forked from zw963/asuswrt-merlin-transparent-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ss+udprelay
executable file
·139 lines (110 loc) · 5.04 KB
/
ss+udprelay
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/bash
self="$(curl -sS https://raw.githubusercontent.com/zw963/deployment_bash/v0.3.7/deploy_start.sh)" && eval "$self"
export target=$1
if [ ! -e ./route/opt/etc/shadowsocks.json ];then
echo '请首先定义 route/opt/etc/shadowsocks.json'
exit
fi
copy route/opt/etc/dnsmasq.d/foreign_domains.conf /opt/etc/dnsmasq.d/foreign_domains.conf
copy route/opt/etc/iptables.sh /opt/etc
copy route/opt/etc/toggle_proxy.sh /opt/etc
copy route/opt/etc/patch_dnsmasq /opt/etc
copy route/opt/etc/restart_dnsmasq /opt/etc
copy route/opt/etc/shadowsocks.json /opt/etc
copy route/opt/etc/localips /opt/etc
copy route/opt/etc/update_ip_whitelist /opt/etc
copy route/opt/etc/update_dns_whitelist /opt/etc
[ -e route/opt/etc/user_ip_whitelist.txt ] && copy route/opt/etc/user_ip_whitelist.txt /opt/etc
[ -e route/opt/etc/user_domain_name_whitelist.txt ] && copy route/opt/etc/user_domain_name_whitelist.txt /opt/etc
deploy_start
/opt/etc/toggle_proxy.sh disable
# ----------------------------------------------------
#
# 下面的脚本会在远程路由器之上执行, 请根据所需,酌情修改。
#
# ---------------------------------------------------
# 如果第一次运行本脚本, 请务必初始化 entware 包管理系统.
# ssh 登陆路由器, 执行 entware-setup.sh, 选择 1'
if ! opkg update; then
echo "Run \`opkg update' failed."
echo "Run \`entware-setup.sh' to initalize entware-ng!"
exit
fi
if ! modprobe xt_TPROXY; then
echo "Router not support udp relay, try use \`ss+chinadns' to deploy."
exit
fi
# 如果不存在 ipset (例如 AC66U), 首先安装 ipset4
which ipset &>/dev/null || opkg install ipset4
# 添加 AC87U 的 ipset protocal version 6 的 iptables/ipset 支持.
ipset_protocal_version=$(ipset -v |grep -o 'version.*[0-9]' |head -n1 |cut -d' ' -f2)
set -e
opkg install libc libssp libev libmbedtls libpcre libpthread libsodium haveged zlib libopenssl
if opkg find shadowsocks-libev |grep -qs -e '.*'; then
opkg install shadowsocks-libev
elif opkg find shadowsocks-libev-ss-redir |grep -qs -e '.*'; then
opkg install shadowsocks-libev-ss-redir
fi
# opkg install bind-dig
if [ "$ipset_protocal_version" == 6 ]; then
# AC87U 无需安装新版的 iptables/ipset
echo 'skip install iptables'
else
# AC66U, 需要额外安装新版的 iptables
opkg install iptables
fi
# ----------------------------------------------------
#
# 下面执行一些脚本检查与替换。
#
# ---------------------------------------------------
# 确保 shadowsocks.json 中的 local_address 替换为路由器 ip 地址。
replace_regex '"local_address".*' '"local_address":'"\"$targetip\"," /opt/etc/shadowsocks.json
# 直接使用 8.8.8.8#53 查询 DNS, 目标地址会通过 ss-redir 转发到 ss-server 执行.
replace_regex 'server=/#/.*' 'server=/#/8.8.8.8#53' /opt/etc/dnsmasq.d/foreign_domains.conf
# 开启 udp delay
replace_string 'ARGS="-c /opt/etc/shadowsocks.json"' 'ARGS="-u -c /opt/etc/shadowsocks.json"' /opt/etc/init.d/S22shadowsocks
# 默认 shadowsocks 启动脚本使用 ss-redir 而不是 ss-local, 端口 1080.
replace_string ss-local ss-redir /opt/etc/init.d/S22shadowsocks
# ----------------------------------------------------
#
# 启动所需的脚本
#
# ---------------------------------------------------
# 每隔 1 分钟检测下所有的服务是否运行.
add_service wan-start 'cru a run-services "*/1 * * * *" "/jffs/scripts/services-start"'
# 每隔 3 分钟检测下 iptables 是否失效.
add_service wan-start 'cru a run-iptables "*/3 * * * *" "/opt/etc/iptables.sh"'
# 星期一的 3:25 分升级 IP 白名单.
chmod +x /opt/etc/update_ip_whitelist && /opt/etc/update_ip_whitelist
add_service wan-start 'cru a update_ip_whitelist "25 3 * * 2" "/opt/etc/update_ip_whitelist"'
# 星期一的 3:15 分升级域名白名单.
chmod +x /opt/etc/update_dns_whitelist && /opt/etc/update_dns_whitelist
add_service wan-start 'cru a update_dns_whitelist "15 3 * * 2" "/opt/etc/update_dns_whitelist"'
set +e
/jffs/scripts/services-stop
set -e
/jffs/scripts/services-start
chmod +x /opt/etc/patch_dnsmasq && /opt/etc/patch_dnsmasq
# 在所有服务启动之后, 运行 /opt/etc/patch_dnsmasq, 为 dnsmasq 追加配置, 并重启 dnsmasq 服务.
add_service services-start '
if [ ! -f /tmp/patch_dnsmasq_is_run ];then
/opt/etc/patch_dnsmasq && touch /tmp/patch_dnsmasq_is_run
fi
'
echo '貌似部署成功了!'
echo
echo '如果无法翻墙, 按照下列步骤查错:'
echo '1. 断掉已连接的 WiFi, 并重新连接, 看看是否可以翻墙.'
echo '2. 保持 U 盘, 重启路由器, 并等待片刻, 看看是否可以翻墙.'
echo '3. 检查 /opt/etc 下配置文件, 并运行 /jffs/scripts/services-stop; /jffs/scripts/services-start 重启所有服务'
echo
echo '如果需要重新部署.'
echo '1. 进入管理界面, 选择格式化 jffs, 并重启'
echo '2. 使用 entware-setup.sh 重新初始化包管理系统'
echo '3. 使用本脚本再次部署'
echo
echo '如果无法连接路由器.'
echo '1. 拔下 U 盘, 重启, 尝试重新连接路由器'
echo '2. 进入管理界面, 选择格式化 jffs, 并重启'
# reboot