Linux to create intelligent routing features detailed

Source: Internet
Author: User
Tags safe mode iptables firewall

List of required equipment:

A free mainframe.
A router that has already been brushed OpenWrt
A wire
A 2G USB drive.
Before you do this, make sure you have a router that has brushed the openwrt, then power the router and connect the router via a network cable:

Telnet 192.168.1.1 Set Password:

passwd and then exit to login with SSH:

Exitssh root@192.168.1.1 then modifies the wireless configuration of the route so that WiFi can be turned on:

Vim/etc/config/wireless Comment out option disabled 11 lines and set the encryption method and password for WiFi:

The code is as follows Copy Code
Config Wifi-device radio0
Option Type mac80211
Option Channel 11
Option Hwmode 11ng
Option path ' Platform/ar933x_wmac '
Option Htmode HT20
List Ht_capab short-gi-20
List Ht_capab short-gi-40
List Ht_capab RX-STBC1
List Ht_capab dsss_cck-40
# REMOVE This line to ENABLE WIFI:
# option Disabled 1

Config Wifi-iface
Option Device Radio0
Option Network LAN
Option Mode AP
Option SSID OpenWrt
Option Encryption Psk2
Option key ' Password '

Then modify the network configuration:

Vim/etc/config/network comment out option ifname ' eth0 ' and increase WAN port settings,

The code is as follows Copy Code
Config interface ' loopback '
Option ifname ' lo '
Option Proto ' Static '
Option ipaddr ' 127.0.0.1 '
Option netmask ' 255.0.0.0 '

Config globals ' globals '
Option Ula_prefix ' FD48:F746:E8A5::/48 '

Config interface ' LAN '
# OPTION ifname ' eth0 '
Option type ' bridge '
Option Proto ' Static '
Option ipaddr ' 192.168.1.1 '
Option netmask ' 255.255.255.0 '
Option Ip6assign ' 60 '

Config interface ' Wan '
OPTION ifname ' eth0 '
Option Proto ' DHCP '

Then restart the route, you can connect to the router via WiFi, at which point the route is routed through a network cable or a superior route can be used as a common router.

Reboot Safe Mode

If you cannot connect to the router due to an incorrect IP address configuration, you can go to the router's Safe mode for recovery:

1, unplug the router power
2, the use of the toothpick link power after the reset of the router to plug the button, when the router's light began to flash quickly indicates that has entered the safe mode
3. Safe mode does not load any configuration, so you also need to connect the router via Telnet 192.168.1.1 via the first mentioned method
4, Mount root partition: Mount_root
5, Erase the previous configuration: Firstboot
6. Set Password: passwd root
7, restart: reboot-f

You can then restart the configuration, if the process through the Firstboot erase configuration encountered errors, can be openwrt in the way to brush the machine to solve.

Prepare a U disk

I use only 2MB storage space, after the installation of OpenWrt, there is little space, if you want to install the follow-up mentioned OpenVPN and other software, it is obvious that space is not enough, but we can use USB port through the router to do the expansion.

I am here to 2G u disk 3 sections, 1G (primary, bootable, EXT4)/500MB (primary, swap)/500MB (primary, EXT4), the partition after the format, it completed a U disk preparation work, I do the following from the Ubuntu virtual machine in Mac:

The code is as follows Copy Code
Cfdisk/dev/sdb
Mkfs.ext4/dev/sdb1
Mkswap/dev/sdb2
Mkfs.ext4/dev/sdb3

After the U disk is ready, you can install the required software on the route:

The code is as follows Copy Code
OPKG Update
Opkg Install KMOD-USB2 KMOD-FS-EXT4
Opkg Install Kmod-usb-storage
Opkg Install Block-mount
Reboot

Then restart the router, and then configure Fstab to achieve the automatic Mount U disk partition:

The code is as follows Copy Code
Reboot
Vim/etc/config/fstab

Modify the following configuration:

The code is as follows Copy Code
Config ' Mount '
Option Target/mnt/usb
Option DEVICE/DEV/SDA1
Option Fstype EXT4
Option enabled 1

Config ' swap '
Option Device/dev/sda2
Option enabled 1

Config ' Mount '
Option Target/mnt/home
Option Device/dev/sda3
Option Fstype EXT4
Option enabled 1

And then reboot the router:

Reboot this is when you can see through df-h that the partitions are automatically mounted:

The code is as follows Copy Code

Df-h

FileSystem Size Used Available use% mounted on
Rootfs 1.1M 632.0K 456.0K 58%/
/dev/root 1.8M 1.8M 0 100%/rom
Tmpfs 14.1M 72.0K 14.1M 0%/tmp
/dev/mtdblock3 1.1M 632.0K 456.0K 58%/overlay
Overlayfs:/overlay 1.1M 632.0K 456.0K 58%/
Tmpfs 512.0K 0 512.0K 0%/dev
/DEV/SDA1 945.2M 11.0M 869.4M 1%/mnt/usb
/dev/sda3 451.5M 2.3M 421.5M 1%/mnt/home

Then do the following:

The code is as follows Copy Code
Mkdir/tmp/root
Mount-o bind//tmp/root
cp/tmp/root/*/mnt/usb-a
Umount/tmp/root
Rm-r/tmp/root

Then add Dest Usb/mnt/usb to the opkg.conf configuration, and then we can install the OpenVPN we need into USB:

The code is as follows Copy Code
Vim/etc/opkg.conf
OPKG Update
opkg--dest USB Install Openvpn-openssl
Ln-s/mnt/usb/usr/lib/libssl.so.1.0.0/usr/lib/
Ln-s/mnt/usb/usr/lib/libcrypto.so.1.0.0/usr/lib/
Ln-s/mnt/usb/usr/lib/liblzo2.so.2/usr/lib/
Ln-s/mnt/usb/usr/sbin/openvpn/usr/sbin/

You are ready to run OpenVPN:

OpenVPN--version because OpenVPN is installed in USB, subsequent boot OpenVPN will encounter a situation where the Tun module is not found, and then configure the Tun module:

The code is as follows Copy Code
Ln-s/mnt/usb/lib/modules/3.10.4/tun.ko/lib/modules/3.10.4/
Ln-s/mnt/usb/etc/modules.d/30-tun/etc/modules
Ln-s/mnt/usb/etc/modules.d/30-tun/etc/modules.d/
Modinfo Tun

Then we close the firewall and look at some of the default forwarding and NAT rules:

The code is as follows Copy Code
/etc/init.d/firewall stop
/etc/init.d/firewall Disable
Iptables-l-N--line-number
Iptables-t NAT-VNL postrouting--line-number

You can see that there is no forwarding rule at this time, so the device connected to the router is not able to surf the internet, configuring the route to automatically load the Tun module and adding forwarding rules each time the power cycle is restarted:

Vim/etc/rc.local Modify the following configuration:

The code is as follows Copy Code
Insmod Tun
Iptables-i Forward-o tun0-j ACCEPT
Iptables-t nat-a postrouting-s 192.168.1.0/24-j Masquerade
Iptables-save


Exit 0
So far your router has been able to access the Internet again, below we need to configure the OpenVPN and the flow of intelligent distribution, that is, configure which traffic to go VPN.

First we're going to configure OpenVPN, which includes two configurations, the server side and the client.

Service side

The code is as follows Copy Code
wget http://ipxcore.com/openvpn-debian-install.sh
chmod +x openvpn-debian-install.sh
./openvpn-debian-install.sh

Iptables-i input-p UDP--dport 1194-j ACCEPT
Iptables-i input-p TCP--dport 1194-j ACCEPT
Iptables-i input-p UDP--dport 443-j ACCEPT
Iptables-i input-p TCP--dport 443-j ACCEPT
Iptables-a input-i tun0-j ACCEPT
Iptables-a forward-i tun0-j ACCEPT
Iptables-a Forward-o tun0-j ACCEPT
Iptables-t nat-a postrouting-s 10.8.0.0/24-o eth0-j Masquerade
Iptables-save

Client

The client needs to configure the certificate path that is generated on the server side, first downloading the packaged certificate file from the servers:

The code is as follows Copy Code

SCP root@100.100.100.100:/root/keys.tgz./
TAR-ZXVF keys.tgz
Vim 703n.ovpn
703n.ovpn

The configuration is as follows:

The code is as follows Copy Code
Client
Remote 100.100.100.100 1194
Dev Tun
Comp-lzo
Ca/root/etc/openvpn/easy-rsa/2.0/keys/ca.crt
Cert/root/etc/openvpn/easy-rsa/2.0/keys/client1.crt
Key/root/etc/openvpn/easy-rsa/2.0/keys/client1.key
Route-delay 2
Route-method exe
Max-routes 3888
Redirect-gateway DEF1
Verb 3

So far, the current configuration file allows you to start OpenVPN and implement all traffic via VPN forwarding:

OpenVPN--config./703n.ovpn in order to achieve the intelligent distribution of traffic, but also in order to save the VPN traffic, can be implemented through the chnroutes, the Mac download Chnroutes and execute:

Python chnroutes.py-p Android generates two files vpnup.sh and vpndown.sh, removes the alias of the two file headers and downloads them to the router, adding the following settings at the bottom of the configuration file:

The code is as follows Copy Code
Script-security 2
Up vpnup.sh
Down vpndown.sh

OK, this time to start OpenVPN again, on the Mac traceroute Baidu and Twitter will find that traffic has been automatically distributed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.