Acris
commented
5 years ago 不需要额外配置。
你的服务端有启用v2ray-plugin吗?如果没有的话,config.json中关于插件的配置要移除。
如果还是无法正常试用,执行ipset list和iptables -t nat -L命令然后贴一下结果。
Closed hiwanz closed 5 years ago
Acris
commented
5 years ago 不需要额外配置。
你的服务端有启用v2ray-plugin吗?如果没有的话,config.json中关于插件的配置要移除。
如果还是无法正常试用,执行ipset list和iptables -t nat -L命令然后贴一下结果。
hiwanz
commented
5 years ago 还是不行,相关配置如下:
shadowsocks/config.json 打码了
{
"server": "***",
"server_port": 13579,
"local_address": "0.0.0.0",
"local_port": 1080,
"password": "***",
"timeout": 600,
"method": "aes-256-cfb",
"mode": "tcp_and_udp",
}ss-merlin.conf
# Route mode
## 0: GFW list.
## 1: Bypass mainland China.
## 2: Global mode.
mode=0
# UDP support
## 0: Disable UDP.
## 1: Enable UDP, require server side support.
udp=0ipset list
Name: usergfwlist
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 60
References: 1
Number of entries: 0
Members:
Name: localips
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 1380
References: 1
Number of entries: 19
Members:
192.0.0.0/24
127.0.0.0/8
203.0.113.0/24
255.255.255.255
192.52.193.0/24
192.31.196.0/24
10.0.0.0/8
198.51.100.0/24
100.64.0.0/10
224.0.0.0/4
192.88.99.0/24
192.0.2.0/24
192.168.0.0/16
169.254.0.0/16
172.16.0.0/12
198.18.0.0/15
240.0.0.0/4
0.0.0.0/8
192.175.48.0/24
Name: whitelist
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 220
References: 1
Number of entries: 4
Members:
119.29.29.29
47.96.179.163
118.89.110.78
162.245.239.74iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
VSERVER all -- anywhere 192.168.1.3
SS_PREROUTING all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
SS_OUTPUT all -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
PUPNP all -- anywhere anywhere
MASQUERADE all -- !192.168.1.3 anywhere
MASQUERADE all -- 192.168.10.0/24 192.168.10.0/24
Chain DNSFILTER (0 references)
target prot opt source destination
Chain LOCALSRV (0 references)
target prot opt source destination
Chain PCREDIRECT (0 references)
target prot opt source destination
Chain PUPNP (1 references)
target prot opt source destination
Chain SHADOWSOCKS_TCP (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere match-set localips dst
RETURN all -- anywhere anywhere match-set whitelist dst
RETURN all -- anywhere anywhere match-set userwhitelist dst
REDIRECT tcp -- anywhere anywhere match-set gfwlist dst redir ports 1080
REDIRECT tcp -- anywhere anywhere match-set usergfwlist dst redir ports 1080
Chain SS_OUTPUT (1 references)
target prot opt source destination
SHADOWSOCKS_TCP tcp -- anywhere anywhere
Chain SS_PREROUTING (1 references)
target prot opt source destination
SHADOWSOCKS_TCP tcp -- 192.168.0.0/16 anywhere
Chain VSERVER (1 references)
target prot opt source destination
VUPNP all -- anywhere anywhere
Chain VUPNP (1 references)
target prot opt source destination
DNAT udp -- anywhere anywhere udp dpt:44026 to:192.168.10.249:44026貌似是因为GFW list模式下没有ipset add gfwlist ${ip}?
Acris
commented
5 years ago gfwlist这个ipset中的IP是由dnsmasq来处理的。
检查下是否存在/opt/share/ss-merlin/etc/dnsmasq.d/dnsmasq_gfwlist_ipset.conf这个文件(末尾不带bak),然后查看下文件是否有内容。
如不存在,则执行下sh /opt/share/ss-merlin/scripts/update_gfwlist.sh,然后再重启ss-merlin。
hiwanz
commented
5 years ago 我看过代码,尝试执行了update_gfwlist.sh和apply_iptables_rule.sh,过程都正常没有报错,ss-merlin restart后依然不行
admin@RT-AC68U:/tmp/mnt/asusware/entware/share/ss-merlin/etc/dnsmasq.d# ll
-rw-rw-rw- 1 admin root 2145251 Aug 1 21:39 accelerated-domains.china.conf
-rw-rw-rw- 1 admin root 2339888 Aug 1 03:15 accelerated-domains.china.conf.bak
-rw-rw-rw- 1 admin root 3589 Aug 1 21:39 apple.china.conf
-rw-rw-rw- 1 admin root 3844 Aug 1 03:15 apple.china.conf.bak
-rw-rw-rw- 1 admin root 163390 Aug 1 21:39 dnsmasq_gfwlist_ipset.conf
-rw-rw-rw- 1 admin root 163390 Aug 1 22:09 dnsmasq_gfwlist_ipset.conf.bak
-rw-rw-rw- 1 admin root 2380 Aug 1 21:39 google.china.conf
-rw-rw-rw- 1 admin root 2554 Aug 1 03:15 google.china.conf.bak
-rw-rw-rw- 1 admin root 25 Jul 28 13:22 through_unbound.conf看起来gfwlist列表没问题。
尝试执行一下ipset list gfwlist,看一下输出。
如果输出正常,尝试清理下你电脑的DNS缓存再试,如果是Windows系统可以用ipconfig /flushdns。
如果还是不行,可以贴一下无法连接的具体错误,例如使用Chrome浏览器打开www.google.com,看看提示是TIMED_OUT还是CONNECTION_RESET还是DNS相关错误?
hiwanz
commented
5 years ago ipset list gfwlist跟前面usergfwlist的内容一样Number of entries: 0,所以我当时才会去看代码并执行update_gfwlist.sh
Acris
commented
5 years ago 数量为0代表DNS请求没有走dnsmasq,只有访问了gfwlist里面的网址才会把对应IP加入ipset。 尝试过清除过DNS缓存吗?另外使用chrome访问谷歌会提示什么呢?
hiwanz
commented
5 years ago 你提醒了我,我路由器里手动指定了DNS导致请求没有走dnsmasq,去掉路由器DNS设置后现在gfwlist有ip了,可以正常翻墙了,如果我需要自定义的DNS怎么办?
Acris
commented
5 years ago 请问你是要自定义国内的DNS还是国外的DNS?
hiwanz
commented
5 years ago 我自己内网建了个DNS做内网域名解析用的
hiwanz
commented
5 years ago 目前我的解决办法是在/opt/share/ss-merlin/etc/dnsmasq.d/下加个localdns.conf配置,指定内网域名的dns服务器即可解决。
为方便其他不了解dnsmasq配置语法的同学,我写个范例如下:
server=/.xxx.com/192.168.10.254意思*.xxx.com域名都通过IP为192.168.10.254的dns服务器进行解析
Acris
commented
5 years ago @hiwanz 现在可以通过ss-merlin upgrade命令升级到最新版本后,在ss-merlin.conf中配置china_dns_ip来指定国内域名默认的DNS Server,无需改动dnsmasq配置文件。
https://github.com/Acris/shadowsocks-asuswrt-merlin/blob/master/etc/ss-merlin.sample.conf#L20
环境:RT-AC68U+官方梅林固件384.12 问题:整个安装过程都很顺利,设置了shadowsocks配置config.json,shadowsocks的配置在ss客户端里是能翻墙的,默认ss-merlin.conf为GFW list模式,ss-merlin start正常启动,但是好像没办法翻墙,需要什么额外的配置么?