R2S Soft Router

Posted on Edited on In , Disqus:

This blog is wiritten as a note and tutorials for those chinese who want to modify their own router and bypass the Great Firewall of China

R2S 固件下载

https://github.com/SuLingGG/OpenWrt-Rpi

https://drive.google.com/drive/shared-with-me

刷写工具

R2S固件很多都不太稳定,这里提供一个我自己觉得很稳定的版本:稳定版本

刷写固件就不多说了,注意可以使用备份,刷好之后上传备份,就相当于复制了一个一模一样的

DDNS配置

参考博客:OpenWrt配置阿里云动态域名服务DDNS

V2ray 配置

References

核心程序

图形用户端下载链接

首先列出几个比较有价值的参考文档

新手上路

配置文件说明

白话文教程

漫谈各种黑科技式 DNS 技术在代理环境中的应用

建议先看新手上路把服务撘起来,之后再看白话文教程熟悉基本操作,最后看【漫谈各种黑科技式 DNS 技术在代理环境中的应用】

服务端

WebSocket + TLS + Web

首先得搭一个https的网页,参考这篇文章 Deploy React Project to ubuntu

然后在Ubuntu上一键部署脚本

1
sudo curl -Ls https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh | sudo bash

生成用户UUID

1
cat /proc/sys/kernel/random/uuid

编辑配置文件 sudo vim /usr/local/etc/v2ray/config.json

配置文件就见人见智了,可以按自己需求配,例如:

WebSocket + TLS + Web

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
{
  "inbounds": [
      {
          "port": 666,
          "listen":"127.0.0.1",
          "protocol": "vmess",
          "settings": {
              "clients": [
                  {
                      "id": ""
                  },
                  {
                  		"id": "",
                  		"level": 1
                  }]
          },
        "streamSettings": {
            "network":"ws",
            "wsSettings": {
                "path": "/sgvmess"
            }
        }
      }
      ],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}

同时在Nginx的配置文件/etc/nginx/sites-available/your_domain中的server块中加入以下内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
location /sgvmess { # 与 V2Ray 配置中的 path 保持一致
  if ($http_upgrade != "websocket") { # WebSocket协商失败时返回404
    return 404;
  }
  proxy_redirect off;
  proxy_pass http://127.0.0.1:666; # 假设WebSocket监听在环回地址的333端口上
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  proxy_set_header Host $host;
  # Show real IP in v2ray access.log
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Debug

如果在设置完成之后不能成功使用,可能是由于 SElinux 机制(如果你是 CentOS 7 的用户请特别留意 SElinux 这一机制)阻止了 Nginx 转发向内网的数据。如果是这样的话,在 V2Ray 的日志里不会有访问信息,在 Nginx 的日志里会出现大量的 "Permission Denied" 字段,要解决这一问题需要在终端下键入以下命令

安装Selinux

1
2
3
4
sudo systemctl stop apparmor
sudo apt-get remove apparmor -y
sudo apt-get install policycoreutils
sudo apt-get install selinux-utils selinux-basics -y

基本上linux的都需要用,这个执行完得等一会儿

1
setsebool -P httpd_can_network_connect 1

重启服务

1
2
3
4
5
sudo systemctl restart v2ray
sudo fuser -k 80/tcp
sudo fuser -k 443/tcp
sudo service nginx restart
sudo systemctl restart nginx

Selinux

如果在设置完成之后不能成功使用,可能是由于 SElinux 机制(如果你是 CentOS 7 的用户请特别留意 SElinux 这一机制)阻止了 Nginx 转发向内网的数据。如果是这样的话,在 V2Ray 的日志里不会有访问信息,在 Nginx 的日志里会出现大量的 "Permission Denied" 字段,要解决这一问题需要在终端下键入以下命令。Ubuntu首先得安装Selinux

1
2
3
sudo systemctl stop apparmor
sudo apt purge apparmor
sudo apt update && sudo apt upgrade -yuf

如果遇到Hash Sum mismatch:

1
2
3
4
sudo su -
mkdir /etc/gcrypt
echo all >> /etc/gcrypt/hwf.deny
apt-get update

继续

1
2
3
4
5
6
sudo apt install policycoreutils selinux-utils selinux-basics
sudo selinux-activate
sudo selinux-config-enforcing
sudo setsebool -P httpd_can_network_connect 1
sudo reboot
sestatus

客户端

使用R2S的shawdowsocksrplus就很方便

Cloudfare warp

ubuntu install 24, 22, 20

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
The supported releases are:
Noble (24.04)
Jammy (22.04)
Focal (20.04)
Older builds exist for:
Bionic (18.04)
Xenial (16.04)
# Add cloudflare gpg key
curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg


# Add this repo to your apt repositories
echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list


# Install
sudo apt-get update && sudo apt-get install cloudflare-warp
1
2
3
4
5
6
7
8
# 1. Register the client
warp-cli registration new

warp-cli mode proxy

warp-cli proxy port 40000

warp-cli connect
1
2
3
4
5
6
7
8
9
sudo vim /lib/systemd/system/warp-svc.service

# append the following lines in [Service] section

LimitNOFILE=65535
LimitNOFILESoft=65535

sudo systemctl daemon-reload
sudo systemctl restart warp-svc

终端走代理

如果在非R2S环境下,即是通过系统代理的话,终端需要自己配置代理

MacOS

vim ~/.zshrc

1
2
alias proxy='export all_proxy=socks5h://127.0.0.1:1080'
alias unproxy='unset all_proxy'

查看当前IP:curl cip.cc

Ubuntu

vim ~/.bashrc

1
2
3
# v2ray
alias proxy='export ALL_PROXY="http://127.0.0.1:1081" && echo "set ALL_PROXY http localhost:1081"'
alias unproxy='unset ALL_PROXY && echo "unset ALL_PROXY"'

查看当前IP:curl cip.cc