My device is GL-iNet, version is "OpenWrt 21.02.1 r16325-88151b8303", I use XRAY (V2ray compatible), through cloudflare's CDN to pass the Great Firewall in China. Now I'm trying to set up a global proxy in OpenWrt to breach the Great Firewall (I can breach the Great Firewall normally with socks).
I checked a lot of information, according to the information on the Internet to configure: stop dnsmasq, use xray to handle all the DNS of port 53.
At first it's OK (with "curl google.com"), but after a minute or so, it can not access the Internet.
The "firewall" settings in OpenWrt have not been changed, and "net.ipv4.ip_forward=1" has been set correctly.
I don't know if the information on the internet is outdated or if my device is special, I hope someone can help point out the problem.
My iptables configuration:
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N XRAY
iptables -t mangle -A XRAY -d 223.5.5.5/32 -j RETURN
iptables -t mangle -A XRAY -d 1.0.0.1/32 -j RETURN
iptables -t mangle -A XRAY -d 1.1.1.1/32 -j RETURN
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p tcp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 12346 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 12346 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j XRAY
#Cloudflare’s IPs, My v2ray is behide cloudflare
iptables -t mangle -A XRAY -d 173.245.48.0/20 -j RETURN
iptables -t mangle -A XRAY -d 103.21.244.0/22 -j RETURN
iptables -t mangle -A XRAY -d 103.22.200.0/22 -j RETURN
iptables -t mangle -A XRAY -d 103.31.4.0/22 -j RETURN
iptables -t mangle -A XRAY -d 141.101.64.0/18 -j RETURN
iptables -t mangle -A XRAY -d 108.162.192.0/18 -j RETURN
iptables -t mangle -A XRAY -d 190.93.240.0/20 -j RETURN
iptables -t mangle -A XRAY -d 188.114.96.0/20 -j RETURN
iptables -t mangle -A XRAY -d 197.234.240.0/22 -j RETURN
iptables -t mangle -A XRAY -d 198.41.128.0/17 -j RETURN
iptables -t mangle -A XRAY -d 162.158.0.0/15 -j RETURN
iptables -t mangle -A XRAY -d 104.16.0.0/13 -j RETURN
iptables -t mangle -A XRAY -d 104.24.0.0/14 -j RETURN
iptables -t mangle -A XRAY -d 172.64.0.0/13 -j RETURN
iptables -t mangle -A XRAY -d 131.0.72.0/22 -j RETURN
iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY_SELF -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY_SELF -d 127.0.0.0/8 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY_SELF -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY_SELF -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p tcp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -m mark --mark 0xff -j RETURN
iptables -t mangle -A XRAY_SELF -p tcp -j MARK --set-mark 1
iptables -t mangle -A XRAY_SELF -p udp -j MARK --set-mark 1
iptables -t mangle -A XRAY_SELF -d 1.0.0.1/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 1.1.1.1/32 -j RETURN
#Cloudflare’s IPs, My v2ray is behide cloudflare
iptables -t mangle -A XRAY_SELF -d 173.245.48.0/20 -j RETURN
iptables -t mangle -A XRAY_SELF -d 103.21.244.0/22 -j RETURN
iptables -t mangle -A XRAY_SELF -d 103.22.200.0/22 -j RETURN
iptables -t mangle -A XRAY_SELF -d 103.31.4.0/22 -j RETURN
iptables -t mangle -A XRAY_SELF -d 141.101.64.0/18 -j RETURN
iptables -t mangle -A XRAY_SELF -d 108.162.192.0/18 -j RETURN
iptables -t mangle -A XRAY_SELF -d 190.93.240.0/20 -j RETURN
iptables -t mangle -A XRAY_SELF -d 188.114.96.0/20 -j RETURN
iptables -t mangle -A XRAY_SELF -d 197.234.240.0/22 -j RETURN
iptables -t mangle -A XRAY_SELF -d 198.41.128.0/17 -j RETURN
iptables -t mangle -A XRAY_SELF -d 162.158.0.0/15 -j RETURN
iptables -t mangle -A XRAY_SELF -d 104.16.0.0/13 -j RETURN
iptables -t mangle -A XRAY_SELF -d 104.24.0.0/14 -j RETURN
iptables -t mangle -A XRAY_SELF -d 172.64.0.0/13 -j RETURN
iptables -t mangle -A XRAY_SELF -d 131.0.72.0/22 -j RETURN
iptables -t mangle -A OUTPUT -j XRAY_SELF
My xray configuration (similar to v2ray, compatible):
{
"log": {"loglevel": "debug"
},
"inbounds": [
{
"port": 12345,
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"tag": "all-in",
"port": 12346,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [{
"address": "XXXXXXX",
"port": 443,
"users": [{
"id": "XXXXXXXX",
"encryption": "none"
}]
}]
},
"streamSettings": {
"network": "grpc",
"security": "tls",
"grpcSettings": {
"serviceName": "XXXXXXXXX",
"multiMode": true
},
"sockopt": {
"mark": 255,
"tcpFastOpen": true
},
"tlsSettings": {
"serverName": "XXXXXXXXX",
"minVersion": "1.3"
}
}
},
{
"tag": "direct",
"protocol": "freedom",
"streamSettings": {
"sockopt": {
"mark": 255
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"streamSettings": {
"sockopt": {
"mark": 255
}
}
}
],
"dns": {
"servers": [
"https+local://1.0.0.1/dns-query",
"https+local://1.1.1.1/dns-query"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"inboundTag": [
"all-in"
],
"port": 53,
"network": "udp",
"outboundTag": "dns-out"
},
{
"type": "field",
"ip": ["8.8.8.8", "1.1.1.1", "1.0.0.1"],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": ["geosite:category-ads-all"],
"outboundTag": "block"
},
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "direct"
},
{
"type": "field",
"domain": ["geosite:geolocation-!cn"],
"outboundTag": "proxy"
}
]
}
}