Home

Awesome

shadowsocks-openwrt

A package of shadowsocks for OpenWrt

latest version: shadowsocks-libev-1.0

Background

This is a OpenWrt's package description for shadowsocks-libev

Build from source

Download OpenWrt source from dev or SDK from downloads. And go to the root of the SDK or source. e.g.:

[OpenWrt-SDK]$ ls -l
total 76
-rw-r--r-- 1 haohaolee users    32 Aug 16  2011 Config.in
drwxr-xr-x 2 haohaolee users  4096 Dec 30 03:16 dl
drwxr-xr-x 2 haohaolee users  4096 Nov 26 11:41 docs
-rw-r--r-- 1 haohaolee users   567 Nov 26 19:03 feeds.conf.default
drwxr-xr-x 3 haohaolee users  4096 Nov 26 19:03 include
-rw-r--r-- 1 haohaolee users 17992 Aug 16  2011 LICENSE
-rw-r--r-- 1 haohaolee users  1161 Aug 16  2011 Makefile
drwxr-xr-x 4 haohaolee users  4096 Dec 28 18:12 package
-rw-r--r-- 1 haohaolee users   337 Aug 16  2011 README.SDK
-rw-r--r-- 1 haohaolee users  9563 Nov 26 11:41 rules.mk
drwxr-xr-x 4 haohaolee users  4096 Nov 26 11:41 scripts
drwxr-xr-x 5 haohaolee users  4096 Nov 26 19:03 staging_dir
drwxr-xr-x 3 haohaolee users  4096 Nov 26 19:03 target

[OpenWrt-SDK]$ git clone https://github.com/madeye/shadowsocks-openwrt.git package/shadowsocks-openwrt
...
[OpenWrt-SDK]$ make package/shadowsocks-openwrt/shadowsocks-libev/compile
...

Finally find your package in dir bin

Prebuilt ipk

You can download the latest prebuilt packages from http://buildbot.sinaapp.com. Currently, we only provide prebuilt packages for ar71xx and bcm47xx platforms.

Basic usage

Log into OpenWrt via SSH and edit the config file /etc/config/shadowsocks.json. Then start the service like this:

root@Wrt:~# /etc/init.d/shadowsocks start # start the daemon
root@Wrt:~# /etc/init.d/shadowsocks enable # enable startup at boot

Advanced usage

The latest shadowsocks-libev has provided a transparent mode. You can configure your router with IPTABLES to proxy all tcp traffic transparently.

# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS

# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN

# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345

# Apply the rules
root@Wrt:~# iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

# Start the shadowsocks-redir
root@Wrt:~# ss-redir -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid