--- # System prepended metadata title: Building OpenGFW on OpenWrt --- # Guide to building OpenGFW on OpenWrt ## setup.1 Prepare a device capable of running OpenWrt. Here, for demonstration purposes, we'll use Proxmox Virtual Environment (PVE) for deployment. Please search online for installation instructions. - Architecture: amd64 - Firmware: iStore OS - Demo: Windows 10 ## setup.2 Once the system is installed, please SSH into it and then open a browser to access the control panel `192.168.100.1`. The username is `root` and the password is `password`. - Update the package repositories. > Location: System > Software > ![image](https://github.com/user-attachments/assets/bfa2496b-1f3b-42c1-b8da-3fc84b50904c) - Update the package repositories. ![image](https://github.com/user-attachments/assets/b1416588-8c69-4fc9-86bc-f759fecfccfc) - Install `golang` and its extensions. > Due to the outdated version 1.19 provided by OpenWrt, compilation is not feasible. You'll need to use the latest version 1.22, which can be obtained from [here](https://github.com/ParrotXray/Building-OpenGFW-on-OpenWrt/releases/tag/v1.22.0). Please download according to your architecture. > - golang_1.22.0-1_x86_64.ipk > - golang-src_1.22.0-1_x86_64.ipk > - golang-doc_1.22.0-1_x86_64.ipk > > ![image](https://github.com/user-attachments/assets/851b20f8-a169-40b5-ae2c-925c2c349a0f) - Install Git. > Install the required packages as shown in the image below. > ![image](https://github.com/user-attachments/assets/3f377736-cfbf-46cd-aef1-efba16d5dbbf) - Open an SSH session and clone the [OpenGFW source code](https://github.com/apernet/OpenGFW.git). ```sh= git clone https://github.com/apernet/OpenGFW.git cd OpenGFW ``` - Install dependencies ```sh= opkg install kmod-nft-queue kmod-nf-conntrack-netlink iptables-mod-nfqueue ``` - Begin building the source code. ```sh= go build ``` - Create configuration files and rule files. ```sh= vim config.yaml ``` ```sh= # config io: queueSize: 1024 local: false # Note that the 'router' option should be set to 'false' to avoid blocking issues. workers: count: 4 queueSize: 16 tcpMaxBufferedPagesTotal: 4096 tcpMaxBufferedPagesPerConn: 64 udpMaxStreams: 4096 ``` ```sh= vim rules.yaml ``` ```sh= # rules # block bilibili - name: block bilibili http action: block expr: string(http?.req?.headers?.host) endsWith "bilibili.com" - name: block bilibili https action: block expr: string(tls?.req?.sni) endsWith "bilibili.com" # block csdn - name: block csdn http action: block expr: string(http?.req?.headers?.host) endsWith "csdn.net" - name: block csdn https action: block expr: string(tls?.req?.sni) endsWith "csdn.net" # block github - name: block github http action: block expr: string(http?.req?.headers?.host) endsWith "github.com" - name: block github https action: block expr: string(tls?.req?.sni) endsWith "github.com" ``` - Start the process. ```sh= export OPENGFW_LOG_LEVEL=debug ./OpenGFW -c config.yaml rules.yaml ``` ## setup.3 Let's demonstrate the results by creating a virtual machine running Windows 10 to observe the effects. - Please ensure that OpenWrt has successfully assigned an IP address to the Windows 10 virtual machine. ![image](https://github.com/user-attachments/assets/07645dc3-637a-48a8-8e49-de87b592272d) - Open a browser and attempt to access the URL specified in the `relus.yaml` file. If you are unable to access it, then the setup is successful. ![image](https://github.com/user-attachments/assets/81882636-b59d-49b0-a129-dccf02668e88) - The blocking records in the log file. ![image](https://github.com/user-attachments/assets/e6e4885e-90d1-49e6-9dea-c91397fae6ae) ## Reference Reference materials - https://github.com/apernet/OpenGFW - https://pve.sqlsec.com/3/2/