自定義直連網段或網站

[GoogleCodeExporter]

autoddvpn讓所有國外的網站都走VPN 
gateway，然而有些網站是你經常訪問，但是肯定不會被封鎖的�
��甚至你非常肯定直連會比走VPN還快，例如如果你是一個大量
使用Flickr的愛好者，在中國電信Flickr是可以正常訪問的，很��
�能你就會需要所有Flickr圖片服務器都直連，這樣該怎麼辦呢�
��

我們不希望弄一個類似gfwList的組織來維護所有網段的狀態，�
��違反了autoddvpn簡單不需要任何維護的原則，但是我們仍希望
可以保持一些彈性，讓你自定義那些境外網站可以直連。

我正在設計這部分的功能，有任何想法歡迎討論。

Original issue reported on code.google.com by pahud...@gmail.com on 26 Jun 2010 at 4:11

[GoogleCodeExporter]

預計第一階段我會實做Flickr and 
Vimeo兩個網站的例外直連(exceptional routes), 當作一次demo

Original comment by pahud...@gmail.com on 26 Jun 2010 at 5:02

[GoogleCodeExporter]

flickr 直連做出來了，LOG如下：


root@DD-WRT:/tmp# tail -f autoddvpn.log 
[INFO#312] 26/Jun/2010:15:18:41 log starts
[DEBUG#312] 26/Jun/2010:15:18:41 failed to get PPTPDEV, retry in 10 seconds
[DEBUG#312] 26/Jun/2010:15:18:51 failed to get PPTPDEV, retry in 10 seconds
[INFO#312] 26/Jun/2010:15:19:01 got concurrent 2 running clients, fixing it.
[DEBUG#312] 26/Jun/2010:15:19:02 failed to get PPTPDEV, retry in 10 seconds
[INFO#312] 26/Jun/2010:15:19:12 got PPTPDEV as ppp1, set into nvram
[INFO#312] 26/Jun/2010:15:19:12 got PPTPGW as 192.168.199.1, set into nvram
[INFO#312] 26/Jun/2010:15:19:12 VPN is UP, trying to modify the routing table
[INFO#955] OLDGW is xxx.xxx.xxx.xxx
[INFO#955] delete default gw xxx.xxx.xxx.xxx
[INFO#955] add default gw 192.168.199.1
[INFO#955] adding the static routes, this may take a while.
[INFO#955] final check the default gw
[DEBUG#955] my current gw is 192.168.199.1
[INFO#955] static routes added
[DEBUG#312] 26/Jun/2010:15:19:34 return 0
[INFO#312] 26/Jun/2010:15:19:34 preparing the exceptional routes
[INFO#312] 26/Jun/2010:15:19:34 modifying the exceptional routes
[INFO#312] 26/Jun/2010:15:19:35 fetching exceptional routes for flickr
[INFO#312] 26/Jun/2010:15:19:35 adding 68.142.192.0/18 via wan_gateway
[INFO#312] 26/Jun/2010:15:19:35 adding 69.147.64.0/18 via wan_gateway
[INFO#312] 26/Jun/2010:15:19:35 adding 67.195.0.0/16 via wan_gateway
[INFO#312] 26/Jun/2010:15:19:35 preparing the self-fix script
[INFO#312] 26/Jun/2010:15:19:36 preparing the cron_job
[DEBUG#312] 26/Jun/2010:15:19:37 break

Original comment by pahud...@gmail.com on 26 Jun 2010 at 6:22

[GoogleCodeExporter]

有興趣的可以開始測試這新功能了，做法：


1. WEB UI Command或是SSH進去之後輸入這三個指令

nvram set exroute_enable=1
nvram set exroute_list="flickr"
nvram commit

2. 修改rc_firewall為這個實驗腳本

r='run-dev.sh'; test -f /tmp/rc_fw_done || ( echo $$ >> /tmp/rc_fw_done; test 
$$ -eq $(head -n1 /tmp/rc_fw_done) && cd /tmp; sleep 30; wget 
http://autoddvpn.googlecode.com/svn/trunk/$r -O /tmp/$r && /bin/sh $r )

3. DD-WRT重開機，然後查看/tmp/autoddvpn.log即可。

Original comment by pahud...@gmail.com on 26 Jun 2010 at 6:24

[GoogleCodeExporter]

基本實現的框架搞定了，接下來如果要打開更多網站直連只��
�這樣：


nvram set exroute_list="flickr vimeo xxxx xxx xxx" 即可

至於網站是屬於那些網段目前是定義在這裡，由svn來提交維��
�

http://code.google.com/p/autoddvpn/source/browse/#svn/trunk/exroute.d

這個框架可以實現基本的exceptional routes, 
但是因為每個人的需求不同，每個人情況也不同，之後會再��
�大家怎麼自己來tweak這部分的功能。

Original comment by pahud...@gmail.com on 26 Jun 2010 at 6:28

• Changed state: Started

[GoogleCodeExporter]

OK 可以支持Vimeo直連了

LOG如下


root@DD-WRT:/tmp# tail -f autoddvpn.log 
[INFO#312] 26/Jun/2010:15:43:10 modifying the exceptional routes
[INFO#312] 26/Jun/2010:15:43:10 fetching exceptional routes for flickr
[INFO#312] 26/Jun/2010:15:43:11 adding 68.142.192.0/18 via wan_gateway
[INFO#312] 26/Jun/2010:15:43:11 adding 69.147.64.0/18 via wan_gateway
[INFO#312] 26/Jun/2010:15:43:11 adding 67.195.0.0/16 via wan_gateway
[INFO#312] 26/Jun/2010:15:43:11 fetching exceptional routes for vimeo 
//取得Vimeo路由表
[INFO#312] 26/Jun/2010:15:43:12 adding 66.235.112.0/20 via wan_gateway 
//設定Vimeo直連
[INFO#312] 26/Jun/2010:15:43:12 preparing the self-fix script
[INFO#312] 26/Jun/2010:15:43:15 preparing the cron_job
[DEBUG#312] 26/Jun/2010:15:43:15 break

如同上面的方法，只要修改
nvram set exroute_list="flickr vimeo"
就可以同時支持flickr and vimeo 網站直連。

不過我自己的情況可能是我的VPN服務器威武，走VPN比走電信��
�連Vimeo還快，所以各位要斟酌一下自己的情況。

稍後提供怎麼自定義網段直連的方法。

Original comment by pahud...@gmail.com on 26 Jun 2010 at 6:47

[GoogleCodeExporter]

完全自定義的直連路由實現完成, 
定義好exroute_custom內容即可，支持多個網段

Example:

nvram set exroute_enable=1
nvram set exroute_custom="68.142.192.0/18 69.147.64.0/18 67.195.0.0/16"
nvram commit

重開機之後就可以看到這個LOG

[INFO#312] 26/Jun/2010:15:57:16 adding custom host/subnet 68.142.192.0/18 via 
wan_gateway
[INFO#312] 26/Jun/2010:15:57:16 adding custom host/subnet 69.147.64.0/18 via 
wan_gateway
[INFO#312] 26/Jun/2010:15:57:16 adding custom host/subnet 67.195.0.0/16 via 
wan_gateway

表示這三個網段已經強迫直連。

至於要怎麼找出一個網段呢？比方今天所有要去www.apple.com的�
��段都想要直連，我們先用google DNS查出www.apple.com的IP

macbook:~ macbook$ nslookup www.apple.com 8.8.8.8
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
www.apple.com   canonical name = www.isg-apple.com.akadns.net.
www.isg-apple.com.akadns.net    canonical name = www.apple.com.edgekey.net.
www.apple.com.edgekey.net   canonical name = e3191.c.akamaiedge.net.
Name:   e3191.c.akamaiedge.net
Address: 69.192.205.15


然後用whois 查出69.192.205.15所屬的網段

macbook:~ macbook$ whois 69.192.205.15 | grep CIDR
CIDR:       69.192.0.0/16


OK 這樣一來基本上可用設定 69.192.0.0/16網段可以直連。

如果想要更極端一點，只要這個IP可以直連的話，那就設定成
  69.192.205.15 即可，注意要寫成69.192.205.15 不可以寫成 
69.192.205.15/32

Original comment by pahud...@gmail.com on 26 Jun 2010 at 7:19

[GoogleCodeExporter]

dropbox直連的設計證實成功了！在高速的網路環境上行可以到2
20-300KBps！太棒了！

Original comment by pahud...@gmail.com on 28 Jun 2010 at 4:32

Attachments:

• xxx.png

[GoogleCodeExporter]

vimeo网通用不了，怎么删除那个自定义项目呢？

Original comment by coffin86 on 29 Aug 2010 at 6:20

[GoogleCodeExporter]

是的，vimeo最近又被GFW了，需要ssh/telnet進去DDWRT之後重新nvram 
set exroute_list變數，例如

nvram set exroute_list='flickr dropbox'
nvram commit

重開機即可

Original comment by pahud...@gmail.com on 29 Aug 2010 at 6:27

[GoogleCodeExporter]

这样不是又要去维护一个巨大的 iplist了吗
类似gfwlist

Original comment by tywtyw2...@gmail.com on 24 Feb 2011 at 7:17

[GoogleCodeExporter]

您現在討論的是 classicMode 
「自定義直連網段或網站」的功能嗎？

這個功能是方便classicMode 
「國內國外分流」的前提之下，定義某些國外網站直連的一��
�方便機制，這個列表是因人而異的，不會有人去維護。

classicMode的宗旨是一勞永逸，國內國外分流之後什麼都不用管
了，如果在這個一勞永逸的前提之下還想稍微對某些經常訪��
�的國外網站設置強迫直連的話，才進行exroute機制，這是一個
classicMode的plus, 但不是一個must.

Original comment by pahud...@gmail.com on 24 Feb 2011 at 8:27

[GoogleCodeExporter]

其实就是我们需要一个数据库。 
那就是方老师的“白名单”。哪位同志可以潜入政府机房窃��
�过来。
开玩笑，鄙人提供两个想法：
1。做一个判断选择结构 选取ping值小的网关做路由
2。全名参与，开发chrome等浏览器插件，用户提交是否被墙的�
��尔值，一段时期后发布route rule.

Original comment by yangkang...@gmail.com on 15 Jul 2011 at 11:45

[GoogleCodeExporter]

1。做一个判断选择结构 选取ping值小的网关做路由
这个想法不错，，到底有没有人知道怎么选择？？

Original comment by shundego...@gmail.com on 5 Feb 2012 at 7:27

[GoogleCodeExporter]

[INFO#1254] 01/Jan/1970:00:00:10 log starts
[INFO#1254] 01/Jan/1970:00:00:10 pptp+jffs mode
[INFO#1254] 01/Jan/1970:00:00:10 modifying /tmp/pptpd_client/ip-up
[INFO#1254] 01/Jan/1970:00:00:10 /tmp/pptpd_client/ip-up not exists, sleep 
10sec.
[INFO#1254] 26/Mar/2013:12:40:43 /tmp/pptpd_client/ip-up not exists, sleep 
10sec.
[INFO#1254] 26/Mar/2013:12:40:53 /tmp/pptpd_client/ip-up not exists, sleep 
10sec.
[INFO#1254] 26/Mar/2013:12:41:03 /tmp/pptpd_client/ip-up not exists, sleep 
10sec.
[INFO#1254] 26/Mar/2013:12:41:13 /tmp/pptpd_client/ip-up modified
[INFO#1254] 26/Mar/2013:12:41:13 modifying /tmp/pptpd_client/ip-down
[INFO#1254] 26/Mar/2013:12:41:13 /tmp/pptpd_client/ip-down modified
[INFO#1254] 26/Mar/2013:12:41:13 ALL DONE. Let's wait for VPN being connected.
[INFO#1766] 26/Mar/2013:12:41:22 vpnup.sh started
[INFO#1766] 26/Mar/2013:12:41:22 router type: DD-WRT
[INFO#1766] 26/Mar/2013:12:41:22 adding the static routes, this may take a 
while.
[INFO#1766] 26/Mar/2013:12:41:31 loading vpnup_custom if available
[INFO#1766] 26/Mar/2013:12:41:31 preparing the exceptional routes
[INFO#1766] 26/Mar/2013:12:41:31 exceptional routes disabled.
[INFO#1766] 26/Mar/2013:12:41:31 exceptional routes features detail:  
http://goo.gl/fYfJ
[INFO#1766] 26/Mar/2013:12:41:31 vpnup.sh ended

这是什么情况.哪里出问题了

Original comment by hjw...@gmail.com on 26 Mar 2013 at 5:14

[GoogleCodeExporter]

[INFO#1300] 01/Jan/1970:00:00:55 ALL DONE. Let's wait for VPN being connected.
[INFO#2015] 22/May/2013:00:04:20 vpnup.sh started
[INFO#2015] 22/May/2013:00:04:20 router type: DD-WRT
[INFO#2015] 22/May/2013:00:04:20 make 209.141.63.50 gw 183.13.88.1
[INFO#2015] 22/May/2013:00:04:20 delete default gw 183.13.88.1
[INFO#2015] 22/May/2013:00:04:20 add default gw 172.16.100.1
[INFO#2015] 22/May/2013:00:04:20 adding the static routes, this may take a 
while.
[INFO#2015] 22/May/2013:00:04:40 preparing the exceptional routes
[INFO#2015] 22/May/2013:00:04:40 exceptional routes disabled.
[INFO#2015] 22/May/2013:00:04:40 exceptional routes features detail:  
http://goo.gl/fYfJ
[INFO#2015] 22/May/2013:00:04:41 vpnup.sh ended
[INFO#2015] 22/May/2013:00:04:41 restarting DNS

What's wrong with this?

Original comment by DexNotF...@gmail.com on 21 May 2013 at 4:13