Please, i deadly would like to setup redsocks on my brume or opal, thx

ccchan · April 28, 2024, 6:18pm

hi,

redsocks2 is NOT available on 3.216 for brume nor opal.

image1023×278 3.63 KB

this is brume:

which is different from what claimed, for AR750S?

i have digged a lot resources and none worked.
i really would appreciate any help. i am ok to stick /w redsocks and not 2.

usage: i bought a http/socks5 proxy service oversea, i just wish when my ipad connect to my brume or opal, every internet activity is made thru that proxy to read the destination e.g .some restricted services in that country. thanks

below i’ll post the references i found.

ccchan · April 28, 2024, 6:21pm

Claimed to work:

for redsocks not 2,
i tried, nothing happens
GitHub - emonbhuiyan/Redsocks-OpenWRT: Redsocks is a proxy tunneling extension. However, I found a very rare tutorial about how to configure Redsocks on an OpenWRT router. With this tutorial, we can use it on our OpenWRT router easily. It will be helpful for BDIX bypass users of Bangladesh who are using the socks5 proxy.
this is one the staff kindly found for another user.
not working for me neither.
Setup iptables for RedSocks in OpenWRT · GitHub
the post: Seeking help for Redsocks setup
this user asked the same Q.
finally he claim he could do with just 2 lines of iptable?
Need help with iptables and redsocks - #4 by system - Network and Wireless Configuration - OpenWrt Forum
some ukraine ref:
ITDim: Підключити proxy до OpenWrt та направити локальний трафік
claim go thru a ssh but need commercial service. just for reference esp to the iptables as i know nothing about them
https://www.dnsflex.com/how-to-route-all-network-traffic-from-your-lan-securely-through-a-socks5-proxy-ssh-tunnel-redsocks
claim worked but leak DNS
How to fix DNS leak with redsocks? (shows both socks5 DNS and my DNS) - Network and Wireless Configuration - OpenWrt Forum

Claimed NOT work:
A. another NOT working example:

B. worked on laptop but not router:

C. another one trying:

ccchan · April 28, 2024, 6:27pm

there are for redsock2, looks same but i keep them separate:

claim to work:

gist.github.com

https://gist.github.com/lanceliao/75c368f16238ae4c741d

1-redsocks2-openwrt.md

redsocks2是一款透明socks5代理工具，能够实现智能代理的功能，这里是redsocks2在OpenWrt上的配置，配合shadowsocks使用。

redsocks.conf 是配置文件，放在/etc目录，将```192.168.1.1```改成路由器的地址.
redsocks2.sh 为自启动文件，改名为redsocks2放到```/etc/init.d```目录即可。自启动文件假设redsocks可执行文件在```/opt/bin```目录。

启动redsocks2: ```/etc/init.d/redsocks2 start```
停止redsocks2: ```/etc/init.d/redsocks2 stop```

[redsocks2 git源](https://github.com/semigodking/redsocks)

redsocks.conf

base {
	log_debug = off;
	log_info = off;
	daemon = on;
	redirector= iptables;
}

redsocks {
	# rename this address to local ip
	local_ip = 192.168.1.1;

This file has been truncated. show original

redsocks2.sh

#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org
#
# auto startup script for redsocks2 on OpenWrt
# this file is located in directory /etc/init.d
# rename this file to redsocks

START=95

SERVICE_USE_PID=1

This file has been truncated. show original

ccchan · April 28, 2024, 6:32pm

full teaching for linux, worth it’s own post:

ccchan · April 28, 2024, 6:33pm

i’ll try digest, with help from AI.

ccchan · April 28, 2024, 6:40pm

another official doc
https://darkk.net.ru/redsocks/

admon · April 28, 2024, 6:41pm

It won’t work with GL firmware anyway because it will change many different things.

So you need to go plain OpenWrt - and this possibility depends on a supported model.

ccchan · April 28, 2024, 7:09pm

i bought GL inet because i think it’s a openwrt + something.

you now tell me it’s something alike openwrt but not openwrt?

thanks

admon · April 28, 2024, 7:16pm

It’s something like this, yeah - depends on point of view.
See Is it really OpenWRT?

ccchan · April 28, 2024, 7:20pm

i dont agree with you that it wont run.

tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN 20921/redsocks
^-----------------
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3252/lighttpd
tcp 0 0 ::1:53 :::* LISTEN 2083/dnsmasq
tcp 0 0 fe80::9683:c4ff:fe14:5916:53 :::* LISTEN 2083/dnsmasq
tcp 0 0 :::22 :::* LISTEN 727/dropbear
udp 0 0 192.168.8.216:53 0.0.0.0:* 2083/dnsmasq
udp 0 0 127.0.0.1:53 0.0.0.0:* 2083/dnsmasq
udp 0 0 192.168.58.1:53 0.0.0.0:* 2083/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 2083/dnsmasq
udp 0 0 127.0.0.1:10053 0.0.0.0:* 20921/redsocks
udp 0 0 127.0.0.1:5300 0.0.0.0:* 20921/redsocks
udp 0 0 ::1:53 :::* 2083/dnsmasq
udp 0 0 fe80::9683:c4ff:fe14:5916:53 :::* 2083/dnsmasq

root@GL-SFT1200:/etc# curl ‘https://api.ipify.org?format=json’
{“ip”:“77.242.xxx.yyy”}root@GL-SFT1200:/etc#

redsocks do listen to port 12345 now
the 77.242.xxx.yyy is the proxy server i want to connect to.

it do work at the router,
however when i connect by CB to the router,
and use chrome to visit whatismyipaddress, it still shows the real one.

just need some help.

the above could be seen in the russian/ua reference:

so i do think it’s partially running.

admon · April 28, 2024, 7:22pm

I know from other projects like this (shadowsocks) that it does not work because of the very complex iptables rules - which are necessary for most GL stuff.

So, maybe redsocks will work, but it might reduce functionality of the GL firmware.
I can’t tell nor help - sorry.

Maybe other people here are able to help.

alzhao · April 29, 2024, 4:19am

Seems that it is all about firewall. Need to route the dns and data.

What did you change the scripts that you mentioned?

The openwrt scripts seems has already everything included.

hecatae · April 29, 2024, 10:22am

Are you happy to run custom firmware one the Opal to get this working?
redsocks2 is available in this custom repository:

It’s not been tested with gl.inet stock, but does work with the immortalwrt custom build of the sft1200 siflower 18.06 SDK:

ccchan · April 29, 2024, 2:08pm

hi,

I have mentioned many references and more than one are about openwrt,
can you be more specific? thanks

currently, as in previous posts, that redsocks do listen at the port, it do know the outside IP is 77.x,
but it seems every packets are still not tunneled thru the redsocks.

if you can kindly point out which openwrt references i mentioned shd work,
i’ll reset everything and try once more. i am using wifi, i’ll then try LAN too.

btw, redsocks2 luci is availble but the program redsocks2 is NOT available is … not professional.

thank you.

ccchan · April 29, 2024, 2:10pm

i read that the CPU of opal, which is made in china,
is not supported in official openwrt.

so this is ANOTHER custom build, other than GL inet firmware, openwrt?

thanks

ccchan · April 29, 2024, 2:11pm

i got a brume and 2 opal, 1 st1200?.

at the end i would install openwrt on brume instead then.
thank you.

hecatae · April 29, 2024, 2:34pm

The Opal is based on a Siflower 1806 SDK (Software Development Kit) forked from Openwrt.
None of the drivers are opensource, they are all proprietary blobs.
Siflower feels they have fulfilled all GPL obligations by releasing the following on github:

They have not, but I’m not going to get into that argument here.

ImmortalWrt is a fork of OpenWrt, with more packages ported, more devices supported, better performance, and special optimizations for mainland China users. Compared the official one, we allow to use hacks or non-upstreamable patches / modifications to achieve our purpose. Source from anywhere.

Immortalwrt source is here: GitHub - immortalwrt/immortalwrt: An opensource OpenWrt variant for mainland China users.

So what’s been achieved is several people have taken the Siflower source, and the released kernel, and rebased it on Immortalwrt.

The immediate advantage is that you have access to the latest packages, and you have full control over your Opal.

hecatae · April 29, 2024, 2:36pm

by st1200 do you mean sf1200?
It’s possible to install Immortalwrt on that as well if required.

ccchan · April 29, 2024, 2:50pm

i think so,
i got both sft1200 and sf1200?
it’s indeed opal and a discountinued home-use one.
they are cheap so i totally bought 3 of them.

ccchan · April 29, 2024, 2:54pm

hi guys,

thanks for your inputs, however i think i’ll leave the “tunnel android/ipad thru openwrt router to proxy server” problem to others.

as i found the proxy service provider do have a desktop program and make the desktop acting like that tunnel itself.

althought it’s close source, the .exe is signed and it’s my best choice now.
it’s already running.

thank you.