Chisel on OpenWrt

hello there
On my way to setup a stable vpn or proxy connection between my vps and my openwrt i ve discovered chisel https://github.com/jpillora/chisel
i ve setup that on an ubuntu as a socks server and on a windows pc as a client, it s setting up a socks 5 server on my win ,and i m using power tunnel https://github.com/krlvm/PowerTunnel and the win system proxy setup to get my pc connected to the vps thru chisel+powertunnel
in one picture:

vps chisel server =====>windows pc socks 5 server on wich win soks5+power tunnel are plugged in.

i have setup an openwrt on an old pc (acer e1-571 g,one ethernet, openwrt doesnt recognize the wifi card btw) and install chisel on it, so chisel is creating a socks5 proxy server there on port 1080 but now i don t know how to make all the lan/wlan client to have their connection go thru this tunnel i have now on openwrt

root@OpenWrt:/usr/local/bin# ./chisel client xx.1xx.2xx.1xx:9xxx socks
2022/11/19 20:04:39 client: Connecting to ws://xx.1xx.2xx.1xx:9xxx
2022/11/19 20:04:39 client: tun: proxy#127.0.0.1:1080=>socks: Listening
2022/11/19 20:04:40 client: Connected (Latency 100.043252ms)

any ideas?

any suggestions are welcome

I can't help with the specific questions you've got here (I'm not familiar with Chisel)... but there are a lot of other VPN and socks proxy options that are well supported and well known in the OpenWrt community. You might consider those if they can fit your use case. For example: Wireguard and OpenVPN for VPNs, or Shadowsocks for proxy applications. You may find that there will be more users able to help with these protocols.

hi psherman
i dont know if u remember my previous post ;wg and ss are blocked here , i cant make them run as the country/isp is blocking both

Ok. Understood. Yea, now I remember, but I had not noticed that you were the same user with that issue.

If/when you get a working solution, please post here so others can learn (I’ll read it, too)

1 Like

I beleive it was also noted before that this was the problem you needed to solve.

This is simple with a VPN solution, but with proxy servers, etc. it's slightly different.

1 Like

Try this TOR Socksifying (Torification) TCP Connections on Guest Network - #3 by maurer
Adapt your address server ip and ports accordingly
...
Also if iptables redirect doesn't work for some reason you could run openvpn via chisel socks5 proxy

1 Like

hi maurer

i ve checked your post ,how do i adapt it in my case if i want all the traffic going thru? it seems you have only redirected two ports only 80 and 443?

The only other thing I know of is openvpn via this chisel proxy. You can even remove encryption to improve throughput

Why not

can you guide me on the setup?

Sure just follow https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci and just add this extra config parameter socks-proxy <ip> <port>
...
For your linux server you can use this fully automated script https://github.com/Nyr/openvpn-install

1 Like

hi it doesnt work
when i am adding socks-proxy 127.0.0.1 1080 in the openvpn conf file given by the install script; i have an error on chisel and openvpn doesnt receive anything,the tun0 interface doesnt send nor receive anything
error on chisel:

client: tun: proxy#127.0.0.1:1080=>socks: conn#9: 
Stream error: write tcp openwrt-static ip:49150->ubuntu ip :9300: write: connection reset by peer

edit :the error on chisel has disappeared but still openvpn doesnt work as it should work , i m running it on tcp port 1100

have you followed all the steps in https://github.com/jpillora/chisel/issues/46 ?
...
EDIT: so @padima you seemed to be right - it doesn't work by default at least with openvpn by udp.
you need to switch protocol to tcp - replace this in both server and client . On server I also needed to comment #explicit-exit-notify.
And as a bonus on my setup I was able to pull iperf3 speedtest:

[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   439 MBytes   369 Mbits/sec  104             sender
[  5]   0.00-10.04  sec   438 MBytes   366 Mbits/sec                  receiver

what's a bit strange is after disabling encryption in both client and server:

cipher none
auth none
ncp-disable

I get the same iperf3 results :expressionless:

1 Like

hi maurer
my initial openvpn config was on tcp ; i didnt tried on udp
so on chisel server side i ve used port 9300 tcp with socks 5 and on openwrt side the same wich opening the socks 5 server on 1080. on chisel side,things seems working
and i ve modified the openvpn config by adding 127.0.01 1080 as u suggested and i m having same issue when openvpn starts nothing is going thru and i m loosing internet acces so i think there is routing issues somewhere.
i didnt get your comment thing;where did u add that?
my openwrt is one snapshot made by wulfy on pi4
any ideas?

let's start with chisel+openwrt configs of server (linux vps) and openwrt client - please remove passwords and certificates

on chisel i m using docker to run it , so as it s getting on openwrt side , i think there is no problems with chisel
for the openvpn config , i ve just used the script and dowloaded the .ovpn file to openwrt openvpn config
i ve sent u that config file in private without all private stuffs