Contents
Preface
In the previous article (see:OpenWrt soft router series PVE deployment OpenWrt (23.05.2) detailed tutorial), I have deployed openwrt on pve. This article is to install the three software I think are necessary on openwrt: openclash, sftpserver, and tailscale.
Openclash is definitely the most important, it is the key to the palace of science; sftpserver allows me to easily transfer files to openwrt through the sftp client; finally, tailscale allows my other devices that have also deployed tailscale to access openwrt at any location and use it as a data export. Combined with the whitelist function of clash, the device can be blessed with science or magic anytime and anywhere.
Software Installation
Install openclash
iptables
opkg update opkg install coreutils-nohup bash iptables dnsmasq-full curl ca-certificates ipset ip-full iptables-mod-tproxy iptables-mod-extra libcap libcap-bin ruby ruby-yaml kmod-tun kmod-inet-diag unzip luci-compat luci luci-base
nftables
opkg install coreutils-nohup bash dnsmasq-full curl ca-certificates ipset ip-full libcap libcap-bin ruby ruby-yaml kmod-tun kmod-inet-diag unzip kmod-nft-tproxy luci-compat luci luci-base
Download the latest openclash ipk installation package. The latest version is v0.46.003-beta. The download link is as follows:
0.46.003-beta download link
In the "System"-"Software Package" interface, upload the downloaded ipk file to openclash (develop a good habit of updating the list first):
An error occurred:
It is seen that most of them are caused by dnsmasq, so delete dsnmasq first:
opkg remove *dnsmasq
The display is as follows:
Then re-upload the ipk package for installation, this time the installation is successful:
After restarting openwrt, there is an additional openclash under the service menu:
After clicking enter, you can see the familiar interface:
I won’t write about the detailed setup process as there are many tutorials on the internet. Of course, you need to have the key to the palace of science or magic first.
In addition: In fact, there are two other famous scientific plug-ins on openwrt: SSRPlus and PassWall, which are simpler and easier to use, but I am used to using clash (Merlin also uses MerlinClash), so I will not bother with openclash directly. However, the author of clash has deleted the library, and I don’t know how the subsequent updates will be, so I will talk about it when the time comes.
Install openssh-sftp-server
The ssh server that comes with openwrt is dropbear. Although it is more lightweight, it does not support sftp (it supports scp). This makes the sftp client that comes with many of our ssh clients unable to function, so we need to install an sftpserver.
In the "System" - "Package" interface, search for "openssh-sftp-server" in the filter, and then install it directly (develop a good habit of updating the list first):
Of course, you can also install it in the cli interface:
opkg update opkg install openssh-sftp-server
Then you can use the sftp client integrated with many SSH clients to transfer files, such as the sftp client that comes with Termius:
Install tailscale
In the "System" - "Package" interface, search for "tailscale" in the filter, and then install it directly (develop a good habit of updating the list first):
Of course, you can also install it in the cli interface:
opkg update opkg install tailscale
Then start tailscale under cli:
tailscale up
Simply use the link above to log in to tailscale for verification.
In addition: If you want to use the openwrt as an exit-node, you need to declare it first:
tailscale up --advertise-exit-node
Then open the exit point option corresponding to openwrt in the machines of the tailscale official website:
It's a bit regrettable that the version in the software package is a bit old. If you want to install the latest one, you can. For example, when I installed it, the version of tailscale in the software package was 1.58.2-1:
The version on github is 1.60.0 (automatically updated):
The download link is as follows:https://github.com/adyanth/openwrt-tailscale-enabler/releases.
So you can download the latest version of tailscale's .tgz package directly from github, transfer it to openwrt via sftp, and then run the following command:
tar x -zvC / -f openwrt-tailscale-enabler-v1.60.0-e428948-autoupdate.tgz
The results are as follows:
Install dependency packages:
opkg update opkg install libustream-openssl ca-bundle kmod-tun
Set the startup:
/etc/init.d/tailscale enable # sets the system to start automatically /etc/init.d/tailscale start # starts tailscale
Then run the same command:
tailscale up
In addition to the authentication link still appearing, you will also find that it has been automatically upgraded to the latest version 1.62.0:
I have been putting up with the 1.42 version of Tailscale on Merlin for a long time, and now I don't have to worry about Tailscale updates anymore.
Install tcpdump (optional)
In the cli interface, tcpdump is a very good packet capture tool: you can not only see the packet capture results in real time, but also save the complete packet capture results as a pcap file, and then directly open it for analysis in the desktop system with software such as wireshark or sniffer. It is very useful for people who often troubleshoot and debug (it was a must for troubleshooting when I used to configure F5. For example, a customer accused me that the application didn't work after adding F5, and then I used tcpdump to capture the packets directly, and found that the packets didn't come... and then I could openly criticize the users~~~~~).
In the "System" - "Package" interface, search for "tcpdump" in the filter, and then install it directly (develop a good habit of updating the list first):
Of course, you can also install it in the cli interface:
opkg update opkg tcpdump
For example, if I want to capture packets on the eth0 interface whose source address is 192.168.10.84 and is sent to port 1080 (socks5), the tcpdump command format is as follows:
tcpdump -i eth0 src host 192.168.10.84 and dst port 1080
The specific output is as follows:
If you want to save as a pcap file, add
-w xxxx.pcap
Parameters are enough, very convenient.
Afterword
A lot of useful software can also be installed on openwrt, such as lucky, transmission, smartdns, ADguard home, etc. Some of them can be installed directly in the package manager, some require you to download the ipk package yourself and then upload it to openwrt for installation, and some need to be compiled by yourself. It depends on your personal needs.
But to be honest, the stability of the router is the main thing. If the software is not really necessary, it is better to install less. Some functions, if they can be implemented with Docker outside the router, do not necessarily have to be installed on OpenWRT. After all, it is a general principle to let professional equipment do professional things. At the same time, this can reduce the hardware requirements for installing OpenWRT devices.