硬件需求

  • 需要一个可以更改静态路由的路由器。

    普通的非智能路由器,如tp-link之类,都有这个功能,所以普通路由器就可以实现了,不需要高大上的智能路由器。反而智能路由器,如小米、极路由之类没有开放这个功能。不过也没事,智能路由器都是可以刷固件的,我目前刷的padavan,信号和稳定性比原生的系统还要好。

  • 树莓派可以正常使用互联网

配置树莓派

  • 把树莓派设置成路由模式(需要切换到root用户), 这一步非常重要

    1
2

    echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p

  • 目前我将用网线将树莓派和路由器连接上,并设置静态路由

    路由器上面设置静态ip,如下图, 这样固定后就不用经常改配置了。 static route

配置路由器

测试

断开wifi重新连接,查看dns默认dns是不是192.168.50.2, 并ping www.github.com看下连接地址是不是192.18.x.x, 或者使用dig命令。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

 $ ping www.github.com
 PING www.github.com (192.18.1.46) 56(84) bytes of data.
 64 bytes from 192.18.1.46 (192.18.1.46): icmp_seq=1 ttl=63 time=1.70 ms
 64 bytes from 192.18.1.46 (192.18.1.46): icmp_seq=2 ttl=63 time=1.96 ms
 64 bytes from 192.18.1.46 (192.18.1.46): icmp_seq=3 ttl=63 time=1.82 ms
 64 bytes from 192.18.1.46 (192.18.1.46): icmp_seq=4 ttl=63 time=2.05 ms
 64 bytes from 192.18.1.46 (192.18.1.46): icmp_seq=5 ttl=63 time=1.98 ms
 64 bytes from 192.18.1.46 (192.18.1.46): icmp_seq=6 ttl=63 time=2.81 ms
 64 bytes from 192.18.1.46 (192.18.1.46): icmp_seq=7 ttl=63 time=2.23 ms
 ^C
 --- www.github.com ping statistics ---
 7 packets transmitted, 7 received, 0% packet loss, time 18ms
 rtt min/avg/max/mdev = 1.696/2.078/2.813/0.342 ms

安装clash

clash完全基于go语言开发,实现了完善的规则分流,自动和主备等多种选路策略。

到github下载对应的二进制可运行文件,https://github.com/Dreamacro/clash/releases/tag/premium,树莓派对应的clash-linux-armv7-2020.05.08.gz

clash配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

port: 7890
socks-port: 7891
#redir-port: 7892

allow-lan: true
mode: Rule
log-level: info
external-controller: :80
external-ui: dashboard
secret: "xxxx"

dns:
    enable: true
    listen: :53
    enhanced-mode: fake-ip
    ipv6: false
    nameserver:
      - "192.168.50.1"
      - "119.29.29.29"
      - "114.114.114.114"
      - "223.5.5.5"

experimental:
  interface-name: eth0
tun:
  enable: true
  stack: system

配置路由

如果没有通过域名导流,而是ip的静态路由导到树莓派,这样是不会到tun网卡上来的,现在需要做的就是要氢所有ip类型的通过添加路由导到tun上面。

  1. 使用netmask计算子网

    1
2
3
4
5
6
7
8

    [email protected]:~/clash $ netmask 192.168.50.3:192.168.50.255
  192.168.50.3/32
  192.168.50.4/30
  192.168.50.8/29
 192.168.50.16/28
 192.168.50.32/27
 192.168.50.64/26
192.168.50.128/25

  2. 添加路由

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

    ip rule add from 192.168.50.3/32 table 100
ip rule add from 192.168.50.4/30 table 101
ip rule add from 192.168.50.8/29 table 102
ip rule add from 192.168.50.16/28 table 103
ip rule add from 192.168.50.32/27 table 104
ip rule add from 192.168.50.64/26 table 105
ip rule add from 192.168.50.128/25 table 106

ip route add default via 198.18.0.1 dev utun table 100
ip route add default via 198.18.0.1 dev utun table 101
ip route add default via 198.18.0.1 dev utun table 102
ip route add default via 198.18.0.1 dev utun table 103
ip route add default via 198.18.0.1 dev utun table 104
ip route add default via 198.18.0.1 dev utun table 105
ip route add default via 198.18.0.1 dev utun table 106

  3. 如果需要删除使用下面的命令

    1
2
3
4
5
6
7

    ip rule del from 192.168.50.3/32 table 100
ip rule del from 192.168.50.4/30 table 101
ip rule del from 192.168.50.8/29 table 102
ip rule del from 192.168.50.16/28 table 103
ip rule del from 192.168.50.32/27 table 104
ip rule del from 192.168.50.64/26 table 105
ip rule del from 192.168.50.128/25 table 106

使用supervisor管理

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

[program:clash]
user=root
command =/home/pi/clash/clash.sh
priority=1
autostart = true
startsecs = 5
autorestart = true
startretries = 1024
redirect_stderr = true
stdout_logfile_maxbytes = 10MB
stdout_logfile_backups = 10
stdout_logfile = /var/log/clash.log

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

#!/bin/bash
# clash.sh
loop(){
    echo "start loop"
    for i in {1..10000}
    do
        echo "looping"
        sleep 6
        ip address | grep 198.18.0.1
        a=$?
        if [ $a -eq 0 ];then
            break;
        fi
    done

    ip rule del from 192.168.50.3/32 table 100
    ip rule del from 192.168.50.4/30 table 101
    ip rule del from 192.168.50.8/29 table 102
    ip rule del from 192.168.50.16/28 table 103
    ip rule del from 192.168.50.32/27 table 104
    ip rule del from 192.168.50.64/26 table 105
    ip rule del from 192.168.50.128/25 table 106
    
    
    ip rule add from 192.168.50.3/32 table 100
    ip rule add from 192.168.50.4/30 table 101
    ip rule add from 192.168.50.8/29 table 102
    ip rule add from 192.168.50.16/28 table 103
    ip rule add from 192.168.50.32/27 table 104
    ip rule add from 192.168.50.64/26 table 105
    ip rule add from 192.168.50.128/25 table 106
    
    ip route add default via 198.18.0.1 dev utun table 100
    ip route add default via 198.18.0.1 dev utun table 101
    ip route add default via 198.18.0.1 dev utun table 102
    ip route add default via 198.18.0.1 dev utun table 103
    ip route add default via 198.18.0.1 dev utun table 104
    ip route add default via 198.18.0.1 dev utun table 105
    ip route add default via 198.18.0.1 dev utun table 106
 
    echo "stop loop"
}

ip addr
loop &
/home/pi/clash/clash -d /home/pi/clash

参考

  1. A rule-based tunnel in Go.
  2. 在树莓派上使用kone