As you would have been aware of that I live in China where internet is under strict censorship. I’ve been discovering ways to access the blocked internet resources.
So recently I switched to a x86 mini computer that runs Proxmox VE, which has an OpenWRT VM running as a router. In this blog post, I’m using Clash, a new software that is quite the same to Surge. They both support “rules” mode that routes internet traffic on your will. It’s so convenient that you don’t have to use gfwlist anymore, and they are more precise and customizable, like you can route Google to a Hong Kong proxy, YouTube to United States, Netflix to Japan and so forth. Clash also has a redir mode which can be used with iptables to redirect the TCP packets. We’re also gonna utilize Unbound and DNSCrypt-proxy to solve the DNS pollution issue.
Download the tools
$ mkdir /etc/clash $ cd /etc/clash $ wget https://github.com/Dreamacro/clash/releases/download/v0.13.0/clash-linux-amd64.tar.gz $ tar -xzvf clash-linux-amd64.tar.gz $ mv clash-linux-amd64 clash
# Configure dnsmasq to send a DNS Server DHCP option with its LAN IP # since it does not do this by default when port is configured. $ lan_address=$(uci get network.lan.ipaddr) $ uci add_list "dhcp.lan.dhcp_option=option:dns-server,$lan_address"
$ uci commit
Use the example config with these options changed:
You can now open your browser now and go to https://ipinfo.io to see if it works!
Remember external-controller? We’re gonna make use of it… right now.
There’s a fantastic web interface that does exactly the work: http://clash.razord.top/. Use your OpenWrt IP address, and port 6170.
Be ware that Clash does not remember your choices of servers between restarts.
Check the logs
$ logread -e clash -f
I’m also using WireGuard to connect back to my home network when I’m not in house. If you want to know further more how to configure WireGuard to work with this approach (Clash + Unbound), comment down below.