Linksys AC Series Router Configuration Tips for OpenWRT: Difference between revisions
| Line 1,388: | Line 1,388: | ||
More information on enabling the feature can be found here: https://openwrt.org/docs/guide-user/services/vpn/pptp/nat_traversal | More information on enabling the feature can be found here: https://openwrt.org/docs/guide-user/services/vpn/pptp/nat_traversal | ||
=== SOCKD (Dante) === | |||
It exists. And that's about it. There is some indication in the past the package was more complete, but as of 2020, the SOCKD package is single binary file (sockd). | |||
Installation: opkg install sockd | |||
File included: /usr/sbin/sockd | |||
Log file (after the below configuration is done): /var/log/sockd.log (/tmp/log/sockd.log) | |||
Configuration: Nothing is included in the OpenWRT package. It all has to be configured manually. Thankfully, some really nice person (bjonas), created all of the configuration files that should be included in the SOCKD package for OpenWRT. See this page for the "raw" / basic information: https://dev.archive.openwrt.org/ticket/21341#no1 | |||
The really amazing thing is that if one Googles "openwrt" and "sockd", there are a grand total of 73 results (with most of those results being useless trash aggregation websites whose creators do not deserve to have air to breathe). Most Google results and searches of OpenWRT packages for a SOCKS5 proxy return a lot of stuff related to ''client'' SOCKs software (and not really abundantly clear that it is client software as opposed to a SOCKS server service / daemon). DD-WRT has a functional version of the package, so why not OpenWRT? The DD-WRT init.d script is very basic and relies on other functionality from DD-WRT to function, so isn't very useful for OpenWRT. | |||
The configuration file written by "bjonas" is below, tested, and it functions. The below script should be put in this file: /etc/init.d/sockd. This allows the service to be started, stopped, etc. with the OpenWRT service command. One modification from the original script was made. The configuration file was moved from /etc/sockd.conf to /etc/sockd/sockd.conf and the appropriate line in the below script was modified from the original version.;<syntaxhighlight lang="text"> | |||
#!/bin/sh /etc/rc.common | |||
START=90 | |||
USE_PROCD=1 | |||
PROG=/usr/sbin/sockd | |||
CONFIGFILE="/var/etc/sockd.conf" | |||
xappend() { | |||
local value="$1" | |||
echo "${value#--}" >> $CONFIGFILE | |||
} | |||
append_parm() { | |||
local section="$1" | |||
local option="$2" | |||
local switch="$3" | |||
local defval="$4" | |||
local _loctmp | |||
config_get _loctmp "$section" "$option" | |||
if [ -z "$_loctmp" ]; then | |||
[ -z "$defval" ] && return 0 | |||
xappend "$switch:$defval" | |||
else | |||
xappend "$switch:$_loctmp" | |||
fi | |||
} | |||
sockd(){ | |||
local cfg="$1" | |||
append_parm "$cfg" "clientmethod" "--clientmethod" | |||
append_parm "$cfg" "method" "--method" | |||
append_parm "$cfg" "user_privileged" "--user.privileged" "root" | |||
append_parm "$cfg" "user_notprivileged" "--user.notprivileged" "nobody" | |||
append_parm "$cfg" "logoutput" "--logoutput" "syslog" | |||
local _extif _intif _extip _intip | |||
config_get _extif "$cfg" "external" | |||
[ -z "$_extif" ] && _extif="wan" | |||
config_get _intif "$cfg" "internal" | |||
[ -z "$_intif" ] && _intif="lan" | |||
network_flush_cache | |||
network_get_ipaddr _extip $_extif | |||
xappend "--external:$_extip" | |||
network_get_ipaddr _intip $_intif | |||
local _port | |||
config_get _port "$cfg" "port" "1080" | |||
xappend "--internal:$_intip port = $_port" | |||
echo >> $CONFIGFILE | |||
} | |||
service_triggers() { | |||
procd_add_reload_trigger "sockd" | |||
# procd_add_network_trigger "wan"|"pppoe-wan" | |||
} | |||
boot() { | |||
# Will be launched through hotplug | |||
return 0 | |||
} | |||
start_service() { | |||
include /lib/functions | |||
config_load sockd | |||
procd_open_instance | |||
procd_set_param command $PROG -f $CONFIGFILE | |||
procd_set_param file $CONFIGFILE | |||
procd_set_param netdev wan | |||
procd_set_param respawn | |||
procd_close_instance | |||
echo "# auto-generated config file from /etc/config/sockd" > $CONFIGFILE | |||
[ -f /etc/sockd/sockd.conf ] && { | |||
cat /etc/sockd/sockd.conf >> $CONFIGFILE | |||
} | |||
config_foreach sockd sockd | |||
} | |||
reload_service() { | |||
return 0 | |||
} | |||
stop_service() { | |||
return 0 | |||
} | |||
</syntaxhighlight>After saving the above information, the SOCKD service should be displayed when the OpenWRT ''service'' command is typed. | |||
There are two ways to configure the SOCKD / Dante SOCKS5 proxy. With a configuration file (/etc/sockd/sockd.conf) or a standard OpenWRT configuration file in /etc/config/sockd. All of this capability is made possible by the startup script created by bjonas (there are indications the version of the script may have been based on past packages from OpenWRT). If using the sockd.conf method, make sure the /etc/config/sockd file is blank / empty as directives in that file will be included in addition to anything in the sockd.conf file. Below is the /etc/config/sockd file (again, don't use it if the sockd.conf file is used;<syntaxhighlight lang="text"> | |||
config sockd | |||
option external 'wan' | |||
option internal 'lan' | |||
option clientmethod 'none' | |||
option method 'none' | |||
option user_privileged 'root' | |||
option user_notprivileged 'nobody' | |||
option logoutput 'syslog' | |||
</syntaxhighlight>Below is a functional /etc/sockd/sockd.conf file. Change the W.X.Y.Z IP Address to match whatever subnets / IP Addresses are used. Some sections of the below configuration file could be combined and are somewhat redundant. However, to match the original example it was kept in this format. The configuration is not restrictive and essentially allows all connectivity from the source subnet to anywhere via the SOCKD server / daemon.<syntaxhighlight lang="text"> | |||
logoutput: stderr /var/log/sockd.log | |||
# LAN IP Address of router | |||
internal: W.X.Y.Z port = 1080 | |||
# WAN Interface name for router (ifconfig, whichever interface is configured with an external IP Address) | |||
# Note, this won't work if one's router is behind another router unless ports are forwarded from the "perimeter" router) | |||
external: eth1.2 | |||
socksmethod: username none #rfc931 | |||
clientmethod: none | |||
# Client subnet | |||
# 0.0.0.0/0 equates to "Anywhere" | |||
client pass { | |||
from: W.X.Y.Z/24 to: 0.0.0.0/0 | |||
log: error # connect disconnect | |||
} | |||
socks pass { | |||
from: 0.0.0.0/0 to: W.X.Y.Z/24 | |||
command: bindreply udpreply | |||
log: connect error | |||
} | |||
socks pass { | |||
from: W.X.Y.Z/24 to: 0.0.0.0/0 | |||
command: bind connect udpassociate bindreply udpreply | |||
log: error # connect disconnect iooperation | |||
} | |||
</syntaxhighlight>As for starting the service, bjonas elected to create a "hot plug" method. Below is the configuration file that should be placed here: /etc/hotplug.d/iface/60-sockd;<syntaxhighlight lang="text"> | |||
#!/bin/sh | |||
[ "$ACTION" = ifup ] || exit 0 | |||
/etc/init.d/sockd enabled && /etc/init.d/sockd start | |||
</syntaxhighlight>Executing the ''service sockd start'' command should start the service at this point. The log file in /var/log/sockd.log will indicate any configuration issues. Additionally the service / daemon can be run with this command line for troubleshooting: sockd -f /etc/sockd/sockd.conf | |||
==LAMP (sort of) - Web Server (Apache, LighttpD, Nginx, and / or uHTTPd) MariaDB (MySQL), and PHP== | ==LAMP (sort of) - Web Server (Apache, LighttpD, Nginx, and / or uHTTPd) MariaDB (MySQL), and PHP== | ||
| Line 2,300: | Line 2,457: | ||
=====ZSH===== | =====ZSH===== | ||
===== Changing Shells ===== | =====Changing Shells===== | ||
Install "Change Shell": opkg install shadow-chsh | Install "Change Shell": opkg install shadow-chsh | ||