mostm/openwrt-xray
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Levent Duivel
2024-10-09 16:42:20 +05:00
committed by GitHub
parent e8bb59781b
commit 34128fef00
13 changed files with 76644 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
etc/config/xray Normal file
View File

@@ -0,0 +1,10 @@
config xray 'enabled'
option enabled '1'
config xray 'config'
option confdir '/root/xray_config'
option datadir '/usr/share/xray'
option dialer ''
option format 'json'

61
etc/init.d/xray Normal file
View File

@@ -0,0 +1,61 @@
#!/bin/sh /etc/rc.common
USE_PROCD=1
START=99
CONF="xray"
PROG="/usr/bin/xray"
start_service() {
config_load "$CONF"
local enabled
config_get_bool enabled "enabled" "enabled" "0"
[ "$enabled" -eq "1" ] || return 1
local confdir
local conffiles
local datadir
local dialer
local format
config_get confdir "config" "confdir"
config_get conffiles "config" "conffiles"
config_get datadir "config" "datadir" "/usr/share/xray"
config_get dialer "config" "dialer"
config_get format "config" "format" "json"
# runs iptables setup
/root/configure_xray_startup.sh
procd_open_instance "$CONF"
procd_set_param command "$PROG" run
[ -n "$confdir" ] && procd_append_param command -confdir "$confdir"
[ -n "$conffiles" ] && {
for i in $conffiles
do
procd_append_param command -config "$i"
done
}
[ -n "$format" ] && procd_append_param command -format "$format"
[ -n "$dialer" ] && procd_set_param env XRAY_BROWSER_DIALER="$dialer"
procd_set_param env XRAY_LOCATION_ASSET="$datadir"
procd_set_param file $conffiles
procd_set_param limits core="unlimited"
procd_set_param limits nofile="1000000 1000000"
procd_set_param stdout 1
procd_set_param stderr 1
procd_set_param respawn
procd_close_instance
}
reload_service() {
stop
start
}
service_triggers() {
procd_add_reload_trigger "$CONF"
}

49
root/configure_xray_startup.sh Normal file
View File

@@ -0,0 +1,49 @@
#!/bin/sh
# Ensure this script runs only once per boot
if [ -f /tmp/configure_xray_startup_executed ]; then
# The file exists, so do not run the script
echo "This script was executed already. To revert the results, reboot the device"
exit 0
fi
# create chain
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N XRAY
# exclude private ipv4
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY -d 192.0.2.0/24 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 198.18.0.0/15 -j RETURN
iptables -t mangle -A XRAY -d 198.51.100.0/24 -j RETURN
iptables -t mangle -A XRAY -d 203.0.113.0/24 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 1.1.1.1 -j RETURN
# exclude forwarding to and from 10.241.1.3 on ports 80 and 443
iptables -t mangle -A XRAY -d 10.241.1.3/32 -p tcp --dport 80 -j RETURN
iptables -t mangle -A XRAY -d 10.241.1.3/32 -p tcp --dport 443 -j RETURN
iptables -t mangle -A XRAY -d 10.241.1.3/32 -p udp --dport 80 -j RETURN
iptables -t mangle -A XRAY -d 10.241.1.3/32 -p udp --dport 443 -j RETURN
iptables -t mangle -A XRAY -s 10.241.1.3/32 -p tcp --sport 80 -j RETURN
iptables -t mangle -A XRAY -s 10.241.1.3/32 -p tcp --sport 443 -j RETURN
iptables -t mangle -A XRAY -s 10.241.1.3/32 -p udp --sport 80 -j RETURN
iptables -t mangle -A XRAY -s 10.241.1.3/32 -p udp --sport 443 -j RETURN
# add forwarding rule
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 61219 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 61219 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j XRAY
# required for check above
touch /tmp/configure_xray_startup_executed

39
root/install_xray.sh Normal file
View File

@@ -0,0 +1,39 @@
#!/bin/sh
opkg update
opkg install xray-core
# i don't actually know which ones are required for nftables cmds to work...
opkg install iptables-mod-conntrack-extra
opkg install iptables-mod-ipopt
opkg install iptables-mod-socket
opkg install iptables-mod-tproxy
opkg install iptables-zz-legacy
opkg install kmod-ipt-compat-xtables
opkg install kmod-ipt-conntrack
opkg install kmod-ipt-conntrack-extra
opkg install kmod-ipt-core
opkg install kmod-ipt-ipopt
opkg install kmod-ipt-socket
opkg install kmod-ipt-tproxy
opkg install kmod-nf-conncount
opkg install kmod-nf-conntrack
opkg install kmod-nf-conntrack6
opkg install kmod-nf-flow
opkg install kmod-nf-ipt
opkg install kmod-nf-ipt6
opkg install kmod-nf-log
opkg install kmod-nf-log6
opkg install kmod-nf-nat
opkg install kmod-nf-reject
opkg install kmod-nf-reject6
opkg install kmod-nf-socket
opkg install kmod-nf-tproxy
opkg install kmod-nfnetlink
opkg install kmod-nft-core
opkg install kmod-nft-fib
opkg install kmod-nft-nat
opkg install kmod-nft-offload
opkg install kmod-nft-tproxy
chmod +x /root/configure_xray_startup.sh
chmod +x /etc/init.d/xray

9
root/xray_config/01_log.json Normal file
View File

@@ -0,0 +1,9 @@
{
"log":
{
"access": "",
"error": "",
"loglevel": "none",
"dnsLog": false
}
}

20
root/xray_config/02_transport.json Normal file
View File

@@ -0,0 +1,20 @@
{
"transport": {
"domainStrategy": "IPIfNonMatch",
"httpSettings": {
"read_idle_timeout": 10,
"health_check_timeout": 15
},
"grpcSettings": {
"idle_timeout": 60,
"health_check_timeout": 20,
"permit_without_stream": true,
"initial_windows_size": 35536
},
"sockopt": {
"tcpMptcp": true,
"tcpFastOpen": true,
"tcpNoDelay": true
}
}
}

34
root/xray_config/03_inbounds.json Normal file
View File

@@ -0,0 +1,34 @@
{
"inbounds":
[
{
"tag": "tproxy",
"port": 61219,
"protocol": "dokodemo-door",
"settings":
{
"network": "tcp,udp",
"followRedirect": true
},
"streamSettings":
{
"sockopt":
{
"tproxy": "tproxy"
}
},
"sniffing":
{
"routeOnly": true,
"enabled": true,
"destOverride":
[
"http",
"tls",
"quic"
]
}
}
]
}

60
root/xray_config/04_outbounds.json Normal file
View File

@@ -0,0 +1,60 @@
{
"outbounds":
[
{
"protocol": "vless",
"settings":
{
"vnext":
[
{
"address": "1.1.1.1",
"port": 443,
"users":
[
{
"encryption": "none",
"flow": "xtls-rprx-vision",
"id": "00000000-0000-0000-0000-000000000000",
"level": 0
}
]
}
]
},
"streamSettings":
{
"network": "tcp",
"realitySettings":
{
"fingerprint": "chrome",
"publicKey": "",
"serverName": "",
"shortId": "",
"spiderX": "/"
},
"security": "reality"
},
"tag": "vless-reality"
},
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"settings":
{
"response":
{
"type": "http"
}
},
"tag": "block"
},
{
"protocol": "dns",
"tag": "dns"
}
]
}

99
root/xray_config/05_routing.json Normal file
View File

@@ -0,0 +1,99 @@
{
"routing": {
"rules": [
// Capture DNS
{
"inboundTag": ["redirect", "tproxy"],
"outboundTag": "dns",
"type": "field",
"port": 53
},
// Block QUIC
{
"inboundTag": ["redirect", "tproxy"],
"outboundTag": "block",
"type": "field",
"protocol": ["quic"]
},
// Force specific source IPs to go direct
{
"inboundTag": ["redirect", "tproxy"],
"outboundTag": "direct",
"type": "field",
"source": [
"192.168.2.255",
"192.168.2.254"
]
},
// Block common ads and other stuff
{
"inboundTag": ["redirect", "tproxy"],
"outboundTag": "block",
"type": "field",
"domain": [
"geosite:category-ads-all",
"google-analytics",
"analytics.yandex",
"appcenter.ms",
"app-measurement.com",
"firebase.io",
"crashlytics.com"
]
},
// Force BitTorrent to go through direct
{
"inboundTag": ["redirect", "tproxy"],
"outboundTag": "direct",
"type": "field",
"protocol": ["bittorrent"]
},
// Explicitly force direct
{
"inboundTag": ["redirect", "tproxy"],
"outboundTag": "direct",
"type": "field",
"domain": [
"regexp:^([\\w\\-\\.]+\\.)ru$", // .ru
"regexp:^([\\w\\-\\.]+\\.)su$", // .su
"regexp:^([\\w\\-\\.]+\\.)xn--p1ai$", // .рф
"regexp:^([\\w\\-\\.]+\\.)xn--p1acf$", // .рус
"regexp:^([\\w\\-\\.]+\\.)xn--80asehdb$", // .онлайн
"regexp:^([\\w\\-\\.]+\\.)xn--c1avg$", // .орг
"regexp:^([\\w\\-\\.]+\\.)xn--80aswg$", // .сайт
"regexp:^([\\w\\-\\.]+\\.)xn--80adxhks$", // .москва
"regexp:^([\\w\\-\\.]+\\.)moscow$", // .moscow
"regexp:^([\\w\\-\\.]+\\.)xn--d1acj3b$", // .дети
"regexp:^([\\w\\-\\.]+\\.)yandex$", // .yandex
"geosite:category-ru",
"geosite:category-gov-ru",
"geosite:yandex",
"geosite:steam",
"geosite:vk",
"geosite:category-gov-ru",
"regexp:^assets(\\d*?)\\.xboxlive\\.com$",
"domain:rt.ru",
"domain:ngenix.net",
"domain:plex.tv",
"geoip:ru",
"domain:kaspersky.com",
"domain:koronapay.com",
"domain:binance.com",
"domain:raiffeisen.ru",
"geosite:xiaomi",
"geosite:mihoyo",
"domain:xsolla.com",
"domain:download.developer.apple.com",
// "domain:aeza.net",
"domain:veesp.com"
]
},
// No rules found? Go vless-reality
{
"inboundTag": ["redirect", "tproxy"],
"outboundTag": "vless-reality",
"type": "field"
}
]
}
}

9
root/xray_config/06_policy.json Normal file
View File

@@ -0,0 +1,9 @@
{
"policy": {
"levels": {
"0": {
"connIdle": 30
}
}
}
}

57209
usr/share/xray/LoyalsoldierSite.dat Normal file
View File

File diff suppressed because one or more lines are too long

BIN
usr/share/xray/geoip.dat Normal file
View File

Binary file not shown.

19045
usr/share/xray/geosite.dat Normal file
View File

File diff suppressed because one or more lines are too long