Synology DSM 5.2上编译Shadowsocks-libev

Shadowsocks的python版本现在已经不再维护,万幸的是Shadowsocks-libev还在更新,而且编译后资源消耗更少。所以打算更新版本,但是搜了半天,只用适用于Openwrt的Shadowsocks-libev。而且安装包是IPK的。没办法直接安装,所以只好自己编译。

环境

NAS:

Model:Synology DS214+, CPU:Marvell Armada XP, OS: DSM 5.2

编译服务器:

Aliyun服务器,Centos 6.5 32Bit ,1CPU 1G RAM

准备

  1. 下载与DSM版本相匹配的Toolchain进行Cross-compiling

NAS上没办法进行程序编译,缺少编译环境,需要在一台Linux服务器上进行Cross-compiling,需要注意的是一定要是32位的操作系统。

前往Synology Open Source Project (http://sourceforge.net/projects/dsgpl/files/) 下载。

进入DSM 5.2 toolchain,而后根据CPU类型为Armada XP进入子目录。下载

armadaxp-gcc464_glibc215_hard_armada-GPL.txz

输入以下命令进行解压:

tar xvf armadaxp-gcc464_glibc215_hard_armada-GPL.txz --use-compress-program xz

解压后得到目录arm-marvell-linux-gnueabi

新建一环境变量文件 toolchain.env

export CC=/root/arm-marvell-linux-gnueabi/bin/arm-marvell-linux-gnueabi-gcc
export LD=/root/arm-marvell-linux-gnueabi/bin/arm-marvell-linux-gnueabi-ld
export RANLIB=/root/arm-marvell-linux-gnueabi/bin/arm-marvell-linux-gnueabi-ranlib
export CFLAGS=”-I/root/arm-marvell-linux-gnueabi/arm-marvell-linux-gnueabi/include -mhard-float -mfpu=vfpv3-d16″
export LDFLAGS=”-L/root/arm-marvell-linux-gnueabi/arm-marvell-linux-gnueabi/libc/lib”

Shadowsocks需要zlib和OpenSSL,我们需要先编译zlib和OpenSSL的Arm版本。

wget http://zlib.net/zlib-1.2.8.tar.gz

tar zxvf zlib-1.2.8.tar.gz

cd zlib-1.2.8

source /root/toolchain.env

./configure –prefix=/root/zib4arm

make

make install

cp zlib.h zconf.h /root/arm-marvell-linux-gnueabi/arm-marvell-linux-gnueabi/include

cp libz.so.1.2.8 /root/arm-marvell-linux-gnueabi/arm-marvell-linux-gnueabi/libc/lib/libz.so

Compile openssl for ARM

wget https://www.openssl.org/source/openssl-0.9.8zg.tar.gz

tar zxvf openssl-0.9.8zg.tar.gz

./Configure  dist –prefix=/root/openssl2

make

make install

cd /root/openssl2

cp -r include/openssl /root/arm-marvell-linux-gnueabi/arm-marvell-linux-gnueabi/include

cp lib/libcrypto.a lib/libssl.a /root/arm-marvell-linux-gnueabi/arm-marvell-linux-gnueabi/libc/lib

 

编译shadowsocks-libev

git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev

./configure –host=armle-unknown-linux –target=armle-unknown-linux –build=”i686-pc-linux” –prefix=/root/ssforarm

make

make install

编译好的shadowsocks会在/root/ssforarm文件夹。

将ssforarm文件夹的四个文件夹打包传到Nas的/usr/local目录下的同名目录即可。。

启动ss-redir.

设置下iptables.就可以畅快上网了。

iptables -t nat -A PREROUTING -p tcp -d 8.8.0.0/16 -j REDIRECT –to-ports 1080

家庭翻墙1-用Synology NAS的DnsMasq 来解决GFW的DNS投毒污染

GFW的dns投毒很是困扰了我一阵,一些公开的dns 如8.8.8.8返回的dns记录也被污染。很多域名都返回一个虚假地址。
这时候我们可以用DnsMasq来缓解这一问题,将制定域名清单的域名通过VPN再境外进行解析,其他域名使用本地DNS。这样也防止了由于全部使用境外DNS解析时CDN选择错误,上网很慢的问题,也同时解决了GFW的DNS污染。

家里的NAS 是运行的Synology 5.2系统,他的DHCP功能就是使用DNSMASQ来实现的,我们只要在其配置文件中加入想要的即可。

本文中假设你已经有了境外vpn,配置了路由表,已经将8.8.8.8的ip通过vpn路由至境外网关。

相关的IP段也通过路由表转发至境外网关。

 

1)
打开SSH,使用root用户登录nas
2)
创建一dnsmasq文件

# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
strict-order

# If you don’t want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
no-resolv

## ignore address ##
bogus-nxdomain=2.1.1.2
bogus-nxdomain=4.193.80.0
bogus-nxdomain=4.36.66.178
bogus-nxdomain=8.105.84.0
bogus-nxdomain=8.7.198.45
bogus-nxdomain=12.87.133.0
bogus-nxdomain=14.102.249.18
bogus-nxdomain=16.63.155.0
bogus-nxdomain=20.139.56.0
bogus-nxdomain=23.89.5.60
bogus-nxdomain=24.51.184.0
bogus-nxdomain=28.121.126.139
bogus-nxdomain=28.13.216.0
bogus-nxdomain=37.61.54.158
bogus-nxdomain=46.20.126.252
bogus-nxdomain=46.38.24.209
bogus-nxdomain=46.82.174.68
bogus-nxdomain=49.2.123.56
bogus-nxdomain=54.76.135.1
bogus-nxdomain=59.24.3.173
bogus-nxdomain=61.54.28.6
bogus-nxdomain=64.33.88.161
bogus-nxdomain=64.33.99.47
bogus-nxdomain=64.66.163.251
bogus-nxdomain=65.104.202.252
bogus-nxdomain=65.160.219.113
bogus-nxdomain=66.206.11.194
bogus-nxdomain=66.45.252.237
bogus-nxdomain=72.14.205.104
bogus-nxdomain=72.14.205.99
bogus-nxdomain=74.117.57.138
bogus-nxdomain=74.125.127.102
bogus-nxdomain=74.125.155.102
bogus-nxdomain=74.125.39.102
bogus-nxdomain=74.125.39.113
bogus-nxdomain=77.4.7.92
bogus-nxdomain=78.16.49.15
bogus-nxdomain=89.31.55.106
bogus-nxdomain=93.46.8.89
bogus-nxdomain=113.11.194.190
bogus-nxdomain=118.5.49.6
bogus-nxdomain=122.218.101.190
bogus-nxdomain=123.126.249.238
bogus-nxdomain=123.50.49.171
bogus-nxdomain=125.230.148.48
bogus-nxdomain=127.0.0.2
bogus-nxdomain=128.121.126.139
bogus-nxdomain=159.106.121.75
bogus-nxdomain=169.132.13.103
bogus-nxdomain=173.201.216.6
bogus-nxdomain=188.5.4.96
bogus-nxdomain=189.163.17.5
bogus-nxdomain=192.67.198.6
bogus-nxdomain=197.4.4.12
bogus-nxdomain=202.106.1.2
bogus-nxdomain=202.181.7.85
bogus-nxdomain=203.161.230.171
bogus-nxdomain=203.199.57.81
bogus-nxdomain=203.98.7.65
bogus-nxdomain=207.12.88.98
bogus-nxdomain=208.109.138.55
bogus-nxdomain=208.56.31.43
bogus-nxdomain=209.145.54.50
bogus-nxdomain=209.220.30.174
bogus-nxdomain=209.36.73.33
bogus-nxdomain=209.85.229.138
bogus-nxdomain=211.5.133.18
bogus-nxdomain=211.8.69.27
bogus-nxdomain=211.94.66.147
bogus-nxdomain=213.169.251.35
bogus-nxdomain=213.186.33.5
bogus-nxdomain=216.139.213.144
bogus-nxdomain=216.221.188.182
bogus-nxdomain=216.234.179.13
bogus-nxdomain=221.8.69.27
bogus-nxdomain=243.185.187.30
bogus-nxdomain=243.185.187.39
bogus-nxdomain=249.129.46.48
bogus-nxdomain=253.157.14.165

# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
log-queries

log-facility=/volume1/@appstore/dnsmasq/log/aa.log
# google
server=/.google.com/8.8.8.8
server=/.gstatic.com/8.8.8.8
server=/.googleusercontent.com/8.8.8.8
server=/.appspot.com/8.8.8.8
server=/.googlecode.com/8.8.8.8
server=/.googleapis.com/8.8.8.8
server=/.gmail.com/8.8.8.8
server=/.google-analytics.com/8.8.8.8
server=/.youtube.com/8.8.8.8
server=/.blogspot.com/8.8.8.8
server=/.blogger.com/8.8.8.8
server=/.12vpn.com/8.8.8.8
server=/.1984bbs.com/8.8.8.8
server=/.1984bbs.org/8.8.8.8
server=/.64tianwang.com/8.8.8.8
server=/.6park.com/8.8.8.8
server=/.aboluowang.com/8.8.8.8
server=/.allinfa.com/8.8.8.8
server=/.apigee.com/8.8.8.8
server=/.appspot.com/8.8.8.8
server=/.babynet.com.hk/8.8.8.8
server=/.backchina.com/8.8.8.8
server=/.bannedbook.org/8.8.8.8
server=/.bayvoice.net/8.8.8.8
server=/.berlintwitterwall.com/8.8.8.8
server=/.bignews.org/8.8.8.8
server=/.bjzc.org/8.8.8.8
server=/.blockcn.com/8.8.8.8
server=/.blogger.com/8.8.8.8
server=/.bloomberg.cn/8.8.8.8
server=/.bloomberg.com/8.8.8.8
server=/.boxun.com/8.8.8.8
server=/.broadbook.com/8.8.8.8
server=/.cactusvpn.com/8.8.8.8
server=/.caochangqing.com/8.8.8.8
server=/.cdjp.org/8.8.8.8
server=/.cdp1998.org/8.8.8.8
server=/.cdpweb.org/8.8.8.8
server=/.cfhks.org.hk/8.8.8.8
server=/.chinaaffairs.org/8.8.8.8
server=/.chinadigitaltimes.net/8.8.8.8
server=/.chinayouth.org.hk/8.8.8.8
server=/.chinese-memorial.org/8.8.8.8
server=/.chinesepen.org/8.8.8.8
server=/.crd-net.org/8.8.8.8
server=/.creaders.net/8.8.8.8
server=/.cyberghost.natado.com/8.8.8.8
server=/.dabr.mobi/8.8.8.8
server=/.dalianmeng.org/8.8.8.8
server=/.disp.cc/8.8.8.8
server=/.dongtaiwang.com/8.8.8.8
server=/.dropbox.com/8.8.8.8
server=/.echofon.com/8.8.8.8
server=/.embr.in/8.8.8.8
server=/.epochtimes.co.il/8.8.8.8
server=/.epochtimes.co.kr/8.8.8.8
server=/.epochtimes.com/8.8.8.8
server=/.epochtimes.de/8.8.8.8
server=/.epochtimes.jp/8.8.8.8
server=/.epochtimes.ru/8.8.8.8
server=/.facebook.com/8.8.8.8
server=/.falundafamuseum.org/8.8.8.8
server=/.fangongheike.com/8.8.8.8
server=/.fawanghuihui.org/8.8.8.8
server=/.fgmtv.net/8.8.8.8
server=/.fgmtv.org/8.8.8.8
server=/.focusvpn.com/8.8.8.8
server=/.free-ssh.com/8.8.8.8
server=/.freeopenvpn.com/8.8.8.8
server=/.gardennetworks.com/8.8.8.8
server=/.gdzf.org/8.8.8.8
server=/.getlantern.org/8.8.8.8
server=/.ggssl.com/8.8.8.8
server=/.github.com/8.8.8.8
server=/.gongm.in/8.8.8.8
server=/.gongminliliang.com/8.8.8.8
server=/.googlevideo.com/8.8.8.8
server=/.grandtrial.org/8.8.8.8
server=/.gravatar.com/8.8.8.8
server=/.greenvpn.net/8.8.8.8
server=/.guancha.org/8.8.8.8
server=/.hidden-advent.org/8.8.8.8
server=/.hidemyass.com/8.8.8.8
server=/.hnjhj.com/8.8.8.8
server=/.holyspiritspeaks.org/8.8.8.8
server=/.hootsuite.com/8.8.8.8
server=/.hrw.org/8.8.8.8
server=/.hua-yue.net/8.8.8.8
server=/.kanzhongguo.com/8.8.8.8
server=/.letscorp.net/8.8.8.8
server=/.linkideo.com/8.8.8.8
server=/.lvhai.org/8.8.8.8
server=/.macrovpn.com/8.8.8.8
server=/.mcfog.com/8.8.8.8
server=/.mhradio.org/8.8.8.8
server=/.minghui-a.org/8.8.8.8
server=/.minghui.org/8.8.8.8
server=/.mirrorbooks.com/8.8.8.8
server=/.myfreshnet.com/8.8.8.8
server=/.nanyang.com/8.8.8.8
server=/.nlfreevpn.com/8.8.8.8
server=/.ntdtv.ca/8.8.8.8
server=/.observechina.net/8.8.8.8
server=/.okayfreedom.com/8.8.8.8
server=/.omnitalk.com/8.8.8.8
server=/.open.com.hk/8.8.8.8
server=/.openvpn.net/8.8.8.8
server=/.orientaldaily.com.my/8.8.8.8
server=/.orzdream.com/8.8.8.8
server=/.owind.com/8.8.8.8
server=/.paperb.us/8.8.8.8
server=/.peacehall.com/8.8.8.8
server=/.percy.in/8.8.8.8
server=/.perfectvpn.net/8.8.8.8
server=/.privatetunnel.com/8.8.8.8
server=/.proxlet.com/8.8.8.8
server=/.proxy.org/8.8.8.8
server=/.psiphon.civisec.org/8.8.8.8
server=/.pubu.com.tw/8.8.8.8
server=/.puffinbrowser.com/8.8.8.8
server=/.qxbbs.org/8.8.8.8
server=/.ranyunfei.com/8.8.8.8
server=/.renminbao.com/8.8.8.8
server=/.savetibet.org/8.8.8.8
server=/.scmp.com/8.8.8.8
server=/.secretchina.com/8.8.8.8
server=/.securitykiss.com/8.8.8.8
server=/.shenzhoufilm.com/8.8.8.8
server=/.softether.co.jp/8.8.8.8
server=/.soundofhope.org/8.8.8.8
server=/.sthoo.com/8.8.8.8
server=/.taiwantp.net/8.8.8.8
server=/.tenacy.com/8.8.8.8
server=/.thepiratebay.org/8.8.8.8
server=/.tibet.net/8.8.8.8
server=/.tibet.org.tw/8.8.8.8
server=/.tibetanyouthcongress.org/8.8.8.8
server=/.tibetonline.com/8.8.8.8
server=/.torproject.org/8.8.8.8
server=/.tsunagarumon.com/8.8.8.8
server=/.twimbow.com/8.8.8.8
server=/.twitpic.com/8.8.8.8
server=/.twitter.com/8.8.8.8
server=/.twittercounter.com/8.8.8.8
server=/.twtrland.com/8.8.8.8
server=/.ultravpn.fr/8.8.8.8
server=/.ultraxs.com/8.8.8.8
server=/.upholdjustice.org/8.8.8.8
server=/.uyghuramerican.org/8.8.8.8
server=/.vft.com.tw/8.8.8.8
server=/.vpnfire.com/8.8.8.8
server=/.wangjinbo.org/8.8.8.8
server=/.washeng.net/8.8.8.8
server=/.wezhiyong.org/8.8.8.8
server=/.wsj.com/8.8.8.8
server=/.wujie.net/8.8.8.8
server=/.wujieliulan.com/8.8.8.8
server=/.xinsheng.net/8.8.8.8
server=/.xizang-zhiye.org/8.8.8.8
server=/.xpdo.net/8.8.8.8
server=/.yegle.net/8.8.8.8
server=/.youmaker.com/8.8.8.8
server=/.your-freedom.net/8.8.8.8
server=/.youtube.com/8.8.8.8
server=/.yuanming.net/8.8.8.8
server=/.yyii.org/8.8.8.8
server=/.zacebook.com/8.8.8.8
server=/.zhenlibu.info/8.8.8.8
server=/.zhuichaguoji.org/8.8.8.8
server=/.zmw.cn/8.8.8.8
server=/.dropbox.com/8.8.8.8
server=192.168.1.250

4. 修改/etc/rc.network配置文件

找到这一段

  if [ “${CONF_LIST}” = “” ]; then
return 1;
fi
if [ -e ${STATIC_HOST_CONF} ]; then
CONF_LIST=”${CONF_LIST} ${STATIC_HOST_CONF}”
fi

再两个if块中间插入这一行。。

local CONF_EXTRAS=”/volume1/doc/dnsmasq.conf”
if [ -e ${CONF_EXTRAS} ]; then
CONF_LIST=”${CONF_LIST} ${CONF_EXTRAS}”
fi

5.保存重启就好了。