Shadowsocks client on router

I wish to setup shadowsocks client on openwrt router and forward all lan clients traffic through shadowsocks server. After some searching found that guide and after applying all changes, client does not open websites but may ping if ip specified.

ping 142.251.39.5

PING 142.251.39.5 (142.251.39.5): 56 data bytes

64 bytes from 142.251.39.5: icmp_seq=0 ttl=118 time=186.436 ms

64 bytes from 142.251.39.5: icmp_seq=1 ttl=118 time=467.009 ms

^C

--- 142.251.39.5 ping statistics ---

2 packets transmitted, 2 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 186.436/326.723/467.009/140.286 ms

dem@MacBook12 RTN14U % ping gmail.com

ping: cannot resolve gmail.com: Unknown host

Current setup

upstream_router 192.168.1.1(Internet)
        \
    openwrt_router
    wan_IP: 192.168.1.20
    lan_IP: 192.168.2.1         
             \
     client_IP: 192.168.2.244                     

shadowsocks-libev config according to github manual

Have removed inactive sections

root@OpenWrt:~# cat /etc/config/shadowsocks-libev


config ss_rules 'ss_rules'
	option src_default 'checkdst'
	list dst_ips_forward '8.8.8.8'
	option redir_tcp 'ssr0'
	option redir_udp 'ssr0'
	option dst_default 'forward'
	option local_default 'forward'

config server 'sss0'
	option server 'my_server_ip'
	option server_port '6338'
	option password 'my_password'
	option method 'chacha20-ietf-poly1305'

config ss_tunnel
	option server 'sss0'
	option local_address '0.0.0.0'
	option local_port '8053'
	option tunnel_address '8.8.8.8:53'
	option mode 'tcp_and_udp'
	option disabled '0'

config ss_redir 'ssr0'
	option server 'sss0'
	option local_address '0.0.0.0'
	option local_port '1100'
	option mode 'tcp_and_udp'
	option reuse_port '1'
	option disabled '0'





dhcp config

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        list server '127.0.0.1#8053'
	option noresolv '1'
	option localuse '1'
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

Restarted dnsmasq and showsocks.

1 Like

I have exactly the same problem..

Same problem. No solution? Its look like a nat rule problem.

Same problem

This video helped me

Please press edit on ss_redir.ssr0 and ensure all tick boxes are off in the "Advanced Settings" tab.

I have only two fields that are populated: 1) mode of operation "tcp_and_udp" and

  1. Timeout (keep the same time as the others)

Also ensure SS_redir.hj is enabled and matches the configuration of ss_redir.ssr0.

I solved this problem by adding my outline IP (sss0 server) as well as some reserved local subnets to "Dst ip/net bypass".

root@OpenWrt:~# cat /etc/config/shadowsocks-libev

config ss_tunnel
	option server 'sss0'
	option local_address '0.0.0.0'
	option local_port '8053'
	option tunnel_address '1.1.1.1:53'
	option mode 'tcp_and_udp'
	option timeout '60'

config ss_redir 'hj'
	option server 'sss0'
	option local_address '0.0.0.0'
	option local_port '1100'
	option mode 'tcp_and_udp'
	option timeout '60'
	option fast_open '1'
	option verbose '1'
	option reuse_port '1'

config ss_rules 'ss_rules'
	option redir_tcp 'hj'
	option redir_udp 'hj'
	option src_default 'checkdst'
	option dst_default 'forward'
	option local_default 'forward'
	option dst_ips_bypass_file '/etc/shadowsocks-libev/bypass.lst'

config server 'sss0'
	option server '_outline_ip_address_'
	option server_port '_outline_port_'
	option method 'chacha20-ietf-poly1305'
	option password '_outline_password_'

root@OpenWrt:~# cat /etc/shadowsocks-libev/bypass.lst

0.0.0.0/8
10.0.0.0/8
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.168.0.0/16
224.0.0.0/4
240.0.0.0/4
_outline_ip_address_

Shadowsocks is proxy, so it is not possible to "forward all traffic" through it. Clients should use SOCKS5-proxy, running on router.

I've done this, and I've still having DNS issues. My configuration matches the above exactly, and I'm able to ping 8.8.8.8, but not google.com and nslookup returns an error. Even with the local subnets, and server IP added to the "Dst ip/net bypass".

@Demontager Were you able to get this resolved?

Any help would be greatly appreciated. I'm embarrassed to admit I've spent probably close to 30 hours stuck on this issue.