Many friends find that because their workplace network is restricted, many apps and websites cannot be used or accessed normally, and they need to rely on proxy tools such as SSR and SoftEther
VPN to use them properly. Although many third-party custom router firmwares include SS server plugins, quite a few people who tested them at work felt the results were very poor. Today I’ll share how to set up an SSR server on an ASUS AC68U router. I won’t discuss the principles, pros, or cons of SS and SSR here; if you’re interested, please Google them yourself.
Reference Documents
https://github.com/RMerl/asuswrt-merlin/wiki/Entware
https://github.com/breakwa11/shadowsocks-rss/wiki/Server-Setup
Test Environment
Router device: RT-AC68U
Router firmware: Koolshare-Merlin modified firmware 380.66_4-X7.5
USB drive: Kingston 64GB
Step 1 Enable SSH on the Router
Go to the router admin panel, click Administration – System Settings, enable
SSH, and apply the settings on this page for them to take effect;
Step 2 Bind the USB Drive
Use AOMEI Partition Assistant to format the USB drive as ext3, insert the USB drive into the router, and it is recommended to wait half a minute for the router to recognize and load the USB drive;
Use an SSH terminal to log in to the router backend and run the following command:
- [email protected]:/# df -h
Confirm whether the USB drive is mounted correctly, and note the current device name of the USB drive. As shown below, my USB drive’s device name is: sda
Create a new device binding script;
- [email protected]:/# vi /mnt/sda/Binding.sh
The code is as follows:
- cat << EOF > /tmp/script_usbmount.tmp
- if [ $1 = “/tmp/mnt/sda” ]
- then
- ln -sf $1 /tmp/opt
- /opt/etc/init.d/rc.unslung start
- fi
- EOF
- nvram set script_usbmount=“`cat /tmp/script_usbmount.tmp`”
- cat << EOF > /tmp/script_usbumount.tmp
- if [ $1 = “/tmp/mnt/sda” ]
- then
- /opt/etc/init.d/rc.unslung stop
- fi
- EOF
- nvram set script_usbumount=“`cat /tmp/script_usbumount.tmp`”
- nvram commit
- reboot
Run the script. After the binding is complete, the script will automatically reboot the router;
- [email protected]:/# chmod 755 /mnt/sda/Binding.sh
- [email protected]:/# sh /mnt/sda/Binding.sh
Step 3: Install Entware
The resources are hosted on overseas servers, so downloading and installing may take a long time. If possible, please prepare a speed-up tool;
- [email protected]:/# cd /mnt/sda/
- [email protected]:/tmp/mnt/sda# wget http://pkg.entware.net/binaries/armv7/installer/entware_install.sh
- [email protected]:/tmp/mnt/sda# chmod 755 entware_install.sh
- [email protected]:/tmp/mnt/sda# ./entware_install.sh
Step 4 Configure the SSR server
Install the required tool packages;
- [email protected]:/# cd /mnt/sda/
- [email protected]:/tmp/mnt/sda# opkg install git python libopenssl libsodium
Download the SSR package;
- [email protected]:/tmp/mnt/sda# git clone -b manyuser git://github.com/shadowsocksr/shadowsocksr.git
Modify the static library file path;
- [email protected]ASUS:/# vi /opt/shadowsocksr/shadowsocks/crypto/util.py
On line 21, find: ’/usr/lib*/lib%s.*’ % name,
Change it to: ’/opt/lib*/lib%s.*’ % name,
Run the SSR server;
Command format: python server.py -p port -k password -m encryption -O protocol
-o obfuscation -d start
- [email protected]:/# cd /opt/shadowsocksr/shadowsocks/
- [email protected]:/tmp/mnt/sda/shadowsocksr/shadowsocks# python server.py -p 443 -k 123456 -m chacha20 -O auth_aes128_sha1 -o tls1.2_ticket_auth -d start
Modify the firewall to open the port;
- [email protected]:/# iptables -I INPUT -p tcp –dport 443 -j ACCEPT
- [email protected]:/# iptables -I INPUT -p udp –dport 443 -j ACCEPT
Step 5 Configure the server to start on boot
For a smarter setup, you can write a Shell script to start the server on boot;
- [email protected]:/# vim /jffs/scripts/shadowsocks
The script content is as follows:
- #!/bin/bash
- #Update DDNS
- /sbin/ifconfig ppp0 | grep “inet addr” | awk -F: ‘{print $2}’ | awk ‘{print $1}’ >‘/tmp/gge-get-newip’
- ggeIP=`cat /tmp/gge-get-newip`
- ##Open firewall port 443
- iptables -I INPUT -p tcp –dport 443 -j ACCEPT
- iptables -I INPUT -p udp –dport 443 -j ACCEPT
- ##Start Shadowsocks
- cd /opt/shadowsocksr/shadowsocks/
- python server.py -p 443 -k 123456 -m chacha20 -O auth_aes128_sha1 -o tls1.2_ticket_auth -d start
Script to run at startup;
- [email protected]:/# echo “sh /jffs/scripts/shadowsocks” >> /jffs/scripts/wan-start
- [email protected]:/# chmod +x /jffs/scripts/shadowsocks
Note: modify the firewall ports and ShadowsocksR-related settings according to your actual situation!
