AWESOME!

So simple, but so great! Thanks for your help, I cant explain how it was important for me!

I hope this thread possibly will help someone in the future, so Im gonna make a short one-message manual

Main goal:

Setup an automatic configuration for sharing a secure SSH tunnel connect with local clients.

Scheme :
     

                       
                       
Prerequisites:

opkg install --force-overwrite openssh-client openssh-client-utils curl shadow-useradd
opkg install procps-ng-pgrep coreutils-nohup

Redsocks                   ####      15.05 and higher firmware

Sshpass                     ####      "It will work on any ar71xx."

Configuration files:

/etc/firewall.user

SOXIFIER_PORT=1099
. /lib/functions/network.sh
# forwarded connections
sysctl -w net.ipv4.conf.br-lan.route_localnet=1
iptables -t nat -C prerouting_lan_rule -p tcp ! --dst 192.168.0.0/16 -j DNAT --to 127.0.0.1:$SOXIFIER_PORT ||
iptables -t nat -I prerouting_lan_rule -p tcp ! --dst 192.168.0.0/16 -j DNAT --to 127.0.0.1:$SOXIFIER_PORT

/etc/init.d/socks_vps

#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org

START=50
STOP=50
USE_PROCD=1

USERNAME=root
COMMAND="sshpass -f /etc/ssh/pass.txt ssh -N -D 1080 -l user SERVER_IP"

start_service() {
    procd_open_instance
    procd_set_param user $USERNAME
    procd_set_param respawn 10 10 0
    procd_set_param command $COMMAND
    procd_close_instance
}

/etc/hotplug.d/iface/99-exec-on-updown

#!/bin/sh
local cmd
if [ "$ACTION" = ifup ]; then
cmd=$(uci get network.$INTERFACE.exec_on_up)
[ -n "$cmd" ] && $cmd
fi
if [ "$ACTION" = ifdown ]; then
cmd=$(uci get network.$INTERFACE.exec_on_down)
[ -n "$cmd" ] && $cmd
fi

/etc/init.d/network

config interface 'wan'
        ........
        option exec_on_up '/etc/init.d/redsocks start'
# autostart not working because network is down
/etc/init.d/redsocks disable
/etc/init.d/redsocks start

/etc/config/network

config interface 'wan'
        ........
        option exec_on_up '/etc/init.d/redsocks start'

/etc/redsocks.conf

........
      local_ip = 127.0.0.1;
      local_port = 1099;
........
      ip = 127.0.0.1;
      port = 1080;
      type = socks5;
........

Good luck!

(Last edited by vital21 on 5 Nov 2016, 05:38)

Today I upgraded to LEDE r2084. Redsocks does not start.
The reason is access permissions on /tmp/run. In openwrt they are 777, in lede 755.
Redsocks tries to write pidfile there , fails and exits.
My fix :
edit /etc/init.d/boot
add after mkdir's :
chmod 1777 /var/run
chmod 1777 /var/lock

This is not true now. I created this scheme  before 15.05 came out. Only recently I discovered that redsocks was added to 15.05. If redsocks is needed on lower version FW then take ipk file from 15.05 and install manually.

hi bolvan,
sendspace/file/933new link is dead.
Can you reupload it, please.
thank you very much bolvan

http://rgho.st/7mpTFCMcd

Hi, bolvan
let me come ask, please.
how to make connection of sshpass using a proxy squid ?

hi BOLVAN
let me come ask. please.
how to make connection of  sshpass using a proxy squid?

(Last edited by w0ngj0w0 on 18 Apr 2017, 02:21)

Pls dont make me guess what you mean.
Sshpass is just a tool to automate password entry in openssh client. Its not designed to work with squid.
To transparently proxy http queries squid must be configured in interception mode and you need DNAT/REDIRECT http queries to its port.
To proxy non-http tcp connections using CONNECT method of http proxy you need redsocks proxifier as middle man.

(Last edited by bolvan on 18 Apr 2017, 12:22)

Hi again mate! Could you please reupload it ...my router has died with all binaries(