OpenWrt soft router series must-install software 3 swordsmen: openclash+sftpserver+tailscale installation tutorial
This article was last updated 285 days ago. The information in it may have developed or changed. If it is invalid, please leave a message in the comment section.

Preface

In the previous article (see:OpenWrt soft router series PVE deployment OpenWrt (23.05.2) detailed tutorial), I have deployed openwrt on pve. This article is to install the three software I think are necessary on openwrt: openclash, sftpserver, and tailscale.

Openclash is definitely the most important, it is the key to the palace of science; sftpserver allows me to easily transfer files to openwrt through the sftp client; finally, tailscale allows my other devices that have also deployed tailscale to access openwrt at any location and use it as a data export. Combined with the whitelist function of clash, the device can be blessed with science or magic anytime and anywhere.

Software Installation

Install openclash

iptables

opkg update opkg install coreutils-nohup bash iptables dnsmasq-full curl ca-certificates ipset ip-full iptables-mod-tproxy iptables-mod-extra libcap libcap-bin ruby ruby-yaml kmod-tun kmod-inet-diag unzip luci-compat luci luci-base

nftables

opkg install coreutils-nohup bash dnsmasq-full curl ca-certificates ipset ip-full libcap libcap-bin ruby ruby-yaml kmod-tun kmod-inet-diag unzip kmod-nft-tproxy luci-compat luci luci-base

Download the latest openclash ipk installation package. The latest version is v0.46.003-beta. The download link is as follows:
0.46.003-beta download link
In the "System"-"Software Package" interface, upload the downloaded ipk file to openclash (develop a good habit of updating the list first):

image.png

image.png

image.png

An error occurred:
image.png

It is seen that most of them are caused by dnsmasq, so delete dsnmasq first:

opkg remove *dnsmasq

The display is as follows:

image.png

Then re-upload the ipk package for installation, this time the installation is successful:
image.png

After restarting openwrt, there is an additional openclash under the service menu:
image.png

After clicking enter, you can see the familiar interface:
image.png

I won’t write about the detailed setup process as there are many tutorials on the internet. Of course, you need to have the key to the palace of science or magic first.

In addition: In fact, there are two other famous scientific plug-ins on openwrt: SSRPlus and PassWall, which are simpler and easier to use, but I am used to using clash (Merlin also uses MerlinClash), so I will not bother with openclash directly. However, the author of clash has deleted the library, and I don’t know how the subsequent updates will be, so I will talk about it when the time comes.

Install openssh-sftp-server

The ssh server that comes with openwrt is dropbear. Although it is more lightweight, it does not support sftp (it supports scp). This makes the sftp client that comes with many of our ssh clients unable to function, so we need to install an sftpserver.
In the "System" - "Package" interface, search for "openssh-sftp-server" in the filter, and then install it directly (develop a good habit of updating the list first):

image.png

Of course, you can also install it in the cli interface:

opkg update opkg install openssh-sftp-server

Then you can use the sftp client integrated with many SSH clients to transfer files, such as the sftp client that comes with Termius:

image.png

Install tailscale

In the "System" - "Package" interface, search for "tailscale" in the filter, and then install it directly (develop a good habit of updating the list first):

image.png

Of course, you can also install it in the cli interface:

opkg update opkg install tailscale

Then start tailscale under cli:

tailscale up

image.png

Simply use the link above to log in to tailscale for verification.

In addition: If you want to use the openwrt as an exit-node, you need to declare it first:

tailscale up --advertise-exit-node

Then open the exit point option corresponding to openwrt in the machines of the tailscale official website:

image.png


It's a bit regrettable that the version in the software package is a bit old. If you want to install the latest one, you can. For example, when I installed it, the version of tailscale in the software package was 1.58.2-1:

image.png

The version on github is 1.60.0 (automatically updated):
image.png

The download link is as follows:https://github.com/adyanth/openwrt-tailscale-enabler/releases.

So you can download the latest version of tailscale's .tgz package directly from github, transfer it to openwrt via sftp, and then run the following command:

tar x -zvC / -f openwrt-tailscale-enabler-v1.60.0-e428948-autoupdate.tgz

The results are as follows:

image.png

Install dependency packages:

opkg update opkg install libustream-openssl ca-bundle kmod-tun 

Set the startup:

/etc/init.d/tailscale enable # sets the system to start automatically /etc/init.d/tailscale start # starts tailscale

Then run the same command:

tailscale up

In addition to the authentication link still appearing, you will also find that it has been automatically upgraded to the latest version 1.62.0:

image.png

I have been putting up with the 1.42 version of Tailscale on Merlin for a long time, and now I don't have to worry about Tailscale updates anymore.


Install tcpdump (optional)

In the cli interface, tcpdump is a very good packet capture tool: you can not only see the packet capture results in real time, but also save the complete packet capture results as a pcap file, and then directly open it for analysis in the desktop system with software such as wireshark or sniffer. It is very useful for people who often troubleshoot and debug (it was a must for troubleshooting when I used to configure F5. For example, a customer accused me that the application didn't work after adding F5, and then I used tcpdump to capture the packets directly, and found that the packets didn't come... and then I could openly criticize the users~~~~~).

In the "System" - "Package" interface, search for "tcpdump" in the filter, and then install it directly (develop a good habit of updating the list first):

image.png

Of course, you can also install it in the cli interface:

opkg update opkg tcpdump

For example, if I want to capture packets on the eth0 interface whose source address is 192.168.10.84 and is sent to port 1080 (socks5), the tcpdump command format is as follows:

tcpdump -i eth0 src host 192.168.10.84 and dst port 1080

The specific output is as follows:

image.png

If you want to save as a pcap file, add-w xxxx.pcapParameters are enough, very convenient.

Afterword

A lot of useful software can also be installed on openwrt, such as lucky, transmission, smartdns, ADguard home, etc. Some of them can be installed directly in the package manager, some require you to download the ipk package yourself and then upload it to openwrt for installation, and some need to be compiled by yourself. It depends on your personal needs.

But to be honest, the stability of the router is the main thing. If the software is not really necessary, it is better to install less. Some functions, if they can be implemented with Docker outside the router, do not necessarily have to be installed on OpenWRT. After all, it is a general principle to let professional equipment do professional things. At the same time, this can reduce the hardware requirements for installing OpenWRT devices.

The content of the blog is original. Please indicate the source when reprinting! For more blog articles, you can go toSitemapUnderstand. The RSS address of the blog is:https://blog.tangwudi.com/feed, welcome to subscribe; if necessary, you can joinTelegram GroupDiscuss the problem together.
No Comments

Send Comment Edit Comment


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠(ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ°Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
Emoticons
Emoji
Little Dinosaur
flower!
Previous
Next
       

This site has disabled the right mouse button and various shortcut keys. The code block content can be copied directly by clicking the copy button in the upper right corner

en_US