中某些选项 5 | 6 | 下载翻墙配置文件 7 | -------- 8 | 9 | cd ~/Downloads 10 | git clone https://github.com/softwaredownload/openwrt-fanqiang 11 | 12 | 默认配置文件目录:openwrt-fanqiang/openwrt/default 13 | 14 | 针对特定路由器的配置文件目录,以路由器型号为目录名,如 openwrt-fanqiang/openwrt/wndr4300 15 | 16 | 复制配置文件,以wndr4300路由器为例: 17 | -------- 18 | 19 | - 本地建立配置文件目录,如 ~/Downloads/openwrt-wndr4300 20 | - 复制默认配置文件到 ~/Downloads/openwrt-wndr4300 21 | 22 | mkdir ~/Downloads/openwrt-wndr4300 23 | 24 | # Linux下复制默认配置文件 25 | cp -R ~/Downloads/openwrt-fanqiang/openwrt/default/* ~/Downloads/openwrt-wndr4300/ 26 | 27 | # 复制WNDR4300路由器的特定配置文件,同名文件就覆盖 28 | cp -R ~/Downloads/openwrt-fanqiang/openwrt/wndr4300/* ~/Downloads/openwrt-wndr4300/ 29 | 30 | 修改配置文件,编译后就直接可以用了。否则刷上固件后登录路由器再修改。主要修改如下文件: 31 | -------- 32 | 33 | ~/Downloads/openwrt-wndr4300/etc/shadowsocks-libev/config.json 34 | ~/Downloads/openwrt-wndr4300/usr/bin/ss-firewall-asia 35 | ~/Downloads/openwrt-wndr4300/etc/uci-defaults/defaults 36 | 37 | - shadowsocks.json 中 server必须改成你的服务器实际IP 38 | - defaults 中wan-username 和 wan-password必改 39 | - ss-firewall 中 1.0.9.8必须改成你的服务器实际IP 40 | 41 | - 编译自定义固件时,设置FILES=~/Downloads/openwrt-wndr4300 42 | 43 | 自定义配置文件用途说明 44 | -------- 45 | 46 | 定制固件的前提是你要有一台服务器运行shadowsocks服务端ss-server 47 | 48 | - etc/dnsmasq.conf 设置dnsmasq配置文件目录 49 | - etc/shadow 登录路由器的密码, 默认是fanqiang 50 | - etc/uci-defaults/defaults 默认上网设置及时区等设置 51 | 52 | 关于 /etc/uci-defaults目录 53 | -------- 54 | 55 | uci-defaults目录下的文件会在路由器第一次启动时由/etc/init.d/boot执行,如果在文件末尾加上exit 0, 则执行就会删除此文件,否则执行成功则删除,不成功则在下次启动时继续执行直到成功 56 | 57 | 我们在这个目录下创建一个defaults文件,在这个文件中设置上网参数,时区等 58 | 59 | To set some system defaults the first time the device boots, create a script in the folder 60 | 61 | All scripts in that folder are automatically executed by /etc/init.d/boot and if they exited with code 0 deleted afterwards (scripts that did not exit with code 0 are not deleted and will be re-executed during the next boot until they also successfully exit) 62 | 63 | **默认端口及修改方法(可以不改)**: 64 | 65 | - shadowsocks服务端监听端口:1098 66 | - 文件位置: 服务器/etc/shadowsocks-libev/config.json 67 | - 如更改,路由器里 /etc/shadowsocks-libev/config.json也相应更改 68 | 69 | - 路由器shadowsocks ss-redir 监听端口:7654 70 | - 文件位置: 路由器/etc/shadowsocks-libev/config.json 71 | - 如更改, 路由器/usr/bin/ss-firewall-asia也相应更改 72 | 73 | - 路由器shadowsocks ss-tunnel监听端口: 3210 74 | - 文件位置: 路由器/etc/init.d/shadowsocks 75 | - 如更改, 路由器 /etc/dnsmasq.d/gfwlist.conf也相应更改 76 | 77 | 以上端口建议不改。程序运行稳定后,相关密码可以改掉 78 | 79 | **端口关联的理解**: 80 | 81 | - ss-firewall负责把非中国流量转发到本地端口7654 82 | - ss-redir监听端口7654,该端口流量都加密走自己的服务器通道 83 | - dnsmasq把非国内重要域名的dns查询转发本地3210端口 84 | - ss-tunnel监听本地端口3210,把该端口的dns查询转发到自己服务器向8.8.4.4查询 85 | 86 | 设置可执行权限 87 | -------- 88 | 89 | chmod +x usr/bin 90 | chmod +x usr/bin/* 91 | chmod +x etc/uci-defaults 92 | chmod +x etc/uci-defaults/defaults 93 | 94 | **相关资源**: 95 | 96 | - 97 | - -------------------------------------------------------------------------------- /ebook/04.4.md: -------------------------------------------------------------------------------- 1 | 如何使用别人预编译的OpenWrt翻墙固件 for TP-LINK WR2543N (包含shadowsocks-libev) 2 | ============================= 3 | 4 | 如果你的无线路由器和我的一样,也是 TP-LINK wr2543N v1,你不想自己编译固件,那么可以下载我预先编译好的固件,刷好固件好,稍微设置下,就可以自动翻墙 5 | 6 | 在下载和刷OpenWrt固件前,确保熟悉本教程的前面部分,已经配置好shadowsocks-libev服务端,并能自由进入路由器的安全模式。再次强调,刷机有风险,风险自承担 7 | 8 | 该固件只是在OpenWrt trunk版加上:luci-ssl wget shadowsocks-libev的最新版,还有翻墙要用到的配置,没有添加其他任何内容 9 | 10 | 翻墙默认配置 11 | -------- 12 | 13 | - [教程用到的OpenWrt翻墙配置文件](https://github.com/softwaredownload/openwrt-fanqiang/tree/master/openwrt) 14 | 15 | - [教程中用到的shadowsocks服务端配置文件](https://github.com/softwaredownload/openwrt-fanqiang/tree/master/ubuntu) 16 | 17 | 下载OpenWrt固件 for TP-LINK wr2543N 18 | -------- 19 | 20 | 到下面的网址下载: 21 | [https://software-download.name/2014/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade-bin-with-shadowsocks/](https://software-download.name/2014/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade-bin-with-shadowsocks/) 22 | 23 | 下载后保存在Ubuntu: `~/Downloads/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade.bin` 24 | 25 | 复制OpenWrt固件到路由器 26 | -------- 27 | 28 | scp ~/Downloads/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/ 29 | 30 | 登录OpenWrt路由器,并查看文件大小是否正确 31 | -------- 32 | 33 | ssh root@192.168.1.1 34 | root@OpenWrt: cd /tmp/ 35 | ls 36 | 37 | 升级OpenWrt固件(不保留原来配置) 38 | -------- 39 | 40 | root@OpenWrt:/tmp# sysupgrade -n openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade.bin 41 | 42 | 路由器重启后,电脑连接到无线网络 eastking-wr2543 43 | -------- 44 | 45 | ssh登录并修改设置: 46 | -------- 47 | 48 | ssh root@192.168.1.1 49 | 50 | 输入密码 `fanqiang` 登录 51 | 52 | 有时会提示错误: 53 | 54 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 55 | @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ 56 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 57 | IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 58 | Someone could be eavesdropping on you right now (man-in-the-middle attack)! 59 | It is also possible that a host key has just been changed. 60 | The fingerprint for the RSA key sent by the remote host is 61 | cf:c5:12:34:56:0b:4d:1c:56:48:6a:87:04:cf:b8:83. 62 | Please contact your system administrator. 63 | Add correct host key in /home/openwrt-fanqiang/.ssh/known_hosts to get rid of this message. 64 | Offending RSA key in /home/openwrt-fanqiang/.ssh/known_hosts:3 65 | remove with: ssh-keygen -f "/home/openwrt-fanqiang/.ssh/known_hosts" -R 192.168.1.1 66 | RSA host key for 192.168.1.1 has changed and you have requested strict checking. 67 | Host key verification failed. 68 | 69 | 解决办法就是复制并运行提示中的清理命令: 70 | 71 | ssh-keygen -f "/home/openwrt-fanqiang/.ssh/known_hosts" -R 192.168.1.1 72 | 73 | **以下设置必须修改**: 74 | 75 | - /etc/shadowsocks-libev/config.json 76 | - server必须改成你的服务器实际IP 77 | - /etc/config/network 78 | - wan-username 和 wan-password必改 79 | - /usr/bin/ss-firewall-asia 80 | - 1.0.9.8必须改成你的服务器实际IP 81 | 82 | 如果你还改了其他默认值,请自行修改相应文件。不建议修改其他默认值,以提高一次成功率 83 | 84 | 执行以下命令使修改生效 85 | -------- 86 | 87 | root@OpenWrt:~# /etc/init.d/shadowsocks stop 88 | root@OpenWrt:~# /etc/init.d/shadowsocks start 89 | #root@OpenWrt:~# /etc/init.d/network restart 90 | 91 | 测试一下是否可以在网上畅行无阻了 92 | 93 | **本教程已经在github开源,欢迎提交改进,报告bug:** 94 | [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang) 95 | 96 | **相关资源**: 97 | 98 | - -------------------------------------------------------------------------------- /ebook/04.6.md: -------------------------------------------------------------------------------- 1 | SS的simple-obfs 是什么意思,有什么用 2 | =============================== 3 | 4 | shadowsocks obfs什么意思?nginx 成为翻墙服务端的前台 5 | ------------- 6 | 7 | 要正确配置好 simple-obfs 混淆插件的前提是深刻理解其工作原理 8 | 9 | 要深刻理解流量混淆插件的工作原理,前提是对 nginx 在其中起到的作用有正确的认识 10 | 11 | 在没有启用 simple-obfs前,shadowsocks 服务端 ss-server 站在前台和客户端:ss-local ss-redir ss-tunnel 直接交换数据,于是 ss-server 就有可能暴露,被白脸认出来 12 | 13 | 启用 simple-obfs 流量混淆插件后,翻墙服务端应该分成二部分: 14 | 15 | - 翻墙服务端前台 nginx 16 | - 翻墙服务端后台 obfs-server 和 ss-server 17 | 18 | 看到了吗,nginx 成了翻墙服务端的重要组成部分,明白了这点,你就可能明白了大半 19 | 20 | shadowsocks的simple-obfs有什么用?翻墙服务端暴露在外的是 nginx ,众所周知,nginx 是提供 http https服务的,走的是 TCP 协议,外部只可能看到 nginx,不可能看到后面的 ss-server 和 obfs-server,正是因为这样,从理论上来说,提高了翻墙的安全性 21 | 22 | 翻墙数据交流程 23 | --------------- 24 | 25 | 于是我们很容易就得到翻墙数据交流的流程 26 | 27 | - nginx 在前台和翻墙客户端交换数据 28 | - 在服务端内部,nginx 和 simple-obfs 服务端 obfs-server 交换数据 29 | - 数据混淆服务端 obfs-server 和加密服务端 ss-server 交换数据 30 | 31 | 谁在监听什么端口 32 | -------------- 33 | 34 | 我们设置了 `"server_port": 1098` 这个 1098 端口是谁在监听的呢 35 | 36 | nginx 对外提供 http 服务,默认监听的是 TCP/80 端口 37 | 38 | nginx 接收到外部数据,如果是反向代理的数据,就把数据传递给 `"server_port": 1098`,nginx 并不关心谁在 TCP/1098 接收数据 39 | 40 | 这个 1098 端口是 obfs-server 在监听的,也就是交由 obfs-server 来处理数据 41 | 42 | obfs-server 一个人完成不了处理数据的任务,还要和 ss-server 合作,ss-server 会在一个随机的 TCP 端口和 obfs-server 交换数据 43 | 44 | `obfs=http` 是什么意思 45 | -------------------- 46 | 47 | 不能理解成只有访问类似 http://kige.com 这样的网站才混淆,实际上不管你访问的是 http 还是 https,流量都加密并混淆,只不过白脸看到的可能是http流量 48 | 49 | simple-obfs 只混淆 TCP 数据吗 50 | --------------------------- 51 | 52 | 问:听说 shadowsocks 的 simple-obfs 流量混淆插件只是混淆 TCP 数据,不混淆UDP数据 53 | 54 | 为什么? 55 | 56 | 答:不用问得那么清楚吧,有的时候朦胧一点不是更好吗:) 57 | 58 | obfs-server 处理的数据来自 nginx TCP/80 端口接收到的数据,决定权在大哥 nginx 那里,obfs-server 就是想要接收 UDP 数据,也要大哥点头才行呢 59 | 60 | 如果客户端需要 UDP 协议进行 DNS 查询,又该如何是好 61 | ---------------- 62 | 63 | 如果客户端需要 UDP 查询 DNS,可以使用 dns-forwarder 将其转换为TCP查询。如果要从UDP传递数据,可以使用不同的本地代理例如kcptun,或者直接利用 simple-obfs 承载openvpn 数据 64 | 65 | 客户端能不能将 DNS 查询请求通过 UDP 发送到服务端,由服务端进行查询 66 | ------------------- 67 | 68 | shadowsocks-libev 服务端启用 simple-obfs 插件后,默认服务端工作在 TCP 协议 69 | 70 | 如果需要 ss-server 接收 UDP数据,可以在 config.json 中加入 71 | 72 | "mode": "tcp_and_udp" 73 | 74 | 这个选项目前只能用于配置文件 config.json 方式启动 ss-server 75 | 76 | 当你指定了 "mode": "tcp_and_udp" 后,ss-server 也会监听、处理 UDP 数据 77 | 78 | **相关资源**: 79 | 80 | - -------------------------------------------------------------------------------- /ebook/04.9.md: -------------------------------------------------------------------------------- 1 | Windows shadowsocks 客户端配置 simple-obfs 翻墙 2 | ======================================= 3 | 4 | 在 Windows 上使用 Shadowsocks 客户端翻墙时,在有的地区如果不用插件,那么翻墙可能被干扰。本文就说一下 Windows 上 Shadowsocks 和 Simple-obfs 混淆插件的配合使用 5 | 6 | 7 | 下载 [Shadowsocks Windows](https://github.com/shadowsocks/shadowsocks-windows) 客户端 8 | ----------------------- 9 | 10 | 下载 [simple-obfs Windows](https://software-download.name/2018/shadowsocks-libev-windows-binary-download/) 11 | ---- 12 | 13 | 把 **64/ss-local.exe** 或 32/ss-local.exe 放到 Shadowsocks.exe 同目录,注意,是 ss-local.exe 和 Shadowsocks.exe 同目录 14 | 15 | 我是 Windows 10,用的是 64/ss-local.exe 16 | 17 | 18 | 配置 Shadowsocks Windows 19 | ---- 20 | 21 | 假设你的Windows 系统已经开启了 Fast Open 22 | 23 | 24 | - 服务器端口(Server Port):**80** 25 | - 插件程序(Plugin Program): **ss-local** 26 | - 插件选项(Plugin Options): **obfs=http;obfs-host=32.kige.com;fast-open** 27 | 28 | 把 **32.kige.com** 换成你实际使用的域名 29 | 30 | ![Windows上使用配置 Simple Obfs 混淆插件](./images/4.9.windows-shadowsocks-simple-obfs.png) 31 | 32 | 33 | **相关资源**: 34 | 35 | - [Linux 服务器安装 Simple-obfs 混淆插件](https://fanqiang.software-download.name/ebook/04.5.html) 36 | - [Simple Obfs 混淆插件的工作原理](https://fanqiang.software-download.name/ebook/04.6.html) 37 | - [OpenWrt 路由器使用 Simple Obfs混淆插件](https://fanqiang.software-download.name/ebook/04.7.html) 38 | - [Windows翻墙最好方法:shadowsocks-libev + simple-obfs + TFO教程](https://fanqiang.software-download.name/ebook/04.8.html) 39 | - 40 | - [Shadowsocks-libev, simple-obfs for Windows 下载 (不支持TFO)](https://github.com/DDoSolitary/shadowsocks-libev-win) 41 | - -------------------------------------------------------------------------------- /ebook/05.0.md: -------------------------------------------------------------------------------- 1 | 最好的翻墙软件使用教程:sing-box, overtls 2 | ================= 3 | 4 | 讲解最强大的翻墙平台 `sing-box` 和最简洁的翻墙工具 `overtls` 的使用方法 5 | 6 | 7 | **在线阅读OpenWrt路由器翻墙、科学上网器教程:** 8 | 9 | - [https://fanqiang.software-download.name](https://fanqiang.software-download.name) 10 | - [https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md) -------------------------------------------------------------------------------- /ebook/05.1.md: -------------------------------------------------------------------------------- 1 | 利用lantern 蓝灯实现浏览器自动翻墙教程 2 | ================================ 3 | 4 | 蓝灯运用了多种技术,通过自有服务器或者运行lantern的用户转发流量实现浏览器全自动翻墙 5 | 6 | latern蓝灯和 OpenWrt shadowsocks翻墙的区别 7 | -------- 8 | 9 | - 蓝灯主要是浏览器自动翻墙 10 | - [路由器OpenWrt shadowsocks翻墙方案](https://github.com/softwaredownload/openwrt-fanqiang) 是所有接入的设备都自动翻墙,可定制性更高 11 | 12 | 为什么选择 lantern 蓝灯翻墙 13 | -------- 14 | 15 | 有很多的翻墙软件,有闭源的,也有开源的,我们优先选择开源软件。闭源软件缺少外界监督,不能保证没有问题 16 | 17 | 蓝灯就是优秀的开源翻墙软件。今天是2016-01-10,在Github上已经 6516 Star, 2228 Fork,开发很活跃 18 | 19 | 下载 lantern蓝灯翻墙软件 20 | -------- 21 | 22 | Github下载: 23 | 24 | 25 | 主页下载: 26 | 27 | 28 | 蓝灯翻墙软件安装和设置 29 | -------- 30 | 31 | - 停止路由器的shadowsocks翻墙 32 | 登录OpenWrt路由器,运行命令: 33 | /etc/init.d/shadowsocks stop 34 | 如果你是按照 [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang) 设置的翻墙,那么还得检查一下 [/etc/init.d/shadowsocks](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/openwrt/default/etc/init.d/shadowsocks) 里的start, stop函数是否正确。2016-01-10前这两个函数有bug,导致执行stop后上网不正常 35 | 36 | - 打开 [Chrome浏览器](https://www.google.com/chrome/browser/desktop/) 37 | 38 | - 安装或运行lantern蓝灯,会自动在Chrome里打开新的页面,地址栏显示了翻墙转发的地址和端口,比如 `http://127.0.0.1:16823/` 39 | ![](images/5.1.1.lantern-fanqiang-dizhi.png) 40 | 41 | - 点击打开页面的右下角的齿轮图标设置lantern翻墙配置: 42 | ![](images/5.1.2.lantern-fanqiang-peizhi.png) 43 | 44 | - 右键点击电脑右下角托盘图标退出lantern(Windows 为例) 45 | ![](images/5.1.3.lantern-fanqiang-tuichu.png) 46 | 47 | 如果一切正常,一运行蓝灯,就可以点击蓝灯新打开的页面上的 YouTube 图标看视频了,非常方便 48 | 49 | ![](images/5.1.4.lantern-fanqiang-full.png) 50 | 51 | 配置网络软件走 Lantern 翻墙代理: 52 | -------- 53 | 54 | 蓝灯默认会在 127.0.0.1 上开启一个 HTTP 代理,端口号是 8787 55 | 在网络软件的代理界面上设置 HTTP 代理: 56 | 57 | 地址: 127.0.0.1 58 | 端口号: 8787 59 | 60 | (注:“127.0.0.1”表示“本机地址”) 61 | 62 | 于是,开启Lantern, Dropbox就可以正常使用了: 63 | ![](images/5.1.5.lantern-fanqiang-dropbox.png) 64 | 65 | lantern蓝灯翻墙软件配置文件研究 66 | -------- 67 | 68 | 进入lantern蓝灯翻墙软件安装目录: 69 | 70 | **Windows下进入lantern安装目录**: 71 | 72 | 按Windows键,输入 73 | %appdata% 74 | 75 | 然后就可以进入 Lantern 安装目录 76 | 77 | **Mac 下进入lantern安装目录**: 78 | 79 | /Users/name/Library/Application Support/Lantern 80 | 81 | **配置文件:Lantern/lantern-2.0.10.yaml**: 82 | 83 | 2.0.10是版本号,随不同版本而变化 84 | 85 | log 文件,可以了解翻墙详细过程: 86 | 87 | Lantern/logs/lantern.log 88 | ... 89 | geolookup.go:161 Successfully looked up IP '1.0.9.8' and country 'CN' 90 | ... 91 | 92 | **Lantern配置文件中的流量转发服务器IP地址**: 93 | 94 | Lantern/lantern-2.0.10.yaml 中找到类似如下内容,替换成其他服务器,把文件设为只读,就可以更换服务器: 95 | 96 | fallback-1.0.9.8: 97 | addr: 1.0.9.8:443 98 | pipelined: false 99 | cert: "-----BEGIN CERTIFICATE-----\n...\n-----END 100 | CERTIFICATE-----\n" 101 | authtoken: B... https://github.com/softwaredownload/openwrt-fanqiang ...C 102 | 103 | **Ubuntu下自己编译lantern翻墙软件**: 104 | 105 | 先准备好Go语言开发环境,假设Go程序的源码在 `~/golib/src` 目录下 106 | 107 | sudo apt-get update 108 | sudo apt-get install -y git curl libappindicator3-dev build-essential libgtk-3-dev 109 | 110 | # Use the Go compiler to build the lantern binary 111 | cd ~/golib/src 112 | git clone https://github.com/getlantern/lantern.git 113 | 114 | cd lantern 115 | source setenv.bash 116 | go build -o lantern github.com/getlantern/flashlight 117 | 118 | # Use curl to test that the proxy is working fine: 119 | curl -x 127.0.0.1:8787 https://www.google.com/humans.txt 120 | 121 | # This line will run Lantern without opening the browser window: 122 | ./lantern -headless 123 | 124 | **相关资源**: 125 | 126 | - 127 | - 128 | - -------------------------------------------------------------------------------- /ebook/05.2.md: -------------------------------------------------------------------------------- 1 | 怎样加强上网的匿名性 2 | ================ 3 | 4 | 即使翻墙上网了,真实的上网信息,如本机IP地址,系统语言,系统时区等等还是可能暴露 5 | 6 | 怎样检查翻墙后浏览器上网的匿名性 7 | -------- 8 | 9 | 访问下面网站检查自己的匿名程度: 10 | 11 | **[https://whoer.net/#extended](https://whoer.net/#extended)** 12 | 13 | 蓝灯翻墙,浏览器匿名程度测试 14 | -------- 15 | 16 | 下图,蓝灯翻墙,Chrome浏览器,匿名程度 40%,很差: 17 | ![](images/5.2.niming-chrome-lantern.png) 18 | 19 | 再拉下去看,WebRTC暴露了本机IP地址: 20 | ![](images/5.2.niming-chrome-lantern-webrtc.png) 21 | 22 | 下图,蓝灯翻墙,FireFox浏览器,开启隐私设置后WeRTC已经关闭,匿名程度高达90%: 23 | ![](images/5.2.niming-firefox-lantern.png) 24 | 25 | 路由器刷OpenWrt,安装shadowsocks-libev翻墙,浏览器匿名程度测试 26 | -------- 27 | 28 | 下图,FireFox浏览器,同样设置,WeRTC已经关闭,匿名程度64%: 29 | ![](images/5.2.niming-firefox-openwrt-shadowsocks.png) 30 | 31 | Chrome浏览器,匿名程度只有30%了: 32 | ![](images/5.2.niming-chrome-openwrt-shadowsocks.png) 33 | 34 | 防止浏览器 WebRTC 泄露本机IP地址 35 | -------- 36 | 37 | **Chrome浏览器安装插件就可以了: WebRTC Leak Prevent**: 38 | 39 | 安装以后,路由器刷OpenWrt,安装shadowsocks-libev翻墙,Chrome浏览器的匿名程度提升到了64% 40 | 41 | **FireFox浏览器关闭 WebRTC**: 42 | 43 | 地址栏输入: `about config` 44 | 搜索:`media.peerconnection.enabled` 双击由true改为false,就可以彻底匿名了! 45 | 46 | **Opera浏览器安装插件:WebRTC Leak Prevent**: 47 | 48 | **什么是WebRTC What is WebRTC:** 49 | 50 | WebRTC,名称源自网页实时通信(Web Real-Time Communication)的缩写,是一个支持网页浏览器进行实时语音对话或视频对话的技术,是谷歌2010年以6820万美元收购Global IP Solutions公司而获得的一项技术 51 | 52 | WebRTC实现了基于网页的视频会议,标准是WHATWG 协议,目的是通过浏览器提供简单的javascript就可以达到实时通讯(Real-Time Communications (RTC))能力 53 | 54 | WebRTC(Web Real-Time Communication)项目的最终目的主要是让Web开发者能够基于浏览器(Chrome\FireFox\...)轻易快捷开发出丰富的实时多媒体应用,而无需下载安装任何插件,Web开发者也无需关注多媒体的数字信号处理过程,只需编写简单的Javascript程序即可实现,W3C等组织正在制定Javascript 标准API,目前是WebRTC 1.0版本,Draft状态;另外WebRTC还希望能够建立一个多互联网浏览器间健壮的实时通信的平台,形成开发者与浏览器厂商良好的生态环境。同时,Google也希望和致力于让WebRTC的技术成为HTML5标准之一,可见Google布局之深远 55 | 56 | WebRTC提供了视频会议的核心技术,包括音视频的采集、编解码、网络传输、显示等功能,并且还支持跨平台:windows,linux,mac,android 57 | 58 | **相关资源**: 59 | 60 | - -------------------------------------------------------------------------------- /ebook/05.3.md: -------------------------------------------------------------------------------- 1 | 配置浏览器使用 DNS over HTTPS (DoH) 进行安全 DNS 2 | =================== 3 | 4 | 什么是 DNS over HTTPS 5 | ----------------- 6 | 7 | 域名安全协议有如DNSSEC,DNSCrypt,DNS over TLS,DNS over HTTPS,而 DNS over HTTPS 最被看好 8 | 9 | DNS over HTTPS 简称为 `DoH` 是基于 HTTPS 隧道之上的域名协议。HTTPS 流量特征目前无法识别,那么 DoH 也就无法识别,白脸不知道你是在浏览 https 网站还是在进行 DNS 查询,所以很安全 10 | 11 | DoH 协议栈示意 12 | --------- 13 | 14 | -------- 15 | DoH 16 | -------- 17 | HTTP 18 | -------- 19 | TLS 20 | -------- 21 | TCP 22 | -------- 23 | IP 24 | -------- 25 | 26 | DNS over HTTPS 缺点 27 | ----------- 28 | 29 | 相比DNS over TLS (DoT),DoH 多了一层封装,所以性能会比 DoT 略差,如果使用国内的DoH服务,这个性能损失是可以忽略的 30 | 31 | 为什么推荐使用 DNS over HTTPS 32 | ----------------- 33 | 34 | - 基于 HTTPS 之上,十分安全。白脸不知道你在进行域名查询 35 | - 基于 HTTPS 之上,可以无缝支持 Proxy 36 | - 可以充分利用 HTTP 2.0 的特性 37 | - 浏览器积极支持 38 | 39 | Firefox 从 63.0 beta 开始正式支持 DoH 40 | 41 | 本教程使用 DoH 的环境 42 | ------------- 43 | 44 | - 路由器配置好了 shadowsocks 翻墙服务 45 | - shadowsocks-libev 客户端 ss-redir 提供流量翻墙 46 | - dnsmasq 分配 dns 查询 47 | - shadowsocks-libev 客户端 ss-tunnel 转发 DNS 查询到 shadowsocks 服务端 48 | - 电脑或其他设备的网络连接属性中,网关和DNS设为路由器地址 49 | 50 | 此时所有连上路由器的设备都可以自动翻墙 51 | 52 | 浏览器设置为使用国内DoH服务端进行DNS解析,也就是浏览器直接进行DNS查询,不通过路由器 dnsmasq 和 ss-tunnel 进行转发了 53 | 54 | 这样做的好处是减轻了路由器的负担,并且DNS查询的速度可能比转发到 shadowsocks 服务端更快 55 | 56 | 如果只有浏览器需要用到翻墙服务,那么所有浏览器都配置 DoH,就可以把路由器里的 dnsmasq 和 ss-tunnel 停掉,同时网络连接属性中的 DNS 没有必要设为路由器地址了 57 | 58 | 浏览器使用DNS over HTTPS (DoH)的准备工作 59 | ------------ 60 | 61 | 我们要使用国内的 DoH 服务端,需要先把 DoH服务端的域名和 IP 地址加入到路由器的相应配置中 62 | 63 | - DoH 服务端域名加入到路由器 dnsmasq 国内网站名单中 64 | - DoH 服务端IP地址加入到路由器防火墙的忽略列表中 65 | 66 | 如果你按照 [OpenWrt 路由器 shadowsocks自动翻墙、科学上网教程](https://github.com/softwaredownload/openwrt-fanqiang) 67 | 68 | 69 | 70 | 配置了路由器自动翻墙,那么就很简单了,步骤如下: 71 | 72 | - 把项目 clone 到本地,假定是 C 盘根目录 73 | 74 | git clone https://github.com/softwaredownload/openwrt-fanqiang.git 75 | 76 | - 把相关文件复制到路由器,假设你使用的是 Git Bash for Windows 77 | 78 | cd /C/openwrt-fanqiang 79 | scp openwrt/default/etc/dnsmasq.d/custom.china.conf root@192.168.1.1:/etc/dnsmasq.d/ 80 | 81 | [custom.china.conf](https://github.com/softwaredownload/openwrt-fanqiang/tree/master/openwrt/default/etc/dnsmasq.d) 是自定义的在国内进行 dns 的域名,已经把我们要用到的 DoH 服务端域名加入其中了 82 | 83 | scp openwrt/default/etc/shadowsocks-libev/ip_custom.txt root@192.168.1.1:/etc/shadowsocks-libev/ 84 | 85 | [ip_custom.txt](https://github.com/softwaredownload/openwrt-fanqiang/tree/master/openwrt/default/etc/shadowsocks-libev) 是自定义的防火墙规则中需要忽略的IP,已经包含了 DoH 服务端的 IP 地址 86 | 87 | 我们把数据从防火墙设置脚本中分离了出来,改动数据不需要去动脚本文件,十分方便 88 | 89 | 需要注意的是,ip_custom.txt 等数据文件不能使用 Windows 记事本编辑,可以使用第三方编辑器如 Sublime Text,并把换行方式设置为 Linux 格式 90 | 91 | - 登录路由器,执行命令使用新数据生效 92 | 93 | ssh root@192.168.1.1 94 | kige@openwrt:~# /etc/init.d/dnsmasq restart 95 | kige@openwrt:~# /etc/init.d/shadowsocks restart 96 | 97 | FireFox 配置使用 DNS over HTTPS (DoH) 98 | ------------------ 99 | 100 | - 下载 FireFox 101 | 102 | Firefox 自从 63.0 版本开始,提供了十分简单的的 DoH 配置界面 103 | 104 | 如果你使用的是 63.0 以前的版本,先卸载它 105 | 106 | FireFox配置DoH方法参考这个[教程](https://www.rubyfish.cn/dns/config-firefox/) 107 | 108 | - DNS Over HTTPS 国内服务商 109 | 110 | - https://doh.rixcloud.dev/dns-query 不支持EDNS-Client-Subnet 2020-10-02 测试可用 111 | - ~~https://www.nextrt.com/s/dns~~ 2020-10-02 测试不可用 112 | - ~~https://rubyfish.cn/~~ 2020-10-02 测试不可用 113 | - ~~https://i.233py.com/dns-query~~ 2020-10-02 测试不可用 114 | - ~~https://dns.233py.com/dns-query~~ 2020-10-02 测试不可用 115 | 116 | - DNS Over HTTPS 国外服务商 117 | - https://dns.containerpi.com/dns-query 118 | - https://doh.dns.sb/dns-query 119 | - https://public.dns.iij.jp/dns-query 120 | - https://doh-jp.blahdns.com/dns-query 121 | 122 | - 测试浏览器 DoH 是否起作用 123 | 124 | 打开 125 | 126 | 如果 **Using DNS over HTTPS (DoH)** 一栏是 Yes,说明浏览器 DoH 开启了 127 | 128 | 129 | 另外的方法,打开一些外网,如 https://youtube.com https://flickr.com 130 | 131 | FireFox地址栏输入 `about:networking#dns` 查看有哪些域名是通过 DoH 服务解析的 132 | 133 | TRR = Trusted Recursive Resolver,结果中 TRR 列为 true 表示域名是通过 DoH 解析的 134 | 135 | 也可以路由器关闭 dnsmasq再测试: 136 | 137 | kige@openwrt:~# /etc/init.d/dnsmasq stop 138 | 139 | 这时别的浏览器没有配置过DoH,又无法通过路由器解析域名,自然打开 youtube.com,只有FireFox还是畅行国内外无阻 140 | 141 | 目前用的是红鱼DNS,可能是技术原因,有的网站可能无法解析,切换到未用 DoH 的浏览器就正常了 142 | 143 | **相关资源**: 144 | 145 | - 146 | - 147 | - 148 | - -------------------------------------------------------------------------------- /ebook/05.42.md: -------------------------------------------------------------------------------- 1 | # overtls + tun2proxy 实现全局翻墙,所有流量走代理 2 | 3 | 本文是 [简单、高速、稳定的翻墙软件 overtls 安装、使用教程](05.4.md) 的续篇 4 | 5 | ## 运行 overtls 后,为什么命令行下载软件可能很慢 6 | 7 | 如果你使用的是 overtls Windows GUI 客户端 `ssrWin`,那么你可能会发现: 8 | 9 | - 浏览器翻墙一切正常 10 | - 命令行下载包时,有时很慢甚至连不上 11 | 12 | 比如,编程语言的包管理器可能会用命令行从 github 下载包,这时可能很慢甚至连不上 13 | 14 | - Dropbox 或类似程序却能正常工作 15 | 16 | 这是为什么? 17 | 18 | 原因其实很简单,浏览器和 Dropbox 等程序会读取并应用 ssrWin 设置在操作系统的代理,因此翻墙没有问题。但是没有这个自觉的程序,它们不管这个,只知道直连目标地址,如果目标地址被 GFW 限制,就会连接速度很慢甚至连不上 19 | 20 | 问题来了,有什么办法强制本机所有流量走代理,实现全局翻墙?办法当然是有的,就是同时使用二个命令行程序 [overtls](https://github.com/shadowsocksr-live/overtls) 和 [tun2proxy](https://github.com/tun2proxy/tun2proxy) 21 | 22 | 23 | ## `tun2proxy` 能接管全部流量的原理 24 | 25 | `tun2proxy` 会创建虚拟网卡,让本机所有流量走这张虚拟网卡,并将流量转发到本机 `overtls` 客户端监听的端口,`overtls` 客户端则负责和服务端通讯,包括让服务端进行 DNS 查询 26 | 27 | ## `overtls` + `tun2proxy` 实现全局翻墙,本机所有流量走代理 28 | 29 | - 运行 `overtls` 命令行客户端 30 | 31 | ```bash 32 | overtls -c config.json 33 | ``` 34 | 35 | - 运行 `tun2proxy` 36 | 37 | ```bash 38 | sudo tun2proxy-bin --setup --proxy socks5://127.0.0.1:765 --bypass 210.98.76.54 --bypass 98.76.54.32 39 | ``` 40 | 41 | - `sudo` 是 Linux 系统申请管理员权限,Windows 下可用管理员身份打开终端窗口代替 42 | - `765` 是 overtls 在本机监听的端口 43 | - `bypass` 是为了让系统路由表对目标服务端 IP 地址的数据包不经 tun2proxy 而是直接发往当前活动网卡的网关 44 | - v0.5.0 起,tun2proxy.exe 改名为 tun2proxy-bin.exe 45 | 46 | 详细可参考 [tun2proxy 的官方教程](https://github.com/tun2proxy/tun2proxy/wiki/Usage-(Chinese)) 47 | 48 | ## 关于 DNS 被干扰导致有的网站打不开的问题 49 | 50 | 据说 [中国互联网络防火墙已经可以精确识别与境外 DNS over HTTPS(DoH) 服务器的连接](https://tech.soraharu.com/archives/139/) 51 | 52 | 如果 DNS 被干扰,目标网站就会打不开。tun2proxy 默认用 Google 的 DNS 8.8.8.8,这个 IP 树大招风,容易被 GFW 盯上。解决办法,在 tun2proxy 的命令行中指定没有被 GFW 盯上的 DNS 地址,如: 53 | 54 | ```bash 55 | sudo tun2proxy-bin --setup --proxy socks5://127.0.0.1:765 --bypass 210.98.76.54 --bypass 98.76.54.32 --dns-addr 162.159.36.1 56 | ``` 57 | 58 | 可用的 DNS 地址可参考:[国内外可用 DNS DoH 及速度实测 - 开发调优 - LINUX DO](https://linux.do/t/topic/235706) 59 | 60 | 61 | ### 相关内容 62 | 63 | - [简单、高速、稳定的翻墙软件 overtls 安装、使用教程](05.4.md) 64 | - [overtls Android 手机翻墙上网教程](05.43.md) 65 | - [把 overtls、tun2proxy 设置成开机自动启动的系统服务](05.44.md) 66 | - [全能翻墙工具 sing-box + overtls 配置方法和使用教程](05.45.md) 67 | - 68 | - 69 | - 70 | - 71 | 72 | 2024-09-09 -------------------------------------------------------------------------------- /ebook/05.43.md: -------------------------------------------------------------------------------- 1 | # overtls Android 手机翻墙上网教程 2 | 3 | 本文假设你已经设置好 [overtls](https://github.com/ShadowsocksR-Live/overtls) 服务端,已经可以翻墙上网,如果还没有,可以参考教程 [简单、高速、稳定的翻墙软件 overtls 安装、使用教程](.05.4.md) 4 | 5 | - 下载 overtls Android 客户端 [ssrDroid](https://github.com/ShadowsocksR-Live/ssrDroid) 6 | 7 | 进入 [release](https://github.com/ShadowsocksR-Live/ssrDroid/releases) 页面,下载 `ssrdroid-release.apk` 8 | 9 | 把下载下来的 apk 文件传送进手机进行安装 10 | 11 | - 生成 `ssr://` URL 格式翻墙配置文本 12 | 13 | 在电脑上执行如下命令: 14 | 15 | ```bash 16 | overtls -c config.json -g 17 | ``` 18 | 19 | 然后屏幕上会显示一长串 `ssr://...` URL,复制,保存到文件中,如 `ssr.txt`,然后把文件传送进 Android 手机 20 | 21 | - Android 手机导入 ssr URL 翻墙配置文本 22 | 23 | - Android 手机中,打开 `ssr.txt` 并复制内容 24 | - Android 手机运行 `ssrDroid` 并导入翻墙配置 25 | 26 | - 点击 ssrDroid 右上角带 `+` 号的图标 27 | - 在弹出菜单中选择 `Import from clipboard` 28 | 29 | 如果你的 ssr URL文本没有错误,这时你已经完成 Android 的翻墙配置 30 | 31 | - 测试翻墙配置 32 | 33 | 此步请参考 [Android 安卓手机安装 shadowsocks 科学上网教程](03.10.md) 34 | 35 | ### 相关内容 36 | 37 | - [简单、高速、稳定的翻墙软件 overtls 安装、使用教程](05.4.md) 38 | - [overtls + tun2proxy 实现全局翻墙,所有流量走代理](05.42.md) 39 | - [把 overtls、tun2proxy 设置成开机自动启动的系统服务](05.44.md) 40 | - [全能翻墙工具 sing-box + overtls 配置方法和使用教程](05.45.md) 41 | - 42 | - 43 | - 44 | 45 | 2024-09-10 -------------------------------------------------------------------------------- /ebook/05.44.md: -------------------------------------------------------------------------------- 1 | # 把 overtls、tun2proxy 设置成开机自动启动的系统服务 2 | 3 | `overtls` 搭配 `tun2proxy` 使用可以接管系统所有流量,实现全局翻墙,这有助于我们通过一些国外服务的地区鉴定,从而避免出现对方拒绝服务的情况 4 | 5 | overtls 和 tun2proxy 是两个命令行程序,虽然我们可以用命令行脚本启动它们,但是这样做多少有些麻烦,最好是把它们创建为系统服务,这样设备开机时它们可以自动启动 6 | 7 | 下面我就来说一下如何为 overtls 和 tun2proxy 创建系统服务。要注意的是, `tun2proxy` 的版本要在 `v0.4.3` 及以上 8 | 9 | ## Windows 创建 overtls、tun2proxy 系统服务 10 | 11 | ### 管理员身份运行 cmd 12 | 13 | - 按 `Windows` 键 14 | - 输入 `cmd` 15 | - 在弹出菜单中,左侧自动选中 `Command Prompt`,我们选择菜单右侧的 `Run as administrator` 16 | 17 | ### Windows 创建 overtls 系统服务 18 | 19 | 在命令行窗口执行如下命令 20 | 21 | ```sh 22 | # 創建 overtls 服務 23 | # Since version 0.2.34 rename exe to overtls-bin 24 | sc create overtls start= auto binPath= "C:\overtls\overtls-bin.exe --config C:\overtls\config.json --daemonize" 25 | 26 | # 啓動 overtls 服務 27 | net start overtls 28 | 29 | # 查詢 overtls 服務狀態 30 | sc queryex overtls 31 | 32 | # 停止 overtls 服務 33 | net stop overtls 34 | 35 | # 刪除 overtls 服務 36 | sc delete overtls 37 | ``` 38 | 39 | ### Windows 创建 tun2proxy 系统服务 40 | 41 | 在命令行窗口执行如下命令 42 | 43 | ```sh 44 | # 創建 tun2proxy 服務 45 | # 如果你的服务器不支持 ipv6,就把参数 `--ipv6-enabled` 去掉 46 | # v0.5.0 起,tun2proxy.exe 改名为 tun2proxy-bin.exe 47 | sc create tun2proxy start= auto binPath= "C:\tun2proxy\tun2proxy-bin.exe --setup --proxy socks5://127.0.0.1:1080 --bypass 7.6.5.4 --bypass 3.2.1.0 --ipv6-enabled --exit-on-fatal-error --daemonize" 48 | 49 | # 啓動 tun2proxy 服務 50 | net start tun2proxy 51 | 52 | # 查詢 tun2proxy 服務狀態 53 | sc queryex tun2proxy 54 | 55 | # 停止 tun2proxy 服務 56 | net stop tun2proxy 57 | 58 | # 刪除 tun2proxy 服務 59 | sc delete tun2proxy 60 | ``` 61 | 62 | 如果你启用了 tun2proxy 的 ipv6,就需要检查二点: 63 | - 域名有 IPv6 地址,也就是绑定了 AAAA 记录 64 | - 网络连接要启用 IPv6 65 | 66 | 以 Windows 系统为例: 67 | 68 | - 按 `Windows` 键,中文系统输入 `控制面板`,英文系统输入 `control panel`,然后打开旧版的控制面板 69 | - 点击 `Network and internet` 70 | - 点击 `Network and Sharing Center` 71 | - 点击在用的网络连接,如 `Wi-Fi fanqiang` 72 | - 点击 “属性” `Properties` 73 | - 勾选 `Internet Protocol Version 6(TCP/IPv6)` 74 | - 点击 `OK` 保存设置 75 | 76 | 77 | ## 如何更新 overtls、tun2proxy 78 | 79 | - 先停用要更新的服务 80 | 81 | Windows 下,如果要更新 tun2proxy,就以管理员身份启动 cmd,然后执行下面的命令: 82 | 83 | ```bash 84 | net stop tun2proxy 85 | ``` 86 | 87 | - 替换文件 88 | 89 | 把新版 tun2proxy 相关文件复制,再粘贴到安装目录,覆盖原来的文件 90 | 91 | - 重新启动服务 92 | 93 | ```bash 94 | net start tun2proxy 95 | ``` 96 | 97 | ## 暂时停止翻墙服务 / 重新开启翻墙服务 98 | 99 | - 暂时停止翻墙服务 100 | 101 | ```bash 102 | net stop overtls 103 | net stop tun2proxy 104 | ``` 105 | 106 | - 重新开始翻墙 107 | 108 | ```bash 109 | net start overtls 110 | net start tun2proxy 111 | ``` 112 | 113 | ## 突然无法翻墙怎么办 114 | 115 | tun2proxy 有时会出现问题导致无法翻墙。解决办法,重启 tun2proxy 服务: 116 | 117 | ```bash 118 | net stop tun2proxy 119 | net start tun2proxy 120 | ``` 121 | 122 | 可能需要等待 10 秒以上,再测试是否可以翻墙 123 | 124 | 少数情况下可能还要重启 overtls 服务 125 | 126 | 因为 tun2proxy 可能出现问题,我们也可以停用或删除 tun2proxy 服务,再写一个脚本用来手动启动 tun2proxy,并在命令行参数中加上 `-v info`,这样会在控制台窗口显示 tun2proxy 详细运行信息,我们可以从中观察是否需要重启 tun2proxy。重启 tun2proxy 的方法很简单,关闭命令行窗口再重新运行脚本即可 127 | 128 | 129 | ### 相关内容 130 | 131 | - [简单、高速、稳定的翻墙软件 overtls 安装、使用教程](05.4.md) 132 | - [overtls + tun2proxy 实现全局翻墙,所有流量走代理](05.42.md) 133 | - [overtls Android 手机翻墙上网教程](05.43.md) 134 | - [全能翻墙工具 sing-box + overtls 配置方法和使用教程](05.45.md) 135 | - 136 | - 137 | - 138 | 139 | 2024-09-14 -------------------------------------------------------------------------------- /ebook/06.0.md: -------------------------------------------------------------------------------- 1 | 全面优化翻墙系统 2 | ============== 3 | 4 | 经过测试,翻墙系统经过优化以后,可以显著提高翻墙上网的速度,使用 [Digital Ocean](https://m.do.co/c/89497bd485e0) New York 数据中心的 VPS, youtube.com 1080P视频无压力 5 | 6 | 一般情况下,我们优化以下几项就可以了: 7 | 8 | - 开启 TCp fast open 9 | - 开启 BBR 加速 10 | - 优化打开文件数目 11 | - 设置 swap 交换文件 12 | 13 | --- 14 | 15 | **最简单的路由器刷OpenWrt翻墙方案:** 16 | 17 | - [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang "最简单的路由器刷OpenWrt固件翻墙教程") 18 | 19 | **在线阅读OpenWrt路由器翻墙、科学上网器教程:** 20 | 21 | - [https://fanqiang.software-download.name](https://fanqiang.software-download.name) 22 | - [https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md) -------------------------------------------------------------------------------- /ebook/06.1.md: -------------------------------------------------------------------------------- 1 | Shadowsocks 服务端 Ubuntu 开启BBR加速 2 | =========================== 3 | 4 | 关于 BBR 加速算法 5 | ------------- 6 | 7 | BBR是一款Google开发的TCP拥塞控制算法,开启这个算法的好处: 8 | 9 | - 在有一定丢包率的网络链路上充分利用带宽。非常适合高延迟,高带宽的网络链路 10 | - 降低网络链路上的buffer占用率,从而降低延迟。非常适合慢速接入网络的用户 11 | 12 | 先检查一下 Ubuntu 系统是否可以开启这个加速算法 13 | 14 | uname -r 15 | 4.15.0-36-generic 16 | 17 | Linux系统内核高于 4.9 就可以开启。如果你的系统内核低于4.9,升级 Ubnutu 到最新版本就可以了 18 | 19 | 下面默认 Ubuntu 内核版本高于4.9,基于KVM的 VPS(包括DO) 20 | 21 | shadowsocks 服务端开启 BBR加速 22 | --------------------- 23 | 24 | 开启 BBR 加速需要设置 Linux 内核参数。自定义内核参数最好的实践是这样的: 25 | 26 | - 在 /etc/sysctl.d/ 下设置,尽量避免修改 /etc/sysctl.conf 27 | - 文件名以数字开头,表示系统启动时文件加载的顺序,数字小的文件先加载,最后加载 sysctl.conf 28 | - 文件名应该表示明确的意义,比如 50-tcp_fastopen.conf 29 | 30 | kige@ubuntu:~$ su 31 | # echo 'net.core.default_qdisc=fq' > /etc/sysctl.d/98-bbr.conf 32 | # echo 'net.ipv4.tcp_congestion_control=bbr' >> /etc/sysctl.d/98-bbr.conf 33 | # sysctl --system 34 | 35 | 上面命令切换到 root 用户,把设置写入 .conf,然后用 sysctl --system 从系统目录重新读入所有配置 36 | 37 | 不要用 sysctl -p 来代替 sysctl --system,因为 sysctl --system 和重启系统的效果类似,于是我们可以测试出重启系统后的情况 38 | 39 | 用了 98-bbr.conf 而不是 50-bbr-conf,是为了覆盖 50-default.conf 中设定的默认值: net.core.default_qdisc = fq_codel 40 | 41 | fq 和 fq_codel 有什么区别 42 | 43 | CoDel 是 controlled delay的缩写 44 | 45 | - net.core.default_qdisc = fq_codel 46 | 47 | 最好的通用qdisc 48 | 49 | - net.core.default_qdisc = fq 50 | 51 | 用于胖服务器,fq_codel用于路由器,在虚拟化环境中,底层服务器是路由器,客户虚拟机是主机 52 | 53 | 检查 BBR 模块有没有启动: 54 | 55 | kige@ubuntu:~$ lsmod | grep bbr 56 | 57 | 返回值有 `tcp_bbr` 说明 bbr 已启动 58 | 59 | 再检查我们刚才设置的值是否已经起作用: 60 | 61 | $ sysctl net.ipv4.tcp_congestion_control 62 | net.ipv4.tcp_congestion_control = bbr 63 | $ sysctl net.core.default_qdisc 64 | net.core.default_qdisc = fq 65 | 66 | **相关资源**: 67 | 68 | - 69 | - 70 | - -------------------------------------------------------------------------------- /ebook/06.4.md: -------------------------------------------------------------------------------- 1 | Linux Ubuntu swap 交换文件优化 2 | =================== 3 | 4 | 我们在 [Digital Ocean](https://m.do.co/c/89497bd485e0) 创建 VPS (Droplet) 时,最便宜的配置如下: 5 | 6 | ![Digital Ocean VPS 选择系统配置](images/3.9.choose-a-size.png) 7 | 8 | 内存是 1GB,一般情况下是够用了,如果多开几个 shadowsocks 进程,多个用户同时上 youtube.com,那么内存可能会不够用,怎么办 9 | 10 | 可以设置 swap 交换文件。DO 硬盘都是 SSD,内存不够时可以使用硬盘的swap,速度也不错 11 | 12 | --- 13 | 14 | 注意: 15 | 16 | 尽管通常建议对使用传统旋转硬盘驱动器的系统进行交换,但使用SSD交换可能会导致硬件随着时间的推移而出现问题。 出于这种考虑,通常不建议在使用SSD存储的提供商上启用交换文件。 这样做会影响您和您的邻居的底层硬件的可靠性 17 | 18 | 检查系统是否设置过 swap 19 | ----------- 20 | 21 | 在开始之前,我们可以检查系统是否已经有一些可用的交换空间。 可以有多个交换文件或交换分区,但通常一个就足够了 22 | 23 | 我们可以通过键入以下内容来查看系统是否已配置了交换文件 24 | 25 | sudo swapon - show 26 | 27 | 如果您没有收到任何输出,这意味着您的系统当前没有可用的交换空间 28 | 29 | 您可以使用 free 验证没有活动交换空间: 30 | 31 | free -h 32 | 33 | 检查硬盘驱动器分区上的可用空间 34 | -------------- 35 | 36 | 为交换分配空间的最常用方法是使用专用于该任务的单独分区。 但是,改变分区方案并不总是可行的。 我们可以轻松创建驻留在现有分区上的交换文件 37 | 38 | 在我们这样做之前,我们应该键入以下内容来检查当前磁盘使用情况: 39 | 40 | df -h 41 | 42 | 有足够的可用空间的时候,我们才能创建 swap 文件 43 | 44 | 创建 swap 交换文件 45 | ---------- 46 | 47 | 现在我们知道了可用的硬盘空间,我们可以在文件系统中创建一个交换文件。 我们将在根(/)目录中创建一个我们想要的交换大小的文件 48 | 49 | 创建交换文件的最佳方法是使用fallocate程序。 此命令立即创建预分配大小的文件 50 | 51 | 由于我们示例中的服务器具有1024MB的RAM,因此我们将在本教程中创建3 GB的文件。 调整此项以满足您自己的服务器的需求: 52 | 53 | sudo fallocate -l 3G /swap 54 | 55 | 我们可以通过输入以下内容来验证是否保留了正确的空间量: 56 | 57 | $ ls -lh /swap 58 | -rw-r - r-- 1 root root 3.0G Dec 19 11:14 /swap 59 | 60 | 启用 swap 交换文件 61 | --------- 62 | 63 | 现在我们有一个正确大小的文件,我们需要实际将其转换为交换空间 64 | 65 | 首先,我们需要锁定文件的权限,以便只有具有root权限的用户才能读取内容。这可以防止普通用户访问该文件,这会产生重大的安全隐患 66 | 67 | 通过键入以下内容使该文件只能由root访问: 68 | 69 | sudo chmod 600 /swap 70 | 71 | 键入以下命令验证权限更改: 72 | 73 | $ ls -lh /swap 74 | -rw ------- 1 root root 3.0G Dec 19 11:14 /swap 75 | 76 | 如您所见,只有root用户启用了读写标志 77 | 78 | 我们现在可以通过键入以下内容将文件标记为交换空间 79 | 80 | sudo mkswap /swap 81 | 82 | 标记文件后,我们可以启用交换文件,允许我们的系统开始使用它: 83 | 84 | sudo swapon /swap 85 | 86 | 我们可以通过输入以下内容来验证交换是否可用: 87 | 88 | sudo swapon - show 89 | 90 | 可以再次检查: 91 | 92 | $ free -h 93 | total used free shared buff/cache available 94 | Mem: 985M 96M 113M 1.6M 775M 727M 95 | Swap: 3.0G 268K 3.0G 96 | 97 | 使 swap 交换文件永久化 98 | ----------------- 99 | 100 | 我们最近的更改已启用当前会话的交换文件。 但是,如果我们重新启动,服务器将不会自动保留交换设置。 我们可以通过将交换文件添加到 `/etc/fstab` 文件来更改此设置 101 | 102 | 备份 `/etc/fstab` 文件,以防出现任何问题: 103 | 104 | sudo cp /etc/fstab /etc/fstab.bak 105 | 106 | 您可以通过键入以下内容将交换文件信息添加到 `/etc/fstab` 文件的末尾: 107 | 108 | echo'/swap none swap sw 0 0'| sudo tee -a /etc/fstab 109 | 110 | 调整swap交换文件设置 111 | --------- 112 | 113 | 您可以配置一些选项,这些选项会在处理交换时对系统的性能产生影响 114 | 115 | 调整 Swappiness 属性 116 | 117 | swappiness参数配置系统将数据从RAM交换到交换空间的频率。这是介于0和100之间的值,表示百分比 118 | 119 | 值接近于零时,除非绝对必要,否则内核不会将数据交换到磁盘。请记住,与交换文件的交互是“昂贵的”,因为它们比与RAM的交互花费更长的时间,并且它们可能导致性能的显着降低。告诉系统不要太依赖交换通常会使您的系统更快 120 | 121 | 接近100的值将尝试将更多数据放入交换中以努力保持更多RAM空间。根据应用程序的内存配置文件或服务器的使用情况,在某些情况下可能会更好 122 | 123 | 我们可以通过输入以下内容来查看当前的swappiness值: 124 | 125 | $ cat /proc/sys/vm/swappiness 126 | 60 127 | 128 | 对于桌面,swappiness设置为60并不是一个糟糕的值。对于服务器,您可能希望将其移近0 129 | 130 | 我们可以使用sysctl命令将swappiness设置为不同的值 131 | 132 | 例如,要将swappiness设置为20,我们可以输入: 133 | 134 | $ sudo sysctl vm.swappiness = 20 135 | vm.swappiness = 20 136 | 137 | 要使设置在重启系统后仍然生效,建议把自定义设置保存到 /etc/sysctl.d 目录下 138 | 139 | $ sudo vi /etc/sysctl.d/98-swap.conf 140 | vm.swappiness = 20 141 | 142 | 调整 Cache Pressure 缓存压力设置 143 | ------- 144 | 145 | 您可能想要修改的另一个相关值是 vfs_cache_pressure。此设置配置系统将选择多少缓存inode和dentry信息而不是其他数据 146 | 147 | 基本上,这是关于文件系统的访问数据。这通常是非常昂贵的查询和非常频繁的请求,所以这是你的系统缓存的一个很好的事情。您可以通过再次查询proc文件系统来查看当前值: 148 | 149 | $ cat /proc/sys/vm/vfs_cache_pressure 150 | 100 151 | 152 | 由于它当前已配置,我们的系统会过快地从缓存中删除inode信息。我们可以通过键入以下内容将其设置为更保守的设置(如50): 153 | 154 | $ sudo sysctl vm.vfs_cache_pressure = 50 155 | vm.vfs_cache_pressure = 50 156 | 157 | 同样,我们要把这个设置保存到 /etc/sysctl.d/98-swap.conf 文件中: 158 | 159 | $ sudo vi /etc/sysctl.d/98-swap.conf 160 | vm.vfs_cache_pressure = 50 161 | 162 | 我们把自定义内核参数设置都保存到 `/etc/sysctl.d/` 目录下,并且文件名以 98 开头,当我们创建一个新的 VPS 时,可以轻松地用 `tar` 命令把 `/etc/sysctl.d/98*` 文件打包并迁移到新的环境中。你可以在下面地址查看内核参数优化文件: 163 | 164 | 165 | 166 | **相关资源**: 167 | 168 | - 169 | - 170 | - -------------------------------------------------------------------------------- /ebook/09.0.md: -------------------------------------------------------------------------------- 1 | 附录 2 | === 3 | 4 | 翻墙常用资源及如何贡献本项目 5 | 6 | --- 7 | 8 | **最简单的路由器刷OpenWrt翻墙方案:** 9 | 10 | - [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang "最简单的路由器刷OpenWrt固件翻墙教程") 11 | 12 | **在线阅读OpenWrt路由器翻墙、科学上网器教程:** 13 | 14 | - [https://fanqiang.software-download.name](https://fanqiang.software-download.name) 15 | - [https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md) -------------------------------------------------------------------------------- /ebook/09.1.md: -------------------------------------------------------------------------------- 1 | 翻墙软件、教程大全集 2 | ============ 3 | 4 | 推荐翻墙软件 5 | -------- 6 | 7 | - [sing-box:新一代超强通用代理工具](https://github.com/SagerNet/sing-box) 8 | - [sing-box 官方文档](https://sing-box.sagernet.org/) 9 | - [sing-box 多种翻墙协议的配置示例](https://github.com/chika0801/sing-box-examples) 10 | - [sing-box 规则集:官方: geosite](https://github.com/SagerNet/sing-geosite/tree/rule-set) 11 | - [sing-box 规则集:官方 geoip](https://github.com/SagerNet/sing-geoip/tree/rule-set) 12 | - [sing-box 规则集:MetaCubeX sing/geo](https://github.com/MetaCubeX/meta-rules-dat/tree/sing/geo) 13 | - [sing-box 规则集:Toperlock geosite](https://github.com/Toperlock/sing-box-geosite/tree/main/rule) 14 | - [sing-box 规则集:DustinWin](https://github.com/DustinWin/ruleset_geodata/tree/sing-box-ruleset-compatible) 15 | - [sing-box 去广告:MetaCubeX](https://github.com/MetaCubeX/meta-rules-dat/raw/refs/heads/sing/geo/geosite/category-ads-all.json) 16 | - [sing-box 去广告:AdBlock_Rule_For_Sing-box](https://github.com/REIJI007/AdBlock_Rule_For_Sing-box) 17 | - [sing-box 去广告:秋风广告规则. simple](https://awavenue.top/Sub.html#%E6%9B%B4%E5%A4%9A%E6%A0%BC%E5%BC%8F%E7%9A%84%E8%A7%84%E5%88%99) 18 | - [sing-box 去广告:Dreista AdGuard-DNS-Filter. 4 mon](https://github.com/Dreista/sing-box-rule-set-cn?tab=readme-ov-file) 19 | - [米开朗基杨: sing-box 基础教程:sing-box 的配置方法和使用教程](https://icloudnative.io/posts/sing-box-tutorial/) 20 | - [Overtls:SOCKS5 代理,通過 TLS 實現數據傳輸,支持 TCP 和 UDP 轉發。Rust](https://github.com/ShadowsocksR-Live/overtls) 21 | - [Socks5-impl: dns-query, socks5-server, udp-client, echo-server](https://github.com/tun2proxy/socks5-impl) 22 | - [ShadowsocksR-native](https://github.com/ShadowsocksR-Live/shadowsocksr-native) 23 | - [SSRoT,反向代理,技术原理](https://github.com/ShadowsocksR-Live/shadowsocksr-native/wiki) 24 | - [V2Ray 模块化的代理软件包](https://github.com/v2fly/v2ray-core) 25 | - [Gost:GO 语言实现的安全隧道](https://github.com/ginuerzh/gost) 26 | - [教程:使用warp + gost 获取原生IP](https://ericjin.com/blog/%E4%BD%BF%E7%94%A8warp+gost-%E8%8E%B7%E5%8F%96%E5%8E%9F%E7%94%9FIP/) 27 | - [Brook:A cross-platform programmable network tool](https://github.com/txthinking/brook) 28 | - [Hysteria:powerful, lightning fast and censorship resistant proxy in Go](https://github.com/apernet/hysteria) 29 | - [NaïveProxy](https://github.com/klzgrad/naiveproxy) 30 | - [XX-Net 接力GoAgent](https://github.com/XX-net/XX-Net) 31 | - [trojan](https://github.com/trojan-gfw/trojan) 32 | - [Obfuscated OpenSSH Patch by zinglau](https://github.com/zinglau/obfuscated-openssh-patches) 33 | 34 | 翻墙相关网站 35 | -------- 36 | 37 | - [米开朗基杨:云原生搬砖师 & Sealos 开发者布道师 & FastGPT 熟练工](https://icloudnative.io/posts/) 38 | - [七尺宇 - YT](https://www.qichiyu.com/) 39 | - [Hongbo Lin](https://linhongbo.com/) 40 | -[OpenWrt](https://linhongbo.com/tags/openwrt/) 41 | -[Shadowsocks](https://linhongbo.com/tags/shadowsocks/) 42 | - [跟 UMU 一起玩 OpenWRT](https://my.oschina.net/umu618/?tab=newest&catalogId=269802) 43 | 44 | Shadowsocks 45 | ---- 46 | 47 | - [Shadowsocks.org](https://shadowsocks.org) 48 | - [Shadowsocks libev](https://github.com/shadowsocks/shadowsocks-libev) 49 | - [OpenWrt Simple Obfs](https://github.com/aa65535/openwrt-simple-obfs) 50 | - [Shadowsocks Windows](https://github.com/shadowsocks/shadowsocks-windows) 51 | - [Shadowsocks QT5](https://github.com/shadowsocks/shadowsocks-qt5) 52 | - [Shadowsocks Android](https://github.com/shadowsocks/shadowsocks-android) 53 | - [Shadowsocks GO](https://github.com/shadowsocks/shadowsocks-go) 54 | - Shadowsocks 插件 55 | - [Simple Obfs](https://github.com/shadowsocks/simple-obfs) 56 | - [GoQuite](https://github.com/cbeuw/GoQuiet) 57 | - [Kcptun](https://github.com/xtaci/kcptun) 58 | - [V2Ray-Plugin](https://github.com/shadowsocks/v2ray-plugin) 59 | - [Cloak](https://github.com/cbeuw/Cloak) 60 | - [simple-tls](https://github.com/IrineSistiana/simple-tls) 61 | 62 | DNS 相关 63 | -------- 64 | 65 | - [国内外可用 DNS DoH 及速度实测 - 开发调优 - LINUX DO](https://linux.do/t/topic/235706) 66 | - [国内目前可用的DoH(2024-9-21) - 偷来的才是宝贝](https://coding.gs/2024/06/09/available-doh/) 67 | - [DNS leak test: ipleak.net](https://ipleak.net/) 68 | - [DNS leak test: browserleaks.com](https://browserleaks.com/dns) 69 | - [Tun2proxy:tunnel interface for HTTP and SOCKS proxies on Linux, Android, macOS, iOS and Windows. in Rust](https://github.com/tun2proxy/tun2proxy) 70 | - [Dnscrypt proxy](https://github.com/jedisct1/dnscrypt-proxy) 71 | - [Pcap DNSProxy](https://github.com/chengr28/Pcap_DNSProxy) 72 | - [ChinaDNS](https://github.com/aa65535/ChinaDNS) 73 | - [dnsmasq China List](https://github.com/felixonmars/dnsmasq-china-list) 74 | - [dnsforwarder](https://github.com/holmium/dnsforwarder) 75 | - [A DNS server/forwarder/dispatcher written in Go](https://github.com/shawn1m/overture) 76 | - [glider - forward proxy with multiple protocols support](https://github.com/nadoo/glider) 77 | - 清华大学 非清华校园网用户可使用5353端口 (dig www.google.com @101.6.6.6 -p 5353) PC 无法设置5353端口,未测试 78 | - 101.6.6.6:5353 79 | - 2001:da8::666 80 | 81 | 翻墙方案 82 | -------- 83 | 84 | - [OpenWrt路由器智能自动透明翻墙、科学上网教程](https://fanqiang.software-download.name/) 85 | -------------------------------------------------------------------------------- /ebook/09.2.md: -------------------------------------------------------------------------------- 1 | 本地阅读本教程的方法 2 | ================== 3 | 4 | git clone项目 5 | -------- 6 | 7 | cd ~/Downloads 8 | git clone https://github.com/softwaredownload/openwrt-fanqiang 9 | 10 | 下载Markdwon阅读软件 Typora 11 | -------- 12 | 13 | Typora有个神奇的地方,就是 Markedown 写作和预览是一体的这就避免了多数 Markdown 写作软件会有的尴尬:边写作边预览时,屏幕宽度始终不够 14 | 15 | 下载后,点击菜单 `File` 选择 `Open Folder...` 选择 fanqiang/ebook 16 | 17 | 点击左边的导航栏切换内容 18 | 19 | ![Read fanqaing book locally](images/9.2.read-book-locally.png) 20 | 21 | 你是个有爱心的人,阅读了本教程,想要回馈这个开源项目,在阅读时顺便修改一些错字,加进补充内容,增加一章你的路由器应用本教程翻墙的过程等等,然后提交 pull request 22 | 23 | **相关资源**: 24 | 25 | - 26 | - 27 | - -------------------------------------------------------------------------------- /ebook/09.3.md: -------------------------------------------------------------------------------- 1 | 知识若不分享,实在没有意义 2 | ==================== 3 | 4 | 这个世界为什么圣人这么少? 5 | -------- 6 | 7 | 人类历史上存在过无数人,他们都不见了,他们都到哪里去了,他们曾有过什么样的故事,可曾有人在想起他们的笑容?通过历史书,我们知道了历史上存在过的一些人物的名字,其中少数人,为人类的发展作出了特别的贡献,我们可以称他们为圣人,这样的人,一只手就数得过来 8 | 9 | 历史上存在过的人这么多,为什么圣人却这么少? 10 | 11 | 我认为,这是因为,普通人的一生,主要是在思考怎么得到更多,而较少想到去付出。得到越多越好,付出越少越好,这就是普通人 12 | 13 | 圣人是怎么样的,是不是只想着付出,不计收获?不是的,我认为圣人是付出得到比较均衡的人。只付出而不得到,自己就很快会陷入困境,就没有能力去帮助更多人 14 | 15 | 圣人得到什么,就会想着怎么样去回馈外界,回馈社会,在回馈过程中自己得到快速成长,从而有更大的能力去回馈更多,圣人于是逐渐长成 16 | 17 | 我这么说,并不是希望谁成为圣人。圣人并不知道自己是圣人,也不会去想这个事情。有一个信念,就要去实行,生命的意义就在于点滴的行动,能做多少就做多少,当生命之花最终凋落时,我们得到的都将失去,我们付出的也许还会存在于这个世界很长的时间 18 | 19 | 我为什么写这个教程 20 | -------- 21 | 22 | 生在天朝,上网各种不方便,很是苦恼,什么OpenWrt,没有听说过,不知道哇。上网查相关论坛,非注册用户附件下载隐藏,图片隐藏,各种限制。也有一些教程散布在网上,需要自己整合。终于,花了N个白天,给家里的路由器翻墙了。我是个习惯于换位思考的人,想想自己花了很多时间查各种资料,何不花时间整合各种资源并加上自己的心得,写成系列教程,公布在网上? 23 | 24 | 于是,又是N个白天(N > 10),学习Git, GitHub, GitBook, Ubuntu, Markdown, OpenWrt,各种调试、编译。经常一天的绝大部分时间在写这个教程。钱可以少赚些,当下够用就行,这个教程还得认真写,没有想过要得到什么,只是觉得白发已生,人生不能虚度,给这个世界留下一些自己的印记也总是好的。虽然不对别人说,但也未尝不可在人少时偷偷笑一声,并对自己说:我这样的好人,在这个世界上可是不多呢,哈哈 25 | 26 | 为什么以开源方式发布在GitHub 27 | -------- 28 | 29 | 为什么不写在博客上呢?如果写在博客上,就要自己维护博客,一直维护下去总是个麻烦事。GitHub总比自己维护的博客稳定,或者说能存在更长时间。即使GitHub倒闭,也就一个git命令就可以托管到其他网站,何况GitHub至少现在看来是来日方长呢 30 | 31 | 开源方式发布,更是希望阅读本教程翻墙成功的朋友,如果你的路由器型号不被本教程覆盖,就写下自己的翻墙实践过程,提交到本项目中,以帮助相关朋友。我在教程中以 D-Link DIR-505为范例,演示了如何参与到本项目中来,将在下一节详述 32 | 33 | **相关资源**: 34 | 35 | - 36 | - -------------------------------------------------------------------------------- /ebook/09.4.md: -------------------------------------------------------------------------------- 1 | 如何贡献本项目 2 | =========== 3 | 4 | 虽然说原理是通用的,本教程内容可以应用到绝大多数路由器中去。然而,高手毕竟少数,多数有翻墙需求的人可能都没有用过Linux系统,没有听说过OpenWrt,针对他们,最好是一种路由器类型(型号)一个教程。并且最好提供预编译的固件,刷上这个预编译的固件后,修改极少的参数就可以自动翻墙 5 | 6 | 在你应用本教程原理翻墙的过程中,把详细应用过程一步步写下来,并贡献到本项目中,以帮助更多的人 7 | 8 | 假如你的路由器是 netgear wndr3800 9 | 10 | 如何通过 Github 贡献本项目: 11 | -------- 12 | 13 | 先阅读 Github [贡献向导](https://github.com/manastech/crystal/blob/master/Contributing.md),然后: 14 | 15 | - Fork 本项目 ( https://github.com/softwaredownload/openwrt-fanqiang/fork ) 16 | - 创建你的分支 (git checkout -b my-new-feature) 17 | - 提交你的改进 (git commit -am 'Add some feature') 18 | - Push到你的分支 (git push origin my-new-feature) 19 | - 到github.com 创建 Pull Request 20 | 21 | 如何为新的路由器创建翻墙教程: 22 | -------- 23 | 24 | cd openwrt-fanqiang 25 | mkdir -p ebook/wndr3800/images 26 | mkdir openwrt/wndr3800 27 | 28 | 在ebook目录下创建以路由器型号为名的目录,以wndr3800为例,教程在ebook/wndr3800目录下,图片在wndr3800/images在目录下 29 | 30 | wndr3800专用的配置文件在openwrt/wndr3800下,注意,openwrt/default目录已经有的配置文件可以省略 31 | 32 | 路径、文件名都小写,因Windows系统是大小写不敏感的 33 | 34 | 在你的教程中最好提供预编译固件的稳定下载地址。如果你没有稳定的下载空间,可以提交一个issue,附上临时下载地址,我会上传到稳定下载地址,然后你可以修改教程加上稳定下载地址。注意教程目录下不要直接包含固件文件,大的二进制文件不需要用git跟踪 35 | 36 | 你可以用LiteIDE写教程 37 | 38 | 修改目录文件, openwrt/SUMMARY.md,把你的教程作为新的一章,放在最后一章之前 39 | 40 | 如果你的路由器型号与教程中的相同或类似,你也可以参与到本项目中来,你可以修正错误,补充不详细的地方,文字润色,提出建议等 41 | 42 | **相关资源**: 43 | 44 | - 45 | - -------------------------------------------------------------------------------- /ebook/dir505/1.connect-dir505-openwrt.md: -------------------------------------------------------------------------------- 1 | 如何进入 DIR-505 恢复模式 2 | ====================== 3 | 4 | 在学习OpenWrt可能要测试很多配置,有时会出现错误,需恢复或补救,这时就需要进入路由器的恢复模式 5 | 6 | 有两种方法进入 DIR-505 的恢复模式 7 | 8 | 进入D-Link 恢复模式 9 | ------------------- 10 | 11 | 把 DIR-505和计算机用网线连接起来,设置计算机网卡的IPv4地址为 192.168.0.98, 子网掩码 255.255.255.0, 在路由器启动时顶住 reset 孔,当红色指示灯开始缓慢闪烁时,松开reset孔。然后浏览器打开 192.168.0.1,这里你可以上传原厂固件或刷 OpenWrt 固件 12 | 13 | > Plug in your computer to the unit, assign it an ip address of 192.168.0.98, and boot the unit up while holding down the reset. Once the red light starts to blink slowly, release the reset, and go to 192.168.0.1 on your web browser. From there you can upload a new image. After successful flashing, you'll see a "Success" page in your browser. 14 | 15 | 刷新固件完成后,重新改回自动获取IP地址 16 | 17 | 进入 OpenWrt 恢复模式 18 | --------------------- 19 | 20 | 用网线将路由器和电脑连接起来,将电脑网卡的IPv4地址设置成 192.168.1.97 21 | 22 | 路由器插上电源重新开机, 在启动时多次按压路由器侧面的圆形 WPS 按钮直到 LED 指示灯开始快速闪烁 23 | 24 | > For the generic failsafe mode you can follow https://openwrt.org/zh-cn/doc/howto/generic.failsafe You can use the WPS button for that. While booting up, just press it several times until the LED flashes very quick. If you're still not able to telnet it on 192.168.1.1 maybe there's something wrong on the client-side. 25 | 26 | 接下来就是ubuntu 里 telnet 进入 OpenWrt 并设置 root 密码 27 | 28 | telnet 192.168.1.1 29 | 30 | telnet连上后就设置root密码,自动启用 ssh: 31 | 32 | root@OpenWrt:/# passwd 33 | Changing password for root 34 | New password: 35 | Retype password: 36 | Password for root changed by root 37 | root@OpenWrt:/# 38 | 39 | 可以在 Ubuntu 里 Ctrl + Shift + t 新开一个命令行窗口,尝试 ssh 连接OpenWrt: 40 | 41 | ssh root@192.168.1.1 42 | 43 | 如果 ssh 连上了,则后面设置的内容和 前面 TLWR-2543N 翻墙教程一样了 44 | 45 | 要注意的是,D-Link DIR-505 使用接口名称 eth1 而不是通常的 eth0 46 | 47 | > Other than similar routers (e.g., the TP-Link TL-WR703N), the D-Link DIR-505 uses the interface eth1 rather than eth0. This means that if you build your own firmware, you must configure /etc/config/network accordingly (option ifname 'eth1'), or you will not be able to connect later on via Ethernet. 48 | 49 | 如果 telnet 连不上,尝试一下直接ssh登录 50 | 51 | 设置D-Link DIR-505k路由器无线连接 52 | ------------------------------- 53 | 54 | 在没有设置无线连接前,要登录OpenWrt,必须用网线把电脑和路由器连接起来,不太方便。设置无线连接后,电脑就可以通过无线方式连上路由器,再登录 DIR-505 OpenWrt 进行设置 55 | 56 | uci set wireless.@wifi-device[0].disabled=0; 57 | uci set wireless.@wifi-iface[0].ssid='eastking-dir505'; 58 | uci set wireless.@wifi-iface[0].encryption='psk2+ccmp'; 59 | uci set wireless.@wifi-iface[0].key='icanfly9876'; 60 | uci commit wireless; 61 | wifi 62 | 63 | 设置好无线连接后,就可以拔掉电脑的有线连接,连接无线,再ssh登录路由器 64 | 65 | **相关资源**: 66 | 67 | - 68 | - 69 | - 70 | - 71 | -------------------------------------------------------------------------------- /ebook/dir505/2.dir505-install-openwrt.md: -------------------------------------------------------------------------------- 1 | D-Link DIR-505 A1 刷 OpenWrt固件过程 2 | ================================== 3 | 4 | D-Link 路由器是锁区的, 不能直接刷OpenWrt 固件。要先到D-Link 官方国际站下载原厂固件,用16进制编辑器把DEF改成CN,升级固件,再刷OpenWrt固件 5 | 6 | 下载D-Link DIR-505 A1 国际版官方固件 7 | ------------------------------------ 8 | 9 | 10 | 11 | 下载地址: 12 | 13 | - [http://support.dlink.com.au/download/download.aspx?product=DIR-505](http://support.dlink.com.au/download/download.aspx?product=DIR-505) 14 | - [ftp://files.dlink.com.au/products/DIR-505/REV_A/Firmware/](ftp://files.dlink.com.au/products/DIR-505/REV_A/Firmware/) 15 | 16 | 用16进制编辑器修改固件的国家代码,DEF 改成 CN 17 | --------------------------------- 18 | 19 | 准备一个16进制编辑器,在本文中,我用的是Ubuntu下的轻量级16进制编辑器GHex,把固件拖到GHex打开固件 20 | 21 | ![DIR-505路由器修改16进制值前](images/2.dir505a1-hex-def.png) 22 | 23 | 修改后变成如下: 24 | 25 | ![DIR-505路由器修改16进制值后](images/2.dir505a1-hex-cn.png) 26 | 27 | Alt + S 保存对固件的修改 28 | 29 | 你也可以到下面网址直接下载修改好16进制值的固件: 30 | 31 | [https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/](https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/) 32 | 33 | 刷修改国家后的官方固件 34 | ----------------------- 35 | 36 | 按照路由器官方手册,电脑连上路由器 37 | 38 | 在 Ubuntu 下电脑连接 DIR-505 路由器的方法: 39 | 40 | DIR-505 路由器出厂默认设置没有开启 DHCP,所以我们要给电脑手动设置和路由器同网段的 IPv4 地址才能连上路由器 41 | 42 | 路由器插上电源。右上角无线信号处,选择 Edit Connections, 选择dlink-xxxx, xxxx为路由器MAC ID 的后4位,Edit..., IPv4 Setings, Method选择 Manula 手动,Address 选择 Add, 设置: 43 | 44 | - Address: 192.168.0.9 45 | - Netmask: 255.255.255.0 46 | - Gateway: 192.168.0.1 47 | 48 | 如此设置好后电脑就能连上无线网络dlink-xxxx了 49 | 50 | 浏览器首次进入 http://192.168.0.1 会出现设置向导,点取消,然后会出现密码登录页面: 51 | 52 | ![DIR-505路由器登录页面](images/2.dir505-login.png) 53 | 54 | 直接点击 **登入** 按钮,再点击界面上部的 **维护**,然后点击左侧栏的 **固件** 进入升级固件页面,点击 **Browse...** 上传我们修改好的固件: 55 | 56 | ![DIR-505路由器上传固件](images/2.upload-image-cn.png) 57 | 58 | 然后点击 **上传** 按钮完成刷新固件,接下来就可以刷 OpenWrt固件了 59 | 60 | DIR-505A1 刷 OpenWrt 固件 61 | -------------------------- 62 | 63 | **下载 OpenWrt 固件 for DIR-505A1**: 64 | 65 | - http://downloads.openwrt.org/snapshots/targets/ar71xx/generic/ 66 | - http://downloads.openwrt.org/snapshots/targets/ar71xx/generic/openwrt-ar71xx-generic-dir-505-a1-squashfs-factory.bin 67 | 68 | **DIR-505刷OpenWrt固件**: 69 | 70 | 我们是在原厂固件上刷 OpenWrt,一定要下载 factory.bin.上传后,等待150秒,DIR-505A1 成功刷上了 OpenWrt 开源固件 71 | 72 | ![DIR-505路由器刷OpenWrt固件](images/2.upload-openwrt-factory.png) 73 | 74 | **相关资源**: 75 | 76 | - 77 | - 78 | -------------------------------------------------------------------------------- /ebook/dir505/3.enable-dir505-gpio.md: -------------------------------------------------------------------------------- 1 | D-Link DIR-505启用工作模式开关 2 | =========================== 3 | 4 | DIR-505 硬件开启四种应用模式 5 | ----------------------- 6 | 7 | D-Link DIR-505 在全球销售多款型号,不同型号外观不一样,但内部硬件是一样的。在中国销售的 DIR-505 A1, 也就是本教程所用的型号, 模式开关共有三档,在开关处动动手,就可以启用四种模式 8 | 9 | 撕掉标贴,去掉螺丝,就可以打开DIR-505,把开关剪短,剪掉挡住开关上推的底面,完工后如下图: 10 | 11 | ![DIR-505工作模式](images/3.dir505-enable-gpio.png) 12 | 13 | Router模式和AP模式 14 | ---------------------------------- 15 | 16 | 便携式式无线路由器常有Router模式和AP模式,有的路由器用两个档位对应这两种模式,拨到Router档就用Router模式,拨到AP档就用AP模式。DIR-505 原厂固件,Router和AP共用一个档位,需要用哪种,需要登录路由器进行选择和设置。现在我们已经刷了 OpenWrt,档位对应的模式需要自己定义设置 17 | 18 | 在本教程中,把新开的第四档作为AP档,原来的Router/AP档作为Router档 19 | 20 | 在Router模式时,DIR-505作为无线路由器使用,有线接口作为WAN口,连接到ADSL Modem。计算机通过无线的方式连接到路由器。在这种模式下一般需要设置拨号上网帐号 21 | 22 | 在AP模式时,通常在DIR-505前端还有路由器,DIR-505的有线接口作为LAN口使用,前端路由器的LAN口引出网线连接到DIR-505. 在宾馆上网,把有线扩展为无线常应用此种模式 23 | 24 | /etc/rc.local 利用 GPIO 读取开关位置 25 | ----------------------- 26 | 27 | rc.local内容如下: 28 | 29 | # Put your custom commands here that should be executed once 30 | # the system init finished. By default this file does nothing. 31 | 32 | if [ ! -f /etc/config/backup/network ]; then 33 | cp /etc/config/network /etc/config/backup/ 34 | cp /etc/config/wireless /etc/config/backup/ 35 | cp /etc/config/firewall /etc/config/backup/ 36 | cp /etc/config/dhcp /etc/config/backup/ 37 | fi 38 | 39 | 40 | read_gpio() { 41 | (echo $1 > /sys/class/gpio/export) >& /dev/null 42 | (echo "in" > /sys/class/gpio/gpio$1/direction) >& /dev/null 43 | return `cat /sys/class/gpio/gpio$1/value`; 44 | } 45 | read_gpio 19; 46 | v=$?; 47 | read_gpio 20; 48 | v=$v$?; 49 | read_gpio 21; 50 | v=$v$?; 51 | read_gpio 22; 52 | v=$v$?; 53 | read_gpio 23; 54 | v=$v$?; 55 | case "$v" in 56 | 10001) v="router";; 57 | 11001) v="repeater";; 58 | 01001) v="hotspot";; 59 | 11000) v="ap";; 60 | *) v="error";; 61 | esac 62 | 63 | /usr/bin/$v 64 | 65 | logger working mode: $v 66 | 67 | exit 0 68 | 69 | 原理:先备份原始的配置文件,不同模式的设置都是基于原始配置文件,以免出现混乱 70 | 71 | 在/usr/bin目录下创建相应模式的bash文件,根据不同的GPIO值调用的不同的文件 72 | 在本教程中中主要应用 /usr/bin/router和 /usr/bin/ap这两个文件 73 | 74 | 代码的最新版本,请查看: 75 | 76 | - [https://github.com/softwaredownload/openwrt-fanqiang/tree/master/openwrt/dir505](https://github.com/softwaredownload/openwrt-fanqiang/tree/master/openwrt/dir505) 77 | 78 | 你使用时,可以直接下载整个项目到本地,所有配置文件自然在其中: 79 | 80 | git clone https://github.com/softwaredownload/openwrt-fanqiang  81 | 82 | **相关资源**: 83 | 84 | - 85 | - [https://my.oschina.net/umu618/blog/273945](https://my.oschina.net/umu618/blog/273945) 86 | -------------------------------------------------------------------------------- /ebook/dir505/4.dir505-router-mode.md: -------------------------------------------------------------------------------- 1 | DIR-505 Router 模式 2 | ================== 3 | 4 | /usr/bin/router 代码: 5 | -------- 6 | 7 | #!/bin/sh 8 | 9 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 10 | # Date: 2014-08-22 11 | 12 | cp /etc/config/backup/* /etc/config/ 13 | 14 | uci delete network.lan.ifname 15 | uci delete network.lan.type 16 | 17 | uci add network interface 18 | uci rename network.@interface[-1]='wan' 19 | uci commit network 20 | 21 | uci set network.wan.ifname='eth1' 22 | uci set network.wan.peerdns=0 23 | uci set network.wan.proto='pppoe' 24 | uci set network.wan.username='wan-username' 25 | uci set network.wan.password='wan-password' 26 | uci set network.wan.peerdns=0 27 | 28 | uci commit network 29 | 30 | # default is no this option 31 | #uci set dhcp.lan.ignore=0 32 | #uci commit dhcp 33 | 34 | uci set wireless.@wifi-device[0].channel=11 35 | uci set wireless.@wifi-device[0].txpower=15 36 | uci set wireless.@wifi-device[0].disabled=0 37 | uci set wireless.@wifi-device[0].country='CN' 38 | uci set wireless.@wifi-iface[0].mode='ap' 39 | uci set wireless.@wifi-iface[0].ssid='eastking-dir505' 40 | uci set wireless.@wifi-iface[0].encryption='psk2' 41 | uci set wireless.@wifi-iface[0].key='icanfly9876' 42 | 43 | uci commit wireless 44 | wifi 45 | 46 | /etc/init.d/network restart 47 | 48 | 代码说明: 49 | -------- 50 | 51 | 先把备份的原始配置文件覆盖到配置文件目录,所有设置都基于原始配置文件 52 | 在使用Router 模式时,有线接口为WAN口,这时wan的 interface name 是 eth1, 默认lan的interface name 使用了 eth1, 要删除 53 | 54 | **相关资源**: 55 | 56 | - [https://github.com/softwaredownload/openwrt-fanqiang/tree/master/openwrt/dir505]([https://github.com/softwaredownload/openwrt-fanqiang/tree/master/openwrt/dir505]) 57 | - 58 | -------------------------------------------------------------------------------- /ebook/dir505/5.dir505-ap-mode.md: -------------------------------------------------------------------------------- 1 | DIR-505 AP 模式翻墙教程 2 | ==================== 3 | 4 | /usr/bin/ap 代码: 5 | -------- 6 | 7 | #!/bin/sh 8 | 9 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 10 | # Date: 2014-08-22 11 | 12 | cp /etc/config/backup/* /etc/config/ 13 | 14 | uci set network.lan.gateway=192.168.1.1 15 | uci set network.lan.dns=192.168.1.1 16 | uci set network.lan.ipaddr=192.168.1.97 17 | 18 | uci commit network 19 | 20 | uci set dhcp.lan.ignore=1 21 | uci commit dhcp 22 | 23 | uci set wireless.@wifi-device[0].channel=11 24 | uci set wireless.@wifi-device[0].txpower=15 25 | uci set wireless.@wifi-device[0].disabled=0 26 | uci set wireless.@wifi-device[0].country='CN' 27 | uci set wireless.@wifi-iface[0].mode='ap' 28 | uci set wireless.@wifi-iface[0].ssid='eastking-dir505' 29 | uci set wireless.@wifi-iface[0].encryption='psk2' 30 | uci set wireless.@wifi-iface[0].key='icanfly9876' 31 | 32 | uci commit wireless 33 | wifi 34 | 35 | /etc/init.d/network restart 36 | 37 | 代码说明: 38 | -------- 39 | 40 | 在AP模式下,DIR-505的有线接口作为LAN口使用,连接到前端路由器的LAN口 41 | 假设DIR-505前端路由器的IP地址是192.168.1.1,设置DIR-505的lan 网关和dns都是192.168.1.1,再设置 DIR-505的 lan IP地址为192.168.1.97 42 | 43 | DIR-505穿越功夫网翻墙方法 44 | -------- 45 | 46 | **假设上级路由器没有设置翻墙**: 47 | 48 | 电脑设置无线连接 eastking-dir505:IPv4地址是 192.168.1.53(不同于路由器的地址),设置子网掩码为255.255.255.0,网关和DNS为路由器的地址即192.168.1.97,重启路由器后,电脑连上 eastking-dir505 即可自动翻墙 49 | 50 | 原理:以DIR-505作为DNS服务器,我们已经把DIR-505设置成翻墙路由器,自然可以打败功夫网了 51 | 52 | **假设上级路由器已经翻墙**: 53 | 54 | 电脑设置无线连接 eastking-dir505为DHCP即可 55 | 原理:以上级路由器作为DNS服务器,上级路由器已经翻墙,二级路由器就可以免设置自动翻墙了 56 | 57 | 如果你想节省路由器资源,这时就可以禁用 dir-505 dns及翻墙相关服务: 58 | 59 | /etc/init.d/dnsmasq stop 60 | /etc/init.d/dnsmasq disable 61 | /etc/init.d/shadowsocks stop 62 | /etc/init.d/shadowsocks disable 63 | 64 | 代码的最新版本,请查看: 65 | 66 | - [https://github.com/softwaredownload/openwrt-fanqiang/tree/master/openwrt/dir505](https://github.com/softwaredownload/openwrt-fanqiang/tree/master/openwrt/dir505) 67 | 68 | **相关资源**: 69 | 70 | - 71 | - -------------------------------------------------------------------------------- /ebook/dir505/7.dir505-flash-fanqiang-image.md: -------------------------------------------------------------------------------- 1 | D-Link DIR-505 A1 刷通用OpenWrt固件 2 | ============================== 3 | 4 | 照前面的教程自己编译翻墙固件,编译出来后刷进路由器,就能实现零设置自动翻墙。出于各种原因,有的朋友可能不想自己编译固件,又想用DIR-505实现智能翻墙,就要下载预编译的通用翻墙固件,刷好后,登录路由器,用vi修改少数几个设置,就能实现智能翻墙,本教程就是针对这些朋友而写 5 | 6 | 路由器的开关拨到刻有 Router/AP 字样的档位,如果你没有给路由器动过手术,就是从上往下数的第一档 7 | 8 | DIR-505原厂固件刷翻墙固件的方法 9 | -------- 10 | 11 | 适合购买了D-Link DIR-505 A1后没有刷过任何固件的朋友 12 | 13 | **刷修改了16进制值的原厂固件**: 14 | 15 | 到下面地址下载已经修改了16进制值的原厂固件: 16 | [https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/](https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/) 17 | 18 | 照官方手册说明网页登录路由器,刷新固件 19 | 20 | **刷DIR-505的翻墙固件 factory.bin**: 21 | 22 | 到下面地址下载用于 DIR-505的翻墙固件: 23 | 24 | [https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/](https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/) 25 | 26 | 下载 openwrt-ar71xx-generic-dir-505-a1-squashfs-factory.bin 27 | 28 | 按照官方手册的说明刷新固件 29 | 30 | OpenWrt固件基础上升级到翻墙固件 31 | -------- 32 | 33 | 注意,下面步骤适合于你已经在你的DIR-505上刷了OpenWrt固件,你想要升级到可以自己翻墙的openwrt固件 34 | 35 | **下载翻墙固件 sysupgrade.bin**: 36 | 37 | 到下面地址下载用于 DIR-505的翻墙固件 openwrt-ar71xx-generic-dir-505-a1-squashfs-sysupgrade.bin: 38 | [https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/](https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/) 39 | 40 | **命令行上传固件到路由器**: 41 | 42 | 电脑通过网线或无线连接到路由器,然后:: 43 | 44 | cd ~/Downloads/openwrt-imagebuilder/bin/targets/ar71xx/ 45 | scp openwrt-ar71xx-generic-dir-505-a1-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/ 46 | 47 | **ssh登录OpenWrt路由器** 48 | ssh root@192.168.1.1 49 | cd /tmp 50 | 51 | **sysupgrade升级固件并取消保留原来配置文件**: 52 | 53 | root@OpenWrt:/tmp# sysupgrade -n openwrt-ar71xx-generic-dir-505-a1-squashfs-sysupgrade.bin 54 | 55 | 参数 `-n` 表示升级时不保留原来的配置文件 56 | 57 | 等待两分钟等刷新固件并重启完成 58 | 59 | **相关资源**: 60 | 61 | - -------------------------------------------------------------------------------- /ebook/dir505/8.login-setup-dir505-fanqiang.md: -------------------------------------------------------------------------------- 1 | 登录并设置 DIR-505 OpenWrt 翻墙固件 2 | =============================== 3 | 4 | ADSL Modem网线连接到路由器的有线接口。路由器的开关拨到刻有 Router/AP 字样的档位,如果你没有给路由器动过手术,就是从上往下数的第一档。本文以router模式为例,如果你的应用场景是ap模式,请自行相应变通 5 | 6 | 电脑连接DIR-505路由器 7 | -------- 8 | 9 | 电脑连接到无线 网络 **eastking-dir505** 10 | 11 | 无线密码: 12 | 13 | 2014-09-01版: wsjdw,8181 14 | 新版都是: icanfly9876 15 | 16 | ssh 登录 OpenWrt 翻墙固件 17 | -------- 18 | 19 | ssh root@192.168.1.1 20 | 21 | 输入密码 `fanqiang` 登录ssh 22 | 23 | 有时会提示错误: 24 | 25 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 26 | @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ 27 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 28 | IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 29 | Someone could be eavesdropping on you right now (man-in-the-middle attack)! 30 | It is also possible that a host key has just been changed. 31 | The fingerprint for the RSA key sent by the remote host is 32 | cf:c5:12:34:56:0b:4d:1c:56:48:6a:87:04:cf:b8:83. 33 | Please contact your system administrator. 34 | Add correct host key in /home/openwrt-fanqiang/.ssh/known_hosts to get rid of this message. 35 | Offending RSA key in /home/openwrt-fanqiang/.ssh/known_hosts:3 36 | remove with: ssh-keygen -f "/home/openwrt-fanqiang/.ssh/known_hosts" -R 192.168.1.1 37 | RSA host key for 192.168.1.1 has changed and you have requested strict checking. 38 | Host key verification failed. 39 | 40 | 解决办法就是复制并运行提示中的清理命令: 41 | 42 | ssh-keygen -f "/home/openwrt-fanqiang/.ssh/known_hosts" -R 192.168.1.1 43 | 44 | 然后就可以正常登录了 45 | 46 | 登录后用vi修改设置: 47 | -------- 48 | 49 | root@OpenWrt:~# vi /etc/shadowsocks-libev/config.json 50 | root@OpenWrt:~# vi /usr/bin/router 51 | #如果是ap模式 52 | root@OpenWrt:~# vi /usr/bin/ap 53 | root@OpenWrt:~# vi /usr/bin/ss-firewall-asia 54 | 55 | 分别修改以下值: 56 | 57 | - shadowsocks.json中,server改成你的服务器实际IP 58 | - router/ap中 wan-username 和 wan-password改成实际值 59 | - ss-firewall中,1.0.9.8必须改成你的服务器实际IP 60 | 61 | 如果你还改了其他默认值,请自行修改相应文件。不建议修改其他默认值,以提高一次成功率。熟悉以后,建议修改shadowsock密码 62 | 63 | 执行以下命令使修改生效 64 | -------- 65 | 66 | root@OpenWrt:~# /etc/init.d/shadowsocks restart 67 | root@OpenWrt:~# /etc/init.d/dnsmasq restart 68 | root@OpenWrt:~# /etc/init.d/network restart 69 | 70 | # 查看 dnsmasq ss-redir ss-tunnel是否在运行。翻墙出出现故障的时候也要查看: 71 | ps 72 | 73 | 2015-12-24测试router模式, 修改配置文件,编译出固件,刷进路由器,然后不用再修改任何设置就可以翻墙 74 | 75 | 等待约两分钟,就可以测试是否可以在网上畅行无阻了 76 | 77 | **相关资源**: 78 | 79 | - -------------------------------------------------------------------------------- /ebook/dir505/README.md: -------------------------------------------------------------------------------- 1 | D-Link DIR-505路由器刷OpenWrt固件翻墙教程 2 | ===================================== 3 | 4 | 前面的教程用结合 TP-LINK TL-WR2543N 来讲解翻墙原理与方法,并不是我特别推荐TP-LINK TL-WR2543N,而是因为手头正好有这个路由器。毫无疑问,初学者使用教程同款路由器比较容易上手。但此型号趋向退市,价格也不便宜,网上有二手货,如果功能正常倒也可以考虑 5 | 6 | 另外的选择,是使用 D-Link DIR-505 便携式路由器。配置高,价格便宜 7 | 8 | D-Link DIR 505 硬件信息 9 | -------- 10 | 11 | Architecture: MIPS 24Kc 12 | Vendor: Atheros 13 | Bootloader: UBoot 1.1.4 14 | System-On-Chip: SoC: Atheros AR9330 rev 1 15 | CPU/Speed: Atheros AR9330 400.000MHz 16 | Flash-Chip: NANYA NT5TU32M16DG-AC 17 | Flash size: 8192 KiB 18 | RAM: 64 MiB 19 | Wireless: 802.11b/g/n 20 | Ethernet: 10/100 full duplex 21 | USB: Yes 1 x 2.0 ar7240-ehci 22 | Serial: Yes - tested working over TTL converter (3.3V!) 23 | JTAG: Nope 24 | 25 | 与之同价格档次的TP-LINK TL-WR706N 150M迷你型无线路由器 AR9331 SOC 2MB Flash/16MB RAM 相比之下简直是垃圾。我花数百元购买的TP-LINK TL-WR2543N,也不过是8MB Flash, 64MB RAM内存 26 | 27 | 还有,D-Link DIR-505 自带不死恢复模式,调试OpenWrt系统出现问题时我们既可以进 D-Link 的恢复模式刷新固件,也可以进入 OpenWrt 的恢复模式刷新固件,可谓是最安全的路由器 28 | 29 | 如何购买 D-Link DIR 505 A1 30 | -------- 31 | 32 | 我不是D-Link的员工,也无意为其做广告。DIR-505是我购买的第一款D-Link路由器 33 | 34 | 我是2014年8月从淘宝 D-Link官方旗舰店买的 D-Link DIR 505 A1,69元, 固件版本号:1.03CN。买了后,看了下手机淘宝,只要59元。准备再入一个,都刷上 OpenWrt,方便随时随地无障碍上网 35 | 36 | --- 37 | 38 | **最简单的路由器刷OpenWrt翻墙方案:** 39 | 40 | - [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang "最简单的路由器刷OpenWrt固件翻墙教程") 41 | 42 | **在线阅读OpenWrt路由器翻墙、科学上网器教程:** 43 | 44 | - [https://fanqiang.software-download.name](https://fanqiang.software-download.name) 45 | - [https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md) 46 | -------------------------------------------------------------------------------- /ebook/dir505/images/2.dir505-login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/dir505/images/2.dir505-login.png -------------------------------------------------------------------------------- /ebook/dir505/images/2.dir505a1-hex-cn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/dir505/images/2.dir505a1-hex-cn.png -------------------------------------------------------------------------------- /ebook/dir505/images/2.dir505a1-hex-def.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/dir505/images/2.dir505a1-hex-def.png -------------------------------------------------------------------------------- /ebook/dir505/images/2.upload-image-cn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/dir505/images/2.upload-image-cn.png -------------------------------------------------------------------------------- /ebook/dir505/images/2.upload-openwrt-factory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/dir505/images/2.upload-openwrt-factory.png -------------------------------------------------------------------------------- /ebook/dir505/images/3.dir505-enable-gpio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/dir505/images/3.dir505-enable-gpio.png -------------------------------------------------------------------------------- /ebook/dir505/images/3.dir505a1-image-profile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/dir505/images/3.dir505a1-image-profile.png -------------------------------------------------------------------------------- /ebook/images/1.2.wr2543n.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/1.2.wr2543n.png -------------------------------------------------------------------------------- /ebook/images/1.3.admin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/1.3.admin.png -------------------------------------------------------------------------------- /ebook/images/1.3.backup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/1.3.backup.png -------------------------------------------------------------------------------- /ebook/images/2.10.openwrt-ap-iphone-dns.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.10.openwrt-ap-iphone-dns.jpeg -------------------------------------------------------------------------------- /ebook/images/2.10.openwrt-ap-iphone-ipv4.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.10.openwrt-ap-iphone-ipv4.jpeg -------------------------------------------------------------------------------- /ebook/images/2.2.factory-upgrade.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.2.factory-upgrade.png -------------------------------------------------------------------------------- /ebook/images/2.2.luci-login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.2.luci-login.png -------------------------------------------------------------------------------- /ebook/images/2.3.pppoe-switch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.3.pppoe-switch.png -------------------------------------------------------------------------------- /ebook/images/2.3.pppoe-username-password.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.3.pppoe-username-password.png -------------------------------------------------------------------------------- /ebook/images/2.3.wan-edit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.3.wan-edit.png -------------------------------------------------------------------------------- /ebook/images/2.4.admin-password.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.4.admin-password.png -------------------------------------------------------------------------------- /ebook/images/2.4.wifi-edit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.4.wifi-edit.png -------------------------------------------------------------------------------- /ebook/images/2.4.wifi-enable.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.4.wifi-enable.png -------------------------------------------------------------------------------- /ebook/images/2.4.wifi-security.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.4.wifi-security.png -------------------------------------------------------------------------------- /ebook/images/2.5.backup-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.5.backup-config.png -------------------------------------------------------------------------------- /ebook/images/2.6.luci-sysupgrade.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.6.luci-sysupgrade.png -------------------------------------------------------------------------------- /ebook/images/2.7.busybox.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.7.busybox.png -------------------------------------------------------------------------------- /ebook/images/2.7.editing-wired-connection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.7.editing-wired-connection.png -------------------------------------------------------------------------------- /ebook/images/2.7.enter-failsafe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.7.enter-failsafe.png -------------------------------------------------------------------------------- /ebook/images/2.7.passwd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.7.passwd.png -------------------------------------------------------------------------------- /ebook/images/2.8.free-ram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.8.free-ram.png -------------------------------------------------------------------------------- /ebook/images/2.8.snapshots-trunk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.8.snapshots-trunk.png -------------------------------------------------------------------------------- /ebook/images/2.8.ssh-login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/2.8.ssh-login.png -------------------------------------------------------------------------------- /ebook/images/3..9-1.droplets-click-one.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3..9-1.droplets-click-one.png -------------------------------------------------------------------------------- /ebook/images/3.10.androd-shadowsocks-bao-cun-she-zhi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.androd-shadowsocks-bao-cun-she-zhi.png -------------------------------------------------------------------------------- /ebook/images/3.10.androd-shadowsocks-fan-lui-pei-zhi-wen-jian.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.androd-shadowsocks-fan-lui-pei-zhi-wen-jian.png -------------------------------------------------------------------------------- /ebook/images/3.10.androd-shadowsocks-gao-ji-she-zhi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.androd-shadowsocks-gao-ji-she-zhi.png -------------------------------------------------------------------------------- /ebook/images/3.10.android-shadowsocks-assets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.android-shadowsocks-assets.png -------------------------------------------------------------------------------- /ebook/images/3.10.android-shadowsocks-fanqiang-can-shu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.android-shadowsocks-fanqiang-can-shu.png -------------------------------------------------------------------------------- /ebook/images/3.10.android-shadowsocks-google-search-download.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.android-shadowsocks-google-search-download.png -------------------------------------------------------------------------------- /ebook/images/3.10.android-shadowsocks-kai-shi-fan-qiang.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.android-shadowsocks-kai-shi-fan-qiang.png -------------------------------------------------------------------------------- /ebook/images/3.10.android-shadowsocks-kai-shi-lian-jie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.android-shadowsocks-kai-shi-lian-jie.png -------------------------------------------------------------------------------- /ebook/images/3.10.android-shadowsocks-m.youtube.com.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.android-shadowsocks-m.youtube.com.png -------------------------------------------------------------------------------- /ebook/images/3.10.android-shadowsocks-release-page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.android-shadowsocks-release-page.png -------------------------------------------------------------------------------- /ebook/images/3.10.android-shadowsocks-service-mode-vpn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.android-shadowsocks-service-mode-vpn.png -------------------------------------------------------------------------------- /ebook/images/3.10.android-shadowsocks-she-zhi-xuan-xiang.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.android-shadowsocks-she-zhi-xuan-xiang.png -------------------------------------------------------------------------------- /ebook/images/3.10.android-shadowsocks-xin-jian-pei-zhi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.android-shadowsocks-xin-jian-pei-zhi.png -------------------------------------------------------------------------------- /ebook/images/3.10.shadowsocks-android-simple-obfs-plugin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.10.shadowsocks-android-simple-obfs-plugin.png -------------------------------------------------------------------------------- /ebook/images/3.11.execute-bash-command.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.11.execute-bash-command.png -------------------------------------------------------------------------------- /ebook/images/3.11.run-git-bash-for-windows.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.11.run-git-bash-for-windows.png -------------------------------------------------------------------------------- /ebook/images/3.3.autoproxy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.3.autoproxy.png -------------------------------------------------------------------------------- /ebook/images/3.7.tcp-ipv6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.7.tcp-ipv6.png -------------------------------------------------------------------------------- /ebook/images/3.9-1.click-destroy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9-1.click-destroy.png -------------------------------------------------------------------------------- /ebook/images/3.9-1.destroy-this-droplet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9-1.destroy-this-droplet.png -------------------------------------------------------------------------------- /ebook/images/3.9-1.destroy-vps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9-1.destroy-vps.png -------------------------------------------------------------------------------- /ebook/images/3.9-1.off-button.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9-1.off-button.png -------------------------------------------------------------------------------- /ebook/images/3.9-1.on-button.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9-1.on-button.png -------------------------------------------------------------------------------- /ebook/images/3.9-1.take-snapshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9-1.take-snapshot.png -------------------------------------------------------------------------------- /ebook/images/3.9-1.turn-off-do-vps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9-1.turn-off-do-vps.png -------------------------------------------------------------------------------- /ebook/images/3.9.choose-a-datacenter-region.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.choose-a-datacenter-region.png -------------------------------------------------------------------------------- /ebook/images/3.9.choose-advanced-options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.choose-advanced-options.png -------------------------------------------------------------------------------- /ebook/images/3.9.choose-an-image-snapshots.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.choose-an-image-snapshots.png -------------------------------------------------------------------------------- /ebook/images/3.9.choose-an-image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.choose-an-image.png -------------------------------------------------------------------------------- /ebook/images/3.9.choose-cpu-options-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.choose-cpu-options-1.png -------------------------------------------------------------------------------- /ebook/images/3.9.choose-cpu-options-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.choose-cpu-options-2.png -------------------------------------------------------------------------------- /ebook/images/3.9.choose-droplet-type.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.choose-droplet-type.png -------------------------------------------------------------------------------- /ebook/images/3.9.console-access-fanqiang-vps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.console-access-fanqiang-vps.png -------------------------------------------------------------------------------- /ebook/images/3.9.console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.console.png -------------------------------------------------------------------------------- /ebook/images/3.9.create-droplet-on-digital-ocean.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.create-droplet-on-digital-ocean.png -------------------------------------------------------------------------------- /ebook/images/3.9.create-droplets-on-digital-ocean.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.create-droplets-on-digital-ocean.png -------------------------------------------------------------------------------- /ebook/images/3.9.finalize-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.finalize-details.png -------------------------------------------------------------------------------- /ebook/images/3.9.jinru-fanqiang-vps-guanli-jiemian.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.jinru-fanqiang-vps-guanli-jiemian.png -------------------------------------------------------------------------------- /ebook/images/3.9.jinru-fanqiang-vps-guanli.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.jinru-fanqiang-vps-guanli.png -------------------------------------------------------------------------------- /ebook/images/3.9.reset-password.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/3.9.reset-password.png -------------------------------------------------------------------------------- /ebook/images/4.1.make-menuconfig.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.1.make-menuconfig.png -------------------------------------------------------------------------------- /ebook/images/4.1.network-shadowsocks-libev-polarssl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.1.network-shadowsocks-libev-polarssl.png -------------------------------------------------------------------------------- /ebook/images/4.3.image-profile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.3.image-profile.png -------------------------------------------------------------------------------- /ebook/images/4.8.chrome-proxy-server-socks5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.8.chrome-proxy-server-socks5.png -------------------------------------------------------------------------------- /ebook/images/4.8.click-internet-protocol-ipv4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.8.click-internet-protocol-ipv4.png -------------------------------------------------------------------------------- /ebook/images/4.8.click-wifi-connection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.8.click-wifi-connection.png -------------------------------------------------------------------------------- /ebook/images/4.8.obtain-an-ip-address-automatically.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.8.obtain-an-ip-address-automatically.png -------------------------------------------------------------------------------- /ebook/images/4.8.view-network-status.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.8.view-network-status.png -------------------------------------------------------------------------------- /ebook/images/4.8.wifi-connection-properties.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.8.wifi-connection-properties.png -------------------------------------------------------------------------------- /ebook/images/4.8.window10-winver.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.8.window10-winver.png -------------------------------------------------------------------------------- /ebook/images/4.8.windows-check-tcp-fast-open-enabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.8.windows-check-tcp-fast-open-enabled.png -------------------------------------------------------------------------------- /ebook/images/4.9.windows-shadowsocks-simple-obfs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/4.9.windows-shadowsocks-simple-obfs.png -------------------------------------------------------------------------------- /ebook/images/5.1.1.lantern-fanqiang-dizhi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/5.1.1.lantern-fanqiang-dizhi.png -------------------------------------------------------------------------------- /ebook/images/5.1.2.lantern-fanqiang-peizhi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/5.1.2.lantern-fanqiang-peizhi.png -------------------------------------------------------------------------------- /ebook/images/5.1.3.lantern-fanqiang-tuichu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/5.1.3.lantern-fanqiang-tuichu.png -------------------------------------------------------------------------------- /ebook/images/5.1.4.lantern-fanqiang-full.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/5.1.4.lantern-fanqiang-full.png -------------------------------------------------------------------------------- /ebook/images/5.1.5.lantern-fanqiang-dropbox.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/5.1.5.lantern-fanqiang-dropbox.png -------------------------------------------------------------------------------- /ebook/images/5.2.niming-chrome-lantern-webrtc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/5.2.niming-chrome-lantern-webrtc.png -------------------------------------------------------------------------------- /ebook/images/5.2.niming-chrome-lantern.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/5.2.niming-chrome-lantern.png -------------------------------------------------------------------------------- /ebook/images/5.2.niming-chrome-openwrt-shadowsocks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/5.2.niming-chrome-openwrt-shadowsocks.png -------------------------------------------------------------------------------- /ebook/images/5.2.niming-firefox-lantern.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/5.2.niming-firefox-lantern.png -------------------------------------------------------------------------------- /ebook/images/5.2.niming-firefox-openwrt-shadowsocks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/5.2.niming-firefox-openwrt-shadowsocks.png -------------------------------------------------------------------------------- /ebook/images/6.01.tcp-fast-open-fo-cookie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/6.01.tcp-fast-open-fo-cookie.png -------------------------------------------------------------------------------- /ebook/images/9.2.read-book-locally.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/images/9.2.read-book-locally.png -------------------------------------------------------------------------------- /ebook/wndr4300/1.download-imagebuilder-for-netgear-wndr4300.md: -------------------------------------------------------------------------------- 1 | 下载和设置OpenWrt Image Builder for 网件Netgear WNDR4300路 由器 2 | =========================================== 3 | 4 | 编译详细过程见 [使用Image Builder编译自动翻墙OpenWrt固件](../04.3.md) 5 | 6 | 网件Netgear WNDR4300路由器完全使用128M内存教程 7 | -------- 8 | 9 | 将ubi和firmware增加96M,完全使用128M flash,以实现 WNDR4300路由器 overlay分区大于90MB的功能 10 | 11 | 在linux下用vi命令可以很方便地查找和修改特定字符 12 | 13 | - 查找23552k,替换成121856k 14 | - 查找25600k,替换成123904k 15 | 16 | 下面就用vi来修改: 17 | 18 | cd ~/Downloads/openwrt-imagebuilder/target/linux/ar71xx/image 19 | cp legacy.mk legacy.mk.bak 20 | 21 | vi legacy.mk 22 | 23 | #change ubi size to 121856k 24 | # search 25 | /23552k 26 | # delete word 27 | dw 28 | # insert 29 | i 30 | 121856k 31 | 32 | #change firmware size to 123904k 33 | /25600k 34 | dw 35 | i 36 | 123904k 37 | 38 | #Save and exit 39 | ZZ 40 | 41 | 更加简单的方法是用 sed 替换: 42 | 43 | sed -i s/'23552k(ubi),25600k@0x6c0000(firmware)'/'121856k(ubi),123904k@0x6c0000(firmware)'/ ./legacy.mk 44 | 45 | 修改好后是这样的: 46 | 47 | ![](images/1.modifiy-firmware-space.png) 48 | 49 | 根据[此文](https://kiritox.me/archives/flash-wndr3700v4-to-stock-firmware.html),修改Flash布局后,再刷原厂固件,路由器可能变砖,请慎重: 50 | 51 | > 对比可以看出来Openwrt做到了和原版一致的Flash分区,因此正常情况下通过TFTP方式刷官方固件因为分区一致是不会有什么问题的。但是如果之前刷入过增加可用空间的改版Openwrt固件的话,原始的Flash分区就会被破坏 52 | 53 | 预编译固件都是修改了此二值的 54 | 55 | **相关资源**: 56 | 57 | - 58 | - 59 | - -------------------------------------------------------------------------------- /ebook/wndr4300/2.build-shadowsocks-libev-ipk-for-netgear-wndr4300.md: -------------------------------------------------------------------------------- 1 | 编译shadowsocks-libev ipk for网件Netgear WNDR4300路由器 2 | ================================ 3 | 4 | 不同OpenWrt版本下编译的shadowsocks-libev ipk一般是不能通用的。比如现在用的是trunk版的OpenWrt,如果使用OpenWrt Chaos Calmer 15.05 下编译的shadowsocks-libev,可能安装后根本不能启动 5 | 6 | 前面我曾编译出翻墙固件,其中shadowsocks-libev是别人编译,从sourceforge上下载的,刷上固件后,shadowsocks总是没有自动启动,运行/usr/bin/ss-redir,报告没有找到这个文件,其实文件是在的,只是不兼容。所以,最好还是自行编译shadowsocks-libev 7 | 8 | 按官网的[说法](https://openwrt.org/docs/guide-developer/build-system/use-buildsystem),以下 **不要使用root用户来操作** 9 | 10 | 使用SDK编译ipk的新方法教程请参考:[编译shadowsocks-libev for OpenWrt ipk安装包](../04.1.md)(2018年9月更新) 11 | 12 | 如果你想节省时间,建议下载预编译的shadowsocks-libev for OpenWrt ipk安装包: 13 | 14 | [https://software-download.name/2014/shadowsocks-libev-polarssl-ar71xx-ipk-latest/](https://software-download.name/2014/shadowsocks-libev-polarssl-ar71xx-ipk-latest/) 15 | 16 | 编译shadowsocks-libev ipk安装包(最后更新于2016年) 17 | -------- 18 | 19 | 下面都是在Linux下操作 20 | 21 | cd ~/Downloads 22 | git clone git://git.openwrt.org/openwrt.git 23 | 24 | pushd package 25 | git clone https://github.com/shadowsocks/shadowsocks-libev.git 26 | popd 27 | 28 | cd ~/Downloads/openwrt 29 | ./scripts/feeds update -a 30 | ./scripts/feeds install -a 31 | 32 | make defconfig 33 | make prereq 34 | make menuconfig 35 | 36 | # Target System: Atheros AR7xxx/AR9XXX 37 | # Subtarget: Generic device with NAND flash 38 | # Target Profile: (因我们只是编译包,这步可以不选) 39 | # Network, 选择shadowsocks-libev-openssl 和 shadowsocks-libev-polarssl, 按m设置为编译独立ipk安装包 40 | # Save && Exit 41 | 42 | # 这一步花了几个小时 43 | make tools/install && make toolchain/install 44 | 45 | # 开始编译 46 | make V=99 package/shadowsocks-libev/openwrt/compile 47 | 48 | ![OpenWrt Image Build选择Target System](images/2.shadowsocks-libev-ipk-menuconfig.png) 49 | 50 | 输出文件在 openwrt/bin/ar71xx/packages/base/目录下,主要有: 51 | 52 | shadowsocks-libev_2.4.3_ar71xx.ipk 53 | shadowsocks-libev-polarssl_2.4.3_ar71xx.ipk 54 | libopenssl_1.0.2e-1_ar71xx.ipk 55 | libpolarssl_1.3.15-1_ar71xx.ipk 56 | 57 | 把所有ipk都复制到ImageBuilder的packages目录下 58 | 59 | cd ~/Downloads/openwrt/bin/ar71xx/packages/base/ 60 | cp * ~/Downloads/openwrt-imagebuilder/packages 61 | 62 | **相关资源**: 63 | 64 | - 65 | - -------------------------------------------------------------------------------- /ebook/wndr4300/3.config-fanqiang-for-netgear-wndr4300.md: -------------------------------------------------------------------------------- 1 | 设置网件Netgear WNDR4300翻墙配置文件 2 | ================================ 3 | 4 | 要翻墙成功,这一步是最重要的 5 | 6 | 分三步,下载本项目openwrt-fanqiang;复制配置文件;修改配置文件 7 | 8 | 下面以linux系统 ~/Downloads 下操作为例 9 | 10 | 下载包含默认翻墙配置文件的openwrt-fanqiang项目 11 | -------- 12 | 13 | - git下载openwrt-fanqiang项目 14 | 15 | cd ~/Downloads 16 | git clone https://github.com/softwaredownload/openwrt-fanqiang 17 | 18 | - 或者下载zip文件 19 | 20 | https://github.com/softwaredownload/openwrt-fanqiang/archive/master.zip 21 | 22 | 本地项目文件夹是: ~/Downloads/openwrt-fanqiang 23 | 24 | 复制openwrt-fanqiang里面的翻墙配置文件到openwrt-wndr4300目录下 25 | -------- 26 | 27 | 建立一个配置文件夹,以路由器型号结束,如 ~/Downloads/openwrt-wndr4300 28 | 29 | cd ~/Downloads 30 | mkdir openwrt-wndr4300 31 | 32 | cd openwrt-fanqiang 33 | cp -R openwrt/default/* ~/Downloads/openwrt-wndr4300/ 34 | cp -R openwrt/wndr4300/* ~/Downloads/openwrt-wndr4300/ 35 | 36 | 上面的操作,先复制共用的配置文件 openwrt/default/* 到 openwrt-wndr4300目录下 37 | 38 | 然后复制wndr4300专用的配置文件到 openwrt/wndr4300/* 到 openwrt-wndr4300目录下,如果有同名文件就覆盖 39 | 40 | 如果你要贡献本项目,也是先在openwrt-fanqiang/openwrt目录下先建立路由器型号为名称的文件夹,再把专用的配置文件放到此文夹下。注意文件夹和文件名都是小写的 41 | 42 | 修改Netgear WNDR4300翻墙配置文件 43 | -------- 44 | 45 | **主要修改以下文件**: 46 | 47 | openwrt-wndr4300/etc/shadowsocks-libev/config.json 48 | openwrt-wndr4300/usr/bin/ss-firewall-asia 49 | openwrt-wndr4300/etc/uci-defaults/defaults 50 | 51 | 为了方便以后升级,可以写个bash文件自动修改配置文件 52 | 53 | 一切操作尽量自动化,你甚至可以自动化一切操作:下载ImageBuilder,下载OpenWrt源码,下载shadowsocks-libev源码,同步openwrt-fanqiang源码,编译ipk,修改翻墙设置,编译翻墙固件,早上一觉醒来,新鲜出炉、美味可口的翻墙固件就已经摆放在桌上了 54 | 55 | 下面是一个自动修改配置文件的例子,从中可以知道需要修改哪些地方。从2015年12月起,可能用于自动化修改的默认值都应该标准化,方便自动化操作 56 | 57 | **config-wndr4300.sh:** 58 | 59 | #!/bin/bash 60 | 61 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 62 | # Date: 2015-12-20 63 | 64 | REPOSITORY=~/Downloads/openwrt-fanqiang 65 | CONFIG=~/Downloads/openwrt-wndr4300 66 | 67 | createdir() { 68 | rm -rf $CONFIG 69 | mkdir $CONFIG 70 | } 71 | 72 | copy() { 73 | cp -R $REPOSITORY/openwrt/default/* $CONFIG/ 74 | cp -R $REPOSITORY/openwrt/wndr4300/* $CONFIG/ 75 | } 76 | 77 | setmod() { 78 | chmod +x $CONFIG/usr/bin/ss-firewall-asia 79 | chmod +x $CONFIG/etc/uci-defaults 80 | chmod +x $CONFIG/etc/uci-defaults/* 81 | } 82 | 83 | modify() { 84 | # server ip address 85 | sed -i 's/1.0.9.8/server_ip/' $CONFIG/etc/shadowsocks-libev/config.json 86 | 87 | # server_port 88 | sed -i 's/1098/server_port/' $CONFIG/etc/shadowsocks-libev/config.json 89 | 90 | 91 | # local_port 92 | sed -i 's/7654/7654/' $CONFIG/etc/shadowsocks-libev/config.json 93 | 94 | # password 95 | sed -i 's/killgfw/killgfw/' $CONFIG/etc/shadowsocks-libev/config.json 96 | 97 | # method 98 | sed -i 's/chacha20-ietf-poly1305/chacha20-ietf-poly1305/' $CONFIG/etc/shadowsocks-libev/config.json 99 | 100 | 101 | # server ip addresss 102 | sed -i 's/1.0.9.8/server_ip/' $CONFIG/usr/bin/ss-firewall-asia 103 | 104 | # local_port 105 | sed -i 's/7654/7654/' $CONFIG/usr/bin/ss-firewall-asia 106 | 107 | 108 | # ppoe username 109 | sed -i 's/wan-username/wan-username/' $CONFIG/etc/uci-defaults/defaults 110 | 111 | # ppoe password 112 | sed -i 's/wan-password/wan-password/' $CONFIG/etc/uci-defaults/defaults 113 | 114 | # wifi password 115 | sed -i 's/icanfly9876/icanfly9876/g' $CONFIG/etc/uci-defaults/defaults 116 | 117 | # router login password for root 118 | sed -i 's/\\nfanqiang/\\nfanqiang/' $CONFIG/etc/uci-defaults/defaults 119 | } 120 | 121 | if [ "$1" = "createdir" ]; then 122 | createdir 123 | elif [ "$1" = "copy" ]; then 124 | copy 125 | elif [ "$1" = "setmod" ]; then 126 | setmod 127 | elif [ "$1" = "modify" ]; then 128 | modify 129 | else 130 | echo "usage: createdir copy setmod modify" 131 | fi 132 | 133 | **config-wndr4300.sh使用方法**: 134 | 135 | 必改值是: 136 | 137 | server_ip 138 | wan-username 139 | wan-password 140 | 141 | 如果你比较懒,就改这三项就行了,可以说本教程是最简单的翻墙方案了 142 | 143 | 选改值: 144 | 145 | router login password for root 146 | wifi password 147 | 148 | 其他值一般保持默认值就可以了 149 | 150 | 假设config-wndr4300.sh在~/Downloads目录下,运行命令自动修改翻墙配置: 151 | 152 | cd ~/Downloads 153 | sudo chmod +x config-wndr4300.sh 154 | ./config-wndr4300.sh createdir 155 | ./config-wndr4300.sh copy 156 | ./config-wndr4300.sh setmod 157 | ./config-wndr4300.sh modify 158 | 159 | **相关资源**: 160 | 161 | - -------------------------------------------------------------------------------- /ebook/wndr4300/4.build-fanqiang-img-for-netgear-wndr4300.md: -------------------------------------------------------------------------------- 1 | 编译OpenWrt自动翻墙固件 for 网件Netgear WNDR4300路由器 2 | ================================================= 3 | 4 | 经过前面几个步骤,一切准备就绪,下面就正确开始编译Netgear WNDR4300专用全自动翻墙固件了 5 | 6 | 编译OpenWrt自动翻墙固件前的系统准备 7 | -------- 8 | 9 | sudo apt-get update 10 | sudo apt-get install git-core build-essential libssl-dev libncurses5-dev unzip 11 | 12 | OpenWrt Image Builder的三个命令行参数 13 | -------- 14 | 15 | - PROFILE 指定设备类型,此处是 WNDR4300V1 16 | - PACKAGES 指定要编译进固件的包 17 | - FILES 指定要编译进固件的自定义文件,如网络有关配置文件, 默认目录:~/Downloads/openwrt-wndr4300 18 | 19 | 开始编译OpenWrt自动翻墙固件 for 网件Netgear WNDR4300路由器 20 | -------- 21 | 22 | 命令: 23 | 24 | cd ~/Downloads/openwrt-imagebuilder 25 | make image PROFILE=WNDR4300V1 PACKAGES="libiwinfo-lua liblua liblucihttp liblucihttp-lua libubus-lua lua luci luci-app-firewall luci-base luci-lib-ip luci-lib-jsonc luci-lib-nixio luci-mod-admin-full luci-proto-ipv6 luci-proto-ppp luci-theme-bootstrap rpcd rpcd-mod-rrdns uhttpd base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd kmod-gpio-button-hotplug swconfig kmod-ath9k wpad-mini uboot-envtools iptables ip6tables ppp ppp-mod-pppoe firewall odhcpd-ipv6only odhcp6c kmod-usb-core kmod-usb2 kmod-usb-ledtrig-usbport luci-ssl ipset ipset-dns wget iptables-mod-nat-extra bind-dig dnsmasq-full libmbedtls libcares libev libsodium shadowsocks-libev -dnsmasq" FILES=~/Downloads/config-wndr4300 26 | 27 | 编译时报错: 28 | 29 | > opkg_install_cmd: Cannot install package kmod-ipv6 30 | 31 | 移除 kmod-ipv6后编译成功 32 | 33 | 编译好的的固件在: 34 | 35 | ~/Downloads/openwrt-imagebuilder/bin/targets/ 36 | 37 | 其中包含: 38 | 39 | openwrt-ar71xx-nand-wndr4300-ubi-factory.img 40 | openwrt-ar71xx-nand-wndr4300-squashfs-sysupgrade.tar 41 | 42 | 可见生成了二种格式的固件,img 格式和 tar 格式。 其中 img 格式只能用 tftp 的方法进行刷入。而 tar 也只能通过 已刷了Openwrt的WEB端进行刷入 43 | 44 | 请同时参考[使用Image Builder编译自动翻墙OpenWrt固件](../04.3.md) 45 | 46 | **部分编译错误处理**: 47 | 48 | - Build dependency: Please install the openssl library (with development headers) 49 | 50 | For Centos: 51 | 52 | yum install openssl-devel 53 | 54 | For Ubuntu: 55 | 56 | sudo apt-get install libssl-dev 57 | 58 | - Unable to open feeds configuration in line 42 59 | 60 | 使用 `svn co svn://svn.openwrt.org/openwrt/trunk/` 下载后再编译的方法没有遇到这个问题 61 | 62 | - configure: error: you should not run configure as root (set FORCE_UNSAFE_CONFIGURE=1 in environment to bypass this check) 63 | 64 | See config.log' for more details 65 | 66 | 将下载的文件的所有者改为自己,假设用户名是ubuntu 67 | 68 | sudo chown -Rv ubuntu /home/ubuntu/openwrt 69 | 70 | 再重新运行`make` 71 | 72 | **相关资源**: 73 | 74 | - -------------------------------------------------------------------------------- /ebook/wndr4300/5.wndr4300-flash-fanqiang-img.md: -------------------------------------------------------------------------------- 1 | 网件Netgear WNDR4300路由器怎样刷OpenWrt自动翻墙固件 2 | ============================================= 3 | 4 | 两种翻墙固件格式 img tar的区别 5 | -------- 6 | 7 | openwrt-ar71xx-nand-wndr4300-ubi-factory.img 8 | openwrt-ar71xx-nand-wndr4300-squashfs-sysupgrade.tar 9 | 10 | 我们编译出了两种固件,一种为 ...ubi-factory.img 格式,一种为 ...squashfs-sysupgrade.tar 格式。 其中 img 格式只能用 tftp 的方法刷入。而 tar 只能通过已刷了Openwrt的WEB端进行刷入。下面分别说明 两种不同的刷入方法: 11 | 12 | tftp刷固件的方式,不管原来的固件是什么格式,都可以刷factory.img 13 | 14 | 网件Netgear WNDR4300路由器进入恢复模式的方法 15 | -------- 16 | 17 | - 关闭路由器电源 18 | - 用 牙签,或其他尖物 按住设备背面的机身背面的红色小圆孔(Restore Factory Settings button) 19 | - 开启电源开关 20 | - 观察电源灯(此时保持按住Restore Factory Settings按钮不要松手),直到电源灯由 橙色闪烁 状态变到 绿色闪烁 状态(说明设备已经进入到了 TFTP修复模式 ) 21 | 22 | Linux下Netgear WNDR4300路由器用tftp刷翻墙固件 23 | -------- 24 | 25 | - 将电脑用网线连接到设备的 LAN口,而不是wan口。国行Netgear WNDR4300的wan口是黄色的 26 | - 将电脑的本地连接IP设置为 192.168.1.X (此例中IP地址设置为 192.168.1.9),子网掩码为 255.255.255.0,网关为192.168.1.1 27 | - 路由器进入恢复模式 28 | - 测试能否连接到路由器: 29 | 30 | ping 192.168.1.1 31 | PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 32 | Warning: time of day goes back (-3646479862160196504us), taking countermeasures. 33 | Warning: time of day goes back (-3646479862160196420us), taking countermeasures. 34 | 35 | - 网件Netgear WNDR4300路由器刷翻墙固件 36 | 37 | sudo apt-get install tftp 38 | # 进入固件所在目录 39 | cd ~/Downloads/openwrt-imagebuilder/bin/targets/ar71xx/nand 40 | echo -e "binary\nrexmt 1\ntimeout 60\ntrace\nput openwrt-18.06.1-ar71xx-nand-wndr4300-ubi-factory.img\n" | tftp 192.168.1.1 41 | 42 | - 观察指示灯,文件会在5秒内传送完毕,等待80秒左右,设备会自动重启(请耐心等待,切勿将路由器手动断电)。设备重启后,看到亮绿灯,一定要按机身后面的电源开关手动断电、开机,否则可能没有无线5G 这不是BUG,其他openwrt也是一样的。每次刷factory.img都要这样 43 | 44 | 路由器完成初始化需要几分钟时间, 2.4G 和 5G 的无线信号灯才会亮起,请耐心等待 45 | 46 | Windows下Netgear WNDR4300路由器用tftp刷翻墙固件 47 | -------- 48 | 49 | - 启用tftp。Windows 10下:控制面板,所有控制面板项,程序和功能,启用或关闭Windows功能,启用“TFTP”客户端 50 | 51 | Windows 10(英文版为例), 按 **Windows** 键,输入 **features on** 然后回车: 52 | 53 | ![Windows 10 启用或关闭Windows 功能](images/5.turn-windows-features-on-off.png) 54 | 55 | 然后勾选 **TFTP Client**: 56 | 57 | ![Windows 10 启用 TFTP 客户端](images/5.windows-10-turn-tftp-feature-on.png) 58 | 59 | - 将电脑用网线连接到设备的 LAN口 60 | - 将电脑的本地连接IP设置为 192.168.1.X (此例中IP地址设置为 192.168.1.9),子网掩码为 255.255.255.0,网关192.168.1.1 61 | - 路由器进入恢复模式 62 | - 测试能否连接到路由器: ping 192.168.1.1 63 | - 网件Netgear WNDR4300路由器刷翻墙固件 64 | - 按Windows+R,输入cmd并回车调出命令行程序 65 | - 假设 openwrt-ar71xx-nand-wndr3700v4-ubi-factory.img 在C:\盘 66 | - 运行命令: 67 | 68 | cd C:\ 69 | tftp -i 192.168.1.1 put openwrt-ar71xx-nand-wndr3700v4-ubi-factory.img 70 | 71 | ![netgear wndr4300 shua openwrt fanqiang gujian](images/5.tftp-flash-fanqiang-img-windows.png) 72 | 73 | - 观察指示灯,设备重启后,看到亮绿灯,再手动断电、开机,否则可能没有无线5G 74 | 75 | **相关资源**: 76 | 77 | - 78 | - [https://openwrt.org/docs/guide-user/installation/generic.flashing.tftp](https://openwrt.org/docs/guide-user/installation/generic.flashing.tftp) 79 | - [Windows下Netgear WNDR4300刷OpenWrt固件PDF教程 by 书浅](https://software-download.name/2015/netgear-wndr4300-shua-openwrt/) -------------------------------------------------------------------------------- /ebook/wndr4300/6.login-setup-netgear-wndr4300-fanqiang.md: -------------------------------------------------------------------------------- 1 | 登录并设置已经刷了OpenWrt 翻墙固件的网件Netgear WNDR4300路由器 2 | =================================================== 3 | 4 | Netgear WNDR4300 (2018版)预编译翻墙固件下载 5 | -------- 6 | 7 | [https://software-download.name/2015/netgear-wndr4300-openwrt-fanqiang-gujian/](https://software-download.name/2015/netgear-wndr4300-openwrt-fanqiang-gujian/) 8 | 9 | 你按照[本教程](https://github.com/softwaredownload/openwrt-fanqiang)编译了WNDR4300路由器 OpenWrt 全自动翻墙固件,并且刷进了路由器,如果一切正常,就可以零设置自动翻墙了。运气不够好,就要登录路由器修改一下设置 10 | 11 | 你懶得自己编译翻墙固件,下载了本教程提供的Netgear WNDR4300路由器翻墙固件并刷进了路由器,就必须手动修改一些值才能自动翻墙 12 | 13 | 本教程就针对上面这两种情况 14 | 15 | 怎样登录已经刷了OpenWrt 翻墙固件的网件Netgear WNDR4300路由器 16 | -------- 17 | 18 | 用网线连接电脑和路由器,将电脑的本地连接IP设置为 192.168.1.97,子网掩码为 255.255.255.0,网关为:192.168.1.1 19 | 20 | - 网页登录地址: http://192.168.1.1 21 | - ssh登录: ssh root @192.168.1.1 22 | - 默认登录密码: fanqiang 23 | 24 | 网页登录 WNDR4300 管理界面并修改设置 25 | ------ 26 | 27 | 在浏览器地址栏输入 **192.168.1.1** 并回车 28 | 29 | - 修改路由器密码和 SSH 登录设置 30 | 31 | 鼠标移到顶部菜单栏 **System** (系统), 再点击 **Administration** (管理员设置) 32 | 33 | ![网页界面修改OpenWrt路由器登录密码和SSH 登录设置](images/5.openwrt-change-root-password-and-ssh-config.png) 34 | 35 | 2018 版预编译翻墙固件,需要把公钥粘贴在 **SSH-Keys** 的空白格子里,否则可能无法 ssh 登录路由器 36 | 37 | 修改好设置后,点击 **Save & Apply** (保存并应用) 38 | 39 | - 设置拨号上网用户名和密码 40 | 41 | 1. 鼠标移到顶部菜单栏 **Network** (网络), 再点击 **Interfaces** (接口) 42 | 2. 点击左上角的 **WAN** 标签 43 | 3. 修改拨号上网 PPPoE 用户名和密码 44 | 4. 点击 **Save & Apply** 保存设置并应用 45 | 46 | ![网页界面设置OpenWrt路由器 PPPoE拨号上网用户名和密码](images/5.openwrt-set-pppoe-pap-chap-username-passoword.png) 47 | 48 | 49 | Linux下ssh登录WNDR4300路由器并修改设置 50 | -------- 51 | 52 | - 对于2018版预编译翻墙固件,参考上面的教程 先在网页管理界面添加 SSH 登录的公钥,否则可能无法 ssh 登录路由器 53 | 54 | - 创建 ssh 自动登录的 host 55 | 56 | 在 Linux 下是修改 **~/.ssh/config** 文件。Windows 下可以安装 MSYS2 或 Git for Windows 并修改相应的文件 57 | 58 | **~/.ssh/config** 59 | 60 | Host router 61 | HostName 192.168.1.1 62 | User root 63 | Port 22 64 | IdentityFile ~/path/to/rsa/file 65 | 66 | 其中 **IdentityFile** 后面写 SSH 私钥文件的路径 67 | 68 | 然后就可以在命令行里免密码自动登录路由器: 69 | 70 | $ ssh router 71 | 72 | - 命令行登录路由器后,修改 shodowsocks-libev 配置文件 73 | 74 | 主要修改 **server** 和 **server_port**(注意,如果有拼写错误,请修正,否则 SS 将无法启动) 75 | 76 | root@OpenWrt:~# vi /etc/shadowsocks-libev/config.json 77 | 78 | - 添加服务器 IP 地址到 **ip_server.txt**, 一行一个IP地址 79 | 80 | root@OpenWrt:~# vi /etc/shadowsocks-libev/ip_server.txt 81 | 82 | - 添加自定义的白名单 IP 地址到 **ip_custom.txt**, 一行一个IP地址。可以跳过这步 83 | 84 | root@OpenWrt:~# vi /etc/shadowsocks-libev/ip_custom.txt 85 | 86 | - 命令行修改拨号上网用户名和密码 87 | 88 | # wan-username, wan-password 89 | root@OpenWrt:~# vi /etc/config/network 90 | 91 | - 命令行修改 WIFI 密码 92 | 93 | # wifi password, optional 94 | root@OpenWrt:~# vi /etc/config/wireless 95 | 96 | 如果你修改了本教程默认的shadowsocks local_port和tunnel_port,还得修改/etc/dnsmasq.d/下相关文件中的端口号 97 | 98 | 执行以下命令使修改生效 99 | -------- 100 | 101 | root@OpenWrt:~# /etc/init.d/shadowsocks stop 102 | root@OpenWrt:~# /etc/init.d/shadowsocks start 103 | root@OpenWrt:~# /etc/init.d/dnsmasq restart 104 | root@OpenWrt:~# /etc/init.d/network restart 105 | 106 | **相关资源**: 107 | 108 | - -------------------------------------------------------------------------------- /ebook/wndr4300/README.md: -------------------------------------------------------------------------------- 1 | 网件Netgear WNDR4300刷OpenWrt翻墙教程 2 | ================================== 3 | 4 | 网件Netgear WNDR4300是很多网友推荐的可刷OpenWRT的无线路由器 5 | 6 | WNDR4300有v1和v2的区别,目前国行都是v1版本 7 | 8 | ![已经刷上翻墙固件的WNDR4300路由器OpenWrt后台](images/6.netgear-wndr4300-luci.png) 9 | 10 | 网件Netgear WNDR4300无线路由器的优点 11 | -------- 12 | 13 | - 刷OpenWrt方便。购买后,登录管理界面可以直接刷OpenWrt 14 | - WNDR4300自带不死uboot,刷机比较安全 15 | - 硬件配置高。据网友测试,同时接入40台机器都没有问题 16 | - 无线信号强。150平方的室内基本无信号死角 17 | - 有一个 USB 接口,可以挂载设备 18 | 19 | 网件Netgear WNDR4300国行硬件信息 20 | -------- 21 | 22 | 千兆双频,300+450Mbps的无线连接,2.4G和5G无线信号可以同时使用,1000Mbps有线端口,内置5天线(两根5G+三根2.4G),采用Atheros AR9344处理器,频率550MHz,128M DDR2内存,128M ROM,USB可接硬盘进行共享,带有wifi开关按钮可以单独关闭无线信号 23 | 24 | Version v1 25 | CPU Atheros AR9344 rev2 560MHz MIPS 74Kc V4.12 26 | Ram 128MiB 27 | Flash 128MiB NAND 28 | Network 1 WAN + 4x LAN (GBit) 29 | Wireless AR9580 [an 3x3:3] + AR9344 [bgn 2x2:2] 30 | USB Yes 31 | 32 | 如何购买网件Netgear WNDR4300无线路由器 33 | -------- 34 | 35 | 目前自营电商的价格一般是299元,TB价大约280元 36 | 37 | 参考信息 38 | -------- 39 | 40 | 41 | - [Netgear WNDR4300 OpenWrt官网Wiki](https://openwrt.org/toh/netgear/wndr4300) 42 | - [Windows下Netgear WNDR4300刷OpenWrt固件PDF教程 by 书浅](https://software-download.name/2015/netgear-wndr4300-shua-openwrt/) 43 | - [预编译集成固件for WNDR4300](https://github.com/gygy/gygy.github.io) 44 | 45 | --- 46 | 47 | **最简单的路由器刷OpenWrt翻墙方案:** 48 | 49 | - [https://github.com/softwaredownload/openwrt-fanqiang](https://github.com/softwaredownload/openwrt-fanqiang "最简单的路由器刷OpenWrt固件翻墙教程") 50 | 51 | **在线阅读OpenWrt路由器翻墙、科学上网器教程:** 52 | 53 | - [https://fanqiang.software-download.name](https://fanqiang.software-download.name) 54 | - [https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md](https://github.com/softwaredownload/openwrt-fanqiang/blob/master/SUMMARY.md) -------------------------------------------------------------------------------- /ebook/wndr4300/images/1.modifiy-firmware-space.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/wndr4300/images/1.modifiy-firmware-space.png -------------------------------------------------------------------------------- /ebook/wndr4300/images/1.profile-netgear-wndr4300.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/wndr4300/images/1.profile-netgear-wndr4300.png -------------------------------------------------------------------------------- /ebook/wndr4300/images/2.shadowsocks-libev-ipk-menuconfig.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/wndr4300/images/2.shadowsocks-libev-ipk-menuconfig.png -------------------------------------------------------------------------------- /ebook/wndr4300/images/5.openwrt-change-root-password-and-ssh-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/wndr4300/images/5.openwrt-change-root-password-and-ssh-config.png -------------------------------------------------------------------------------- /ebook/wndr4300/images/5.openwrt-set-pppoe-pap-chap-username-passoword.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/wndr4300/images/5.openwrt-set-pppoe-pap-chap-username-passoword.png -------------------------------------------------------------------------------- /ebook/wndr4300/images/5.tftp-flash-fanqiang-img-windows.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/wndr4300/images/5.tftp-flash-fanqiang-img-windows.png -------------------------------------------------------------------------------- /ebook/wndr4300/images/5.turn-windows-features-on-off.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/wndr4300/images/5.turn-windows-features-on-off.png -------------------------------------------------------------------------------- /ebook/wndr4300/images/5.windows-10-turn-tftp-feature-on.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/wndr4300/images/5.windows-10-turn-tftp-feature-on.png -------------------------------------------------------------------------------- /ebook/wndr4300/images/6.netgear-wndr4300-luci.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/ebook/wndr4300/images/6.netgear-wndr4300-luci.png -------------------------------------------------------------------------------- /openwrt/default/etc/banner: -------------------------------------------------------------------------------- 1 | Author: 2 | https://github.com/softwaredownload/openwrt-fanqiang 3 | 4 | -------------------------------------------------------------------------------- /openwrt/default/etc/dnsmasq.conf: -------------------------------------------------------------------------------- 1 | # Change the following lines if you want dnsmasq to serve SRV 2 | # records. 3 | # You may add multiple srv-host lines. 4 | # The fields are ,,,, 5 | 6 | # A SRV record sending LDAP for the example.com domain to 7 | # ldapserver.example.com port 289 8 | #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 9 | 10 | # Two SRV records for LDAP, each with different priorities 11 | #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 12 | #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 13 | 14 | # A SRV record indicating that there is no LDAP server for the domain 15 | # example.com 16 | #srv-host=_ldap._tcp.example.com 17 | 18 | # The following line shows how to make dnsmasq serve an arbitrary PTR 19 | # record. This is useful for DNS-SD. 20 | # The fields are , 21 | #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" 22 | 23 | # Change the following lines to enable dnsmasq to serve TXT records. 24 | # These are used for things like SPF and zeroconf. 25 | # The fields are ,,... 26 | 27 | #Example SPF. 28 | #txt-record=example.com,"v=spf1 a -all" 29 | 30 | #Example zeroconf 31 | #txt-record=_http._tcp.example.com,name=value,paper=A4 32 | 33 | # Provide an alias for a "local" DNS name. Note that this _only_ works 34 | # for targets which are names from DHCP or /etc/hosts. Give host 35 | # "bert" another name, bertrand 36 | # The fields are , 37 | #cname=bertand,bert 38 | 39 | conf-dir=/etc/dnsmasq.d 40 | -------------------------------------------------------------------------------- /openwrt/default/etc/dnsmasq.d/apple.china.conf: -------------------------------------------------------------------------------- 1 | server=/adcdownload.apple.com/114.114.114.114 2 | server=/appldnld.apple.com/114.114.114.114 3 | server=/cdn-cn1.apple-mapkit.com/114.114.114.114 4 | server=/cdn-cn2.apple-mapkit.com/114.114.114.114 5 | server=/cdn-cn3.apple-mapkit.com/114.114.114.114 6 | server=/cdn-cn4.apple-mapkit.com/114.114.114.114 7 | server=/cdn.apple-mapkit.com/114.114.114.114 8 | server=/cdn1.apple-mapkit.com/114.114.114.114 9 | server=/cdn2.apple-mapkit.com/114.114.114.114 10 | server=/cdn3.apple-mapkit.com/114.114.114.114 11 | server=/cdn4.apple-mapkit.com/114.114.114.114 12 | server=/cds.apple.com/114.114.114.114 13 | server=/cl1.apple.com/114.114.114.114 14 | server=/cl2.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114 15 | server=/cl2.apple.com.edgekey.net/114.114.114.114 16 | server=/cl2.apple.com/114.114.114.114 17 | server=/cl3.apple.com/114.114.114.114 18 | server=/cl4.apple.com/114.114.114.114 19 | server=/cl4-cn.apple.com/114.114.114.114 20 | server=/cl5.apple.com/114.114.114.114 21 | server=/configuration.apple.com/114.114.114.114 22 | server=/gs-loc.apple.com/114.114.114.114 23 | server=/gsp11-cn.ls.apple.com/114.114.114.114 24 | server=/gsp12-cn.ls.apple.com/114.114.114.114 25 | server=/gsp13-cn.ls.apple.com/114.114.114.114 26 | server=/gsp4-cn.ls.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114 27 | server=/gsp4-cn.ls.apple.com.edgekey.net/114.114.114.114 28 | server=/gsp4-cn.ls.apple.com/114.114.114.114 29 | server=/gsp5-cn.ls.apple.com/114.114.114.114 30 | server=/gspe19-cn.ls-apple.com.akadns.net/114.114.114.114 31 | server=/gspe19-cn.ls.apple.com/114.114.114.114 32 | server=/gspe21.ls.apple.com/114.114.114.114 33 | server=/gspe21-ssl.ls.apple.com/114.114.114.114 34 | server=/gspe35-ssl.ls.apple.com/114.114.114.114 35 | server=/icloud.cdn-apple.com/114.114.114.114 36 | server=/images.apple.com/114.114.114.114 37 | server=/iphone-ld.apple.com/114.114.114.114 38 | server=/itunes-apple.com.akadns.net/114.114.114.114 39 | server=/itunes.apple.com/114.114.114.114 40 | server=/itunesconnect.apple.com/114.114.114.114 41 | server=/mesu.apple.com/114.114.114.114 42 | server=/mesu-china.apple.com.akadns.net/114.114.114.114 43 | server=/phobos-apple.com.akadns.net/114.114.114.114 44 | server=/phobos.apple.com/114.114.114.114 45 | server=/store.apple.com/114.114.114.114 46 | server=/store.storeimages.cdn-apple.com/114.114.114.114 47 | server=/support.apple.com/114.114.114.114 48 | server=/swcdn.apple.com/114.114.114.114 49 | server=/swdist.apple.com/114.114.114.114 50 | server=/www.apple.com/114.114.114.114 51 | -------------------------------------------------------------------------------- /openwrt/default/etc/dnsmasq.d/custom.china.conf: -------------------------------------------------------------------------------- 1 | server=/weidai.com.cn/114.114.114.114 2 | server=/rubyfish.cn/114.114.114.114 3 | server=/ustclug.org/114.114.114.114 -------------------------------------------------------------------------------- /openwrt/default/etc/dnsmasq.d/gfwlist.conf: -------------------------------------------------------------------------------- 1 | server=/#/127.0.0.1#3210 2 | -------------------------------------------------------------------------------- /openwrt/default/etc/dnsmasq.d/google.china.conf: -------------------------------------------------------------------------------- 1 | server=/265.com/114.114.114.114 2 | server=/2mdn.net/114.114.114.114 3 | server=/app-measurement.com/114.114.114.114 4 | server=/beacons.gcp.gvt2.com/114.114.114.114 5 | server=/beacons.gvt2.com/114.114.114.114 6 | server=/beacons3.gvt2.com/114.114.114.114 7 | server=/c.admob.com/114.114.114.114 8 | server=/c.android.clients.google.com/114.114.114.114 9 | server=/cache.pack.google.com/114.114.114.114 10 | server=/clientservices.googleapis.com/114.114.114.114 11 | server=/connectivitycheck.gstatic.com/114.114.114.114 12 | server=/csi.gstatic.com/114.114.114.114 13 | server=/checkin.gstatic.com/114.114.114.114 14 | server=/dl.google.com/114.114.114.114 15 | server=/doubleclick.net/114.114.114.114 16 | server=/e.admob.com/114.114.114.114 17 | server=/fonts.googleapis.com/114.114.114.114 18 | server=/fonts.gstatic.com/114.114.114.114 19 | server=/google-analytics.com/114.114.114.114 20 | server=/googleadservices.com/114.114.114.114 21 | server=/googleanalytics.com/114.114.114.114 22 | server=/googlesyndication.com/114.114.114.114 23 | server=/googletagmanager.com/114.114.114.114 24 | server=/googletagservices.com/114.114.114.114 25 | server=/imasdk.googleapis.com/114.114.114.114 26 | server=/kh.google.com/114.114.114.114 27 | server=/khm.google.com/114.114.114.114 28 | server=/khm.googleapis.com/114.114.114.114 29 | server=/khm0.google.com/114.114.114.114 30 | server=/khm0.googleapis.com/114.114.114.114 31 | server=/khm1.google.com/114.114.114.114 32 | server=/khm1.googleapis.com/114.114.114.114 33 | server=/khm2.google.com/114.114.114.114 34 | server=/khm2.googleapis.com/114.114.114.114 35 | server=/khm3.google.com/114.114.114.114 36 | server=/khm3.googleapis.com/114.114.114.114 37 | server=/khmdb.google.com/114.114.114.114 38 | server=/khmdb.googleapis.com/114.114.114.114 39 | server=/media.admob.com/114.114.114.114 40 | server=/mediavisor.doubleclick.com/114.114.114.114 41 | server=/redirector.gvt1.com/114.114.114.114 42 | server=/ssl-google-analytics.l.google.com/114.114.114.114 43 | server=/ssl.gstatic.com/114.114.114.114 44 | server=/toolbarqueries.google.com/114.114.114.114 45 | server=/tools.google.com/114.114.114.114 46 | server=/tools.l.google.com/114.114.114.114 47 | server=/update.googleapis.com/114.114.114.114 48 | server=/www.gstatic.com/114.114.114.114 49 | server=/translate.googleapis.com/114.114.114.114 50 | -------------------------------------------------------------------------------- /openwrt/default/etc/init.d/shadowsocks: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # Last Update: 2018-10 5 | 6 | START=95 7 | 8 | SERVICE_USE_PID=1 9 | SERVICE_WRITE_PID=1 10 | SERVICE_DAEMONIZE=1 11 | 12 | start() { 13 | echo 'server=/#/127.0.0.1#3210' > /etc/dnsmasq.d/gfwlist.conf 14 | /etc/init.d/dnsmasq restart 15 | 16 | service_start /usr/bin/ss-redir -b 0.0.0.0 -c /etc/shadowsocks-libev/config.json -f /var/run/shadowsocks.pid -u 17 | service_start /usr/bin/ss-tunnel -b 0.0.0.0 -c /etc/shadowsocks-libev/config.json -l 3210 -L 8.8.4.4:53 -u 18 | /usr/bin/ss-firewall-asia 19 | #/usr/bin/ss-firewall-global 20 | #/usr/bin/ss-firewall-china 21 | } 22 | 23 | stop() { 24 | echo 'server=/#/114.114.114.114' > /etc/dnsmasq.d/gfwlist.conf 25 | /etc/init.d/dnsmasq restart 26 | 27 | service_stop /usr/bin/ss-redir 28 | service_stop /usr/bin/ss-tunnel 29 | service_stop /usr/bin/obfs-local 30 | killall ss-redir 31 | killall ss-tunnel 32 | killall obfs-local 33 | /etc/init.d/firewall restart 34 | } -------------------------------------------------------------------------------- /openwrt/default/etc/shadow: -------------------------------------------------------------------------------- 1 | root:$1$zRYW.s2H$9mdsPY2ij.4fVeiiZurGW1:0:0:99999:7::: 2 | daemon:*:0:0:99999:7::: 3 | ftp:*:0:0:99999:7::: 4 | network:*:0:0:99999:7::: 5 | nobody:*:0:0:99999:7::: 6 | -------------------------------------------------------------------------------- /openwrt/default/etc/shadowsocks-libev/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "seve":"1.0.9.8", 3 | "seve_pot":1098, 4 | "local_pot":7654, 5 | "passwod":"killgfw", 6 | "method":"chacha20-ietf-poly1305", 7 | "fast_open":true, 8 | "timeout":600 9 | } 10 | -------------------------------------------------------------------------------- /openwrt/default/etc/shadowsocks-libev/info-ip_custom.txt: -------------------------------------------------------------------------------- 1 | 202.141.162.123 # 中科大 DNS 2 | 202.38.93.153 # 中科大 DNS 3 | 202.141.176.93 # 中科大 DNS 4 | 40.73.101.101 # hixns DNS 5 | 182.254.242.15 # xsico DNS 6 | 115.159.154.226 # rubyfish DNS 7 | 47.99.165.31 # rubyfish DNS 8 | 202.141.178.13 # openwrt.proxy.ustclug.org 9 | 203.107.40.116 -------------------------------------------------------------------------------- /openwrt/default/etc/shadowsocks-libev/ip_asia.txt: -------------------------------------------------------------------------------- 1 | 1.0.0.0/8 2 | 14.0.0.0/8 3 | 27.0.0.0/8 4 | 36.0.0.0/8 5 | 39.0.0.0/8 6 | 42.0.0.0/8 7 | 49.0.0.0/8 8 | 58.0.0.0/8 9 | 59.0.0.0/8 10 | 60.0.0.0/8 11 | 61.0.0.0/8 12 | 101.0.0.0/8 13 | 103.0.0.0/8 14 | 106.0.0.0/8 15 | 110.0.0.0/8 16 | 111.0.0.0/8 17 | 112.0.0.0/8 18 | 113.0.0.0/8 19 | 114.0.0.0/8 20 | 115.0.0.0/8 21 | 116.0.0.0/8 22 | 117.0.0.0/8 23 | 118.0.0.0/8 24 | 119.0.0.0/8 25 | 120.0.0.0/8 26 | 121.0.0.0/8 27 | 122.0.0.0/8 28 | 123.0.0.0/8 29 | 124.0.0.0/8 30 | 125.0.0.0/8 31 | 126.0.0.0/8 32 | 169.0.0.0/8 33 | 175.0.0.0/8 34 | 180.0.0.0/8 35 | 182.0.0.0/8 36 | 183.0.0.0/8 37 | 202.0.0.0/8 38 | 203.0.0.0/8 39 | 210.0.0.0/8 40 | 211.0.0.0/8 41 | 218.0.0.0/8 42 | 219.0.0.0/8 43 | 220.0.0.0/8 44 | 221.0.0.0/8 45 | 222.0.0.0/8 46 | 223.0.0.0/8 -------------------------------------------------------------------------------- /openwrt/default/etc/shadowsocks-libev/ip_custom.txt: -------------------------------------------------------------------------------- 1 | 202.141.162.123 2 | 202.38.93.153 3 | 202.141.176.93 4 | 40.73.101.101 5 | 182.254.242.15 6 | 115.159.154.226 7 | 47.99.165.31 8 | 202.141.178.13 9 | 203.107.40.116 -------------------------------------------------------------------------------- /openwrt/default/etc/shadowsocks-libev/ip_lan.txt: -------------------------------------------------------------------------------- 1 | 0.0.0.0/8 2 | 10.0.0.0/8 3 | 127.0.0.0/8 4 | 169.254.0.0/16 5 | 172.16.0.0/12 6 | 192.168.0.0/16 7 | 224.0.0.0/4 8 | 240.0.0.0/4 -------------------------------------------------------------------------------- /openwrt/default/etc/shadowsocks-libev/ip_server.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/softwaredownload/openwrt-fanqiang/8873c9326ac46092eb0373efc6023d210b8c3e09/openwrt/default/etc/shadowsocks-libev/ip_server.txt -------------------------------------------------------------------------------- /openwrt/default/etc/sysctl.conf: -------------------------------------------------------------------------------- 1 | net.ipv4.tcp_fastopen=3 2 | -------------------------------------------------------------------------------- /openwrt/default/etc/uci-defaults/defaults: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # Date: 2014-07-12 5 | 6 | uci set network.wan.proto='pppoe' 7 | uci set network.wan.username='wan-username' 8 | uci set network.wan.password='wan-password' 9 | uci set network.wan.peerdns=0 10 | uci commit network 11 | 12 | uci set wireless.@wifi-device[0].channel=11 13 | uci set wireless.@wifi-device[0].txpower=17 14 | uci set wireless.@wifi-device[0].disabled=0 15 | uci set wireless.@wifi-device[0].country='CN' 16 | uci set wireless.@wifi-iface[0].mode='ap' 17 | uci set wireless.@wifi-iface[0].ssid='eastking-fanqiang' 18 | uci set wireless.@wifi-iface[0].encryption='psk2' 19 | uci set wireless.@wifi-iface[0].key='icanfly9876' 20 | uci commit wireless 21 | wifi 22 | 23 | uci set dropbear.@dropbear[0].GatewayPorts='on' 24 | uci commit dropbear 25 | /etc/init.d/dropbear restart 26 | 27 | uci set system.@system[0].hostname='eastking' #设置主机名 28 | uci set system.@system[0].zonename='Asia/Shanghai' 29 | uci set system.@system[0].timezone='CST-8' 30 | uci commit system 31 | /etc/init.d/system restart 32 | 33 | #change root password 34 | echo -e "fanqiang\nfanqiang" | (passwd $USER) #修改路由器的管理员root对应的密码 35 | 36 | /etc/init.d/shadowsocks enable 37 | /etc/init.d/network restart 38 | -------------------------------------------------------------------------------- /openwrt/default/usr/bin/blockad-cn: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # last update: 2018-10 5 | 6 | TMP_HOSTS=/tmp/block.hosts.unsorted 7 | HOSTS=/etc/dnsmasq.d/ad-cn.conf 8 | 9 | # remove any old TMP_HOSTS that might have stuck around 10 | rm ${TMP_HOSTS} 2> /dev/null 11 | 12 | for URL in \ 13 | "https://github.com/softwaredownload/cnhosts/raw/data/_build/tmp/full/hosts" \ 14 | "https://github.com/e32ubhds/Hosts/raw/master/Hosts" 15 | do 16 | # filter out comment lines, empty lines, localhost... 17 | # remove trailing comments, space( ,tab), empty line 18 | # replace line to dnsmasq format 19 | # remove carriage returns 20 | # append the results to TMP_HOSTS 21 | wget -4 --no-check-certificate -qO- "${URL}" | grep -v -e "^#" -e "^\s*$" -e "localhost" -e "broadcasthost" -e "ip6" -e "^;" -e "^@" -e "^:" -e "^[a-zA-Z]" \ 22 | | sed -E -e "s/#.*$//" -e "s/[[:space:]]*//g" -e "/^$/d" \ 23 | -e "s/^127.0.0.1/server=\/./" -e "s/0.0.0.0/server=\/./" -e "/^[0-9].*$/d" -e "s/$/\/127.0.0.0/" \ 24 | | tr -d "\r" >> ${TMP_HOSTS} 25 | 26 | done 27 | 28 | # remove duplicate hosts and save the real hosts file 29 | sort ${TMP_HOSTS} | uniq > ${HOSTS} 30 | 31 | rm ${TMP_HOSTS} 2> /dev/null -------------------------------------------------------------------------------- /openwrt/default/usr/bin/blockad-en: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # last update: 2018-10 5 | 6 | TMP_HOSTS=/tmp/block.hosts.unsorted 7 | HOSTS=/etc/dnsmasq.d/ad-en.conf 8 | 9 | # remove any old TMP_HOSTS that might have stuck around 10 | rm ${TMP_HOSTS} 2> /dev/null 11 | 12 | # full ad block list for English sites 13 | #https://github.com/StevenBlack/hosts/raw/master/hosts 14 | 15 | for URL in \ 16 | "http://adaway.org/hosts.txt" 17 | do 18 | # filter out comment lines, empty lines, localhost... 19 | # remove trailing comments, space( ,tab), empty line 20 | # replace line to dnsmasq format 21 | # remove carriage returns 22 | # append the results to TMP_HOSTS 23 | wget -4 --no-check-certificate -qO- "${URL}" | grep -v -e "^#" -e "^\s*$" -e "localhost" -e "broadcasthost" -e "ip6" -e "^;" -e "^@" -e "^:" -e "^[a-zA-Z]" \ 24 | | sed -E -e "s/#.*$//" -e "s/[[:space:]]*//g" -e "/^$/d" \ 25 | -e "s/^127.0.0.1/server=\/./" -e "s/0.0.0.0/server=\/./" -e "/^[0-9].*$/d" -e "s/$/\/127.0.0.0/" \ 26 | | tr -d "\r" >> ${TMP_HOSTS} 27 | 28 | done 29 | 30 | # remove duplicate hosts and save the real hosts file 31 | sort ${TMP_HOSTS} | uniq > ${HOSTS} 32 | 33 | rm ${TMP_HOSTS} 2> /dev/null -------------------------------------------------------------------------------- /openwrt/default/usr/bin/chinalist: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # Date: 2018-09-23 5 | 6 | #adblock() { 7 | # wget -4 --no-check-certificate -O - https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt | 8 | # grep ^\|\|[^\*/]*\^$ | 9 | # sed -e 's:||:address\=\/:' -e 's:\^:/127\.0\.0\.1:' | uniq > /etc/dnsmasq.d/adblock.conf 10 | # 11 | # wget -4 --no-check-certificate -O - https://github.com/kcschan/AdditionalAdblock/raw/master/list.txt | 12 | # grep ^\|\|[^\*/]*\^$ | 13 | # sed -e 's:||:address\=\/:' -e 's:\^:/127\.0\.0\.1:' >> /etc/dnsmasq.d/adblock.conf 14 | #} 15 | 16 | 17 | wget -4 --no-check-certificate -O /etc/dnsmasq.d/accelerated-domains.china.conf https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf 18 | wget -4 --no-check-certificate -O /etc/dnsmasq.d/bogus-nxdomain.china.conf https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf 19 | wget -4 --no-check-certificate -O /etc/dnsmasq.d/apple.china.conf https://github.com/felixonmars/dnsmasq-china-list/raw/master/apple.china.conf 20 | wget -4 --no-check-certificate -O /etc/dnsmasq.d/google.china.conf https://github.com/felixonmars/dnsmasq-china-list/raw/master/google.china.conf 21 | 22 | #/etc/init.d/dnsmasq restart -------------------------------------------------------------------------------- /openwrt/default/usr/bin/ss-firewall-asia: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # phoeagon tefiszx idonknown 5 | # Last Update: 2018-10 6 | 7 | #create new chains 8 | iptables -t nat -N SHADOWSOCKS 9 | iptables -t nat -N SHADOWSOCKS_WHITELIST 10 | 11 | # Ignore your shadowsocks server-s's addresses 12 | # It's very IMPORTANT, just be careful 13 | # you'd better add them in an individual file 14 | for white_ip in `cat /etc/shadowsocks-libev/ip_server.txt`; 15 | do 16 | iptables -t nat -A SHADOWSOCKS -d "${white_ip}" -j RETURN 17 | done 18 | 19 | # Ignore Custom IP list 20 | for white_ip in `cat /etc/shadowsocks-libev/ip_custom.txt`; 21 | do 22 | iptables -t nat -A SHADOWSOCKS -d "${white_ip}" -j RETURN 23 | done 24 | 25 | # for Chrome youtube 26 | iptables -t nat -A SHADOWSOCKS -p udp --dport 443 -j REDIRECT --to-ports 7654 27 | 28 | # Ignore LANs to bypass the proxy 29 | # See Wikipedia and RFC5735 for full list of reserved networks. 30 | iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN 31 | iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN 32 | iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN 33 | iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN 34 | iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN 35 | iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN 36 | iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN 37 | iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN 38 | 39 | # Check whitelist 40 | iptables -t nat -A SHADOWSOCKS -j SHADOWSOCKS_WHITELIST 41 | iptables -t nat -A SHADOWSOCKS -m mark --mark 1 -j RETURN 42 | 43 | 44 | # Anything else TCP request should be redirected to shadowsocks's local port 45 | iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 7654 46 | # Apply the rules 47 | iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS 48 | 49 | 50 | # Or ignore Asia IP address 51 | for white_ip in `cat /etc/shadowsocks-libev/ip_asia.txt`; 52 | do 53 | iptables -t nat -A SHADOWSOCKS_WHITELIST -d "${white_ip}" -j MARK --set-mark 1 54 | done 55 | 56 | # Ignore China IP address 57 | # See ashi009/bestroutetb for a highly optimized CHN route list. 58 | #for white_ip in `cat /etc/shadowsocks-libev/ip_china.txt`; 59 | #do 60 | # iptables -t nat -A SHADOWSOCKS_WHITELIST -d "${white_ip}" -j MARK --set-mark 1 61 | #done -------------------------------------------------------------------------------- /openwrt/default/usr/bin/ss-firewall-china: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # phoeagon tefiszx idonknown 5 | 6 | # Last Update: 2018-10 7 | 8 | #create new chains 9 | iptables -t nat -N SHADOWSOCKS 10 | iptables -t nat -N SHADOWSOCKS_WHITELIST 11 | 12 | 13 | # Ignore your shadowsocks server-s's addresses 14 | # It's very IMPORTANT, just be careful 15 | # you'd better add them in an individual file 16 | for white_ip in `cat /etc/shadowsocks-libev/ip_server.txt`; 17 | do 18 | iptables -t nat -A SHADOWSOCKS -d "${white_ip}" -j RETURN 19 | done 20 | 21 | # Ignore Custom IP list 22 | for white_ip in `cat /etc/shadowsocks-libev/ip_custom.txt`; 23 | do 24 | iptables -t nat -A SHADOWSOCKS -d "${white_ip}" -j RETURN 25 | done 26 | 27 | # Ignore LANs to bypass the proxy 28 | # See Wikipedia and RFC5735 for full list of reserved networks. 29 | iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN 30 | iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN 31 | iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN 32 | iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN 33 | iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN 34 | iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN 35 | iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN 36 | iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN 37 | 38 | # for Chrome, youtube 39 | iptables -t nat -A SHADOWSOCKS -p udp --dport 443 -j REDIRECT --to-ports 7654 40 | 41 | 42 | # Check whitelist 43 | iptables -t nat -A SHADOWSOCKS -j SHADOWSOCKS_WHITELIST 44 | iptables -t nat -A SHADOWSOCKS -m mark --mark 1 -j RETURN 45 | 46 | # Anything else TCP request should be redirected to shadowsocks's local port 47 | iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 7654 48 | # Apply the rules 49 | iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS 50 | 51 | 52 | # ignore Asia IP address 53 | #for white_ip in `cat /etc/shadowsocks-libev/ip_asia.txt`; 54 | #do 55 | # iptables -t nat -A SHADOWSOCKS_WHITELIST -d "${white_ip}" -j MARK --set-mark 1 56 | #done 57 | 58 | # Ignore China IP address 59 | # See ashi009/bestroutetb for a highly optimized CHN route list. 60 | for white_ip in `cat /etc/shadowsocks-libev/ip_china.txt`; 61 | do 62 | iptables -t nat -A SHADOWSOCKS_WHITELIST -d "${white_ip}" -j MARK --set-mark 1 63 | done -------------------------------------------------------------------------------- /openwrt/default/usr/bin/ss-firewall-global: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # phoeagon tefiszx idonknown 5 | 6 | # Last Update: 2018-10 7 | 8 | #create new chains 9 | iptables -t nat -N SHADOWSOCKS 10 | iptables -t nat -N SHADOWSOCKS_WHITELIST 11 | 12 | 13 | # Ignore your shadowsocks server-s's addresses 14 | # It's very IMPORTANT, just be careful 15 | # you'd better add them in an individual file 16 | for white_ip in `cat /etc/shadowsocks-libev/ip_server.txt`; 17 | do 18 | iptables -t nat -A SHADOWSOCKS -d "${white_ip}" -j RETURN 19 | done 20 | 21 | # Ignore Custom IP list 22 | for white_ip in `cat /etc/shadowsocks-libev/ip_custom.txt`; 23 | do 24 | iptables -t nat -A SHADOWSOCKS -d "${white_ip}" -j RETURN 25 | done 26 | 27 | # Ignore LANs to bypass the proxy 28 | # See Wikipedia and RFC5735 for full list of reserved networks. 29 | iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN 30 | iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN 31 | iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN 32 | iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN 33 | iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN 34 | iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN 35 | iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN 36 | iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN 37 | 38 | # for Chrome, youtube 39 | iptables -t nat -A SHADOWSOCKS -p udp --dport 443 -j REDIRECT --to-ports 7654 40 | 41 | 42 | # Check whitelist 43 | iptables -t nat -A SHADOWSOCKS -j SHADOWSOCKS_WHITELIST 44 | iptables -t nat -A SHADOWSOCKS -m mark --mark 1 -j RETURN 45 | 46 | # Anything else TCP request should be redirected to shadowsocks's local port 47 | iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 7654 48 | # Apply the rules 49 | iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS 50 | 51 | 52 | # ignore Asia IP address 53 | #for white_ip in `cat /etc/shadowsocks-libev/ip_asia.txt`; 54 | #do 55 | # iptables -t nat -A SHADOWSOCKS_WHITELIST -d "${white_ip}" -j MARK --set-mark 1 56 | #done 57 | 58 | # Ignore China IP address 59 | # See ashi009/bestroutetb for a highly optimized CHN route list. 60 | #for white_ip in `cat /etc/shadowsocks-libev/ip_china.txt`; 61 | #do 62 | # iptables -t nat -A SHADOWSOCKS_WHITELIST -d "${white_ip}" -j MARK --set-mark 1 63 | #done -------------------------------------------------------------------------------- /openwrt/dir505/etc/dnsmasq.d/blockad.conf: -------------------------------------------------------------------------------- 1 | #手机和平板去广告,屏蔽 2 | server=/.mobads.baidu.com/127.0.0.0 3 | server=/.mobads-logs.baidu.com/127.0.0.0 4 | server=/.media.admob.com/127.0.0.0 5 | server=/.mob.adwhirl.com/127.0.0.0 6 | server=/.static.googeadsserving.cn/127.0.0.0 7 | server=/.googleads.g.doubleclick.net/127.0.0.0 8 | server=/.storage.adsmogo.net/127.0.0.0 9 | server=/.imp.adsmogo.com/127.0.0.0 10 | server=/.imp.adsmogo.net/127.0.0.0 11 | server=/.imp.adsmogo.org/127.0.0.0 12 | server=/.imp.adsmogo.mobi/127.0.0.0 13 | server=/.req.adsmogo.com/127.0.0.0 14 | server=/.req.adsmogo.net/127.0.0.0 15 | server=/.req.adsmogo.org/127.0.0.0 16 | server=/.req.adsmogo.mobi/127.0.0.0 17 | server=/.cfg.adsmogo.com/127.0.0.0 18 | server=/.cfg.adsmogo.net/127.0.0.0 19 | server=/.cfg.adsmogo.org/127.0.0.0 20 | server=/.cfg.adsmogo.mobi/127.0.0.0 21 | server=/.cus.adsmogo.com/127.0.0.0 22 | server=/.cus.adsmogo.net/127.0.0.0 23 | server=/.cus.adsmogo.org/127.0.0.0 24 | server=/.cus.adsmogo.mobi/127.0.0.0 25 | server=/.api2.adsmogo.com/127.0.0.0 26 | server=/.api2.adsmogo.net/127.0.0.0 27 | server=/.api2.adsmogo.org/127.0.0.0 28 | server=/.api2.adsmogo.mobi/127.0.0.0 29 | server=/.lk.adsmogo.mobi/127.0.0.0 30 | server=/.adview.cn/127.0.0.0 31 | server=/.report.adview.cn/127.0.0.0 32 | server=/.swx.domob.cn/127.0.0.0 33 | server=/.scc.domob.cn/127.0.0.0 34 | server=/.sm.domob.cn/127.0.0.0 35 | server=/.alog.umeng.com/127.0.0.0 36 | server=/.alog.umeng.co/127.0.0.0 37 | server=/.r2.adwo.com/127.0.0.0 38 | server=/.static.adwo.com/127.0.0.0 39 | server=/.banner.img.static.youmi.net/127.0.0.0 40 | server=/.aos.gw.youmi.net/127.0.0.0 41 | server=/.stat.gw.youmi.net/127.0.0.0 42 | server=/.aos.wall.youmi.net/127.0.0.0 43 | server=/.amob.acs86.com/127.0.0.0 44 | server=/.static.acs86.com/127.0.0.0 45 | server=/.aggregate.renren.com/127.0.0.0 46 | server=/.interval.adbc.renren.com/127.0.0.0 47 | server=/.wall.adbc.renren.com/127.0.0.0 48 | server=/.admarket.mobi/127.0.0.0 49 | server=/.ad.airad.com/127.0.0.0 50 | server=/.ad.veegao.com/127.0.0.0 51 | server=/.sdk.yijifen.com/127.0.0.0 52 | server=/.res.yijifen.com/127.0.0.0 53 | server=/.ads.mobclix.com/127.0.0.0 54 | server=/.api.airpush.com/127.0.0.0 55 | server=/.ad.leadboltapps.net/127.0.0.0 56 | server=/.ad.leadbolt.net/127.0.0.0 57 | server=/.media.mydas.mobi/127.0.0.0 58 | server=/.lp.mydas.mobi/127.0.0.0 -------------------------------------------------------------------------------- /openwrt/dir505/etc/rc.local: -------------------------------------------------------------------------------- 1 | # Put your custom commands here that should be executed once 2 | # the system init finished. By default this file does nothing. 3 | 4 | if [ ! -f /etc/config/backup/network ]; then 5 | cp /etc/config/network /etc/config/backup/ 6 | cp /etc/config/wireless /etc/config/backup/ 7 | cp /etc/config/firewall /etc/config/backup/ 8 | cp /etc/config/dhcp /etc/config/backup/ 9 | fi 10 | 11 | 12 | read_gpio() { 13 | (echo $1 > /sys/class/gpio/export) >& /dev/null 14 | (echo "in" > /sys/class/gpio/gpio$1/direction) >& /dev/null 15 | return `cat /sys/class/gpio/gpio$1/value`; 16 | } 17 | read_gpio 19; 18 | v=$?; 19 | read_gpio 20; 20 | v=$v$?; 21 | read_gpio 21; 22 | v=$v$?; 23 | read_gpio 22; 24 | v=$v$?; 25 | read_gpio 23; 26 | v=$v$?; 27 | case "$v" in 28 | 10001) v="router";; 29 | 11001) v="repeater";; 30 | 01001) v="hotspot";; 31 | 11000) v="ap";; 32 | *) v="error";; 33 | esac 34 | 35 | /usr/bin/$v 36 | 37 | logger working mode: $v 38 | 39 | 40 | exit 0 41 | -------------------------------------------------------------------------------- /openwrt/dir505/etc/uci-defaults/defaults: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # Date: 2015-12-24 5 | 6 | uci set dropbear.@dropbear[0].GatewayPorts='on' 7 | uci commit dropbear 8 | /etc/init.d/dropbear restart 9 | 10 | uci set system.@system[0].hostname='eastking' #设置主机名 11 | uci set system.@system[0].zonename='Asia/Shanghai' 12 | uci set system.@system[0].timezone='CST-8' 13 | uci commit system 14 | /etc/init.d/system restart 15 | 16 | #change root password 17 | echo -e "fanqiang\nfanqiang" | (passwd $USER) #修改路由器的管理员root对应的密码 11 18 | 19 | 20 | /etc/init.d/shadowsocks enable 21 | 22 | 23 | /etc/init.d/network restart 24 | -------------------------------------------------------------------------------- /openwrt/dir505/usr/bin/ap: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # Date: 2014-08-22 5 | 6 | cp /etc/config/backup/* /etc/config/ 7 | 8 | 9 | uci set network.lan.gateway=192.168.1.1 10 | uci set network.lan.dns=192.168.1.1 11 | uci set network.lan.ipaddr=192.168.1.234 12 | 13 | uci commit network 14 | 15 | uci set dhcp.lan.ignore=1 16 | uci commit dhcp 17 | 18 | uci set wireless.@wifi-device[0].channel=11 19 | uci set wireless.@wifi-device[0].txpower=15 20 | uci set wireless.@wifi-device[0].disabled=0 21 | uci set wireless.@wifi-device[0].country='CN' 22 | uci set wireless.@wifi-iface[0].mode='ap' 23 | uci set wireless.@wifi-iface[0].ssid='eastking-dir505' 24 | uci set wireless.@wifi-iface[0].encryption='psk2' 25 | uci set wireless.@wifi-iface[0].key='icanfly9876' 26 | 27 | #uci set wireless.@wifi-iface[0].macfilter='allow' 28 | #uci add_list wireless.@wifi-iface[0].maclist='' 29 | 30 | uci commit wireless 31 | #wifi 32 | 33 | 34 | /etc/init.d/network restart 35 | 36 | 37 | -------------------------------------------------------------------------------- /openwrt/dir505/usr/bin/hotspot: -------------------------------------------------------------------------------- 1 | # todo 2 | -------------------------------------------------------------------------------- /openwrt/dir505/usr/bin/repeater: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # Date: 2014-08-22 5 | 6 | cp /etc/config/backup/* /etc/config/ 7 | 8 | 9 | uci add network interface 10 | uci rename network.@interface[-1]='wwan' 11 | uci set network.@interface[-1].proto='dhcp' 12 | uci commit network 13 | 14 | uci set wireless.@wifi-device[0].disabled=0; 15 | uci set wireless.@wifi-iface[0].ssid='eastking-dir505'; 16 | uci set wireless.@wifi-iface[0].encryption='psk2+ccmp'; 17 | uci set wireless.@wifi-iface[0].key='icanfly9876'; 18 | 19 | uci add wireless wifi-iface 20 | uci set wireless.@wifi-iface[-1].network='wwan' 21 | uci set wireless.@wifi-iface[-1].ssid='现有 WiFi 名字' 22 | uci set wireless.@wifi-iface[-1].device='radio0' 23 | uci set wireless.@wifi-iface[-1].mode='sta' 24 | uci set wireless.@wifi-iface[-1].bssid='现有无线路由器的 MAC 地址' 25 | uci set wireless.@wifi-iface[-1].encryption='psk2+ccmp' 26 | uci set wireless.@wifi-iface[-1].key='现有 WiFi 密码' 27 | uci commit wireless; 28 | wifi 29 | 30 | uci get firewall.@zone[1].network 31 | uci show firewall.@zone[1] 32 | uci set firewall.@zone[1].network='wan wan6 wwan' 33 | uci commit firewall 34 | /etc/init.d/firewall restart 35 | -------------------------------------------------------------------------------- /openwrt/dir505/usr/bin/router: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # Date: 2014-08-22 5 | 6 | cp /etc/config/backup/* /etc/config/ 7 | 8 | uci delete network.lan.ifname 9 | uci delete network.lan.type 10 | 11 | uci add network interface 12 | uci rename network.@interface[-1]='wan' 13 | uci commit network 14 | 15 | uci set network.wan.ifname='eth1' 16 | uci set network.wan.peerdns=0 17 | uci set network.wan.proto='pppoe' 18 | uci set network.wan.username='wan-username' 19 | uci set network.wan.password='wan-password' 20 | uci set network.wan.peerdns=0 21 | 22 | uci commit network 23 | 24 | # default is no this option 25 | #uci set dhcp.lan.ignore=0 26 | #uci commit dhcp 27 | 28 | uci set wireless.@wifi-device[0].channel=11 29 | uci set wireless.@wifi-device[0].txpower=15 30 | uci set wireless.@wifi-device[0].disabled=0 31 | uci set wireless.@wifi-device[0].country='CN' 32 | uci set wireless.@wifi-iface[0].mode='ap' 33 | uci set wireless.@wifi-iface[0].ssid='eastking-dir505' 34 | uci set wireless.@wifi-iface[0].encryption='psk2' 35 | uci set wireless.@wifi-iface[0].key='icanfly9876' 36 | 37 | uci commit wireless 38 | wifi 39 | 40 | /etc/init.d/network restart 41 | 42 | 43 | -------------------------------------------------------------------------------- /openwrt/tlwr2543/etc/uci-defaults/defaults: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # Date: 2015-12-24 5 | 6 | uci set network.wan.proto=pppoe 7 | uci set network.wan.username='wan-username' 8 | uci set network.wan.password='wan-password' 9 | uci set network.wan.peerdns=0 10 | uci commit network 11 | 12 | uci set wireless.@wifi-device[0].channel=1 13 | uci set wireless.@wifi-device[0].txpower=23 14 | uci set wireless.@wifi-device[0].disabled=0 15 | uci set wireless.@wifi-device[0].country=CN 16 | uci set wireless.@wifi-iface[0].mode=ap 17 | uci set wireless.@wifi-iface[0].ssid='eastking-tlwr2543'' 18 | uci set wireless.@wifi-iface[0].encryption=psk2 19 | uci set wireless.@wifi-iface[0].key='icanfly9876' 20 | uci commit wireless 21 | wifi 22 | 23 | # for ssh log in with key only, disable password log in 24 | #uci set dropbear.@dropbear[0].Port=222 25 | #uci set dropbear.@dropbear[0].PasswordAuth=off 26 | #uci set dropbear.@dropbear[0].RootPasswordAuth=off 27 | #uci set dropbear.@dropbear[0].GatewayPorts=on 28 | 29 | # enable ssh 30 | uci set dropbear.@dropbear[0].GatewayPorts='on' 31 | uci commit dropbear 32 | /etc/init.d/dropbear restart 33 | 34 | uci set system.@system[0].hostname='eastking' #设置主机名 35 | uci set system.@system[0].zonename='Asia/Shanghai' 36 | uci set system.@system[0].timezone='CST-8' 37 | uci commit system 38 | /etc/init.d/system restart 39 | 40 | #change root password 41 | echo -e "fanqiang\nfanqiang" | (passwd $USER) #修改路由器的管理员root对应的密码 11 42 | 43 | 44 | /etc/init.d/shadowsocks enable 45 | 46 | #/etc/init.d/shadowsocks restart 47 | 48 | /etc/init.d/network restart 49 | -------------------------------------------------------------------------------- /openwrt/wndr4300/etc/config/wireless: -------------------------------------------------------------------------------- 1 | 2 | config wifi-device 'radio0' 3 | option type 'mac80211' 4 | option hwmode '11g' 5 | option path 'platform/ar934x_wmac' 6 | option disabled '0' 7 | option noscan '1' 8 | option txpower '30' 9 | option channel '3' 10 | option htmode 'HT40+' 11 | option country 'US' 12 | 13 | config wifi-iface 14 | option device 'radio0' 15 | option network 'lan' 16 | option mode 'ap' 17 | option encryption 'psk2' 18 | option wpa_group_rekey '0' 19 | option wpa_pair_rekey '0' 20 | option wpa_master_rekey '0' 21 | option ssid 'wndr4300-2.4G' 22 | option key 'icanfly9876' 23 | option hidden '0' 24 | 25 | config wifi-device 'radio1' 26 | option type 'mac80211' 27 | option hwmode '11a' 28 | option path 'pci0000:00/0000:00:00.0' 29 | option htmode 'HT20' 30 | option disabled '0' 31 | option country 'CN' 32 | option channel '165' 33 | 34 | config wifi-iface 35 | option device 'radio1' 36 | option network 'lan' 37 | option mode 'ap' 38 | option encryption 'psk2' 39 | option ssid 'wndr4300-5G' 40 | option key 'icanfly9876' 41 | 42 | -------------------------------------------------------------------------------- /openwrt/wndr4300/etc/uci-defaults/defaults: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author: https://github.com/softwaredownload/openwrt-fanqiang 4 | # Date: 2015-12-19 5 | 6 | 7 | #一般只修改 带注释并以 11 结尾的行就可以了。 8 | 9 | 10 | #ppoe 11 | echo "**** 开始设置网络设置****" 12 | uci set network.wan.proto=pppoe 13 | uci set network.wan.username='wan-username' #设置ppoe帐号 11 14 | uci set network.wan.password='wan-password' #设置ppoe密码 11 15 | uci set network.wan.peerdns='0' 16 | #uci set network.wan.dns='114.114.114.114 223.5.5.5 114.114.115.115 223.6.6.6' 17 | uci commit network 18 | ifup wan 19 | 20 | echo "**** 网络设置成功****" 21 | 22 | 23 | #wifi 24 | uci set wireless.radio0.channel=auto 25 | uci set wireless.@wifi-iface[0].ssid='WNDR4300-2.4G' #设置2.4G无线的ssid 11 26 | uci set wireless.@wifi-iface[1].ssid='WNDR4300-5G' #设置5G无线的ssid 27 | uci set wireless.@wifi-iface[0].key='icanfly9876' #设置无线密码 11 28 | uci set wireless.@wifi-iface[1].key='icanfly9876' #设置5G无线密码 11 29 | 30 | uci set wireless.@wifi-device[0].country='CN' 31 | uci set wireless.@wifi-device[0].disabled=0 32 | uci set wireless.@wifi-iface[0].network='lan' 33 | uci set wireless.@wifi-iface[0].mode='ap' 34 | 35 | uci set wireless.@wifi-iface[0].encryption='psk2' 36 | uci set wireless.@wifi-iface[0].hidden=0 37 | 38 | uci set wireless.@wifi-device[1].country='CN' 39 | uci set wireless.@wifi-device[1].disabled=0 40 | uci set wireless.@wifi-device[1].channel=165 41 | uci set wireless.@wifi-iface[1].network='lan' 42 | uci set wireless.@wifi-iface[1].mode='ap' 43 | uci set wireless.@wifi-iface[1].encryption='psk2' 44 | uci commit wireless >/dev/null 45 | 46 | echo "**** 无线设置成功****" 47 | 48 | 49 | #ss 50 | #uci set shadowsocks.@shadowsocks[-1].enable='1' 51 | #uci set shadowsocks.@shadowsocks[-1].use_conf_file='0' 52 | #uci set shadowsocks.@shadowsocks[-1].server='1.0.9.8' #设置ss服务器ip地址 11 53 | #uci set shadowsocks.@shadowsocks[-1].server_port='1098' #设置服务器端口 11 54 | #uci set shadowsocks.@shadowsocks[-1].password='killgfw' #设置ss密码 11 55 | #uci set shadowsocks.@shadowsocks[-1].encrypt_method='aes-256-cfb' #设置加密方式 11 56 | #uci set shadowsocks.@shadowsocks[-1].ignore_list='/etc/ip_china.txt' 57 | #uci set shadowsocks.@shadowsocks[-1].udp_relay='1' 58 | #uci set shadowsocks.@shadowsocks[-1].tunnel_enable='1' # 11 59 | #uci set shadowsocks.@shadowsocks[-1].tunnel_port='3210' 60 | #uci set shadowsocks.@shadowsocks[-1].tunnel_forward='8.8.4.4:53' 61 | #uci commit shadowsocks 62 | 63 | 64 | #system 65 | uci set system.@system[0].hostname='eastking' #设置主机名 66 | uci set system.@system[0].timezone=CST-8 67 | uci set system.@system[0].zonename='Asia/Shanghai' 68 | uci commit system >/dev/null 69 | /etc/init.d/system restart 70 | 71 | #change root password 72 | echo -e "fanqiang\nfanqiang" | (passwd $USER) #修改路由器的管理员root对应的密码 11 73 | 74 | 75 | # 设置ip地址 76 | # uci set network.lan.proto=static 77 | # uci set network.lan.ipaddr='192.168.1.1' 78 | # uci set network.lan.netmask='255.255.255.0' 79 | # uci set network.lan.gateway='' 80 | # uci set network.lan.dns='114.114.114.114' 81 | 82 | ## Commit Changes 83 | #uci commit 84 | 85 | 86 | #增强无线信号 87 | uci set wireless.@wifi-device[0].txpower='30' 88 | uci set wireless.@wifi-device[0].channel=3 89 | uci set wireless.@wifi-device[0].htmode='HT40+' 90 | uci set wireless.@wifi-device[0].country='US' 91 | uci set wireless.@wifi-device[0].hwmode='11g' 92 | uci set wireless.@wifi-device[0].noscan=1 93 | uci commit >> /dev/null 2>&1 94 | 95 | #echo "****增强无线信号设置完毕,稍后可手工重启路由器****" 96 | 97 | 98 | uci set dropbear.@dropbear[0].GatewayPorts='on' 99 | uci commit dropbear 100 | /etc/init.d/dropbear restart 101 | 102 | /etc/init.d/dnsmasq enable 103 | /etc/init.d/shadowsocks enable 104 | 105 | 106 | /etc/init.d/network restart 107 | 108 | #reboot -------------------------------------------------------------------------------- /ubuntu/etc/security/limits.d/98-nofiles.conf: -------------------------------------------------------------------------------- 1 | * soft nofile 512000 2 | root soft nofile 512000 3 | -------------------------------------------------------------------------------- /ubuntu/etc/shadowsocks-libev/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "server":["[::0]","0.0.0.0"], 3 | "server_port":1098, 4 | "password":"killgfw", 5 | "method":"chacha20-ietf-poly1305", 6 | "ipv6_first":true, 7 | "dns_ipv6":true, 8 | "fast_open":true, 9 | "timeout":600 10 | } 11 | -------------------------------------------------------------------------------- /ubuntu/etc/sysctl.d/98-bbr.conf: -------------------------------------------------------------------------------- 1 | net.core.default_qdisc = fq 2 | net.ipv4.tcp_congestion_control = bbr 3 | -------------------------------------------------------------------------------- /ubuntu/etc/sysctl.d/98-file-max.conf: -------------------------------------------------------------------------------- 1 | fs.file-max = 51200 -------------------------------------------------------------------------------- /ubuntu/etc/sysctl.d/98-network-custom.conf: -------------------------------------------------------------------------------- 1 | net.core.netdev_max_backlog = 4096 2 | net.ipv4.tcp_max_syn_backlog = 4096 3 | net.core.somaxconn = 4096 4 | 5 | net.ipv4.tcp_fin_timeout = 30 6 | 7 | net.ipv4.tcp_tw_reuse = 1 8 | 9 | net.ipv4.tcp_keepalive_time = 1200 10 | 11 | net.ipv4.tcp_mtu_probing = 1 -------------------------------------------------------------------------------- /ubuntu/etc/sysctl.d/98-swap.conf: -------------------------------------------------------------------------------- 1 | vm.swappiness=20 2 | vm.vfs_cache_pressure=50 3 | -------------------------------------------------------------------------------- /ubuntu/etc/sysctl.d/98-tcp_fastopen.conf: -------------------------------------------------------------------------------- 1 | net.ipv4.tcp_fastopen=3 2 | --------------------------------------------------------------------------------