MHR Installation and Setup on OpenWrt
Before doing anything, you must have a Google account. Considering the number of daily requests to Google, it is better not to use your main email address and instead create a new one. Then go to the following link:
https://github.com/therealaleph/MasterHttpRelayVPN-RUST/blob/main/assets/apps_script/Code.gs
Copy all the code completely and save it in one place, because you will need it later.
Now you need a long random string of code, which you will use later.
You can generate the random string in several ways.
Method 1: Generating a random string using the terminal:
Windows:
Go into PowerShell or CMD (right-click the Start menu and open Terminal)
Now paste this code into the terminal:
[guid]::NewGuid().ToString()
OpenWrt terminal:
cat /proc/sys/kernel/random/uuid
If OpenSSL is not installed, run:
hexdump -n 16 -e '4/4 "%08X" 1 "\n"' /dev/urandom
Linux:
Open the terminal. Your default shell may be one of these:
Ubuntu
Debian
CentOS
Older Fedora
Then run:
uuidgen
Mac:
Press Cmd + Space → Terminal, or go to Applications → Utilities → Terminal
Then run:
uuidgen
After running the command, a random string like this will be given to you:
E4EAAAF2-7A5B-4F7A-8A1E-8B4A7D5E9C11
Copy the code and save it in one place because you will need it again.
Method 2:
Open Notepad and manually start typing and create a pattern similar to the example code.
Copy and save it.
Method 3:
Use online websites.
After copying and saving the codes and the long random string, go to the following link and log in or sign up:
https://script.google.com/
From the left menu (top of the page), click New project.
In the editor page that opens, there may be default code; delete everything.
Now paste the code you obtained in the previous step into the editor.
Now at the beginning of the code, find this line:
const AUTH_KEY = "E4EAAAF2-7A5B-4F7A-8A1E-8B4A7D5E9C11T";
Now you must replace CHANGE_ME_TO_A_STRONG_SECRET with your previously generated long random string.
Make sure the long random string is inside double quotes "" like this:
const AUTH_KEY = "E4EAAAF2-7A5B-4F7A-8A1E-8B4A7D5E9C11T";
Now click Save.
Then click Deploy and choose New deployment.
A page will open.
From the left menu (gear icon), click Select type and choose Web app.
Description: set any name
Web app: must be Me
Who has access: set to Anyone
Then click Deploy.
A page will open requesting additional permissions. Click Authorize access.
(If the popup does not open, it means your browser blocked it. Enable popups.)
If it opens and shows a verification error, click Advanced on the left, then click Go to Untitled project (unsafe).
On the new page click Select all, then Continue. Ignore any errors and close the page.
Wait for New deployment to finish loading.
Now it will give you a Deployment ID; copy it and save it somewhere.
Click Done.
Now we move to installing and setting up MHR on OpenWrt.
https://github.com/therealaleph/MasterHttpRelayVPN-RUST/releases
Go to the link above and in Releases find the version matching your router architecture, for example:
aarch64-linux-musl for mx4200
The file is usually something like:
mhrv-rs-aarch64-linux-musl.tar.gz
Download it.
On Windows extract it using 7zip or similar.
You will see files like:
mhrv-rs
mhrv-rs.init
config.json
Note:
If the JSON file does not exist, create it manually.
First open Notepad and write the following command and fill required values:
cat > /etc/mhrv-rs/config.json << 'EOF'
{
"mode": "apps_script",
"google_ip": "216.239.38.120",
"front_domain": "www.google.com",
"script_id": "ENTER_YOUR_DEPLOYMENT_ID_HERE",
"auth_key": "ENTER_YOUR_LONG_RANDOM_STRING_HERE",
"listen_host": "0.0.0.0",
"listen_port": 8085,
"socks5_port": 8086,
"log_level": "info",
"verify_ssl": true
}
EOF
Now copy all of it and paste it into the terminal using right-click paste, then press Enter.
Install WinSCP.
In WinSCP:
Protocol: SCP
Host: 192.168.1.1
Username: root
Password: enter your router password
Inside WinSCP create this folder:
/etc/mhrv-rs
Copy files here:
File: mhrv-rs → /usr/bin/
File: mhrv-rs.init → /etc/init.d/mhrv-rs
File: config.json → /etc/mhrv-rs/config.json
(If you manually created the JSON file, it will already be saved in the correct path, so do not look for it.)
However, if the JSON file exists inside mhrv-rs-aarch64-linux-musl.tar.gz,
after copying it to the correct location:
Connect to the router using PuTTY, Termius, or shell and run:
chmod +x /usr/bin/mhrv-rs
chmod +x /etc/init.d/mhrv-rs
Open the file:
/etc/mhrv-rs/config.json
If nano is installed:
nano /etc/mhrv-rs/config.json
If nano is not installed:
vi /etc/mhrv-rs/config.json
Press i to edit.
Find these lines:
"listen_host": "127.0.0.1"
"script_id": "PASTE_YOUR_DEPLOYMENT_ID_HERE",
"auth_key": "same-secret-as-in-code-gs",
Change them to:
"listen_host": "0.0.0.0"
"script_id": "your Deployment ID"
"auth_key": "your long random string"
Press ESC then :wq to save.
Or without editor run:
sed -i 's/"listen_host": "127.0.0.1"/"listen_host": "0.0.0.0"/' /etc/mhrv-rs/config.json
sed -i 's/"script_id": "."/"script_id": "your Deployment ID"/' /etc/mhrv-rs/config.json
sed -i 's/"auth_key": "."/"auth_key": "your long random string"/' /etc/mhrv-rs/config.json
Important note:
It is recommended to write all required values in Notepad first and then paste them carefully.
Restart service:
/etc/init.d/mhrv-rs restart
Check config:
cat /etc/mhrv-rs/config.json
or
grep listen_host /etc/mhrv-rs/config.json
Final config should look like:
{
"mode": "apps_script",
"google_ip": "216.239.38.120",
"front_domain": "www.google.com",
"script_id": "PASTE_YOUR_DEPLOYMENT_ID_HERE",
"auth_key": "same-secret-as-in-code-gs",
"listen_host": "0.0.0.0",
"listen_port": 8085,
"socks5_port": 8086,
"log_level": "info",
"verify_ssl": true
}
This allows other devices on the network to connect.
Run:
/etc/init.d/mhrv-rs enable /etc/init.d/mhrv-rs start
Check logs:
logread -e mhrv-rs -f
If no strange errors appear, it is working.
Test connection:
mhrv-rs test
Find best IP:
mhrv-rs scan-ips
Test SNI:
mhrv-rs test-sni
If permission error occurs:
ls -l /etc/init.d/
chmod +x /etc/init.d/mhrv-rs
chmod +x /usr/bin/mhrv-rs
Certificate note:
Since you are running CLI on OpenWrt without GUI,
you do not have a standard trust store,
and there is no browser on the router,
the certificate must be installed on the client device.
Using WinSCP go to:
/root/.config/mhrv-rs/ca/
If not found, check:
/etc/mhrv-rs/
You should see ca.crt
If not found:
ls /root/.config/mhrv-rs/ca/
or
find / -name ca.crt 2>/dev/null
If still missing:
/usr/bin/mhrv-rs --install-cert
Then refresh WinSCP and copy ca.crt to Windows and install it by double clicking.
Restart browser and test.
On phone or PC:
Set proxy:
If router IP is 192.168.1.1:
HTTP Proxy:
IP: 192.168.1.1 Port: 8085
SOCKS5 Proxy:
IP: 192.168.1.1 Port: 8086
Open browser and test a website.
If it works, setup is successful.
WisTech-Lab
MHR Installation and Setup on OpenWrt
Before doing anything, you must have a Google account. Considering the number of daily requests to Google, it is better not to use your main email address and instead create a new one. Then go to the following link:
https://github.com/therealaleph/MasterHttpRelayVPN-RUST/blob/main/assets/apps_script/Code.gs
Copy all the code completely and save it in one place, because you will need it later.
Now you need a long random string of code, which you will use later.
You can generate the random string in several ways.
Method 1: Generating a random string using the terminal:
Windows:
Go into PowerShell or CMD (right-click the Start menu and open Terminal)
Now paste this code into the terminal:
[guid]::NewGuid().ToString()
OpenWrt terminal:
cat /proc/sys/kernel/random/uuid
If OpenSSL is not installed, run:
hexdump -n 16 -e '4/4 "%08X" 1 "\n"' /dev/urandom
Linux:
Open the terminal. Your default shell may be one of these:
Ubuntu
Debian
CentOS
Older Fedora
Then run:
uuidgen
Mac:
Press Cmd + Space → Terminal, or go to Applications → Utilities → Terminal
Then run:
uuidgen
After running the command, a random string like this will be given to you:
E4EAAAF2-7A5B-4F7A-8A1E-8B4A7D5E9C11
Copy the code and save it in one place because you will need it again.
Method 2:
Open Notepad and manually start typing and create a pattern similar to the example code.
Copy and save it.
Method 3:
Use online websites.
After copying and saving the codes and the long random string, go to the following link and log in or sign up:
https://script.google.com/
From the left menu (top of the page), click New project.
In the editor page that opens, there may be default code; delete everything.
Now paste the code you obtained in the previous step into the editor.
Now at the beginning of the code, find this line:
const AUTH_KEY = "E4EAAAF2-7A5B-4F7A-8A1E-8B4A7D5E9C11T";
Now you must replace CHANGE_ME_TO_A_STRONG_SECRET with your previously generated long random string.
Make sure the long random string is inside double quotes "" like this:
const AUTH_KEY = "E4EAAAF2-7A5B-4F7A-8A1E-8B4A7D5E9C11T";
Now click Save.
Then click Deploy and choose New deployment.
A page will open.
From the left menu (gear icon), click Select type and choose Web app.
Description: set any name
Web app: must be Me
Who has access: set to Anyone
Then click Deploy.
A page will open requesting additional permissions. Click Authorize access.
(If the popup does not open, it means your browser blocked it. Enable popups.)
If it opens and shows a verification error, click Advanced on the left, then click Go to Untitled project (unsafe).
On the new page click Select all, then Continue. Ignore any errors and close the page.
Wait for New deployment to finish loading.
Now it will give you a Deployment ID; copy it and save it somewhere.
Click Done.
Now we move to installing and setting up MHR on OpenWrt.
https://github.com/therealaleph/MasterHttpRelayVPN-RUST/releases
Go to the link above and in Releases find the version matching your router architecture, for example:
aarch64-linux-musl for mx4200
The file is usually something like:
mhrv-rs-aarch64-linux-musl.tar.gz
Download it.
On Windows extract it using 7zip or similar.
You will see files like:
mhrv-rs
mhrv-rs.init
config.json
Note:
If the JSON file does not exist, create it manually.
First open Notepad and write the following command and fill required values:
cat > /etc/mhrv-rs/config.json << 'EOF'
{
"mode": "apps_script",
"google_ip": "216.239.38.120",
"front_domain": "www.google.com",
"script_id": "ENTER_YOUR_DEPLOYMENT_ID_HERE",
"auth_key": "ENTER_YOUR_LONG_RANDOM_STRING_HERE",
"listen_host": "0.0.0.0",
"listen_port": 8085,
"socks5_port": 8086,
"log_level": "info",
"verify_ssl": true
}
EOF
Now copy all of it and paste it into the terminal using right-click paste, then press Enter.
Install WinSCP.
In WinSCP:
Protocol: SCP
Host: 192.168.1.1
Username: root
Password: enter your router password
Inside WinSCP create this folder:
/etc/mhrv-rs
Copy files here:
File: mhrv-rs → /usr/bin/
File: mhrv-rs.init → /etc/init.d/mhrv-rs
File: config.json → /etc/mhrv-rs/config.json
(If you manually created the JSON file, it will already be saved in the correct path, so do not look for it.)
However, if the JSON file exists inside mhrv-rs-aarch64-linux-musl.tar.gz,
after copying it to the correct location:
Connect to the router using PuTTY, Termius, or shell and run:
chmod +x /usr/bin/mhrv-rs
chmod +x /etc/init.d/mhrv-rs
Open the file:
/etc/mhrv-rs/config.json
If nano is installed:
nano /etc/mhrv-rs/config.json
If nano is not installed:
vi /etc/mhrv-rs/config.json
Press i to edit.
Find these lines:
"listen_host": "127.0.0.1"
"script_id": "PASTE_YOUR_DEPLOYMENT_ID_HERE",
"auth_key": "same-secret-as-in-code-gs",
Change them to:
"listen_host": "0.0.0.0"
"script_id": "your Deployment ID"
"auth_key": "your long random string"
Press ESC then :wq to save.
Or without editor run:
sed -i 's/"listen_host": "127.0.0.1"/"listen_host": "0.0.0.0"/' /etc/mhrv-rs/config.json
sed -i 's/"script_id": "."/"script_id": "your Deployment ID"/' /etc/mhrv-rs/config.json
sed -i 's/"auth_key": "."/"auth_key": "your long random string"/' /etc/mhrv-rs/config.json
Important note:
It is recommended to write all required values in Notepad first and then paste them carefully.
Restart service:
/etc/init.d/mhrv-rs restart
Check config:
cat /etc/mhrv-rs/config.json
or
grep listen_host /etc/mhrv-rs/config.json
Final config should look like:
{
"mode": "apps_script",
"google_ip": "216.239.38.120",
"front_domain": "www.google.com",
"script_id": "PASTE_YOUR_DEPLOYMENT_ID_HERE",
"auth_key": "same-secret-as-in-code-gs",
"listen_host": "0.0.0.0",
"listen_port": 8085,
"socks5_port": 8086,
"log_level": "info",
"verify_ssl": true
}
This allows other devices on the network to connect.
Run:
/etc/init.d/mhrv-rs enable /etc/init.d/mhrv-rs start
Check logs:
logread -e mhrv-rs -f
If no strange errors appear, it is working.
Test connection:
mhrv-rs test
Find best IP:
mhrv-rs scan-ips
Test SNI:
mhrv-rs test-sni
If permission error occurs:
ls -l /etc/init.d/
chmod +x /etc/init.d/mhrv-rs
chmod +x /usr/bin/mhrv-rs
Certificate note:
Since you are running CLI on OpenWrt without GUI,
you do not have a standard trust store,
and there is no browser on the router,
the certificate must be installed on the client device.
Using WinSCP go to:
/root/.config/mhrv-rs/ca/
If not found, check:
/etc/mhrv-rs/
You should see ca.crt
If not found:
ls /root/.config/mhrv-rs/ca/
or
find / -name ca.crt 2>/dev/null
If still missing:
/usr/bin/mhrv-rs --install-cert
Then refresh WinSCP and copy ca.crt to Windows and install it by double clicking.
Restart browser and test.
On phone or PC:
Set proxy:
If router IP is 192.168.1.1:
HTTP Proxy:
IP: 192.168.1.1 Port: 8085
SOCKS5 Proxy:
IP: 192.168.1.1 Port: 8086
Open browser and test a website.
If it works, setup is successful.
WisTech-Lab