List of required equipment:
A free mainframe.
A router that has already been brushed OpenWrt
A wire
A 2G USB drive.
Before you do this, make sure you have a router that has brushed the openwrt, then power the router and connect the router via a network cable:
Telnet 192.168.1.1 Set Password:
passwd and then exit to login with SSH:
Exitssh root@192.168.1.1 then modifies the wireless configuration of the route so that WiFi can be turned on:
Vim/etc/config/wireless Comment out option disabled 11 lines and set the encryption method and password for WiFi:
The code is as follows |
Copy Code |
Config Wifi-device radio0 Option Type mac80211 Option Channel 11 Option Hwmode 11ng Option path ' Platform/ar933x_wmac ' Option Htmode HT20 List Ht_capab short-gi-20 List Ht_capab short-gi-40 List Ht_capab RX-STBC1 List Ht_capab dsss_cck-40 # REMOVE This line to ENABLE WIFI: # option Disabled 1
Config Wifi-iface Option Device Radio0 Option Network LAN Option Mode AP Option SSID OpenWrt Option Encryption Psk2 Option key ' Password '
|
Then modify the network configuration:
Vim/etc/config/network comment out option ifname ' eth0 ' and increase WAN port settings,
The code is as follows |
Copy Code |
Config interface ' loopback ' Option ifname ' lo ' Option Proto ' Static ' Option ipaddr ' 127.0.0.1 ' Option netmask ' 255.0.0.0 '
Config globals ' globals ' Option Ula_prefix ' FD48:F746:E8A5::/48 '
Config interface ' LAN ' # OPTION ifname ' eth0 ' Option type ' bridge ' Option Proto ' Static ' Option ipaddr ' 192.168.1.1 ' Option netmask ' 255.255.255.0 ' Option Ip6assign ' 60 '
Config interface ' Wan ' OPTION ifname ' eth0 ' Option Proto ' DHCP '
|
Then restart the route, you can connect to the router via WiFi, at which point the route is routed through a network cable or a superior route can be used as a common router.
Reboot Safe Mode
If you cannot connect to the router due to an incorrect IP address configuration, you can go to the router's Safe mode for recovery:
1, unplug the router power
2, the use of the toothpick link power after the reset of the router to plug the button, when the router's light began to flash quickly indicates that has entered the safe mode
3. Safe mode does not load any configuration, so you also need to connect the router via Telnet 192.168.1.1 via the first mentioned method
4, Mount root partition: Mount_root
5, Erase the previous configuration: Firstboot
6. Set Password: passwd root
7, restart: reboot-f
You can then restart the configuration, if the process through the Firstboot erase configuration encountered errors, can be openwrt in the way to brush the machine to solve.
Prepare a U disk
I use only 2MB storage space, after the installation of OpenWrt, there is little space, if you want to install the follow-up mentioned OpenVPN and other software, it is obvious that space is not enough, but we can use USB port through the router to do the expansion.
I am here to 2G u disk 3 sections, 1G (primary, bootable, EXT4)/500MB (primary, swap)/500MB (primary, EXT4), the partition after the format, it completed a U disk preparation work, I do the following from the Ubuntu virtual machine in Mac:
The code is as follows |
Copy Code |
Cfdisk/dev/sdb Mkfs.ext4/dev/sdb1 Mkswap/dev/sdb2 Mkfs.ext4/dev/sdb3
|
After the U disk is ready, you can install the required software on the route:
The code is as follows |
Copy Code |
OPKG Update Opkg Install KMOD-USB2 KMOD-FS-EXT4 Opkg Install Kmod-usb-storage Opkg Install Block-mount Reboot
|
Then restart the router, and then configure Fstab to achieve the automatic Mount U disk partition:
The code is as follows |
Copy Code |
Reboot Vim/etc/config/fstab
|
Modify the following configuration:
The code is as follows |
Copy Code |
Config ' Mount ' Option Target/mnt/usb Option DEVICE/DEV/SDA1 Option Fstype EXT4 Option enabled 1
Config ' swap ' Option Device/dev/sda2 Option enabled 1
Config ' Mount ' Option Target/mnt/home Option Device/dev/sda3 Option Fstype EXT4 Option enabled 1
|
And then reboot the router:
Reboot this is when you can see through df-h that the partitions are automatically mounted:
The code is as follows |
Copy Code |
Df-h FileSystem Size Used Available use% mounted on Rootfs 1.1M 632.0K 456.0K 58%/ /dev/root 1.8M 1.8M 0 100%/rom Tmpfs 14.1M 72.0K 14.1M 0%/tmp /dev/mtdblock3 1.1M 632.0K 456.0K 58%/overlay Overlayfs:/overlay 1.1M 632.0K 456.0K 58%/ Tmpfs 512.0K 0 512.0K 0%/dev /DEV/SDA1 945.2M 11.0M 869.4M 1%/mnt/usb /dev/sda3 451.5M 2.3M 421.5M 1%/mnt/home |
Then do the following:
The code is as follows |
Copy Code |
Mkdir/tmp/root Mount-o bind//tmp/root cp/tmp/root/*/mnt/usb-a Umount/tmp/root Rm-r/tmp/root
|
Then add Dest Usb/mnt/usb to the opkg.conf configuration, and then we can install the OpenVPN we need into USB:
The code is as follows |
Copy Code |
Vim/etc/opkg.conf OPKG Update opkg--dest USB Install Openvpn-openssl Ln-s/mnt/usb/usr/lib/libssl.so.1.0.0/usr/lib/ Ln-s/mnt/usb/usr/lib/libcrypto.so.1.0.0/usr/lib/ Ln-s/mnt/usb/usr/lib/liblzo2.so.2/usr/lib/ Ln-s/mnt/usb/usr/sbin/openvpn/usr/sbin/
|
You are ready to run OpenVPN:
OpenVPN--version because OpenVPN is installed in USB, subsequent boot OpenVPN will encounter a situation where the Tun module is not found, and then configure the Tun module:
The code is as follows |
Copy Code |
Ln-s/mnt/usb/lib/modules/3.10.4/tun.ko/lib/modules/3.10.4/ Ln-s/mnt/usb/etc/modules.d/30-tun/etc/modules Ln-s/mnt/usb/etc/modules.d/30-tun/etc/modules.d/ Modinfo Tun
|
Then we close the firewall and look at some of the default forwarding and NAT rules:
The code is as follows |
Copy Code |
/etc/init.d/firewall stop /etc/init.d/firewall Disable Iptables-l-N--line-number Iptables-t NAT-VNL postrouting--line-number
|
You can see that there is no forwarding rule at this time, so the device connected to the router is not able to surf the internet, configuring the route to automatically load the Tun module and adding forwarding rules each time the power cycle is restarted:
Vim/etc/rc.local Modify the following configuration:
The code is as follows |
Copy Code |
Insmod Tun Iptables-i Forward-o tun0-j ACCEPT Iptables-t nat-a postrouting-s 192.168.1.0/24-j Masquerade Iptables-save
|
Exit 0
So far your router has been able to access the Internet again, below we need to configure the OpenVPN and the flow of intelligent distribution, that is, configure which traffic to go VPN.
First we're going to configure OpenVPN, which includes two configurations, the server side and the client.
Service side
The code is as follows |
Copy Code |
wget http://ipxcore.com/openvpn-debian-install.sh chmod +x openvpn-debian-install.sh ./openvpn-debian-install.sh
Iptables-i input-p UDP--dport 1194-j ACCEPT Iptables-i input-p TCP--dport 1194-j ACCEPT Iptables-i input-p UDP--dport 443-j ACCEPT Iptables-i input-p TCP--dport 443-j ACCEPT Iptables-a input-i tun0-j ACCEPT Iptables-a forward-i tun0-j ACCEPT Iptables-a Forward-o tun0-j ACCEPT Iptables-t nat-a postrouting-s 10.8.0.0/24-o eth0-j Masquerade Iptables-save
|
Client
The client needs to configure the certificate path that is generated on the server side, first downloading the packaged certificate file from the servers:
The code is as follows |
Copy Code |
SCP root@100.100.100.100:/root/keys.tgz./ TAR-ZXVF keys.tgz Vim 703n.ovpn 703n.ovpn |
The configuration is as follows:
The code is as follows |
Copy Code |
Client Remote 100.100.100.100 1194 Dev Tun Comp-lzo Ca/root/etc/openvpn/easy-rsa/2.0/keys/ca.crt Cert/root/etc/openvpn/easy-rsa/2.0/keys/client1.crt Key/root/etc/openvpn/easy-rsa/2.0/keys/client1.key Route-delay 2 Route-method exe Max-routes 3888 Redirect-gateway DEF1 Verb 3
|
So far, the current configuration file allows you to start OpenVPN and implement all traffic via VPN forwarding:
OpenVPN--config./703n.ovpn in order to achieve the intelligent distribution of traffic, but also in order to save the VPN traffic, can be implemented through the chnroutes, the Mac download Chnroutes and execute:
Python chnroutes.py-p Android generates two files vpnup.sh and vpndown.sh, removes the alias of the two file headers and downloads them to the router, adding the following settings at the bottom of the configuration file:
The code is as follows |
Copy Code |
Script-security 2 Up vpnup.sh Down vpndown.sh
|
OK, this time to start OpenVPN again, on the Mac traceroute Baidu and Twitter will find that traffic has been automatically distributed.