Soft Route Proxy: OpenWrt Soft Route Configuration Global Proxy IP Solution

Hands-on with soft routing to build a global proxy network

Recently, many partners are asking how to use soft routing to realize the whole house devices automatically go proxy. Today, we will use the most coarse configuration process to give everyone a complete understanding of OpenWrt how to play around with the global proxy. Don't be intimidated by the jargon, follow the operation on the finish.

Don't step on potholes with hardware preparation

It is recommended that the entire x86 small host as a soft route, a treasure 300 dollars of second-hand industrial computer is enough. Pay attention to the number of network ports:At least two Gigabit portsThe first one is connected to the optical cat, and the other one is connected to the switch. Don't be stingy with the memory, 2G to start with, after installing the system there is still 500M cache space left.

Key Plugin Installation Guide

After installing OpenWrt, search for these three plugins in the package:red-socks2(Note the version with numbers),luci-app-s-ocks(interface management tool),iptables-mod-tproxy(Traffic hijacking must). Installation may report an error, refresh the source a few more times to fix it.

opkg update
opkg install red---socks2 iptables-mod-tproxy

Proxy Configuration Hands-On Teaching

Here is a demo with ipipgo's socks5 proxy (his protocol is fully supported). Login to the background into theNetwork → Agent → Main Configuration, focus on filling in these three items:

Server Address: s5.ipipgo-proxy.net
Port: 10808
Authentication: Username + Password (ask customer service for it)

tickUDP forwardingrespond in singingautomatic reconnection(math.) genusglobal modeSelect "Transparent Proxy". Don't wait to apply it after you save it, but let's go down to the firewall settings first.

Firewall rule debugging

existNetwork → Firewall → Custom RulesAdd this to the list:

iptables -t nat -A PREROUTING -p tcp -j RED---SOCKS
iptables -t nat -A RED---SOCKS -d 192.168.0.0/16 -j RETURN

The second line is to prevent the intranet address from being forwarded by mistake, change it according to your own network segment. It is recommended to openlog debugging, use tcpdump to grab packets to see where the traffic is going.

ipipgo proxy test experience

His static residential IP is really stable, the actual test continuous 48 hours without dropping. I'll share a test script:

curl --socks5-hostname s5.ipipgo-proxy.net:10808 -U username:password ifconfig.me

If the returned IP shows an overseas address, it means the proxy is successful. Be careful not to test with domestic websites, some platforms will detect proxy behavior.

Handbook on Mine Clearance of Common Problems

Q: What should I do if my agent is slow?
A: Priority to choose ipipgo TK line, the delay can be pressed to 200ms. Check the MTU value is not 1492, change the small point has a miraculous effect.

Q: Some of the equipment does not go to the agent?
A: Check the DNS settings, it is recommended to force assigning public DNS like 233.5.5.5 in DHCP. android devices should turn off the private DNS function.

Q: How are the consoles configured?
A: Exclude the game server IP segments in the firewall rules, specifically looking for ipipgo customer service to get the ready-made rule table.

Suggestions for package selection

Recommendations based on usage scenarios:

• Brush web/video: Dynamic Residential Standard Edition, $7.67/GB is sufficient
• Hookup business: static residential IP, $35/month fixed exit
• Enterprise-level requirements: directly to customer service customized solutions, support for API batch management

As a final nag, after you've configured it, remember to put thetime zonesChange to proxy region time, some sites will detect this. When you encounter strange problems, reboot the soft route before troubleshooting, it can solve the 80% metaphysical failure.