How to Set Up SSR on a Router

Many friends find that because their workplace network is restricted, many apps and websites cannot be used or accessed normally, and they need to rely on proxy tools such as SSR and SoftEther
VPN to use them properly. Although many third-party custom router firmwares include SS server plugins, quite a few people who tested them at work felt the results were very poor. Today I’ll share how to set up an SSR server on an ASUS AC68U router. I won’t discuss the principles, pros, or cons of SS and SSR here; if you’re interested, please Google them yourself.

Reference Documents

https://github.com/RMerl/asuswrt-merlin/wiki/Entware

https://github.com/breakwa11/shadowsocks-rss/wiki/Server-Setup

Test Environment

Router device: RT-AC68U

Router firmware: Koolshare-Merlin modified firmware 380.66_4-X7.5

USB drive: Kingston 64GB

Step 1 Enable SSH on the Router

Go to the router admin panel, click Administration – System Settings, enable
SSH, and apply the settings on this page for them to take effect;

Step 2 Bind the USB Drive

Use AOMEI Partition Assistant to format the USB drive as ext3, insert the USB drive into the router, and it is recommended to wait half a minute for the router to recognize and load the USB drive;

Use an SSH terminal to log in to the router backend and run the following command:

  1. [email protected]:/# df -h

Confirm whether the USB drive is mounted correctly, and note the current device name of the USB drive. As shown below, my USB drive’s device name is: sda

ShadowsocksR

Create a new device binding script;

  1. [email protected]:/# vi /mnt/sda/Binding.sh

The code is as follows:

  1. cat << EOF > /tmp/script_usbmount.tmp
  2. if [ $1 = “/tmp/mnt/sda” ]
  3. then
  4. ln -sf $1 /tmp/opt
  5. /opt/etc/init.d/rc.unslung start
  6. fi
  7. EOF
  8. nvram set script_usbmount=“`cat /tmp/script_usbmount.tmp`”
  9. cat << EOF > /tmp/script_usbumount.tmp
  10. if [ $1 = “/tmp/mnt/sda” ]
  11. then
  12. /opt/etc/init.d/rc.unslung stop
  13. fi
  14. EOF
  15. nvram set script_usbumount=“`cat /tmp/script_usbumount.tmp`”
  16. nvram commit
  17. reboot

Run the script. After the binding is complete, the script will automatically reboot the router;

  1. [email protected]:/# chmod 755 /mnt/sda/Binding.sh
  2. [email protected]:/# sh /mnt/sda/Binding.sh

Step 3: Install Entware

The resources are hosted on overseas servers, so downloading and installing may take a long time. If possible, please prepare a speed-up tool;

  1. [email protected]:/# cd /mnt/sda/
  2. [email protected]:/tmp/mnt/sda# wget http://pkg.entware.net/binaries/armv7/installer/entware_install.sh
  3. [email protected]:/tmp/mnt/sda# chmod 755 entware_install.sh
  4. [email protected]:/tmp/mnt/sda# ./entware_install.sh

Step 4 Configure the SSR server

Install the required tool packages;

  1. [email protected]:/# cd /mnt/sda/
  2. [email protected]:/tmp/mnt/sda# opkg install git python libopenssl libsodium

Download the SSR package;

  1. [email protected]:/tmp/mnt/sda# git clone -b manyuser git://github.com/shadowsocksr/shadowsocksr.git

Modify the static library file path;

  1. [email protected]ASUS:/# vi /opt/shadowsocksr/shadowsocks/crypto/util.py

On line 21, find: ’/usr/lib*/lib%s.*’ % name,

Change it to: ’/opt/lib*/lib%s.*’ % name,

Run the SSR server;

Command format: python server.py -p port -k password -m encryption -O protocol
-o obfuscation -d start

  1. [email protected]:/# cd /opt/shadowsocksr/shadowsocks/
  2. [email protected]:/tmp/mnt/sda/shadowsocksr/shadowsocks# python server.py -p 443 -k 123456 -m chacha20 -O auth_aes128_sha1 -o tls1.2_ticket_auth -d start

Modify the firewall to open the port;

  1. [email protected]:/# iptables -I INPUT -p tcp –dport 443 -j ACCEPT
  2. [email protected]:/# iptables -I INPUT -p udp –dport 443 -j ACCEPT

Step 5 Configure the server to start on boot

For a smarter setup, you can write a Shell script to start the server on boot;

  1. [email protected]:/# vim /jffs/scripts/shadowsocks

The script content is as follows:

  1. #!/bin/bash
  2. #Update DDNS
  3. /sbin/ifconfig ppp0 | grep “inet addr” | awk -F: ‘{print $2}’ | awk ‘{print $1}’ >‘/tmp/gge-get-newip’
  4. ggeIP=`cat /tmp/gge-get-newip`
  5. ##Open firewall port 443
  6. iptables -I INPUT -p tcp –dport 443 -j ACCEPT
  7. iptables -I INPUT -p udp –dport 443 -j ACCEPT
  8. ##Start Shadowsocks
  9. cd /opt/shadowsocksr/shadowsocks/
  10. python server.py -p 443 -k 123456 -m chacha20 -O auth_aes128_sha1 -o tls1.2_ticket_auth -d start

Script to run at startup;

  1. [email protected]:/# echo “sh /jffs/scripts/shadowsocks” >> /jffs/scripts/wan-start
  2. [email protected]:/# chmod +x /jffs/scripts/shadowsocks

Note: modify the firewall ports and ShadowsocksR-related settings according to your actual situation!

Leave a Comment

Your email address will not be published. Required fields are marked *

中文 EN
🚀

RedGate VPN

免费节点太挤太慢?
升级高速稳定专线

立即体验 →

告别卡顿

RedGate VPN
全球高速节点

免费下载 →
Scroll to Top