环境准备
- 路由系统:openwrt 20.02
- 加速节点:openvpn
- IP分类: IANA组织公示地址
1、通过iptables实现智能分流
1.1 开启流量转发
$ cat /etc/sysctl.d/30-ipforward.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding = 1
net.ipv4.tcp_congestion_control=westwood
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 5编辑完成后,执行以下命令使变动立即生效
$ sysctl -p1.2 下载ip地址表
wget -c http://ftp.apnic.net/stats/apnic/delegated-apnic-latest
cat delegated-apnic-latest | awk -F '|' '/CN/&&/ipv4/ {print $4 "/" 32-log($5)/log(2)}' | cat > cn_rules.conf1.3 创建ipset,将下载好的IP导入到ipset中
ipset create -n china hash:net maxelem 65536
for ip in $(cat cn_rules.conf); do ipset add china $ip; done
# 查看
ipset list china1.4 创建路由策略
ip route add 0.0.0.0/0 dev tun0 table tunnel
ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table tunnel $ROUTE ; done1.5 将符合规则的流量打上标记,并在mangle表中处理标记
# 打标记
iptables -t mangle -A PREROUTING -m set ! --match-set china dst -j MARK --set-mark 1
# GitHub访问加速
iptables -t mangle -R PREROUTING 1 -m set ! --match-set china dst -j MARK --set-mark 1注:tun0网卡为连接海外节点的vpn隧道,具体部署再次不在赘述
2、通过策略路由实现智能分流
# GitHub加速
GATEWAY_IP=$(ip route|grep "default"|awk '{print $3}') # 网关IP
TUN_IP=$(ifconfig tun0 | awk -F '[ :]+' 'NR==2 {print $4}') # tun0网卡IP
ip route del default via "$GATEWAY_IP"
ip route add "$VPN_SERVER" via "$TUN_IP"
# 特殊ip段走网关的IP地址
ip route add "192.168.0.0/16" via "$GATEWAY_IP"
ip route add "172.16.0.0/16" via "$GATEWAY_IP"
for i in $(cat /usr/local/sdwan/config/cn_rules.conf)
do
ip route add "$i" via "$GATEWAY_IP"
done
ip route del "0.0.0.0/1"
ip route add "0.0.0.0/1" via "$GATEWAY_IP"
注:此教程仅提供思路,具体实现方法请结合实际环境做调整
