how to use v2ray on openwrt

env:

router model:Netgear R7500

openwrt firmware:18.06.4

restore factory settings:nmrpflash

  1. if exist a socks5 server

    ssh root@192.168.1.1:

    opkg update
    opkg install redsocks
    

    edit /etc/redsocks.conf:

    redsocks {
    local_ip = 0.0.0.0;
    local_port = 10800;
    ip = socks5ServerIp;
    port = 1080;
    type = socks5;
    //login = "chenshi.net";
    //password = "chenshi.net";
    }
    
    /etc/init.d/redsocks restart
    

    visit http://192.168.1.1,

    network–firewall–custom rules:

    # This file is interpreted as shell script.
    # Put your custom iptables rules here, they will
    # be executed with each firewall (re-)start.
    
    # Internal uci firewall chains are flushed and recreated on reload, so
    # put custom rules into the root chains e.g. INPUT or FORWARD or into the
    # special user chains, e.g. input_wan_rule or postrouting_lan_rule.
    
    iptables -t nat -N REDSOCKS
    iptables -t nat -A PREROUTING -i br-lan -p tcp -j REDSOCKS
    iptables -t nat -A PREROUTING -i br-lan -p udp -j REDSOCKS
    
    # Do not redirect traffic to the followign address ranges
    iptables -t nat -A REDSOCKS -d socks5ServerIp -j RETURN
    iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
    iptables -t nat -A REDSOCKS -d 172.16.0.0/16 -j RETURN
    iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
    iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
    iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
    
    # Redirect all kinds of traffic
    iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 10800
    iptables -t nat -A REDSOCKS -p udp -j REDIRECT --to-ports 10800
    

    restart firewall.

    network–interfaces–wan–dhcp client.

  2. install v2ray_armv7

    ssh root@192.168.1.1:

    opkg update
    opkg install curl unzip
    cd /tmp
    curl -LO "https://github.com/v2ray/v2ray-core/releases/download/v4.20.0/v2ray-linux-arm.zip"
    unzip v2ray-linux-arm.zip -d v2ray_armv7
    cat << EOF > v2ray_armv7/config.json
    {
      "inbounds": [
        {
          "port": 1080,
          "listen": "0.0.0.0",
          "protocol": "socks",
          "sniffing": {
            "enabled": true,
            "destOverride": ["http", "tls"]
          },
          "settings": {
            "auth": "noauth",
            "udp": false
          }
        }
      ,{
            "domainOverride": ["tls","http"],
                 "port": 10800,
                 "protocol": "dokodemo-door",
                 "settings": {
                     "network": "tcp",
                     "followRedirect": true
                 },
                 "tag":"door"
      }
      ],
      "outbounds": [
        {
          "protocol": "vmess",
          "settings": {
            "vnext": [
              {
                "address": "chenshi.net",
                "port": 443,
                "users": [
                  {
                    "id": "bffce3d2-3c89-4cfc-989b-baca4708a477",
                    "alterId": 70
                  }
                ]
              }
            ]
          },
          "streamSettings": {
            "network": "ws",
            "security": "tls",
            "wsSettings": {
              "path": "/chenshi"
            }
          }
        }
      ]
    }
    EOF
    ./v2ray_armv7 -config config.json &
    

    visit http://192.168.1.1,

    network–firewall–custom rules:

    # This file is interpreted as shell script.
    # Put your custom iptables rules here, they will
    # be executed with each firewall (re-)start.
    
    # Internal uci firewall chains are flushed and recreated on reload, so
    # put custom rules into the root chains e.g. INPUT or FORWARD or into the
    # special user chains, e.g. input_wan_rule or postrouting_lan_rule.
    
    iptables -t nat -N V2RAY
    iptables -t nat -A PREROUTING -p tcp -j V2RAY
    iptables -t nat -A PREROUTING -p udp -j V2RAY
    
    # Do not redirect traffic to the followign address ranges
    iptables -t nat -A V2RAY -d v2rayServerIp -j RETURN
    iptables -t nat -A V2RAY -d 0.0.0.0/8 -j RETURN
    iptables -t nat -A V2RAY -d 10.0.0.0/8 -j RETURN
    iptables -t nat -A V2RAY -d 127.0.0.0/8 -j RETURN
    iptables -t nat -A V2RAY -d 169.254.0.0/16 -j RETURN
    iptables -t nat -A V2RAY -d 172.16.0.0/16 -j RETURN
    iptables -t nat -A V2RAY -d 192.168.0.0/16 -j RETURN
    iptables -t nat -A V2RAY -d 224.0.0.0/4 -j RETURN
    iptables -t nat -A V2RAY -d 240.0.0.0/4 -j RETURN
    
    # Redirect all kinds of traffic
    iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 10800
    iptables -t nat -A V2RAY -p udp -j REDIRECT --to-ports 10800
    

    restart firewall.

    network–interfaces–wan–dhcp client.