Soft Route Proxy: OpenWrt Soft Route Configuration Global Proxy IP Solution

Hands-on with soft routing to build a global proxy network

Recently, many partners are asking how to use soft routing to realize the whole house devices automatically go proxy. Today, we will use the most coarse configuration process to give everyone a complete understanding of OpenWrt how to play around with the global proxy. Don't be intimidated by the jargon, follow the operation on the finish.

Don't step on potholes with hardware preparation

It is recommended that the entire x86 small host as a soft route, a treasure 300 dollars of second-hand industrial computer is enough. Pay attention to the number of network ports:At least two Gigabit portsThe first one is connected to the optical cat, and the other one is connected to the switch. Don't be stingy with the memory, 2G to start with, after installing the system there is still 500M cache space left.

Key Plugin Installation Guide

After installing OpenWrt, search for these three plugins in the package:red-socks2(Note the version with numbers),luci-app-s-ocks(interface management tool),iptables-mod-tproxy(Traffic hijacking must). Installation may report an error, refresh the source a few more times to fix it.

opkg update
opkg install red---socks2 iptables-mod-tproxy

Proxy Configuration Hands-On Teaching

Here is a demo with ipipgo's socks5 proxy (his protocol is fully supported). Login to the background into theNetwork → Agent → Main Configuration, focus on filling in these three items:

Server Address: s5.ipipgo-proxy.net
Port: 10808
Authentication: Username + Password (ask customer service for it)

tickUDP forwardingrespond in singingautomatic reconnection(math.) genusglobal mode选”透明代理”。保存后别急着应用，先往下看防火代理设置。

防火代理规则调试

exist网络→防火代理→自定义规则Add this to the list:

iptables -t nat -A PREROUTING -p tcp -j RED---SOCKS
iptables -t nat -A RED---SOCKS -d 192.168.0.0/16 -j RETURN

The second line is to prevent the intranet address from being forwarded by mistake, change it according to your own network segment. It is recommended to openlog debugging, use tcpdump to grab packets to see where the traffic is going.

ipipgo proxy test experience

His static residential IP is really stable, the actual test continuous 48 hours without dropping. I'll share a test script:

curl --socks5-hostname s5.ipipgo-proxy.net:10808 -U username:password ifconfig.me

If the returned IP shows an overseas address, it means the proxy is successful. Be careful not to test with domestic websites, some platforms will detect proxy behavior.

Handbook on Mine Clearance of Common Problems

Q: What should I do if my agent is slow?
A：优先选ipipgo的TK专线，能压到200ms内。检查MTU值是不是1492，改小点有奇效。

Q: Some of the equipment does not go to the agent?
A: Check the DNS settings, it is recommended to force assigning public DNS like 233.5.5.5 in DHCP. android devices should turn off the private DNS function.

Q: How are the consoles configured?
A：在防火代理规则里排除游戏服务器IP段，具体找ipipgo客服要现成的规则表。

Suggestions for package selection

Recommendations based on usage scenarios:

• Brush web/video: Dynamic Residential Standard Edition, $7.67/GB is sufficient
• Hookup business: static residential IP, $35/month fixed exit
• Enterprise-level requirements: directly to customer service customized solutions, support for API batch management

As a final nag, after you've configured it, remember to put thetime zonesChange to proxy region time, some sites will detect this. When you encounter strange problems, reboot the soft route before troubleshooting, it can solve the 80% metaphysical failure.