我的openwrt配置
路由器: tp-link wr841n (v7)
优点:11n路由器,信号不错,价格便宜。
缺点:空间较小,只有4M。刷openwrt是没有图形配置界面了,只能手动ssh配置。
刷openwrt:
http://downloads.openwrt.org/snapshots/trunk/ar71xx/openwrt-ar71xx-generic-tl-wr841nd-v7-squashfs-factory.bin
配置记录:
1. 安装必要的工具diff,pstree,以方便改设置和检查。
# opkg update
# rm -f /usr/bin/cmp
# opkg install diffutils
# opkg install psmisc
弄完后,把diff和pstree备份,
# opkg remove psmisc diffutils
然后把备份还原。没有办法,路由器空间较少。
2. 安装拨vpn所需组件:
# opkg install pptp mppe kmod-ipt-nathelper-extra
其中,前两个是保证路由器上能拔VPN(PPTP)。
最后一个是使接入的设备也能拨,这个说起来容易,但出事的时候很难知道是缺了哪个包。
仔细google来google去看了很多页面才偶然找到。
3. 配置网络
配置文件/etc/config/network
配置拔号:
config interface wan
option ifname eth1
option proto pppoe
option username xxxxx@163.xx
option password PASSWORD
option peerdns 1
配置VPN:
config interface vpn
option ifname pptp-vpn
option proto pptp
option username the_username
option password the_password
option server 74.117.x.x
option defaultroute 0
编辑/etc/ppp/options.pptp 删除其中的 defaultroute
4. 配置路由,使得不同的IP可以走VPN出口,也可以走默认的pppoe拔号出口。
修改 /etc/firewall
config zone
option name wan
list network ‘wan’
list network ‘vpn’
5. 配置dns, 使得*.google.com为某个固定IP,然后这个IP走VPN出口,防止google被河蟹。
编辑 /etc/dnsmasq.conf
address=/.google.com/74.125.153.106
编辑 /etc/config/network
config route
option interface vpn
option target 8.8.0.0
option netmask 255.255.0.0
config route
option interface vpn
option target 74.125.153.0
option netmask 255.255.255.0
由于google一个IP可以实现所有服务,因此这样配置是可以的。搜索,邮件啥的都不会有事。
6. 加速app store下载:
在/etc/hosts中:
203.69.113.238 itunes.apple.com
203.69.113.137 ax.init.itunes.apple.com
203.69.113.174 ax.su.itunes.apple.com
在 /etc/dnsmasq.conf 中:
address=/.phobos.apple.com/203.69.113.128
7. 使twitter和facebook的IP解析不被河蟹:
在/etc/dnsmasq.conf中:
server=/.facebook.com/8.8.8.8
server=/.twitter.com/8.8.8.8
注意前面已经设置了8.8.*.*走VPN出口,不担心它本身被河蟹。
暂时没时间进一步配置使它们解析后的地址走VPN了,反正已经不上了。
不过用类似前面GOOGLE的方式可以做到,只是要多写一些IP地址。
8. 增加一个普通用户,配置外部网SSH连接:
add @ /etc/shells
/bin/false
add @ /etc/passwd:
test1:*:1001:1001:test1:/home/test1:/bin/false
add @ /etc/group:
test1:x:1001:
#mkdir -p /home/test1/.ssh
#chown test1.test1 /home/test1
#chown test1.test1 /home/test1/.ssh
#chmod 0700 /home/test1
#chmod 0700 /home/test1/.ssh
#cp some-id-file.pub /home/test1/.ssh/authorized_keys
#chown test1.test1 /home/test1/.ssh/authorized_keys
#chmod 0600 /home/test1/.ssh/authorized_keys
add @ /etc/firewall
config redirect
option src wan
option src_dport 220
option dest lan
option dest_port 22
option proto tcp
9. 安装简单http服务器,使得可以看一些基本信息,并承载proxy.pac
#opkg install uhttpd
#/etc/init.d/uhttpd start
#cd /www
/www# ln -s /var/dhcp.leases dhcp.leases.txt
/www# vim proxy.pac
Interesting stuff you posted here. I was lucky to find your blog seems it was too useful to read on. I give you a thumbs up it…Good job!
site Vertical Blinds
Interesting though! Brilliant idea,the following data that you posted are not easy to made huh. I think you did a very successful configuring your openwrt,good job. Thanks for sharing your knowledge this is such a great help and useful to us.
Good that I am enjoying that stuff that was indulge here. Very interesting stuff and I will look forward on it. Thank!
Brilliant idea, the following data that you posted are not easy to made it..this is great ..your so talented ..I’m proud of you…Thank you
Somehow I am having fun reading on your blog very informative. Thanks!
I just came across in this blog and I was lucky to find your blog seems it was too useful to read on.Keep on posting.
Thanks for sharing,you have a good article.I like it, I’m looking forward to read Other articles..KEEP IT UP!!!
I was lucky to find your blog seems it was too useful to read on. I give you a thumbs up it…Good job! Sounds pretty cool stuff to be.
african mango