OpenWRT route configuration skills
Recently, Google has been completely inaccessible in China, making it more demanding to access the network through VPN. The method described in this article can enable a common route to stably connect to the VPN, in addition, you can select domestic and foreign lines to access the website based on the target, so as to obtain a Wi-Fi environment that has no restrictions or affects the speed. devices connected to the network can access the internet securely without any configuration, no inconvenience.
Chnroutes route table
This route table centralizes all IP segments allocated to mainland China, which are automatically updated daily according to the http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest so that they do not pass through the VPN when accessing domestic addresses.
Think about Cool if you can allow the home route to directly connect to the VPN, and all devices connected to WiFi at home can directly achieve the Fan wall effect, so recently in a treasure of a Netgear WNDR3800 second-hand routing back, has been in the DD-WRT and OpenWRT successfully configured VPN + chnroutes, and finally chose OpenWRT.
DD-WRT vs OpenWRT
About DD-WRT and OpenWRT, I choose OpenWRT mainly because the DD-WRT ROM integrated software too much, the vast majority of not, to configure jffs2 to save the script file, general configuration is saved in nvram, in addition, wireless connectivity is unstable, and 5G frequency bands are often unavailable (of course, this may be a problem with the support of my vro model ). The Configuration File Syntax of OpenWRT is unified, and all the configurations are stored in the file system, and ROM itself only integrates the necessary components, which is very small and can only install what is needed, the WEB management interface is also optional for installation. It is simple and powerful and has been stable for several days.
Configuration
If you have configured OpenWRT to access the Internet, you can skip 1. Brush ROM and 2. Initial Configuration.
1. Brush ROM
A. first make sure that your device can be supported by OpenWRT (here you can view the list of supported devices: http://wiki.openwrt.org/toh/start), and then download the compiled ROM: http://downloads.openwrt.org/here /. The latest stable version is attitude_adjustment (12.09). I downloaded the trunk version.
B. On the OpenWRT official website to find the corresponding device Wiki page to view the flash method, is generally in the router official Web firmware upgrade page directly brush into (My WNDR3800 Wiki page is: http://wiki.openwrt.org/toh/netgear/wndr3800)
2. Initial Configuration
A. after the vro is started, some models do not have a Wi-Fi module installed. You need to first connect to the LAN port with a network cable. the IP address of the local machine is configured as static 192.168.1.x, then telnet to 192.168.1.1, change the root password, and then connect to the ssh client, reference: http://wiki.openwrt.org/doc/start#configuring.openwrt
B. Configure the WAN port to connect the route to the Internet, refer to: http://wiki.openwrt.org/doc/howto/internet.connection.
For example, to configure PPPoE:
uci set network.wan.proto=pppoeuci set network.wan.username='yougotthisfromyour@isp.su'uci set network.wan.password='yourpassword'uci commit networkifup wan
C. Install the LuCI Web management interface and set the boot automatic start, see: http://wiki.openwrt.org/doc/howto/luci.essentials
opkg updateopkg install luci/etc/init.d/uhttpd start/etc/init.d/uhttpd enable
D. Enter the LAN-side IP address of the router in the browser (mostly 192.168.1.1) for Wifi configuration.
3. Configure DNS
A. Create/etc/config/sec_resolv.conf
vim /etc/config/sec_resolv.conf
Enter the following DNS Servers:
nameserver 8.8.8.8nameserver 8.8.4.4nameserver 208.67.222.222
B. edit/etc/config/dhcp.
vim /etc/config/dhcp
Find the option resolvfile option and replace it:
option resolvfile '/etc/config/sec_resolv.conf'
4. Configure PPTP
A. Install ppp-mod-pptp
opkg updateopkg install ppp-mod-pptp
If you need LuCI support (recommended ):
opkg install luci-proto-ppp
B. Configure the vpn interface, edit the/etc/config/network file, and configure the server, username, and password:
config 'interface' 'vpn' option 'ifname' 'pptp-vpn' option 'proto' 'pptp' option 'username' 'vpnusername' option 'password' 'vpnpassword' option 'server' 'vpn.example.org or ipaddress' option 'buffering' '1'
C. Go to Network-> Firewall and add the vpn to the wan zone.
D. Go to Network-> Interfaces. The VPN Interface is displayed and can be connected.
E. In this case, traceroute www.google.com on the local machine should be able to get the following results:
FL-MBP:~ fatlyz$ traceroute www.google.com traceroute: Warning: www.google.com has multiple addresses; using 74.125.239.113 traceroute to www.google.com (74.125.239.113), 64 hops max, 52 byte packets 1 fc_r0.lan (192.168.7.1) 2.266 ms 0.999 ms 0.946 ms 2 10.7.0.1 (10.7.0.1) 189.259 ms 187.813 ms 188.368 ms 3 23.92.24.2 (23.92.24.2) 189.847 ms 190.489 ms 188.939 ms 4 10ge7-6.core3.fmt2.he.net (65.49.10.217) 188.508 ms 192.216 ms 202.863 ms 5 10ge10-1.core1.sjc2.he.net (184.105.222.14) 195.695 ms 195.691 ms 284.242 ms 6 72.14.219.161 (72.14.219.161) 189.196 ms 192.287 ms 193.220 ms 7 216.239.49.170 (216.239.49.170) 192.496 ms 188.547 ms 189.881 ms 8 66.249.95.29 (66.249.95.29) 190.125 ms 190.335 ms 190.026 ms 9 nuq05s01-in-f17.1e100.net (74.125.239.113) 189.804 ms 190.556 ms 190.242 ms
It can be seen that the second hop is the gateway of the VPN, and the second hop of traceroute www.baidu.com should also be the same result.
Now, you can access sites at home and abroad, such as Google and Baidu.
5. Configure chnroutes
A. Go to the chnroutes project download page: http://chnroutes-dl.appspot.com/download linux.zip, unzip
B. Rename ip-pre-up to chnroutes. sh and open the edit. In if [! -E/tmp/vpn_oldgw]; Insert the following code before then to avoid repeated ppp connection script execution, resulting in repeated route table entries:
if [ $OLDGW == 'x.x.x.x' ]; then exit 0fi
X. x is the VPN gateway. You can check the gateway address after the local machine is connected.
C. Connect to the vro through ssh and run the following command:
cd /etc/config/mkdir pptp-vpncd pptp-vpnvim chnroutes.sh
Paste the edited chnroutes. sh file in vim (of course, you can also directly upload the chnroutes. sh file through ssh, or upload it to a certain place before wget download)
Run the following command to set the permission to executable:
chmod a+x chnroutes.sh
D. Use vim to edit the/lib/netifd/ppp-up file:
vim /lib/netifd/ppp-up
Insert the following content before the [-d/etc/ppp/ip-up.d] & {line to ensure that the ppp connection script is executed:
sh /etc/config/pptp-vpn/chnroutes.sh
E. restart the route. After the router is started, go to LuCI to check the interface status. After the WAN and VPN are connected successfully, go to ssh and run route-n | head-n 10. The effect should be similar to this:
root@FC_R0:/etc/config# route -n | head -n 10 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.7.0.1 0.0.0.0 UG 0 0 0 pptp-vpn 1.0.1.0 58.111.43.1 255.255.255.0 UG 0 0 0 pppoe-wan 1.0.2.0 58.111.43.1 255.255.254.0 UG 0 0 0 pppoe-wan 1.0.8.0 58.111.43.1 255.255.248.0 UG 0 0 0 pppoe-wan 1.0.32.0 58.111.43.1 255.255.224.0 UG 0 0 0 pppoe-wan 1.1.0.0 58.111.43.1 255.255.255.0 UG 0 0 0 pppoe-wan 1.1.2.0 58.111.43.1 255.255.254.0 UG 0 0 0 pppoe-wan 1.1.4.0 58.111.43.1 255.255.252.0 UG 0 0 0 pppoe-wan
The default route for Destination 0.0.0.0 is used, and the gateway is the VPN gateway, which means that the default traffic goes through the VPN. The following entries point the domestic network segment to the gateway provided by the ISP.
Now, pptp vpn and chnroutes have been configured.
6. Configure Automatic reconnection for VPN disconnection
A. Create/etc/config/pptp-vpn/status-check.sh:
vim /etc/config/pptp-vpn/status-check.sh
Paste the following content in vim (this script detects the VPN connection status and disconnects the WAN and vpn interfaces after the disconnection, and reconnects the WAN 10 seconds later, and re-connect to the VPN in 30 seconds ):
#!/bin/shif [ -f "/tmp/vpn_status_check.lock" ]then exit 0fiVPN_CONN=`ifconfig | grep pptp-vpn`if [ -z "$VPN_CONN" ]then touch /tmp/vpn_status_check.lock echo WAN_VPN_RECONNECT at: >> /tmp/vpn_status_check_reconn.log date >> /tmp/vpn_status_check_reconn.log ifdown vpn ifdown wan sleep 10 ifup wan sleep 30 ifdown vpn sleep 10 ifup vpn sleep 40 rm /tmp/vpn_status_check.lockelse date > /tmp/vpn_status_check.logfi
Run the following command to set the permission to executable:
chmod a+x /etc/config/pptp-vpn/status-check.sh
B. Enter the LuCI System-> Scheduled Tasks and enter the following content and save it:
*/1 * * * * /etc/config/pptp-vpn/status-check.sh
The above is actually the cron configuration edited. cron runs the detection/reconnection script every minute and restarts cron:
/etc/init.d/cron restart
C. Wait a few minutes and check the/tmp directory. You can see the vpn_oldgw and vpn_status_check.log files and the vpn_status_check.log files. You can see the last time the VPN connection status was detected.
root@FC_R0:/tmp# ls vpn*vpn_oldgw vpn_status_check.logroot@FC_R0:/tmp# cat vpn_status_check.log Tue Jul 15 00:04:02 HKT 2014root@FC_R0:/tmp#
You can disconnect the VPN interface in LuCI and observe the reconnection between WAN and VPN in the next 4-5 minutes.
D. traceroute www.google.com and www.baidu.com respectively. Observe the second hop address:
FL-MBP:~ fatlyz$ traceroute www.google.com | head -n 3traceroute: Warning: www.google.com has multiple addresses; using 74.125.239.115traceroute to www.google.com (74.125.239.115), 64 hops max, 52 byte packets 1 fc_r0.lan (192.168.7.1) 2.161 ms 0.912 ms 0.895 ms 2 10.7.0.1 (10.7.0.1) 193.747 ms 187.789 ms 289.744 ms 3 23.92.24.2 (23.92.24.2) 259.323 ms 354.625 ms 408.535 ms
FL-MBP:~ fatlyz$ traceroute www.baidu.com | head -n 3traceroute to www.a.shifen.com (180.76.3.151), 64 hops max, 52 byte packets 1 fc_r0.lan (192.168.7.1) 1.190 ms 0.984 ms 0.731 ms 2 58.111.43.1 (58.111.43.1) 20.616 ms 38.822 ms 18.484 ms 3 183.56.35.133 (183.56.35.133) 20.056 ms 52.353 ms 87.841 ms
It can be seen that the destination address at home and abroad has been successfully selected for routing.
Now, the basic configuration, pptp vpn, chnroutes, and automatic reconnection of OpenWRT routes are complete.