search

Waujito / youtubeUnblock

Bypasses Deep Packet Inspection (DPI) systems that rely on SNI
GNU General Public License v3.0
671 stars 44 forks source link

Proxmox OpenWRT #49

Open General13K7 opened 1 month ago

General13K7 commented 1 month ago

Доброго дня. Будет ли работать это решение если нет физического роутера для openwrt а например поднять его в контейнере Proxmox ? Спасибо

Waujito commented 1 month ago

Мы же с вами сейчас в тг это обсуждали?

General13K7 commented 1 month ago

Да мы там говорили, я просто не сразу увидел по ТГ возможность пообщаться)

memearchivarius commented 1 month ago

У меня как раз в проксмокс поднят опенврт с прокси-сервером и это решение с горем пополам работает)

General13K7 commented 1 month ago

У меня как раз в проксмокс поднят опенврт с прокси-сервером и это решение с горем пополам работает)

@memearchivarius Я вчера поднял это тоже с горе по полам, сегодня вот только вернусь домой ибо делал через VPN. Я просто не совсем теперь понимаю ибо не силен в маршрутизации и сети, этот openwrt это же не мой основной роутер и не dhcp сервер скорее всего ибо наверное был бы конфликт dhcp серверов. Он просто получает в виртуалке по одному интерфейсу виртуальному мою сеть а по другому виртуальному куда-то отправляет уже свою сеть .

Как направить через это все именно мой ТВ, у него же нет прокси, это не андройд, просто webos.

Я по гуглил, все видел комменты мол поднимите свою виртуалку на openwrt и будет вам счастье с ТВ

General13K7 commented 1 month ago

В сеть этого openwrt я пустил свой комп он получил внутренний 192.168.1.х но YouTube как замедленный был так и остался - не ясно работает ли сам плагин или нет

Waujito commented 1 month ago

counter увеличивается? nft list chains inet

General13K7 commented 1 month ago

сделал вашу команду

nft list chains inet table inet fw4 { chain input { type filter hook input priority filter; policy drop; } chain forward { type filter hook forward priority filter; policy drop; } chain output { type filter hook output priority filter; policy accept; } chain prerouting { type filter hook prerouting priority filter; policy accept; } chain handle_reject { } chain syn_flood { } chain input_lan { } chain output_lan { } chain forward_lan { } chain helper_lan { } chain accept_from_lan { } chain accept_to_lan { } chain input_wan { } chain output_wan { } chain forward_wan { } chain accept_to_wan { } chain reject_from_wan { } chain reject_to_wan { } chain dstnat { type nat hook prerouting priority dstnat; policy accept; } chain srcnat { type nat hook postrouting priority srcnat; policy accept; } chain srcnat_wan { } chain raw_prerouting { type filter hook prerouting priority raw; policy accept; } chain raw_output { type filter hook output priority raw; policy accept; } chain mangle_prerouting { type filter hook prerouting priority mangle; policy accept; } chain mangle_postrouting { type filter hook postrouting priority mangle; policy accept; } chain mangle_input { type filter hook input priority mangle; policy accept; } chain mangle_output { type route hook output priority mangle; policy accept; } chain mangle_forward { type filter hook forward priority mangle; policy accept; } }

Waujito commented 1 month ago

А, так вы правила не добавили. Смотрите README.md (секция nftables)

General13K7 commented 1 month ago

проделал две команды из nft

root@OpenWrt:~# nft add rule inet fw4 mangle_forward tcp dport 443 ct original "packets < 20" counter queue num 537 bypass root@OpenWrt:~# nft insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept

nft list chains inet table inet fw4 { chain input { type filter hook input priority filter; policy drop; } chain forward { type filter hook forward priority filter; policy drop; } chain output { type filter hook output priority filter; policy accept; } chain prerouting { type filter hook prerouting priority filter; policy accept; } chain handle_reject { } chain syn_flood { } chain input_lan { } chain output_lan { } chain forward_lan { } chain helper_lan { } chain accept_from_lan { } chain accept_to_lan { } chain input_wan { } chain output_wan { } chain forward_wan { } chain accept_to_wan { } chain reject_from_wan { } chain reject_to_wan { } chain dstnat { type nat hook prerouting priority dstnat; policy accept; } chain srcnat { type nat hook postrouting priority srcnat; policy accept; } chain srcnat_wan { } chain raw_prerouting { type filter hook prerouting priority raw; policy accept; } chain raw_output { type filter hook output priority raw; policy accept; } chain mangle_prerouting { type filter hook prerouting priority mangle; policy accept; } chain mangle_postrouting { type filter hook postrouting priority mangle; policy accept; } chain mangle_input { type filter hook input priority mangle; policy accept; } chain mangle_output { type route hook output priority mangle; policy accept; } chain mangle_forward { type filter hook forward priority mangle; policy accept; } }

быстрее не стало

General13K7 commented 1 month ago

Мне кажется я уже сделал переизбыток этих правил (хз может переизбыток влияет) Но замер скорости в ютуб показывает 0

nft list ruleset table inet fw4 { chain input { type filter hook input priority filter; policy drop; iifname "lo" accept comment "!fw4: Accept traffic from loopback" ct state established,related accept comment "!fw4: Allow inbound established and related flows" tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets" iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic" iifname "eth1" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" jump handle_reject }

    chain forward {
            type filter hook forward priority filter; policy drop;
            ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
            iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
            iifname "eth1" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
            jump handle_reject
    }

    chain output {
            type filter hook output priority filter; policy accept;
            meta mark & 0x00008000 == 0x00008000 counter packets 0 bytes 0 accept
            meta mark & 0x00008000 == 0x00008000 counter packets 0 bytes 0 accept
            meta mark & 0x00008000 == 0x00008000 counter packets 0 bytes 0 accept
            oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
            ct state established,related accept comment "!fw4: Allow outbound established and related flows"
            meta l4proto tcp counter packets 12 bytes 720 comment "!fw4: @rule[10]"
            meta l4proto udp counter packets 856 bytes 112572 comment "!fw4: @rule[10]"
            oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic"
            oifname "eth1" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic"
    }

    chain prerouting {
            type filter hook prerouting priority filter; policy accept;
            iifname "br-lan" jump helper_lan comment "!fw4: Handle lan IPv4/IPv6 helper assignment"
    }

    chain handle_reject {
            meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
            reject comment "!fw4: Reject any other traffic"
    }

    chain syn_flood {
            limit rate 25/second burst 50 packets return comment "!fw4: Accept SYN packets below rate-limit"
            drop comment "!fw4: Drop excess packets"
    }

    chain input_lan {
            jump accept_from_lan
    }

    chain output_lan {
            jump accept_to_lan
    }

    chain forward_lan {
            jump accept_to_wan comment "!fw4: Accept lan to wan forwarding"
            jump accept_to_lan
    }

    chain helper_lan {
    }

    chain accept_from_lan {
            iifname "br-lan" counter packets 293 bytes 60669 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
    }

    chain accept_to_lan {
            oifname "br-lan" counter packets 204 bytes 32624 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
    }

    chain input_wan {
            meta nfproto ipv4 udp dport 68 counter packets 2 bytes 656 accept comment "!fw4: Allow-DHCP-Renew"
            icmp type echo-request counter packets 0 bytes 0 accept comment "!fw4: Allow-Ping"
            meta nfproto ipv4 meta l4proto igmp counter packets 0 bytes 0 accept comment "!fw4: Allow-IGMP"
            meta nfproto ipv6 udp dport 546 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCPv6"
            ip6 saddr fe80::/10 icmpv6 type . icmpv6 code { mld-listener-query . no-route, mld-listener-report . no-route, mld-listener-done . no-route, mld2-listener-report . no-route } counter packets 0 bytes 0 accept comment "!fw4: Allow-MLD"
            icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply, nd-router-solicit, nd-router-advert } limit rate 1000/second counter packets 52 bytes 2888 accept comment "!fw4: Allow-ICMPv6-Input"
            icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, nd-neighbor-solicit . no-route, nd-neighbor-advert . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Input"
            tcp dport { 22, 80, 443 } counter packets 32 bytes 2048 accept comment "!fw4: Allow-Admin"
            jump reject_from_wan
    }

    chain output_wan {
            jump accept_to_wan
    }

    chain forward_wan {
            icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
            icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
            meta l4proto esp counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-IPSec-ESP"
            udp dport 500 counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-ISAKMP"
            jump reject_to_wan
    }

    chain accept_to_wan {
            meta nfproto ipv4 oifname "eth1" ct state invalid counter packets 11 bytes 1580 drop comment "!fw4: Prevent NAT leakage"
            oifname "eth1" counter packets 918 bytes 117653 accept comment "!fw4: accept wan IPv4/IPv6 traffic"
    }

    chain reject_from_wan {
            iifname "eth1" counter packets 210479 bytes 57784685 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
    }

    chain reject_to_wan {
            oifname "eth1" counter packets 0 bytes 0 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
    }

    chain dstnat {
            type nat hook prerouting priority dstnat; policy accept;
    }

    chain srcnat {
            type nat hook postrouting priority srcnat; policy accept;
            oifname "eth1" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
    }

    chain srcnat_wan {
            meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 wan traffic"
    }

    chain raw_prerouting {
            type filter hook prerouting priority raw; policy accept;
    }

    chain raw_output {
            type filter hook output priority raw; policy accept;
    }

    chain mangle_prerouting {
            type filter hook prerouting priority mangle; policy accept;
    }

    chain mangle_postrouting {
            type filter hook postrouting priority mangle; policy accept;
    }

    chain mangle_input {
            type filter hook input priority mangle; policy accept;
    }

    chain mangle_output {
            type route hook output priority mangle; policy accept;
    }

    chain mangle_forward {
            type filter hook forward priority mangle; policy accept;
            tcp dport 443 ct original packets < 20 counter packets 561 bytes 108717 queue flags bypass to 537
            iifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing"
            oifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing"
            tcp dport 443 ct original packets < 20 counter packets 0 bytes 0 queue flags bypass to 537
            tcp dport 443 ct original packets < 20 counter packets 0 bytes 0 queue flags bypass to 537
    }

}

Waujito commented 1 month ago

Логи есть? logread -l 50

General13K7 commented 1 month ago

Логи есть? logread -l 50

Вот по вашей команде

root@OpenWrt:~# curl -o/dev/null -k --connect-to ::google.com -k -L -H Host:\ mirror.gcr.io https://test.googlevideo.com/v2/ci mg/android/blobs/sha256:6fd8bdac3da660bde7bd0b6f2b6a46e1b686afb74b9a4614def32532b73f5eaa % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0^C root@OpenWrt:~# logread -l 50 Mon Aug 12 10:56:23 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:03:14 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:09:34 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:13:21 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:17:57 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:27:09 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:31:52 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:38:04 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:46:38 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:51:10 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:54:46 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:00:43 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:09:54 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:15:11 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:24:23 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:28:49 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:36:02 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:44:20 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:53:48 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:03:01 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:10:59 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:15:34 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:23:41 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:29:58 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:35:51 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:45:11 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:52:17 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:00:48 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:08:34 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:16:49 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:24:30 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:30:30 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:38:30 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:48:24 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:54:04 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:59:01 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:02:56 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:08:23 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:17:11 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:22:42 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:26:10 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:30:14 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:31:34 2024 authpriv.info dropbear[31277]: Child connection from 10.181.0.4:65478 Mon Aug 12 15:31:39 2024 authpriv.info dropbear[31277]: Exit before auth from <10.181.0.4:65478>: Exited normally Mon Aug 12 15:31:39 2024 authpriv.info dropbear[31287]: Child connection from 10.181.0.4:65480 Mon Aug 12 15:31:39 2024 authpriv.notice dropbear[31287]: Password auth succeeded for 'root' from 10.181.0.4:65480 Mon Aug 12 15:32:00 2024 daemon.err uhttpd[2148]: [info] luci: accepted login on /admin/system/opkg for root from 10.181.0.4 Mon Aug 12 15:36:10 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:41:15 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:48:43 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime!

Waujito commented 1 month ago

/etc/init.d/youtubeUnblock start Потом попробовать curl запрос и logread

General13K7 commented 1 month ago

есть предположение что не стартует

root@OpenWrt:~# /etc/init.d/youtubeUnblock start root@OpenWrt:~# curl -o/dev/null -k --connect-to ::google.com -k -L -H Host:\ mirror.gcr.io https://test.googlevideo.com/v2/ci mg/android/blobs/sha256:6fd8bdac3da660bde7bd0b6f2b6a46e1b686afb74b9a4614def32532b73f5eaa % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C root@OpenWrt:~# logread -l 50 Mon Aug 12 11:03:14 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:09:34 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:13:21 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:17:57 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:27:09 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:31:52 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:38:04 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:46:38 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:51:10 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 11:54:46 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:00:43 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:09:54 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:15:11 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:24:23 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:28:49 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:36:02 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:44:20 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 12:53:48 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:03:01 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:10:59 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:15:34 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:23:41 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:29:58 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:35:51 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:45:11 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 13:52:17 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:00:48 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:08:34 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:16:49 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:24:30 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:30:30 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:38:30 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:48:24 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:54:04 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 14:59:01 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:02:56 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:08:23 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:17:11 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:22:42 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:26:10 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:30:14 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:31:34 2024 authpriv.info dropbear[31277]: Child connection from 10.181.0.4:65478 Mon Aug 12 15:31:39 2024 authpriv.info dropbear[31277]: Exit before auth from <10.181.0.4:65478>: Exited normally Mon Aug 12 15:31:39 2024 authpriv.info dropbear[31287]: Child connection from 10.181.0.4:65480 Mon Aug 12 15:31:39 2024 authpriv.notice dropbear[31287]: Password auth succeeded for 'root' from 10.181.0.4:65480 Mon Aug 12 15:32:00 2024 daemon.err uhttpd[2148]: [info] luci: accepted login on /admin/system/opkg for root from 10.181.0.4 Mon Aug 12 15:36:10 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:41:15 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:48:43 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime! Mon Aug 12 15:56:25 2024 daemon.warn odhcpd[1880]: No default route present, overriding ra_lifetime!

General13K7 commented 1 month ago

Хотя

root@OpenWrt:~# //etc/init.d/youtubeUnblock status running root@OpenWrt:~# //etc/init.d/youtubeUnblock info { "youtubeUnblock": { "instances": { "instance1": { "running": true, "pid": 3156, "command": [ "/usr/bin/youtubeUnblock", "537" ], "term_timeout": 5 } } } }

Waujito commented 1 month ago

С правилами всё в порядке. Настраивайте роутинг на эту машинку. Мне кажется, через неё пакеты не идут.

General13K7 commented 1 month ago

А почему у меня с роумингом проблемы то

curl -o/dev/null -k --connect-to ::google.com -k -L -H Host:\ mirror.gcr.io https://mirror.gcr.io/v2/cimg/andr oid/blobs/sha256:6fd8bdac3da660bde7bd0b6f2b6a46e1b686afb74b9a4614def32532b73f5eaa % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1144 100 1144 0 0 2586 0 --:--:-- --:--:-- --:--:-- 2743 17 664M 17 115M 0 0 16.3M 0 0:00:40 0:00:07 0:00:33 18.3M

Если для проверки с зеркалом интернет летает например?

Waujito commented 1 month ago

В целом, можете попробовать обновить программу до последней версии (v0.3.0) и запустить с флагом --sni-domains=all

General13K7 commented 1 month ago

стер старую - установил последнюю

если не ошибся с командой старта то

root@OpenWrt:~# /etc/init.d/youtubeUnblock start --sni-domains=all

после этого логи сделал

тест сделал и все также 0

Mon Aug 12 16:45:32 2024 daemon.info youtubeUnblock[9636]: youtubeUnblock Mon Aug 12 16:45:32 2024 daemon.info youtubeUnblock[9636]: Bypasses deep packet inspection systems that relies on SNI Mon Aug 12 16:45:32 2024 daemon.info youtubeUnblock[9636]: Mon Aug 12 16:45:32 2024 daemon.info youtubeUnblock[9636]: Using TCP segmentation Mon Aug 12 16:45:32 2024 daemon.info youtubeUnblock[9636]: Fake SNI will be sent before each target client hello Mon Aug 12 16:45:32 2024 daemon.info youtubeUnblock[9636]: Fragmentation Client Hello will be reversed Mon Aug 12 16:45:32 2024 daemon.info youtubeUnblock[9636]: Ack-Seq faking strategy will be used Mon Aug 12 16:45:32 2024 daemon.info youtubeUnblock[9636]: GSO is enabled Mon Aug 12 16:45:32 2024 daemon.info youtubeUnblock[9636]: Queue 537 started Mon Aug 12 16:46:07 2024 daemon.info youtubeUnblock[9819]: youtubeUnblock Mon Aug 12 16:46:07 2024 daemon.info youtubeUnblock[9819]: Bypasses deep packet inspection systems that relies on SNI Mon Aug 12 16:46:07 2024 daemon.info youtubeUnblock[9819]: Mon Aug 12 16:46:07 2024 daemon.info youtubeUnblock[9819]: Using TCP segmentation Mon Aug 12 16:46:07 2024 daemon.info youtubeUnblock[9819]: Fake SNI will be sent before each target client hello Mon Aug 12 16:46:07 2024 daemon.info youtubeUnblock[9819]: Fragmentation Client Hello will be reversed Mon Aug 12 16:46:07 2024 daemon.info youtubeUnblock[9819]: Ack-Seq faking strategy will be used Mon Aug 12 16:46:07 2024 daemon.info youtubeUnblock[9819]: GSO is enabled Mon Aug 12 16:46:07 2024 daemon.info youtubeUnblock[9819]: Queue 537 started

root@OpenWrt:~# curl -o/dev/null -k --connect-to ::google.com -k -L -H Host:\ mirror.gcr.io https://test.googlevideo.com/v2/ci mg/android/blobs/sha256:6fd8bdac3da660bde7bd0b6f2b6a46e1b686afb74b9a4614def32532b73f5eaa % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:07 --:--:-- 0^C

Waujito commented 1 month ago

Только что заметил, что вы curl из терминала openwrt делаете... Если сделать nft add rule inet fw4 mangle_output tcp dport 443 ct original "packets < 20" counter queue num 537 bypass проверка должна заработать.