Today one night to try a bit wifi quarters made transparent proxy. After untold hardships finally succeeded, so I decided to share out of this experience, maybe can help some people.

ready

I used here is the hand of the WRT1200AC LinkSys router, brush into the latest version of OpenWRT firmware 18.06.1. It is recommended to use a high-performance router WRT series, such as TPLink or other weak performance models, V2Ray may not run smoothly.

You will also have a corresponding version of the V2Ray precompiled. This is my router SoC ARMv7, so download the ARM version, which use the compiled version ARMv7 may be some performance to optimize it.

In addition In addition, is the top priority, you need to have a server V2Ray available.

Client Configuration

Screen

First install Screen, which allows V2Ray run in the background. Installation command as follows:

opkg updateopkg install screen

V2Ray Configuration

This is the configuration file I use. Inbound routing and in which only an arbitrary portion of the door is important. Inbound any door is a must, it receives iptables forwarded to the traffic, and then decide where to route part of the traffic to go.

{Log: {loglevel: warning}, inbounds: [{port: 1080, listen: 0.0.0.0, tag: socks-inbound, protocol: socks, settings: {auth: noauth, udp: false, ip: 127.0.0.1} }, {domainOverride: [tls, http], port: 10086, protocol: dokodemo-door, settings: {network: tcp, followRedirect: true}, tag: door}], outbounds: [{protocol: vmess, settings: { vnext: [{address: [server address], port: [server port], users: [{id: [UUID], alterId: [alterId], security: auto, level: 0}]}]}, tag: server }, {protocol: freedom, settings: {}, tag: direct}, {protocol: blackhole, settings: {}, tag: blocked}], routing: {domainStrategy: IPOnDemand, rules: [{type: field, outboundTag: direct, domain: [geosite: cn]}, {type: chinaip, outboundTag: direct, ip: [geoip: cn, geoip: private]}]}, dns: {hosts: {}, servers: [8.8.8.8, 1.1.1.1, 9.9.9.9, localhost]}}

Note that the first element of the master station is provided in a station set, i.e., outside the traffic routing rules automatically take the server station, i.e. the agent to go. Only when the match is only to domestic sites or servers directly connected.

To make v2ray start automatically, insert the next line in front of the /etc/rc.local last exit:

sleep 10screen -dmS v2ray v2ray path []/v2ray -config [path] /config.json provided v2ray

Wherein the sleep waiting for a router to connect to external networks.

iptables

As used herein iptable operate forwarded traffic. Configuration is as follows:

iptables -t nat -N V2RAY iptables -t nat -A V2RAY -d [your server ip] -j RETURN iptables -t nat -A V2RAY -d 0.0.0.0/8 -j RETURN iptables -t nat -A V2RAY - d 10.0.0.0/8 -j RETURN iptables -t nat -A V2RAY -d 127.0.0.0/8 -j RETURN iptables -t nat -A V2RAY -d 169.254.0.0/16 -j RETURN iptables -t nat -A V2RAY -d 172.16.0.0/12 -j RETURN iptables -t nat -A V2RAY -d 192.168.0.0/16 -j RETURN iptables -t nat -A V2RAY -d 224.0.0.0/4 -j RETURN iptables -t nat -A V2RAY -d 240.0.0.0/4 -j RETURN iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 10086 iptables -t nat -A PREROUTING -p tcp -j V2RAY

It should be noted that the second line. Avoid your server ip also be forwarded, which would form a cycle, the potential consequences include slow speeds or are they not over the wall.

test

Reboot the router to see the effect. Remember to turn off your circumvention software on your computer.

user terminal

I encountered a problem during a test: DNS pollution. Even over the wall already built a system, but is prompted DNS server can not resolve the IP address of youtube.com when watching youtube. So my solution is to have a router built-in DNS server, use SecDNS or otherwise forwarded, or query the correct DNS resolution results. It is recommended that the DNS server has Google's 8.8.8.8, IBM's 9.9.9.9, as well as just knowing 1.1.1.1.

summary

I'm trying the whole time came smoothly, with the exception stuck in the forward Iptables. A reference to the start kiri chiefs article, found that does not work, then go online now to learn iptables. Found this article, iptables that part basically according to this come. In short, whatever the outcome is somehow, but the effect is almost good, on the issue here. On the one hand it is to share, on the one hand it is a reminder of deposit.