search

zw963 / asuswrt-merlin-transparent-proxy

transparent proxy base on ss, v2ray, xray, ipset, iptables, chinadns on asuswrt merlin or side router.
MIT License
380 stars 80 forks source link

v0.3无法正常工作,返回老版本可以正常科学上网。 #50

Closed gitx6 closed 6 years ago

gitx6 commented 6 years ago

v0.3无法正常工作,返回老版本可以正常科学上网。

好像是iptables.sh的问题?

zw963 commented 6 years ago

不会呀,0.3 很多地方规范了很多,根本不用重启就可以部署成功,而且,随时关闭代理脚本也好用,不用重启,我用的 dnsmasq+dnscrypt,你用那个脚本?

zw963 commented 6 years ago

你最好格式化 jffs 分区后,重新初始化 entware 试试,试试看,/jffs/scripts/ 文件下会还原

gitx6 commented 6 years ago

用的ss+udprelay。已经多次重新格式化 jffs 分区后,重新初始化 entware后安装

gitx6 commented 6 years ago

问题应该处在https的安全链接上,Establishing secure connection,认为链路不安全拒绝访问。但是在手机上用小火箭同样的vps可以顺利出国。

zw963 commented 6 years ago

问题应该处在https的安全链接上,Establishing secure connection,认为链路不安全拒绝访问

连不上的时候, 都是这样显示的.

我刚刚测试了一下, Asus AC5300, 进入 web 界面, 格式化 jffs, 然后重启, ssh 登录, 运行 /entware-setup.sh 重新初始化路由器, 退出 ssh, ./ss+udprelay admin@192.168.50.1 部署代理, 无需重启, 即可上网.

重启后, 一切正常.

gitx6 commented 6 years ago

刚才重新格式化U盘,格式化jffs,重新安装entware, ./ss+udprelay部署。发现: gmail,gphoto,translate可以上网。 搜索,日历,云端硬盘,facebook,twitter不能上。

gitx6 commented 6 years ago

格式化U盘,格式化jffs,重新安装entware, ./ss+chinadns部署也是同样的问题。 Asus ac68U 380.70 上海电信

zw963 commented 6 years ago

搜索,日历,云端硬盘,facebook,twitter不能上。

至少我试了 facebook 和 twitter, 速度杠杠的.

我也是上海, 但是是移动.

zw963 commented 6 years ago

很意外你竟然一直在用 ss+udprelay, 这个是老早的时候, 研究 ss unprelay 的时候写的, 在那个时候, 我根本不确定是否工作, 因为那时候, 我只有一个 AC66U, 不是 ARM 的, 不支持 udprelay 的, 我也是跟梅林官方确认后才知道, 所以, 那个其实好像是没有测试过的, 所以我一直在用 ss+dnsmasq+dnscrypt .

算后来买了 AC5300, 但也一直在用 ss+dnsmasq+dnscrypt, 用的也挺好, 很老的 AC66U 也可以, 额外的工作, 就是你需要参照 https://github.com/cofyc/dnscrypt-wrapper 部署一个 dnscrypt-proxy 的服务器端到你的 VPS 上.

后来听你说在用 udprelay, 刚刚试了下, 速度蛮快的, 但是我猜测加密性没有 dnscrypt-proxy 好, 所以, 你也可以不妨试试 ss+dnsmasq+dnscrypt, 看看效果.

zw963 commented 6 years ago

有 chinadns 的两个版本, 我好久没维护了, 不确定是否还工作, 不过我打算最近一直用 ss+udprelay, 毕竟这个依赖是最少的, 可能是心里感觉? 觉得这个速度最快.

我更新了 iptables.sh 脚本, ss+udprelay 针对国内的 ip 进行了优化, 访问所有国内 ip 的站点, 不会走代理了, 你可以再试一下.

gitx6 commented 6 years ago

我晚上重新部署试一下。谢谢

gitx6 commented 6 years ago

重新部署后,之前可以上的gmail,gphoto,translate也彻底没戏了。并且所有国外网站都不能访问。chrome一直显示 resolving host

gitx6 commented 6 years ago

访问 http://ip111.cn/ 结果如下:

检测点 | 检测结果 | 解释 国内网站 | 180.154.94.214 China / Shanghai | 如果没有全局代理或者VPN,左侧显示的IP就是您本机的IP。如果有,则显示的就是全局代理或者VPN的IP地址。 国外网站 | (vps ip地址)  | 左侧IP就是您用来访问国外普通网站(没有被封的网站)的IP地址。 谷歌网站 |   | 左侧如果没有显示一个IP地址,则说明您现在还不能科学上网,不能访问谷歌,Facebook,Twitter等国外网站。显示IP则表示可以科学上网,这个IP地址就是您用来科学上网的IP地址,通常是您的SS服务器的IP地址,或者VPN服务器,代理服务器的IP地址。

gitx6 commented 6 years ago

部署时有提示信息: dnsmasq: syntax check OK. Applying iptables rule, it may take several minute to finish ... Name: CHINAIPS Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 316 References: 0 Number of entries: 0 Members: Name: CHINAIP Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 60 References: 0 Number of entries: 0 Members: ipset v6.32: Element cannot be added to the set: it's already added ipset v6.32: Element cannot be added to the set: it's already added ipset v6.32: Element cannot be added to the set: it's already added

zw963 commented 6 years ago

重新部署后,之前可以上的gmail,gphoto,translate也彻底没戏了。并且所有国外网站都不能访问。chrome一直显示 resolving host

抱歉, 怎么会这样啊.

你部署完之后, 进路由器, 看一下下面这几个信息是否存在: (# 后面是要输入的命令)

admin@RT-AC5300-5E70:/tmp/home/root# ps |grep ss-redir
 1080 admin     5456 S    ss-redir -u -c /opt/etc/shadowsocks.json

下面的命令会输出好多 ip

admin@RT-AC5300-5E70:/tmp/home/root# ipset -L CHINAIPS
103.252.36.0/22
203.89.8.0/21
59.152.68.0/22
118.193.64.0/20
119.40.64.0/20
202.165.251.0/24
203.93.128.0/21
103.65.112.0/22
159.75.0.0/16
202.43.144.0/20
203.24.161.0/24
1.10.32.0/19
...

dnsmasq 目录下会有四个文件, 近似大小应该差不多

admin@RT-AC5300-5E70:/tmp/mnt/sda1/entware/etc/dnsmasq.d# ls -lh /opt/etc/dnsmasq.d/
-rw-rw-rw-    1 admin    root        1.3M Aug  1  2015 accelerated-domains.china.conf
-rw-rw-rw-    1 admin    root        1.4M May  5 16:19 accelerated-domains.china.conf.bak
-rw-r--r--    1 admin    root          21 May  5 16:19 foreign_domains.conf
-rw-rw-rw-    1 admin    root         177 Aug  1  2015 whitelist-domains.china.conf

/opt/etc/foreign_domains.conf 内容一定如下.

admin@RT-AC5300-5E70:/tmp/mnt/sda1/entware/etc/dnsmasq.d# cat /opt/etc/dnsmasq.d/foreign_domains.conf
server=/#/8.8.8.8#53

iptables 规则存在: 

admin@RT-AC5300-5E70:/tmp/mnt/sda1/entware/etc/dnsmasq.d# iptables -t nat -nL |grep 1080
REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0            redir ports 1080
admin@RT-AC5300-5E70:/tmp/mnt/sda1/entware/etc/dnsmasq.d# iptables -t mangle -nL |grep 1080
TPROXY     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 TPROXY redirect 192.168.50.1:1080 mark 0x1/0x1
zw963 commented 6 years ago

重启了下, 用 ip111.cn 检测了下, 没问题, 你现在部署老版本还可以工作吗? 你所谓的老版本是那个版本?

gitx6 commented 6 years ago

首先要感谢您提供了这么好的项目。

我检查下来和您的结果一样。之前可用的版本应该是2017年9月29日以后,2018年1月31日以前,您把route改router之前的版本。我当时部署成功以后,备注了issue40。抱歉这两天持续安装,把之前的zip文件覆盖了,U盘也被更新了。没有备份。

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# ps |grep ss-redir 26484 admin 4088 S ss-redir -u -c /opt/etc/shadowsocks.json 26495 admin 4492 D grep ss-redir

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d#ipset -L CHINAIPS 103.252.36.0/22 203.89.8.0/21 59.152.68.0/22

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/dnsmasq.d# ls -lh /opt/etc/dnsmasq.d/ -rw-rw-rw- 1 admin root 1.3M May 6 06:37 accelerated-domains.china.conf -rw-rw-rw- 1 admin root 1.4M May 5 23:33 accelerated-domains.china.conf.bak -rw-rw-r-- 1 admin root 21 May 5 23:32 foreign_domains.conf -rw-rw-rw- 1 admin root 143 May 6 06:37 whitelist-domains.china.conf

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/dnsmasq.d# cat /opt/etc/dnsmasq.d/foreign_domains.conf server=/#/8.8.8.8#53

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/dnsmasq.d# iptables -t nat -nL |grep 1080 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 redir ports 1080

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/dnsmasq.d# iptables -t mangle -nL |grep 1080 TPROXY udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 TPROXY redirect 192.168.3.1:1080 mark 0x1/0x1

gitx6 commented 6 years ago

服务应该都起来了,问题应该还是出在iptables.sh的配置上

zw963 commented 6 years ago

你拉代码了吗? 我昨天又 push 了下, 虽然我不认为那个会让你无法翻. 下面两个命令检查下.

admin@RT-AC5300-5E70:/tmp/home/root# iptables -t nat -nL |grep CHINAIP
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0            match-set CHINAIPS dst
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0            match-set CHINAIP dst
admin@RT-AC5300-5E70:/tmp/home/root# iptables -t mangle -nL |grep CHINAIP
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            match-set CHINAIPS dst
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            match-set CHINAIP dst
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            match-set CHINAIPS dst
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            match-set CHINAIP dst
zw963 commented 6 years ago

你有没有检查你的 /opt/etc/shadowsocks.json 文件. 不行的话, 你隐藏你的 remote_ip, 贴出来吧, 我这几天 relay 用的很好啊, 说起来还得感谢你呢, 要不是你提, 我都忘记我换新路由器, 可以用 udprelay 了.

gitx6 commented 6 years ago

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc# iptables -t nat -nL |grep CHINAIP RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 match-set CHINAIPS dst RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 match-set CHINAIP dst admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc# iptables -t mangle -nL |grep CHINAIP RETURN udp -- 0.0.0.0/0 0.0.0.0/0 match-set CHINAIP dst RETURN udp -- 0.0.0.0/0 0.0.0.0/0 match-set CHINAIPS dst

{ "server":"162.115.246.137", "server_port":3050, "local_address":"192.168.3.1", "local_port":1080, "password":"Passw0rd", "timeout":60, "method":"chacha20" }

zw963 commented 6 years ago

/tmp/mnt/sda1/entware/etc# iptables -t mangle -nL |grep CHINAIP

你这个结果少了两个,你需要拷贝 项目里面的 iptables.sh 到 /opt/etc/ 下面, 然后重启路由. (或者重部署一下)

zw963 commented 6 years ago

你贴的配置我刚刚试了下, 连不上, 建议你自测一下:

  1. cd /opt/etc/init.d

  2. chmod -x S22shadowsocks

  3. S22shadowsocks stop

  4. ss-redir -vvvv -c /opt/etc/shadowsocks.json

然后尝试上网, 贴出你的日志.

我很奇怪, 你的配置, 为什么 "local_address":"192.168.3.1", 不是应该是 192.168.50.1 吗?

gitx6 commented 6 years ago

192.168.3.1是我路由器的ip地址啊

gitx6 commented 6 years ago

S22shadowsocks: not found?

admin@RT-AC68U-DA00:/tmp/home/root# iptables -t mangle -nL |grep CHINAIP RETURN udp -- 0.0.0.0/0 0.0.0.0/0 match-set CHINAIPS dst RETURN udp -- 0.0.0.0/0 0.0.0.0/0 match-set CHINAIP dst RETURN udp -- 0.0.0.0/0 0.0.0.0/0 match-set CHINAIPS dst RETURN udp -- 0.0.0.0/0 0.0.0.0/0 match-set CHINAIP dst admin@RT-AC68U-DA00:/tmp/home/root# cd /opt/etc/init.d admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# chmod -x S22shadowsocks admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# S22shadowsocks stop -sh: S22shadowsocks: not found admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d#

gitx6 commented 6 years ago

Permission denited?

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# ./S22shadowsocks -sh: ./S22shadowsocks: Permission denied

gitx6 commented 6 years ago

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# ls -l -rwxr-xr-x 1 admin root 217 Mar 3 19:05 S02haveged -rw-r--r-- 1 admin root 261 May 6 23:18 S22shadowsocks -rw-r--r-- 1 admin root 2822 Mar 13 03:22 rc.func -rwxr-xr-x 1 admin root 966 Mar 13 03:22 rc.unslung

gitx6 commented 6 years ago

给了777的权限给S22shadowsocks以后的结果:

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# ss-redir -vvvv -c /opt/etc/shadowsocks.json 2018-05-06 15:44:30 INFO: initializing ciphers... chacha20 2018-05-06 15:44:30 INFO: listening at 192.168.3.1:1080 2018-05-06 15:44:30 INFO: running from root user

gitx6 commented 6 years ago

难道是文件权限问题?

zw963 commented 6 years ago

Sorry,

S22shadowsocks stop 改为 sh S22shadowsocks stop.

zw963 commented 6 years ago

给了777的权限给S22shadowsocks以后的结果:

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# ss-redir -vvvv -c /opt/etc/shadowsocks.json 2018-05-06 15:44:30 INFO: initializing ciphers... chacha20 2018-05-06 15:44:30 INFO: listening at 192.168.3.1:1080 2018-05-06 15:44:30 INFO: running from root user

就这么多? 我这里一大堆 info:

admin@RT-AC5300-5E70:/tmp/mnt/sda1/entware/etc/init.d# ss-redir -vvvv -u -c /opt/etc/shadowsocks.json
 2018-05-06 15:58:08 INFO: initializing ciphers... aes-256-cfb
 2018-05-06 15:58:08 INFO: listening at 192.168.50.1:1080
 2018-05-06 15:58:08 INFO: UDP relay enabled
 2018-05-06 15:58:08 INFO: running from root user
 2018-05-06 15:58:09 INFO: [udp] server receive a packet
 2018-05-06 15:58:09 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:22977
 2018-05-06 15:58:09 INFO: [udp] remote receive a packet
 2018-05-06 15:58:09 INFO: [udp] server receive a packet
 2018-05-06 15:58:09 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:54771
 2018-05-06 15:58:09 INFO: [udp] remote receive a packet
 2018-05-06 15:58:09 INFO: [udp] server receive a packet
 2018-05-06 15:58:09 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:7461
 2018-05-06 15:58:09 INFO: [udp] server receive a packet
 2018-05-06 15:58:09 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:55780
 2018-05-06 15:58:10 INFO: [udp] remote receive a packet
 2018-05-06 15:58:10 INFO: [udp] server receive a packet
 2018-05-06 15:58:10 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:23414
 2018-05-06 15:58:10 INFO: [udp] remote receive a packet
 2018-05-06 15:58:13 INFO: [udp] server receive a packet
 2018-05-06 15:58:13 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:50578
 2018-05-06 15:58:13 INFO: [udp] server receive a packet
 2018-05-06 15:58:13 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:46565
 2018-05-06 15:58:13 INFO: [udp] remote receive a packet
 2018-05-06 15:58:13 INFO: [udp] remote receive a packet
 2018-05-06 15:58:13 INFO: [udp] server receive a packet
 2018-05-06 15:58:13 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:42235
 2018-05-06 15:58:13 INFO: [udp] server receive a packet
 2018-05-06 15:58:13 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:10258
 2018-05-06 15:58:13 INFO: [udp] remote receive a packet
 2018-05-06 15:58:13 INFO: [udp] remote receive a packet
 2018-05-06 15:58:13 INFO: redir to 54.68.212.64:443, len=517, recv=517
 2018-05-06 15:58:13 INFO: redir to 54.68.212.64:443, len=126, recv=126
 2018-05-06 15:58:13 INFO: redir to 54.68.212.64:443, len=603, recv=603
 2018-05-06 15:58:14 INFO: redir to 54.68.212.64:443, len=119, recv=119
 2018-05-06 15:58:14 INFO: [udp] server receive a packet
 2018-05-06 15:58:14 INFO: [udp] cache hit: 8.8.8.8:53 <-> 192.168.100.101:7461
 2018-05-06 15:58:14 INFO: [udp] remote receive a packet
 2018-05-06 15:58:14 INFO: [udp] server receive a packet
 2018-05-06 15:58:14 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:47096
 2018-05-06 15:58:15 INFO: [udp] remote receive a packet
 2018-05-06 15:58:15 INFO: [udp] server receive a packet
 2018-05-06 15:58:15 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.100.101:53836
 2018-05-06 15:58:15 INFO: [udp] remote receive a packet
 2018-05-06 15:58:15 INFO: redir to 107.23.18.28:443, len=574, recv=574
 2018-05-06 15:58:15 INFO: redir to 107.23.18.28:443, len=51, recv=51
 2018-05-06 15:58:15 INFO: redir to 107.23.18.28:443, len=881, recv=881
zw963 commented 6 years ago

我修复了前面的步骤, 你去看一下, 你按照我那个步骤再来一遍.

gitx6 commented 6 years ago

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# chmod -x S22shadowsocks admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# sh S22shadowsocks stop Checking ss-redir... alive. Shutting down ss-redir... done. admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# ss-redir -vvvv -c /opt/etc/shadowsocks.json 2018-05-06 16:00:42 INFO: initializing ciphers... chacha20 2018-05-06 16:00:42 INFO: listening at 192.168.3.1:1080 2018-05-06 16:00:42 INFO: running from root user 2018-05-06 16:00:47 INFO: redir to 74.125.203.83:443, len=574, recv=574 2018-05-06 16:00:47 INFO: redir to 74.125.203.83:443, len=222, recv=222 2018-05-06 16:00:47 INFO: redir to 74.125.203.83:443, len=86, recv=86 2018-05-06 16:00:47 INFO: redir to 74.125.203.83:443, len=1307, recv=1307 2018-05-06 16:00:47 INFO: redir to 74.125.203.83:443, len=31, recv=31 2018-05-06 16:00:48 INFO: redir to 74.125.203.83:443, len=39, recv=39 2018-05-06 16:00:48 INFO: redir to 74.125.203.83:443, len=569, recv=569 2018-05-06 16:00:49 INFO: redir to 74.125.203.83:443, len=39, recv=39 2018-05-06 16:00:50 INFO: redir to 74.125.203.83:443, len=160, recv=160 2018-05-06 16:00:50 INFO: redir to 74.125.203.83:443, len=89, recv=89 2018-05-06 16:00:50 INFO: redir to 74.125.203.83:443, len=39, recv=39 2018-05-06 16:00:50 INFO: redir to 74.125.203.83:443, len=89, recv=89 2018-05-06 16:00:50 INFO: redir to 74.125.203.83:443, len=39, recv=39 2018-05-06 16:00:50 INFO: redir to 74.125.203.83:443, len=89, recv=89 2018-05-06 16:00:51 INFO: redir to 75.126.215.88:443, len=517, recv=517 2018-05-06 16:00:51 INFO: redir to 75.126.215.88:443, len=517, recv=517 2018-05-06 16:00:51 INFO: redir to 74.125.203.83:443, len=39, recv=39 2018-05-06 16:00:51 INFO: redir to 74.125.203.83:443, len=39, recv=39 2018-05-06 16:00:52 INFO: redir to 74.125.203.83:443, len=156, recv=156 2018-05-06 16:00:52 INFO: redir to 74.125.203.83:443, len=462, recv=462 2018-05-06 16:00:52 INFO: redir to 74.125.203.83:443, len=337, recv=337 2018-05-06 16:00:52 INFO: redir to 74.125.203.83:443, len=39, recv=39 ....

gitx6 commented 6 years ago

2018-05-06 15:58:08 INFO: UDP relay enabled

我的记录里面没有这个。

zw963 commented 6 years ago

参照我的步骤, 要加 -u

gitx6 commented 6 years ago

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# ss-redir -vvvv -u -c /opt/ etc/shadowsocks.json 2018-05-06 16:24:43 INFO: initializing ciphers... chacha20 2018-05-06 16:24:43 INFO: listening at 192.168.3.1:1080 2018-05-06 16:24:43 INFO: UDP relay enabled 2018-05-06 16:24:43 INFO: running from root user 2018-05-06 16:24:44 INFO: [udp] server receive a packet 2018-05-06 16:24:44 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.0.3:35067 2018-05-06 16:24:44 INFO: [udp] server receive a packet 2018-05-06 16:24:44 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.0.3:51539 2018-05-06 16:24:44 INFO: [udp] server receive a packet 2018-05-06 16:24:44 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.0.3:5266 2018-05-06 16:24:44 INFO: [udp] server receive a packet 2018-05-06 16:24:44 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.0.3:7033 2018-05-06 16:24:44 INFO: [udp] server receive a packet 2018-05-06 16:24:44 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.0.3:54544 2018-05-06 16:24:44 INFO: [udp] server receive a packet 2018-05-06 16:24:44 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.0.3:60558 2018-05-06 16:24:45 INFO: [udp] server receive a packet 2018-05-06 16:24:45 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.0.3:27642 2018-05-06 16:24:46 INFO: [udp] server receive a packet 2018-05-06 16:24:46 INFO: [udp] cache hit: 8.8.8.8:53 <-> 192.168.0.3:51539 2018-05-06 16:24:46 INFO: [udp] server receive a packet 2018-05-06 16:24:46 INFO: [udp] cache hit: 8.8.8.8:53 <-> 192.168.0.3:35067 2018-05-06 16:24:46 INFO: [udp] server receive a packet 2018-05-06 16:24:46 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.0.3:9051 2018-05-06 16:24:47 INFO: [udp] server receive a packet 2018-05-06 16:24:47 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.0.3:64314 2018-05-06 16:24:50 INFO: [udp] server receive a packet 2018-05-06 16:24:50 INFO: [udp] cache hit: 8.8.8.8:53 <-> 192.168.0.3:35067 2018-05-06 16:24:50 INFO: [udp] server receive a packet 2018-05-06 16:24:50 INFO: [udp] cache hit: 8.8.8.8:53 <-> 192.168.0.3:51539

zw963 commented 6 years ago

你访问一个被墙的页面, 日志如何?

zw963 commented 6 years ago

很奇怪你为什么没有: 

 2018-05-06 16:32:42 INFO: redir to 54.169.249.186:443, len=63, recv=63
 2018-05-06 16:32:45 INFO: redir to 52.2.201.66:443, len=100, recv=100
 2018-05-06 16:32:48 INFO: redir to 192.30.253.125:443, len=35, recv=35
 2018-05-06 16:32:48 INFO: redir to 192.30.253.125:443, len=35, recv=35

这样的日志信息.

gitx6 commented 6 years ago

更新速度很快,访问被墙的页面没看到有redir的信息

zw963 commented 6 years ago

打开某个页面时, 应该有 2018-05-06 16:32:48 INFO: redir to 192.30.253.125:443, len=35, recv=35 这样的信息才正确.

服务器如果是你的, 那你换下端口, 加密协议试试吧. 参考 Wiki 里面的例子:

gitx6 commented 6 years ago

看起来这个方案和我无缘了。

gitx6 commented 6 years ago

今天重新部署以后再测试了一下。发现只有gmail可以上,redir也有信息。但是其他国外网站不行。

admin@RT-AC68U-DA00:/tmp/mnt/sda1/entware/etc/init.d# ss-redir -vvvv -u -c /opt/etc/shadowsocks.json 2018-05-08 16:04:44 INFO: initializing ciphers... chacha20 2018-05-08 16:04:44 INFO: listening at 192.168.3.1:1080 2018-05-08 16:04:44 INFO: UDP relay enabled 2018-05-08 16:04:44 INFO: running from root user 2018-05-08 16:04:44 INFO: redir to 74.125.204.100:443, len=568, recv=568 2018-05-08 16:04:44 INFO: redir to 74.125.204.100:443, len=568, recv=568 2018-05-08 16:04:44 INFO: redir to 74.125.204.100:443, len=216, recv=216 2018-05-08 16:04:44 INFO: redir to 74.125.204.100:443, len=93, recv=93 2018-05-08 16:04:44 INFO: redir to 74.125.204.100:443, len=845, recv=845 2018-05-08 16:04:44 INFO: redir to 74.125.204.100:443, len=122, recv=122 2018-05-08 16:04:44 INFO: redir to 74.125.204.100:443, len=216, recv=216 2018-05-08 16:04:44 INFO: redir to 74.125.204.100:443, len=38, recv=38 2018-05-08 16:04:44 INFO: redir to 74.125.204.100:443, len=46, recv=46 2018-05-08 16:04:44 INFO: [udp] server receive a packet 2018-05-08 16:04:44 INFO: [udp] cache miss: 8.8.8.8:53 <-> 192.168.0.3:51165

访问research是chrome有Privac error网页提示信息 Your connection is not private Attackers might be trying to steal your information from www.google.com (for example, passwords, messages, or credit cards). Learn more NET::ERR_CERT_COMMON_NAME_INVALID

Automatically send some system information and page content to Google to help detect dangerous apps and sites. Privacy policy

待路由器上这两个服务执行后,gmail也上不去了。redir也没了。 May 9 00:12:00 crond[499]: USER admin pid 18300 cmd /jffs/scripts/services-start May 9 00:12:00 crond[499]: USER admin pid 18301 cmd /opt/etc/iptables.sh May 9 00:13:00 crond[499]: USER admin pid 18330 cmd /jffs/scripts/services-start

gitx6 commented 6 years ago

刚才把/opt/etc/init.d下面的文件S02haveged删除了,重新启动后发现:

  1. 已经可以稳定的连接gmail,gphoto,translate。
  2. ss-redir -vvvv -u -c /opt/etc/shadowsocks.json 可以正常的redir 3.之前不能redir和/jffs/scripts/services-start以及/opt/etc/iptables.sh无关 4.facebook,twitter,gsearch还是无法显示页面,即使redir正常

所以问题应该是我目前使用的梯子不支持S02haveged服务造成的。之前可以科学上网版本在init.d目录下也没有这个服务。能否给一份之前的安装脚本?

gitx6 commented 6 years ago

用最新的版本,在ss+udprelay里面删除haveged,然后重新部署。结果发现国外网站都无法连接。

从以前的分支https://github.com/dianhe/asuswrt-merlin-transparent-proxy 下载的版本,同样在ss+udprelay里面删除haveged,然后重新部署。结果发现可以稳定的连接gmail,gphoto,translate.但是facebook,twitter,gsearch还是无法显示页面。 通过cat /opt/etc/dnsmasq.d/foreign_domains.conf发现dns是光猫的地址。 server=/#/192.168.0.1#53 应该是DNS投毒造成的。

请教解决方案。

zw963 commented 6 years ago

我猜测, 的确有可能是: S02haveged 引起的.

通过cat /opt/etc/dnsmasq.d/foreign_domains.conf发现dns是光猫的地址。 server=/#/192.168.0.1#53

这肯定是不对的, 如果用最新版, 这里应该是: 8.8.8.8#53, 这里 8.8.8.8 是翻墙必须的, 写死的.

gitx6 commented 6 years ago

那么最新版在安装脚本删除haveged ,然后重新部署也是不能科学上网。问题出在什么地方?

旧版本如何将foreign_domains.con里面设置为8.8.8.8#53?

以上两个问题解决一个,我就可重新翻墙

zw963 commented 6 years ago

请看下面两点:

  1. 我觉得你说的老版本可以工作, 那么新版本应该也可以工作, 不知为什么你那边不行.
  2. 你尝试重新部署 ss+duprelay, 但是部署之前, 手动修改一处地方.
opkg install libc libssp libev libmbedtls libpcre libpthread libsodium haveged zlib libopenssl

其中的 haveged 改为 rng-tools, 如果问题真是这个引起的, 那现在应该可以工作了.

zw963 commented 6 years ago

其实我有提供 deploy_ss_to_vps 这个脚本, 如果你是自己的 VPS, 这个也是用来一键部署线上 ss-server 的. 你也可以试试这个重新部署下你的服务器.

gitx6 commented 6 years ago

相信我如果可以重新部署服务器,我肯定重新来过了。

太多的尝试和验证,有些混乱了。我先关issue吧。

zw963 commented 6 years ago

要不,你留个联系方式我吧,QQ或微信,发我邮箱,我们约个时间(晚上有时间),一起联调下