The most detailed OpenWrt shadowsocks router automatic circumvention tutorial in history
A step-by-step guide to flashing your router with OpenWrt firmware and automatically bypassing the Great Firewall.
Features of the circumvention solution in this tutorial
Give up on blacklist-based solutions. The list of blocked websites grows massively every day, and life is too short to be spent endlessly adding sites to a blacklist by hand and rebooting the router.
Simplicity is the ultimate sophistication—set it up once and be done forever!
- Create a list of major domestic websites and perform DNS lookups locally
-
For other websites, use the shadowsocks client to send
DNS queries to the shadowsocks server - Traffic to domestic or Asian IPs goes through the domestic route
- All other traffic is forwarded through the shadowsocks server
- Block ISP hijacking-related IPs
- Block domestic and international ads
Knowledge is meaningless if it is not shared
In June 2014, Dropbox was heroically blocked.
After doing some research, I found that the famous open-source router firmware OpenWrt supports my home router
TP-Link WR2543N V1
, so I installed OpenWrt on the router and configured it for automatic smart circumvention.
Freedom feels great: youtube, hulu, twitter, facebook,
google…
What is a sage? A sage is someone whose gains and giving are relatively well balanced. Heaven and earth gave me life, so I honor heaven and earth; my parents raised me, so I care for my parents; I gained knowledge online, so I should also share knowledge online. So I spent many days researching, writing this tutorial, and debugging the firmware, and before I knew it, each day had passed.
I hope that after using this tutorial, you will also write down your own process and merge it into this project:
https://github.com/softwaredownload/openwrt-fanqiang
How to compile OpenWrt shadowsocks firmware for automatic circumvention
-
First, clone this project to a local directory, such as
~/Downloads/openwrt-fanqiang -
Original configuration files
-
~/Downloads/openwrt-fanqiang/openwrt/default
default configuration folder -
~/Downloads/openwrt-fanqiang/openwrt/wndr4300
configuration files for a specific router model; here, wndr4300 is used as an example
-
~/Downloads/openwrt-fanqiang/openwrt/default
-
Copy the configuration files
- Create a local configuration file directory, for example ~/Downloads/openwrt-wndr4300
-
Copy the files from the default configuration folder to
~/Downloads/openwrt-wndr4300/ - If there are configuration files for a specific router, copy them to ~/Downloads/openwrt-wndr4300/ as well, and overwrite any files with the same names
-
Modify the configuration files so they can be used directly after compilation. Otherwise, flash the firmware first, then log in to the router and modify them. Main files to modify:
- openwrt-wndr4300/etc/shadowsocks.json
- openwrt-wndr4300/usr/bin/shadowsocks-firewall
- openwrt-wndr4300/etc/uci-defaults/defaults
- Compile the custom firmware and set FILES=~/Downloads/openwrt-wndr4300
Default values defined by this project
shadowsocks server: 1.0.9.8
shadowsocks server_port: 1098
shadowsocks local_port: 7654
shadowsocks tunnel_port: 3210
shadowsocks password: killgfw
shadowsocks method: aes-256-cfb
root login password: fanqiang
WIFI password: icanfly9876 (for DIR-505 and TLWR2543 before 2015: wsjdw,8181)
How to use the precompiled bypass-censorship firmware:
-
Set up the shadowsocks
server according to the default values defined by this project (except for the server IP) - Flash the router with the OpenWrt shadowsocks bypass-censorship firmware
-
Log in to the router and modify the server IP:
# Modify 1.0.9.8 to your server IP address vi /etc/shadowsocks.json # Modify 1.0.9.8 to your server IP address vi /usr/bin/shadowsocks-firewall /etc/init.d/shadowsocks restart -
After confirming the above changes work correctly, it is recommended to also change the shadowsocks password
and the router root password - Changing the port numbers is not recommended
- In a few cases, you may need to reboot the router for the changes to take effect
Related Resources
-
Netgear WNDR4300 precompiled firmware for bypassing censorship (2015-12-23):
https://software-download.name/2015/netgear-wndr4300-openwrt-fanqiang-gujian/ -
D-Link DIR-505 precompiled firmware for bypassing censorship (2015-12-24):
https://software-download.name/2014/dlink-dir-505-openwrt-fanqiang/ -
TP-Link TLWR2543 precompiled firmware for bypassing censorship (2015-12-24):
https://software-download.name/2014/openwrt-ar71xx-generic-tl-wr2543-v1-squashfs-sysupgrade-bin-with-shadowsocks/ -
Download the OpenWrt automated censorship-bypass tutorial e-book
https://software-download.name/2014/fanqiang-jiaocheng/ -
shadowsocks-libev-polarssl_2.4.3.ar71xx.ipk
(2015-12-20):
https://software-download.name/2014/shadowsocks-libev-polarssl-ar71xx-ipk-latest/
License
Unless otherwise stated, the content in this book is licensed under the CC BY-SA 3.0 License (Creative Commons Attribution-ShareAlike 3.0 License), and the code follows the BSD 3-Clause
License (BSD 3-Clause License).