How to create smart routing in linux

This article describes how to create a smart routing function in linux.

List of required devices:

A free host
A router with OpenWRT installed
A network cable
A 2 gb usb flash drive
Before that, make sure that you have a router that has been flushed by OpenWRT, power on the router, and connect directly to the router through the network cable:

Set password for telnet 192.168.1.1:

Passwd and then exit to log on using SSH:

The exitssh root@192.168.1.1 then modifies the Wireless Configuration of the route to enable Wifi:

Vim/etc/config/wireless comment out option disabled 1 line, and set the Wifi encryption method and password:

The Code is as follows:

Copy code

Config wifi-device radio0 Option type mac80211 Option channel 11 Option hwmode 11ng Option path 'Platform/ar933x_wmac' Option htmode HT20 List ht_capab SHORT-GI-20 List ht_capab SHORT-GI-40 List ht_capab RX-STBC1 List ht_capab DSSS_CCK-40 # Remove this line to enable wifi: # Option disabled 1   Config wifi-iface Option device radio0 Option network lan Option mode ap Option ssid OpenWrt Option encryption psk2 Option key 'Password'

Then modify the Network Configuration:

Vim/etc/config/network comment out option ifname 'eth0' and add WAN port settings,

The Code is as follows:

Copy code

Config interface 'loopback' Option ifname 'lo' Option proto 'static' Option ipaddr '2017. 0.0.1' Option netmask '2017. 0.0.0'   Config globals 'globals' Option ula_prefix 'fd48: f746: e8a5:/48'   Config interface 'lan' # Option ifname 'eth0' Option type 'bridge' Option proto 'static' Option ipaddr '192. 168.1.1' Option netmask '2017. 255.255.0' Option ip6assign '60'   Config interface 'wan' Option ifname 'eth0' Option proto 'dhcp'

Then restart the route to connect to the router through Wifi. Then, connect the route to the network or the upper-level route through the network cable and use it as a normal router.

Reboot Security Mode

If you cannot connect to the vro due to IP Address Configuration errors or other reasons, you can enter the Security Mode of the vro to restore the connection:

1. Unplug the vro power
2. After the power supply is connected, use the toothpick to constantly plug in the reset button of the router. When the indicator of the router starts to flash fast, it indicates that the security mode has been entered.
3. The security mode does not load any configurations. Therefore, you need to connect directly and connect to the vrotelnet through telnet 192.168.1.1.
4. Mount the root partition: mount_root
5. Erase the previous configuration: firstboot
6. Set Password: passwd root
7. Restart: reboot-f

Then you can re-start the configuration. If an error occurs when the configuration is erased through firstboot, you can re-brush the machine in OpenWRT.

Prepare a USB flash drive

The routing I use only 2 MB of storage space. After OpenWRT is installed, there is little space left. If you want to install software such as OpenVPN mentioned later, it is obvious that the space is not enough, however, we can use a USB flash disk to expand it through the USB interface of the router.

I divided the 2G USB flash drive into three areas: 1G (primary, bootable, ext4), 500 MB (primary, swap), and 500 MB (primary, ext4 ), after partitioning, you can complete the preparation of the USB flash disk. I perform the following operations on the Ubuntu Virtual Machine on Mac:

The Code is as follows:	Copy code
Cfdisk/dev/sdb Mkfs. ext4/dev/sdb1 Mkswap/dev/sdb2 Mkfs. ext4/dev/sdb3

After preparing the USB flash drive, you can install the required software on the route:

The Code is as follows:	Copy code
Opkg update Opkg install kmod-usb2 kmod-fs-ext4 Opkg install kmod-usb-storage Opkg install block-mount Reboot

Restart the router and configure fstab to automatically mount the USB disk partition:

The Code is as follows:	Copy code
Reboot Vim/etc/config/fstab

Modify the following configurations:

The Code is as follows:	Copy code
Config 'mount' Option target/mnt/usb Option device/dev/sda1 Option fstype ext4 Option enabled 1   Config 'SWAp' Option device/dev/sda2 Option enabled 1   Config 'mount' Option target/mnt/home Option device/dev/sda3 Option fstype ext4 Option enabled 1

After the router is restarted:

Reboot now you can see that the partition has been automatically mounted through df-h:

The Code is as follows:	Copy code
Df-h Filesystem Size Used Available Use % Mounted on Rootfs 1.1 M 632.0 K 456.0 K 58%/ /Dev/root 1.8 M 1.8 M 0 100%/rom Tmpfs 14.1 M 72.0 K 14.1 M 0%/tmp /Dev/mtdblock3 1.1 M 632.0 K 456.0 K 58%/overlay Overlayfs:/overlay 1.1 M 632.0 K 456.0 K 58%/ Tmpfs 512.0 K 0 512.0 K 0%/dev /Dev/sda1 945.2 M 11.0 M 869.4 M 1%/mnt/usb /Dev/sda3 451.5 M 2.3 M 421.5 M 1%/mnt/home

Perform the following operations:

The Code is as follows:	Copy code
Mkdir/tmp/root Mount-o bind // tmp/root Cp/tmp/root/*/mnt/usb- Umount/tmp/root Rm-r/tmp/root

Then add dest usb/mnt/usb in the opkg. conf configuration, and then we can install the required OpenVPN to the USB:

The Code is as follows:	Copy code
Vim/etc/opkg. conf Opkg update Opkg -- dest usb install openvpn-openssl Ln-s/mnt/usb/usr/lib/libssl. so.1.0.0/usr/lib/ Ln-s/mnt/usb/usr/lib/libcrypto. so.1.0.0/usr/lib/ Ln-s/mnt/usb/usr/lib/liblzo2.so. 2/usr/lib/ Ln-s/mnt/usb/usr/sbin/openvpn/usr/sbin/

Now you can run OpenVPN:

Openvpn -- version because OpenVPN is installed in USB, The tun module cannot be found when OpenVPN is started. Configure the tun module as follows:

The Code is as follows:	Copy code
Ln-s/mnt/usb/lib/modules/3.10.4/tun. ko/lib/modules/3.10.4/ Ln-s/mnt/usb/etc/modules. d/30-tun/etc/modules Ln-s/mnt/usb/etc/modules. d/30-tun/etc/modules. d/ Modinfo tun

Next, disable the firewall and check the default forwarding and NAT rules:

The Code is as follows:	Copy code
/Etc/init. d/firewall stop /Etc/init. d/firewall disable Iptables-L-n -- line-number Iptables-t nat-vnL POSTROUTING -- line-number

You can see that there are no forwarding rules by default, so the devices connected to the router cannot access the Internet at this time. Configure the route to automatically load the tun module and add the forwarding rules each time the router is powered on and restarted:

Modify the following configurations in vim/etc/rc. local:

The Code is as follows:	Copy code
Insmod tun Iptables-I FORWARD-o tun0-j ACCEPT Iptables-t nat-a postrouting-s 192.168.1.0/24-j MASQUERADE Iptables-save

 
Exit 0
So far, your router can connect to the Internet again normally. Next we need to configure OpenVPN for intelligent traffic distribution, that is, to configure which traffic goes through the VPN.

First, configure OpenVPN, which includes two aspects: server and client.

Server

The Code is as follows:

Copy code

Wget http://ipxcore.com/openvpn-debian-install.sh Chmod + x openvpn-debian-install.sh /Openvpn-debian-install.sh   Iptables-I INPUT-p udp -- dport 1194-j ACCEPT Iptables-I INPUT-p tcp -- dport 1194-j ACCEPT Iptables-I INPUT-p udp -- dport 443-j ACCEPT Iptables-I INPUT-p tcp -- dport 443-j ACCEPT Iptables-a input-I tun0-j ACCEPT Iptables-a forward-I tun0-j ACCEPT Iptables-a forward-o tun0-j ACCEPT Iptables-t nat-a postrouting-s 10.8.0.0/24-o eth0-j MASQUERADE Iptables-save

Client

The client needs to configure the certificate path generated on the server. First, download the packaged Certificate file from the server:

The Code is as follows:	Copy code
Scp root@100.100.100.100:/root/keys. tgz ./ Tar-zxvf keys. tgz Vim 703n. ovpn 703n. ovpn

The configuration is as follows:

The Code is as follows:	Copy code
Client Remote 100.100.100.100.100 1194 Dev tun Comp-lzo Ca/root/etc/openvpn/easy-rsa/2.0/keys/ca. crt Cert/root/etc/openvpn/easy-rsa/2.0/keys/client1.crt Key/root/etc/openvpn/easy-rsa/2.0/keys/client1.key Route-delay 2 Route-method exe Max-routes 3888 Redirect-gateway def1 Verb 3

So far, OpenVPN can be started through the current configuration file and all traffic is forwarded through the VPN:

Openvpn -- config./703n. ovpn to achieve smart traffic distribution and reduce VPN traffic, you can use ChnRoutes to download ChnRoutes on Mac and execute:

Python chnroutes. py-p android generates two files: vpnup. sh and vpndown. sh: Delete the alias headers of the two files and download them to the vro. Then, add the following settings at the bottom of the configuration file:

The Code is as follows:	Copy code
Script-security 2 Up vpnup. sh Down vpndown. sh

Now, start OpenVPN again, and find that the traffic has been automatically distributed in the Baidu and Twitter under traceroute respectively on the Mac.