Linux总动员: 四月 2013

首先要说的是安装goagent存在一定的限制，大概要求如下:
goagent非常消耗内存，最好是64m，其次是flash空间，goagent依赖的软件包，要占用5-6M空间！

安装分为几个步骤:
1.安装 goagent依赖的软件包，这里有说明https://code.google.com/p/goagent/wiki/GoAgent_OpenWRT

2.分离goagent,运行在openwrt上的goagent只需要下列文件

drwxr-xr-x    3 root     root 4096 Apr 9 15:05 .
drwxr-xr-x    1 root     root 4096 Nov 18 12:08 ..
-rw-r--r--    1 root     root 1212 Mar 11 02:36 CA.crt
drwxr-xr-x 2 daemon daemon   12288 Apr 14 19:59 certs
-rw-r--r--    1 root     root 3849 Mar 20 15:38 proxy.ini
-rwxr-xr-x    1 root     root 98551 Mar 11 02:36 proxy.py

goagent在运行时候的certs目录下会生成证书，所以要有可写权限
执行
chown -R daemon:daemon certs

3.一个已知BUG,
http://blog.csdn.net/hongrui/article/details/4496262
https://dev.openwrt.org/changeset/33269

https://dl.dropboxusercontent.com/sh/0urccixtec7uusl/fO-nqTgjkD/libopenssl_1.0.1c-1_ar71xx.ipk
新的安全线程版本
注意:不能卸载原版本。

直接执行opkg install libopenssl_1.0.1c-1_ar71xx.ipk，是无法安装的，会有错误提示。
依次执行下面的命令

a.
root@OpenWrt:/mnt/sdb1# md5sum libopenssl_1.0.1c-1_ar71xx.ipk

def15b74dd42a5647a92e4481751d994 libopenssl_1.0.1c-1_ar71xx.ipk

b.
vi /tmp/opkg-lists/snapshots

/Package: libopenssl

32728 Package: libopenssl
32729 Version: 1.0.1c-1
32730 Depends: libc, zlib
32731 Provides:
32732 Source: package/openssl
32733 Section: libs
32734 Status: unknown ok not-installed
32735 Essential: no
32736 Priority: optional
32737 Maintainer: OpenWrt Developers Team <openwrt-devel@openwrt.org>
32738 Architecture: ar71xx
32739 Installed-Size: 635283
32740 Filename: libopenssl_1.0.1c-1_ar71xx.ipk
32741 Size: 628554
32742 MD5Sum: def15b74dd42a5647a92e4481751d994
32743 Description: The OpenSSL Project is a collaborative effort to develop a robust,
32744 commercial-grade, full-featured, and Open Source toolkit implementing the Secure
32745 Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well
32746 as a full-strength general purpose cryptography library.
32747 This package contains the OpenSSL shared libraries, needed by other programs.

修改第32742行
执行
opkg install libopenssl_1.0.1c-1_ar71xx.ipk --force-overwrite

下面是直接替换的办法
http://dl.dropbox.com/u/63956686/target-mips_r2_uClibc-0.9.33.2-libopenssh-threaded.tar.gz
覆盖掉
/usr/lib/libssl.so.1.0.0
/usr/lib/libcrypto.so.1.0.0

记得备份原文件!

4.启动脚本，其实这个也挺重要的，不自动启动每次要登陆去打命令，很恶心。
脚本如下:

#!/bin/sh /etc/rc.common

START=200

PIDFILE="/var/run/goagent.pid"
DAEMON="/usr/goagent/proxy.py"

start() {
if `ps |grep -v grep |grep "python $DAEMON" >/dev/nul`
then
echo "running"
else
/sbin/start-stop-daemon -S -m -p $PIDFILE -c daemon:daemon -b -x python -- $DAEMON
fi
}

stop() {
if `ps |grep -v grep |grep "python $DAEMON" >/dev/nul`
then
/sbin/start-stop-daemon -K -p $PIDFILE
else
echo "Not running"
fi
}

https://dl.dropboxusercontent.com/sh/0urccixtec7uusl/qrPcwdeo-G/goagent

放到/etc/init.d/目录下名字为goagent
依次执行
cd /etc/init.d/
chmod +x goagent
./goagent enable
./goagent start

请不要远程使用，会有安全问题!

5.安装gevent
openwrt系统上默认是没有安装gevent的，当你手动运行时候，会有如下的提示

WARNING: python-gevent not installed.
------------------------------------------------------
GoAgent Version : 2.1.17 (python/2.7.3 gevent/1.0fake pyopenssl/0.10)
Listen Address : 0.0.0.0:8087

使用top命令可以观察到goagent相当占用内存。都是因为没有安装gevent。
幸运的是，有人为建立openwrt上运行的gevent编写了Package所需要的Makefile
https://code.google.com/p/wallproxy/wiki/OpenWRT

这是编译好的
~~https://dl.dropboxusercontent.com/sh/0urccixtec7uusl/B4rpWGJ9tw/python-greenlet_0.4.0-1_ar71xx.ipk~~

~~https://dl.dropboxusercontent.com/sh/0urccixtec7uusl/FA_siElAoH/gevent_1.0rc2-1_ar71xx.ipk~~

在运行goagent

python /usr/goagent/proxy.py
WARNING - [xxxxxxxxx] please install *libnss3-tools* package to import GoAgent root ca
------------------------------------------------------
GoAgent Version : 2.1.17 (python/2.7.3 gevent/1.0dev pyopenssl/0.10)
Listen Address : 0.0.0.0:8087

有个警告可以忽略，因为openwrt上没有全局证书这个概念，当然没办法导入了

-------------------------------------------------------------------------
03-24-2014 GoAgent 3.1.6

更新
https://drive.google.com/file/d/0Bw9QJvsGpnSvWmZIT1R2WUczY2s/edit?usp=sharing
https://drive.google.com/file/d/0Bw9QJvsGpnSvaTY0bVZPSUxSMzA/edit?usp=sharing

282d150b97313bd4e7629f99109e45db python-greenlet_0.4.2-1_ar71xx.ipk
9a1889850b9d8c39e31707fbe70d0724 gevent_1.0-1_ar71xx.ipk

-rw-r--r-- 1 root root 2887 Mar 23 2014 CA.crt
drwxr-xr-x 2 daemon daemon 0 Jan 13 03:38 certs
-rw-r--r-- 1 root root 16943 Mar 23 2014 dnslib-0.8.3.egg
-rw-r--r-- 1 root root 6622 Mar 24 2014 proxy.ini
-rw-r--r-- 1 root root 422602 Mar 23 2014 proxy.pac
-rw-r--r-- 1 root root 136388 Mar 23 2014 proxy.py

------------------------------------------------------------------------
GoAgent Version : 3.1.6 (python/2.7.3 gevent/1.0 pyopenssl/0.10)
Listen Address : 0.0.0.0:8087
GAE Mode : https
GAE Profile : ipv4

------------------------------------------------------------------------

03-27-2014

shadowsocks
https://drive.google.com/file/d/0Bw9QJvsGpnSvZWVVdVd2RExrMWs/edit?usp=sharing
9a9dab859f2694e6b885e0c21b9a71f0
shadowsocks-libev_1.4.3-69f8bd61c096337abb34a9e64534865d08022957_ar71xx.ipk、
这是一个完整的编译，包括了ss-server,依赖libopenssl库,因为支持更多的加密方式

https://github.com/madeye/shadowsocks-libev

Linux总动员

在开源固件openwrt路由器建立pptp(vpn)连接

在开源固件openwrt路由器上安装goagent