Enjoy

.gitignore

@@ -0,0 +1,6 @@
+.idea
+etc/shadowsocks/
+etc/dnsmasq.d/
+!etc/dnsmasq.d/through_stubby.conf
+rules/
+!rules/localips

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Billy Zheng
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,105 @@
+# Shadowsocks for Asuswrt-Merlin New Gen
+
+shadowsocks-asuswrt-merlin will install `shadowsocks-libev` and `v2ray-plugin` on your Asuswrt-Merlin New Gen(version 382.xx and higher) based router.
+
+## Getting Started
+
+### Prerequisites
+- Asuswrt-Merlin New Gen(version 382.xx and higher) based router
+- Entware **must** be installed, you can find installation documents on [https://github.com/RMerl/asuswrt-merlin/wiki/Entware](https://github.com/RMerl/asuswrt-merlin/wiki/Entware)
+- JFFS partition should be enabled
+- bash should be installed
+- ca-certificates should be installed for HTTPS support
+- git and git-http should be installed
+- wget should be installed
+
+Make sure you have installed all prerequisites software and utils, you can install it by:
+```sh
+opkg update
+opkg upgrade
+opkg install bash ca-certificates git-http wget
+```
+
+### Installing
+shadowsocks-asuswrt-merlin is installed by running the following commands in your terminal:
+```sh
+bash -c "$(wget https://raw.githubusercontent.com/Acris/shadowsocks-asuswrt-merlin/master/tools/install.sh -O -)"
+```
+
+### Configuration
+```sh
+# Edit the configuration file
+vi /opt/share/ss-merlin/etc/shadowsocks/config.json
+
+# Start the service
+ss-merlin start
+```
+
+### Restart
+```sh
+ss-merlin restart
+```
+
+### Upgrade
+```sh
+ss-merlin upgrade
+```
+
+### Uninstall
+```sh
+ss-merlin uninstall
+```
+
+### Custom user rules
+```
+# Block domain
+vi /opt/share/ss-merlin/rules/user_domain_name_blocklist.txt
+
+# Force pass proxy
+vi /opt/share/ss-merlin/rules/user_domain_name_gfwlist.txt
+
+# Domain whitelist
+vi /opt/share/ss-merlin/rules/user_domain_name_whitelist.txt
+
+# IP whitelist
+vi /opt/share/ss-merlin/rules/user_ip_whitelist.txt
+
+# Restart service
+ss-merlin restart
+```
+
+## Credits
+Thank you to the following awesome projects ❤️
+- [shadowsocks-libev](https://github.com/shadowsocks/shadowsocks-libev)
+- [v2ray-plugin](https://github.com/shadowsocks/v2ray-plugin)
+- [asuswrt-merlin.ng](https://github.com/RMerl/asuswrt-merlin.ng)
+- [Entware](https://github.com/Entware/Entware)
+- [asuswrt-merlin-transparent-proxy](https://github.com/zw963/asuswrt-merlin-transparent-proxy)
+- [stubby](https://github.com/getdnsapi/stubby)
+- [dnsmasq-china-list](https://github.com/felixonmars/dnsmasq-china-list)
+- [oh-my-zsh](https://github.com/robbyrussell/oh-my-zsh)
+- And many more.
+
+## License
+```
+The MIT License (MIT)
+
+Copyright (c) 2016 Billy Zheng
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.```

bin/ss-merlin

@@ -0,0 +1,127 @@
+#!/bin/sh
+
+SS_MERLIN_HOME=/opt/share/ss-merlin
+
+CONFIG_DIR=${SS_MERLIN_HOME}/etc/dnsmasq.d
+ACCELERATED_CONFIG=${CONFIG_DIR}/accelerated-domains.china.conf
+GOOGLE_CONFIG=${CONFIG_DIR}/google.china.conf
+APPLE_CONFIG=${CONFIG_DIR}/apple.china.conf
+
+ansi_red="\033[1;31m";
+ansi_green="\033[1;32m";
+ansi_yellow="\033[1;33m";
+ansi_std="\033[m";
+
+stop_proxy() {
+  echo -e "$ansi_green Stop shadowsocks-asuswrt-merlin... $ansi_std"
+
+  if [[ ! -f /tmp/ss-merlin-is-run ]]; then
+    echo -e "$ansi_red ss-merlin is not running. $ansi_std"
+    exit 1
+  fi
+
+  cru d check-services-alive
+
+  ${SS_MERLIN_HOME}/scripts/stop_all_services.sh
+
+  ${SS_MERLIN_HOME}/scripts/clean_iptables_rule.sh
+
+  sed -i "\#conf-dir=${SS_MERLIN_HOME}/etc/dnsmasq.d/,\*\.conf#d" /jffs/configs/dnsmasq.conf.add
+
+  service restart_dnsmasq
+
+  rm /tmp/ss-merlin-is-run
+
+  echo -e "$ansi_green Stopped. $ansi_std"
+}
+
+start_proxy() {
+  echo -e "$ansi_green Start shadowsocks-asuswrt-merlin... $ansi_std"
+
+  if [[ -f /tmp/ss-merlin-is-run ]]; then
+    echo -e "$ansi_red ss-merlin is running, please stop it before start. $ansi_std"
+    exit 1
+  fi
+
+  echo "Initializing dnsmasq..."
+
+  if [[ -d "$CONFIG_DIR" ]]; then
+    default_dns_ip=127.0.0.1
+
+    sed "s#114\.114\.114\.114#${default_dns_ip}#" ${ACCELERATED_CONFIG}.bak > ${ACCELERATED_CONFIG}
+    sed "s#114\.114\.114\.114#${default_dns_ip}#" ${GOOGLE_CONFIG}.bak > ${GOOGLE_CONFIG}
+    sed "s#114\.114\.114\.114#${default_dns_ip}#" ${APPLE_CONFIG}.bak > ${APPLE_CONFIG}
+
+    user_domain_name_whitelist=${SS_MERLIN_HOME}/rules/user_domain_name_whitelist.txt
+    user_domain_name_blocklist=${SS_MERLIN_HOME}/rules/user_domain_name_blocklist.txt
+    user_domain_name_gfwlist=${SS_MERLIN_HOME}/rules/user_domain_name_gfwlist.txt
+
+    OLDIFS="$IFS" && IFS=$'\n'
+    if [[ -f ${user_domain_name_whitelist} ]]; then
+      rm -f ${CONFIG_DIR}/whitelist-domains.china.conf
+      for i in $(cat ${user_domain_name_whitelist} | grep -v '^#'); do
+        echo "server=/${i}/${default_dns_ip}" >> ${CONFIG_DIR}/whitelist-domains.china.conf
+      done
+    fi
+
+    if [[ -f ${user_domain_name_blocklist} ]]; then
+      rm -f ${CONFIG_DIR}/blacklist-domains.china.conf
+      for i in $(cat ${user_domain_name_blocklist} | grep -v '^#'); do
+        echo "address=/${i}/127.0.0.1" >> ${CONFIG_DIR}/blocklist-domains.china.conf
+      done
+    fi
+
+    if [[ -f ${user_domain_name_gfwlist} ]]; then
+      for i in $(cat ${user_domain_name_gfwlist} | grep -v '^#'); do
+        sed -i "/server=\/${i}\/.*/d" ${ACCELERATED_CONFIG}
+        sed -i "/server=\/${i}\/.*/d" ${GOOGLE_CONFIG}
+        sed -i "/server=\/${i}\/.*/d" ${APPLE_CONFIG}
+      done
+    fi
+    IFS=${OLDIFS}
+  fi
+
+  echo "Updating dnsmasq config file..."
+
+  if ! grep -qs "^conf-dir=${SS_MERLIN_HOME}/etc/dnsmasq.d/,\*\.conf$" /jffs/configs/dnsmasq.conf.add; then
+      echo "conf-dir=${SS_MERLIN_HOME}/etc/dnsmasq.d/,*.conf" >> /jffs/configs/dnsmasq.conf.add
+  fi
+
+  ${SS_MERLIN_HOME}/scripts/apply_iptables_rule.sh
+
+  echo "Starting all services..."
+  ${SS_MERLIN_HOME}/scripts/start_all_services.sh
+
+  service restart_dnsmasq
+
+  echo "Creating cron jobs..."
+
+  cru a check-services-alive "* * * * *" "$SS_MERLIN_HOME/scripts/start_all_services.sh"
+  cru a update-ip-whitelist "15 3 * * 0" "$SS_MERLIN_HOME/scripts/update_ip_whitelist.sh"
+  cru a update-dns-whitelist "15 4 * * 0" "$SS_MERLIN_HOME/scripts/update_dns_whitelist.sh"
+  cru a upgrade-ss-merlin "20 6 * * 0" "$SS_MERLIN_HOME/tools/upgrade.sh"
+
+  touch /tmp/ss-merlin-is-run
+
+  echo -e "$ansi_green Started. $ansi_std"
+}
+
+restart_proxy() {
+  stop_proxy
+  sleep 5
+  start_proxy
+}
+
+if [[ "$1" == 'stop' ]]; then
+  stop_proxy
+elif [[ "$1" == 'start' ]]; then
+  start_proxy
+elif [[ "$1" == 'restart' ]]; then
+  restart_proxy
+elif [[ "$1" == 'upgrade' ]]; then
+  bash ${SS_MERLIN_HOME}/tools/upgrade.sh
+elif [[ "$1" == 'uninstall' ]]; then
+  bash ${SS_MERLIN_HOME}/tools/uninstall.sh
+else
+  echo -e "$ansi_yellow Usage: ss-merlin start|stop|restart|upgrade|uninstall $ansi_std"
+fi

etc/dnsmasq.d/through_stubby.conf

@@ -0,0 +1 @@
+server=/#/127.0.0.1#15253

etc/shadowsocks/config.json

@@ -0,0 +1,12 @@
+{
+  "server": "123.123.123.123",
+  "server_port": 8388,
+  "local_address": "192.168.1.1",
+  "local_port": 1080,
+  "password": "ChangeMe!!!",
+  "timeout": 600,
+  "method": "chacha20-ietf-poly1305",
+  "mode": "tcp_and_udp",
+  "plugin": "v2ray-plugin",
+  "plugin_opts": "tls;host=cloudfront.net;path=/v2ray"
+}

etc/stubby/stubby.yml

@@ -0,0 +1,16 @@
+resolution_type: GETDNS_RESOLUTION_STUB
+dns_transport_list:
+  - GETDNS_TRANSPORT_TLS
+tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
+tls_query_padding_blocksize: 128
+round_robin_upstreams: 1
+idle_timeout: 10000
+listen_addresses:
+  - 127.0.0.1@15253
+appdata_dir: "/opt/var/cache/stubby"
+upstream_recursive_servers:
+  # Rubyfish service
+  - address_data: 118.89.110.78
+    tls_auth_name: "dns.rubyfish.cn"
+  - address_data: 47.99.165.31
+    tls_auth_name: "dns.rubyfish.cn"

rules/localips

@@ -0,0 +1,19 @@
+0.0.0.0/8
+10.0.0.0/8
+100.64.0.0/10
+127.0.0.0/8
+169.254.0.0/16
+172.16.0.0/12
+192.0.0.0/24
+192.0.2.0/24
+192.31.196.0/24
+192.52.193.0/24
+192.88.99.0/24
+192.168.0.0/16
+192.175.48.0/24
+198.18.0.0/15
+198.51.100.0/24
+203.0.113.0/24
+224.0.0.0/4
+240.0.0.0/4
+255.255.255.255