63 lines
2.1 KiB
Markdown
63 lines
2.1 KiB
Markdown
本质其实是通过路由器劫持,修改数据包的内容,伪装成同一台设备的来防止检测
|
||
详细的技术内容可以查看:
|
||
|
||
https://www.bilibili.com/video/BV1yr4meeENt/?spm_id_from=333.337.search-card.all.click&vd_source=f553a12b04c16a678ddc0064cc04563c
|
||
|
||
我这边使用的方案与其类似:使用刷有openwrt的路由器,通过ua3f和bashclash来完成躲避校园网的检测
|
||
|
||
首先在
|
||
|
||
lca也有过部署经验,一次为了不重复造轮子,请先查看他的博客地址:https://luckylca.github.io/2025/08/29/csust-network-crack/
|
||
|
||
ssh连上路由器后
|
||
|
||
```bash
|
||
opkg print-architecture
|
||
# 检查路由器架构,安装对应ua3f ipk文件
|
||
```
|
||
|
||
[猴子也能看懂的 UA3F 使用教程](https://sunbk201public.notion.site/UA3F-2a21f32cbb4b80669e04ec1f053d0333)
|
||
基本上跟着这个走安装ua3f就没有问题
|
||
|
||
```bash
|
||
export url='https://fastly.jsdelivr.net/gh/juewuy/ShellCrash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh && sh /tmp/install.sh && source /etc/profile &> /dev/null
|
||
# 安装bashcrash
|
||
```
|
||
|
||
|
||
其中需要注意的是在配置统一useragent 头的地方,在给bashclash传配置的config文件时,之前的配置文件已经更新了,详见:
|
||
|
||
https://github.com/SunBK201/UA3F/blob/master/docs/clash/Clash.md
|
||
|
||
```bash
|
||
nft add rule ip mangle POSTROUTING oif br-lan ip protocol ip ip ttl set 128
|
||
```
|
||
|
||
|
||
|
||
```bash
|
||
# 备份原配置
|
||
cp /etc/firewall.user /etc/firewall.user.backup 2>/dev/null
|
||
|
||
# 添加TTL规则到防火墙用户规则
|
||
cat >> /etc/firewall.user << 'EOF'
|
||
|
||
# === TTL设置规则(无线和有线)===
|
||
# 清理并重新设置TTL规则
|
||
nft delete table ip mangle 2>/dev/null
|
||
nft add table ip mangle
|
||
nft add chain ip mangle POSTROUTING { type filter hook postrouting priority mangle; policy accept; }
|
||
nft add rule ip mangle POSTROUTING oif "br-lan" ip ttl set 128
|
||
nft add rule ip mangle POSTROUTING oif "phy0-ap0" ip ttl set 128
|
||
nft add rule ip mangle POSTROUTING oif "phy1-ap0" ip ttl set 128
|
||
EOF
|
||
|
||
# 重启防火墙
|
||
/etc/init.d/firewall restart
|
||
```
|
||
|
||
|
||
|
||
就同样的修改一下代理的配置即可
|
||
|