PVE-LXC-Openwrt系统搭建与配置

环境

• Proxmox 7
• Openwrt 21.02.3

PVE安装Openwrt

开启udp转发

echo 'xt_TPROXY' > /etc/modules-load.d/tproxy.conf

新建LXC

pct create 101 \
	local:vztmpl/openwrt-21.02.3-x86-64-rootfs.tar.gz \
	--rootfs local-lvm:2 \
	--ostype unmanaged \
	--hostname OpenWrt \
	--arch amd64 \
	--cores 4 \
	--memory 2048 \
	--swap 0 

修改配置文件 /etc/pve/lxc/101.conf

arch: amd64
cores: 4
hookscript: local:snippets/openwrt.pl
hostname: OpenWrt
memory: 2048
ostype: unmanaged
rootfs: local:101/vm-101-disk-0.raw,size=2G
swap: 0
lxc.include: /usr/share/lxc/config/openwrt.common.conf
# /dev/ppp  pppoe拨号等功能需要用到
lxc.cgroup.devices.allow: c 108:0 rwm
lxc.net.0.type: phys
# 网卡名称
lxc.net.0.link: enp11s0f0
lxc.net.0.flags: up
lxc.net.0.name: eth0

创建钩子脚本

//复制
cp /usr/share/pve-docs/examples/guest-example-hookscript.pl /var/lib/vz/snippets/openwrt.pl

//修改内容
# Second phase 'post-start' will be executed after the guest
# successfully started.
system("lxc-device add -n $vmid /dev/ppp");
system("lxc-device add -n $vmid /dev/net/tun");
print "$vmid started successfully.\n";

常用分享

常用源

src/gz openwrt_dist http://openwrt-dist.sourceforge.net/packages/base/x86_64
src/gz openwrt_dist_luci http://openwrt-dist.sourceforge.net/packages/luci

常用软件

shadowsocks-libev   ChinaDNS python3  luci-app-chinadns dns-forwarder luci-i18n-wireguard-zh-cn iptables-mod-tproxy  luci-app-dns-forwarder  luci-i18n-base-zh-cn luci-i18n-opkg-zh-cn luci-app-shadowsocks luci-i18n-firewall-zh-cn luci-compat 

常用脚本

1. 软件更新

   opkg update
   opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade

2. 更新chinadns

   /usr/bin/wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /etc/chinadns_chnroute.txt

3. 更新RouterOS的cnip文件

   /usr/bin/curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' |sed -e 's/^/add address=/g' -e 's/$/ list=CNIP/g'|sed -e $'1i\\\n/ip firewall address-list' -e $'1i\\\nremove [/ip firewall address-list find list=CNIP]' -e $'1i\\\nadd address=10.0.0.0/8 list=CNIP comment=private-network' -e $'1i\\\nadd address=172.16.0.0/12 list=CNIP comment=private-network' -e $'1i\\\nadd address=192.168.0.0/16 list=CNIP comment=private-network'>/www/cnip.rsc

4. 更新自动代理pac文件

   /usr/bin/genpac --proxy="SOCKS5 192.168.3.2:1080" --gfwlist-proxy="SOCKS5 192.168.3.2:1080" -o /www/gfwlist.pac

5. 更新iptv播放列表

   curl https://raw.githubusercontent.com/iptv-org/iptv/master/streams/cn.m3u -o /www/cn.m3u

6. 安装的软件包

   awk '/^Package:/{PKG= $2} /^Status: .*user installed/{print PKG}' /usr/lib/opkg/status

参考

• openwrt下载地址