How to create smart routing in linux

Source: Internet
Author: User

This article describes how to create a smart routing function in linux.

List of required devices:

A free host
A router with OpenWRT installed
A network cable
A 2 gb usb flash drive
Before that, make sure that you have a router that has been flushed by OpenWRT, power on the router, and connect directly to the router through the network cable:

Set password for telnet 192.168.1.1:

Passwd and then exit to log on using SSH:

The exitssh root@192.168.1.1 then modifies the Wireless Configuration of the route to enable Wifi:

Vim/etc/config/wireless comment out option disabled 1 line, and set the Wifi encryption method and password:

The Code is as follows: Copy code
Config wifi-device radio0
Option type mac80211
Option channel 11
Option hwmode 11ng
Option path 'Platform/ar933x_wmac'
Option htmode HT20
List ht_capab SHORT-GI-20
List ht_capab SHORT-GI-40
List ht_capab RX-STBC1
List ht_capab DSSS_CCK-40
# Remove this line to enable wifi:
# Option disabled 1
 
Config wifi-iface
Option device radio0
Option network lan
Option mode ap
Option ssid OpenWrt
Option encryption psk2
Option key 'Password'

Then modify the Network Configuration:

Vim/etc/config/network comment out option ifname 'eth0' and add WAN port settings,

The Code is as follows: Copy code
Config interface 'loopback'
Option ifname 'lo'
Option proto 'static'
Option ipaddr '2017. 0.0.1'
Option netmask '2017. 0.0.0'
 
Config globals 'globals'
Option ula_prefix 'fd48: f746: e8a5:/48'
 
Config interface 'lan'
# Option ifname 'eth0'
Option type 'bridge'
Option proto 'static'
Option ipaddr '192. 168.1.1'
Option netmask '2017. 255.255.0'
Option ip6assign '60'
 
Config interface 'wan'
Option ifname 'eth0'
Option proto 'dhcp'

Then restart the route to connect to the router through Wifi. Then, connect the route to the network or the upper-level route through the network cable and use it as a normal router.

Reboot Security Mode

If you cannot connect to the vro due to IP Address Configuration errors or other reasons, you can enter the Security Mode of the vro to restore the connection:

1. Unplug the vro power
2. After the power supply is connected, use the toothpick to constantly plug in the reset button of the router. When the indicator of the router starts to flash fast, it indicates that the security mode has been entered.
3. The security mode does not load any configurations. Therefore, you need to connect directly and connect to the vrotelnet through telnet 192.168.1.1.
4. Mount the root partition: mount_root
5. Erase the previous configuration: firstboot
6. Set Password: passwd root
7. Restart: reboot-f

Then you can re-start the configuration. If an error occurs when the configuration is erased through firstboot, you can re-brush the machine in OpenWRT.

Prepare a USB flash drive

The routing I use only 2 MB of storage space. After OpenWRT is installed, there is little space left. If you want to install software such as OpenVPN mentioned later, it is obvious that the space is not enough, however, we can use a USB flash disk to expand it through the USB interface of the router.

I divided the 2G USB flash drive into three areas: 1G (primary, bootable, ext4), 500 MB (primary, swap), and 500 MB (primary, ext4 ), after partitioning, you can complete the preparation of the USB flash disk. I perform the following operations on the Ubuntu Virtual Machine on Mac:

The Code is as follows: Copy code
Cfdisk/dev/sdb
Mkfs. ext4/dev/sdb1
Mkswap/dev/sdb2
Mkfs. ext4/dev/sdb3

After preparing the USB flash drive, you can install the required software on the route:

The Code is as follows: Copy code
Opkg update
Opkg install kmod-usb2 kmod-fs-ext4
Opkg install kmod-usb-storage
Opkg install block-mount
Reboot

Restart the router and configure fstab to automatically mount the USB disk partition:

The Code is as follows: Copy code
Reboot
Vim/etc/config/fstab

Modify the following configurations:

The Code is as follows: Copy code
Config 'mount'
Option target/mnt/usb
Option device/dev/sda1
Option fstype ext4
Option enabled 1
 
Config 'SWAp'
Option device/dev/sda2
Option enabled 1
 
Config 'mount'
Option target/mnt/home
Option device/dev/sda3
Option fstype ext4
Option enabled 1

After the router is restarted:

Reboot now you can see that the partition has been automatically mounted through df-h:

The Code is as follows: Copy code

Df-h

Filesystem Size Used Available Use % Mounted on
Rootfs 1.1 M 632.0 K 456.0 K 58%/
/Dev/root 1.8 M 1.8 M 0 100%/rom
Tmpfs 14.1 M 72.0 K 14.1 M 0%/tmp
/Dev/mtdblock3 1.1 M 632.0 K 456.0 K 58%/overlay
Overlayfs:/overlay 1.1 M 632.0 K 456.0 K 58%/
Tmpfs 512.0 K 0 512.0 K 0%/dev
/Dev/sda1 945.2 M 11.0 M 869.4 M 1%/mnt/usb
/Dev/sda3 451.5 M 2.3 M 421.5 M 1%/mnt/home

Perform the following operations:

The Code is as follows: Copy code
Mkdir/tmp/root
Mount-o bind // tmp/root
Cp/tmp/root/*/mnt/usb-
Umount/tmp/root
Rm-r/tmp/root

Then add dest usb/mnt/usb in the opkg. conf configuration, and then we can install the required OpenVPN to the USB:

The Code is as follows: Copy code
Vim/etc/opkg. conf
Opkg update
Opkg -- dest usb install openvpn-openssl
Ln-s/mnt/usb/usr/lib/libssl. so.1.0.0/usr/lib/
Ln-s/mnt/usb/usr/lib/libcrypto. so.1.0.0/usr/lib/
Ln-s/mnt/usb/usr/lib/liblzo2.so. 2/usr/lib/
Ln-s/mnt/usb/usr/sbin/openvpn/usr/sbin/

Now you can run OpenVPN:

Openvpn -- version because OpenVPN is installed in USB, The tun module cannot be found when OpenVPN is started. Configure the tun module as follows:

The Code is as follows: Copy code
Ln-s/mnt/usb/lib/modules/3.10.4/tun. ko/lib/modules/3.10.4/
Ln-s/mnt/usb/etc/modules. d/30-tun/etc/modules
Ln-s/mnt/usb/etc/modules. d/30-tun/etc/modules. d/
Modinfo tun

Next, disable the firewall and check the default forwarding and NAT rules:

The Code is as follows: Copy code
/Etc/init. d/firewall stop
/Etc/init. d/firewall disable
Iptables-L-n -- line-number
Iptables-t nat-vnL POSTROUTING -- line-number

You can see that there are no forwarding rules by default, so the devices connected to the router cannot access the Internet at this time. Configure the route to automatically load the tun module and add the forwarding rules each time the router is powered on and restarted:

Modify the following configurations in vim/etc/rc. local:

The Code is as follows: Copy code
Insmod tun
Iptables-I FORWARD-o tun0-j ACCEPT
Iptables-t nat-a postrouting-s 192.168.1.0/24-j MASQUERADE
Iptables-save

 
Exit 0
So far, your router can connect to the Internet again normally. Next we need to configure OpenVPN for intelligent traffic distribution, that is, to configure which traffic goes through the VPN.

First, configure OpenVPN, which includes two aspects: server and client.

Server

The Code is as follows: Copy code
Wget http://ipxcore.com/openvpn-debian-install.sh
Chmod + x openvpn-debian-install.sh
/Openvpn-debian-install.sh
 
Iptables-I INPUT-p udp -- dport 1194-j ACCEPT
Iptables-I INPUT-p tcp -- dport 1194-j ACCEPT
Iptables-I INPUT-p udp -- dport 443-j ACCEPT
Iptables-I INPUT-p tcp -- dport 443-j ACCEPT
Iptables-a input-I tun0-j ACCEPT
Iptables-a forward-I tun0-j ACCEPT
Iptables-a forward-o tun0-j ACCEPT
Iptables-t nat-a postrouting-s 10.8.0.0/24-o eth0-j MASQUERADE
Iptables-save

Client

The client needs to configure the certificate path generated on the server. First, download the packaged Certificate file from the server:

The Code is as follows: Copy code

Scp root@100.100.100.100:/root/keys. tgz ./
Tar-zxvf keys. tgz
Vim 703n. ovpn
703n. ovpn

The configuration is as follows:

The Code is as follows: Copy code
Client
Remote 100.100.100.100.100 1194
Dev tun
Comp-lzo
Ca/root/etc/openvpn/easy-rsa/2.0/keys/ca. crt
Cert/root/etc/openvpn/easy-rsa/2.0/keys/client1.crt
Key/root/etc/openvpn/easy-rsa/2.0/keys/client1.key
Route-delay 2
Route-method exe
Max-routes 3888
Redirect-gateway def1
Verb 3

So far, OpenVPN can be started through the current configuration file and all traffic is forwarded through the VPN:

Openvpn -- config./703n. ovpn to achieve smart traffic distribution and reduce VPN traffic, you can use ChnRoutes to download ChnRoutes on Mac and execute:

Python chnroutes. py-p android generates two files: vpnup. sh and vpndown. sh: Delete the alias headers of the two files and download them to the vro. Then, add the following settings at the bottom of the configuration file:

The Code is as follows: Copy code
Script-security 2
Up vpnup. sh
Down vpndown. sh

Now, start OpenVPN again, and find that the traffic has been automatically distributed in the Baidu and Twitter under traceroute respectively on the Mac.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.