Shadowsocks client on router

Installing and Using OpenWrt Network and Wireless Configuration
1

I wish to setup shadowsocks client on openwrt router and forward all lan clients traffic through shadowsocks server. After some searching found that guide and after applying all changes, client does not open websites but may ping if ip specified.

ping 142.251.39.5

PING 142.251.39.5 (142.251.39.5): 56 data bytes

64 bytes from 142.251.39.5: icmp_seq=0 ttl=118 time=186.436 ms

64 bytes from 142.251.39.5: icmp_seq=1 ttl=118 time=467.009 ms

^C

--- 142.251.39.5 ping statistics ---

2 packets transmitted, 2 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 186.436/326.723/467.009/140.286 ms

dem@MacBook12 RTN14U % ping gmail.com

ping: cannot resolve gmail.com: Unknown host

Current setup

upstream_router 192.168.1.1(Internet)
        \
    openwrt_router
    wan_IP: 192.168.1.20
    lan_IP: 192.168.2.1         
             \
     client_IP: 192.168.2.244

shadowsocks-libev config according to github manual

Have removed inactive sections

root@OpenWrt:~# cat /etc/config/shadowsocks-libev


config ss_rules 'ss_rules'
	option src_default 'checkdst'
	list dst_ips_forward '8.8.8.8'
	option redir_tcp 'ssr0'
	option redir_udp 'ssr0'
	option dst_default 'forward'
	option local_default 'forward'

config server 'sss0'
	option server 'my_server_ip'
	option server_port '6338'
	option password 'my_password'
	option method 'chacha20-ietf-poly1305'

config ss_tunnel
	option server 'sss0'
	option local_address '0.0.0.0'
	option local_port '8053'
	option tunnel_address '8.8.8.8:53'
	option mode 'tcp_and_udp'
	option disabled '0'

config ss_redir 'ssr0'
	option server 'sss0'
	option local_address '0.0.0.0'
	option local_port '1100'
	option mode 'tcp_and_udp'
	option reuse_port '1'
	option disabled '0'

Screen Shot 2022-11-04 at 18.24.57
Screen Shot 2022-11-04 at 18.24.57961×624 63 KB

Screen Shot 2022-11-04 at 18.55.04
Screen Shot 2022-11-04 at 18.55.04952×338 28.8 KB

Screen Shot 2022-11-04 at 18.59.42
Screen Shot 2022-11-04 at 18.59.42890×608 62.6 KB

Screen Shot 2022-11-04 at 19.00.08
Screen Shot 2022-11-04 at 19.00.08944×535 59.1 KB

Screen Shot 2022-11-04 at 19.00.16
Screen Shot 2022-11-04 at 19.00.16947×627 69.1 KB

dhcp config

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        list server '127.0.0.1#8053'
	option noresolv '1'
	option localuse '1'
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

Restarted dnsmasq and showsocks.

1 Like
2

I have exactly the same problem..

3

Same problem. No solution? Its look like a nat rule problem.

5

Same problem

6

This video helped me

7

Please press edit on ss_redir.ssr0 and ensure all tick boxes are off in the "Advanced Settings" tab.

I have only two fields that are populated: 1) mode of operation "tcp_and_udp" and

  1. Timeout (keep the same time as the others)
8

Also ensure SS_redir.hj is enabled and matches the configuration of ss_redir.ssr0.

9

I solved this problem by adding my outline IP (sss0 server) as well as some reserved local subnets to "Dst ip/net bypass".

root@OpenWrt:~# cat /etc/config/shadowsocks-libev

config ss_tunnel
	option server 'sss0'
	option local_address '0.0.0.0'
	option local_port '8053'
	option tunnel_address '1.1.1.1:53'
	option mode 'tcp_and_udp'
	option timeout '60'

config ss_redir 'hj'
	option server 'sss0'
	option local_address '0.0.0.0'
	option local_port '1100'
	option mode 'tcp_and_udp'
	option timeout '60'
	option fast_open '1'
	option verbose '1'
	option reuse_port '1'

config ss_rules 'ss_rules'
	option redir_tcp 'hj'
	option redir_udp 'hj'
	option src_default 'checkdst'
	option dst_default 'forward'
	option local_default 'forward'
	option dst_ips_bypass_file '/etc/shadowsocks-libev/bypass.lst'

config server 'sss0'
	option server '_outline_ip_address_'
	option server_port '_outline_port_'
	option method 'chacha20-ietf-poly1305'
	option password '_outline_password_'

root@OpenWrt:~# cat /etc/shadowsocks-libev/bypass.lst

0.0.0.0/8
10.0.0.0/8
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.168.0.0/16
224.0.0.0/4
240.0.0.0/4
_outline_ip_address_
10

Shadowsocks is proxy, so it is not possible to "forward all traffic" through it. Clients should use SOCKS5-proxy, running on router.