Skip to content

Instantly share code, notes, and snippets.

@w12928293

w12928293/guide.md

Forked from lxyu/guide.md
Created June 3, 2016 06:06
Show Gist options
  • Save w12928293/5a30da74dd2f31a999a5ccb3075d58d6 to your computer and use it in GitHub Desktop.
Save w12928293/5a30da74dd2f31a999a5ccb3075d58d6 to your computer and use it in GitHub Desktop.
Download ZIP
SS everywhere for asus merlin (working with openvpn server and ss-server)
Raw
guide.md

OpenVPN Server

选择 automatic 引入的防火墙配置问题,默认规则里面有一行:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 1194 -j ACCEPT

使连接直接进入 ACCEPT 而跳过了 SHADOWSOCKS chain。

解决方案:

a. 执行命令删掉这行规则 (其中 tcp 和 1194 分别对应 openxxx 的设置)

iptables -t nat -D PREROUTING -p tcp -m tcp --dport 1194 -j ACCEPT

b. 更改 OpenVPN Server 的防火墙为 Custom,然后在 /jffs/scripts/firewall-start 里面加上配置:

#!/bin/sh
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT -i tun21 -j ACCEPT
iptables -I FORWARD 2 -i tun21 -j ACCEPT

ss-server

问题在于 ss-redir 和对应的 iptables 规则,只修改了路由器作为 gateway 的时候的流量。 而 ss-server 是开在路由器本地的,流量并没有被 SHADOWSOCKS chain 修改。

如果希望使 ss-server 的流量遵循自动翻墙的规则,执行:

iptables -t nat -I OUTPUT -p tcp -j SHADOWSOCKS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment