-
Notifications
You must be signed in to change notification settings - Fork 80
/
v2ray+dnsmasq+dnscrypt2
executable file
·173 lines (136 loc) · 5.5 KB
/
v2ray+dnsmasq+dnscrypt2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
#!/bin/bash
ssh "$*" "[ -f /opt/etc/toggle_proxy.sh ] && /opt/etc/toggle_proxy.sh disable"
self="$(curl -sS https://raw.githubusercontent.com/zw963/deployment_bash/v0.5.3/deploy_start.sh)" && eval "$self"
export target=$1
config=./router/v2ray/opt/etc/v2ray.json
if [ ! -e $config ];then
echo "Please add ${config} or generate it use server/v2ray-server/deploy_v2ray+ss_to_vps before deploy."
exit
fi
copy router/v2ray/opt/etc/apply_iptables_rule.sh /opt/etc
copy router/v2ray/opt/etc/apply_ipset_rule.sh /opt/etc
copy router/v2ray/opt/etc/patch_router /opt/etc
copy router/v2ray/opt/etc/switch_proxy.sh /opt/etc
copy $config /opt/etc
# DNS
copy router/opt/etc/dnscrypt-proxy.toml /opt/etc
copy router/opt/etc/dnsmasq.d/foreign_domains.conf /opt/etc/dnsmasq.d/foreign_domains.conf
copy router/opt/etc/restart_dnsmasq /opt/etc
copy router/opt/etc/clean_iptables_rule.sh /opt/etc
copy router/opt/etc/toggle_proxy.sh /opt/etc
copy router/opt/etc/localips /opt/etc
copy router/opt/etc/update_ip_whitelist /opt/etc
copy router/opt/etc/update_dns_whitelist /opt/etc
[ -e router/opt/etc/user_ip_whitelist.txt ] && copy router/opt/etc/user_ip_whitelist.txt /opt/etc
[ -e router/opt/etc/user_domain_name_whitelist.txt ] && copy router/opt/etc/user_domain_name_whitelist.txt /opt/etc
[ -e router/opt/etc/user_domain_name_blocklist.txt ] && copy router/opt/etc/user_domain_name_blocklist.txt /opt/etc
[ -e router/opt/etc/user_domain_name_gfwlist.txt ] && copy router/opt/etc/user_domain_name_gfwlist.txt /opt/etc
deploy_start
# ----------------------------------------------------
#
# 下面的脚本会在远程路由器之上执行, 请根据所需,酌情修改。
#
# ---------------------------------------------------
# 如果第一次运行本脚本, 请务必初始化 entware 包管理系统.
# ssh 登陆路由器, 执行 entware-setup.sh, 选择 1'
if ! opkg update; then
echo "Run \`opkg update' failed."
echo "Run \`entware-setup.sh' to initalize entware-ng!"
exit
else
opkg upgrade
fi
# 如果不存在 ipset (例如 AC66U), 首先安装 ipset4
which ipset &>/dev/null || opkg install ipset4
# 添加 AC87U 的 ipset protocal version 6 的 iptables/ipset 支持.
ipset_protocal_version=$(ipset -v |grep -o 'version.*[0-9]' |head -n1 |cut -d' ' -f2)
set -e
opkg install libc libssp libev libmbedtls libpcre libpthread libsodium haveged zlib libopenssl
opkg --autoremove remove dnscrypt-proxy
opkg install dnscrypt-proxy2_nohf
opkg install bind-dig
if [ "$ipset_protocal_version" == 6 ]; then
# AC87U 无需安装新版的 iptables/ipset
echo 'skip install iptables command'
else
# AC66U, 需要额外安装新版的 iptables
opkg install iptables
fi
v2ray_version=4.22.0
wget https://github.com/v2ray/v2ray-core/releases/download/v${v2ray_version}/v2ray-linux-arm.zip
mkdir -p v2ray && unzip v2ray-linux-arm.zip -d v2ray -o
cd v2ray/
chmod +x v2ctl* v2ray*
./v2ray -version
if [ $? == 0 ]; then
cp v2ray v2ray_armv7 v2ctl v2ctl_armv7 geoip.dat geosite.dat /opt/sbin/
echo 'v2ray is installed'
else
echo 'v2ray install failed, please check router if support this version.'
exit
fi
cat <<'HEREDOC' > /opt/etc/init.d/S22v2ray
#!/bin/sh
ENABLED=yes
PROCS=v2ray
ARGS="-config /opt/etc/v2ray.json"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[ -z "$(which $PROCS)" ] && exit 0
. /opt/etc/init.d/rc.func
HEREDOC
chmod +x /opt/etc/init.d/S22v2ray
# ----------------------------------------------------
#
# 下面执行一些脚本检查与替换。
#
# ---------------------------------------------------
# 将 dnscrypt 作为 dnsmasq 的上游 DNS 服务器
replace_regex 'server=/#/.*' 'server=/#/127.0.0.1#65053' /opt/etc/dnsmasq.d/foreign_domains.conf
# ----------------------------------------------------
#
# 设定脚本执行权限
#
# ---------------------------------------------------
cd /opt/etc
chmod +x apply_ipset_rule.sh \
apply_iptables_rule.sh \
clean_iptables_rule.sh \
patch_router \
restart_dnsmasq \
toggle_proxy.sh \
switch_proxy.sh \
update_dns_whitelist \
update_ip_whitelist \
/jffs/scripts/services-start
# ----------------------------------------------------
#
# 启动所需的脚本
#
# ---------------------------------------------------
# 每隔 1 分钟检测下所有的服务是否运行.
add_service wan-start 'cru a run-services "*/1 * * * *" "/jffs/scripts/services-start"'
# 星期一的 3:25 分升级 IP 白名单.
add_service wan-start 'cru a update_ip_whitelist "25 3 * * 2" "/opt/etc/update_ip_whitelist"'
# 星期一的 4:25 分升级域名白名单.
add_service wan-start 'cru a update_dns_whitelist "25 4 * * 2" "/opt/etc/update_dns_whitelist"'
# 确保即使不重启,也将 wan-start 中的任务加入 crontab
/jffs/scripts/wan-start
# Disable enable swap file because merlin introduce it in AMPM.
# # 打开swap
# echo 'Enabling swap'
# /opt/etc/enable_swap.sh
# add_service post-mount '/opt/etc/enable_swap.sh'
# 更新 IP 白名单和 DNS 白名单.
/opt/etc/update_ip_whitelist
/opt/etc/update_dns_whitelist
# 如果 DHCP 重新分配 IP 地址时, 会清除 iptables rule, 此时重新应用 iptables
add_service dhcpc-event '/opt/etc/apply_iptables_rule.sh'
set +e
/jffs/scripts/services-stop
set -e
/jffs/scripts/services-start
# 在所有服务启动之后, 运行 /opt/etc/patch_router 为 dnsmasq 追加配置, 并重启 dnsmasq 服务.
add_service services-start '[ -f /tmp/patch_router_was_run_at ] || /opt/etc/patch_router'
/opt/etc/patch_router