First, flash the OpenWRT firmware on the router. My router is a Netgear R7800, and I flashed the OpenWRT version 21.02.5. There are many tutorials online on how to flash the firmware, so I won't elaborate here. You can refer to this link for the method: https://deepzz.com/post/router-openwrt-v2ray-tproxy.html
I used the V2RAY client to implement transparent proxying, and the main configuration is as follows:
- v2ray config.json configuration file
{
"log": {
"loglevel": "Warning"
},
"inbounds": [
{
"port": 30000,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy",
"mark": 2
}
},
"tag": "transparent"
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "your disguised domain",
"port": your V2RAY server port,
"users": [
{
"id": "your UUID",
"alterId": 0,
"email": "[email protected]",
"security": "none"
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"serverName": "your disguised domain"
},
"wsSettings": {
"path": "your disguised path",
"headers": {
"Host": "your disguised domain"
}
},
"sockopt": {
"mark": 2
}
},
"mux": {
"enabled": true,
"concurrency": 8
}
},
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
},
"streamSettings": {
"sockopt": {
"mark": 2
}
},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
},
"tag": "adblock"
},
{
"protocol": "dns",
"streamSettings": {
"sockopt": {
"mark": 2
}
},
"proxySettings": {
"tag": "proxy"
},
"settings": {
"address": "8.8.8.8"
},
"tag": "dns-out"
}
],
"dns": {
"hosts": {
"your disguised domain": "your v2ray server IP address"
},
"servers": [
"8.8.8.8","1.1.1.1"
]
},
"routing": {
"domainStrategy": "AsIs",
//"domainMatcher": "mph",
"rules": [
{
"type": "field",
"inboundTag": [
"transparent"
],
"port": 53,
"network": "udp",
"outboundTag": "dns-out"
},
{
"type": "field",
"protocol": [
"bittorrent"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"8.8.8.8",
"1.1.1.1"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"geosite:geolocation-!cn"
],
"outboundTag": "proxy"
},
{
"type": "field",
"outboundTag": "proxy",
"domain": [
"geosite:google",
"geosite:github",
"geosite:netflix",
"geosite:steam",
"geosite:telegram",
"geosite:tumblr",
"geosite:speedtest",
"geosite:bbc",
"geosite:tiktok",
"domain:tiktokcdn.com",
"domain:byteoversea.com",
"domain:tiktokv.com",
"domain:ibytedtos.com",
"domain:openai.com",
"domain:bing.com",
"domain:gvt1.com",
"domain:textnow.com",
"domain:twitch.tv",
"domain:wikileaks.org",
"domain:naver.com"
]
},
{
"type": "field",
"outboundTag": "proxy",
"ip": [
"91.108.4.0/22",
"91.108.8.0/22",
"91.108.12.0/22",
"91.108.20.0/22",
"91.108.36.0/23",
"91.108.38.0/23",
"91.108.56.0/22",
"149.154.160.0/20",
"149.154.164.0/22",
"149.154.172.0/22",
"74.125.0.0/16",
"173.194.0.0/16",
"172.217.0.0/16",
"216.58.200.0/24",
"216.58.220.0/24",
"91.108.56.116",
"91.108.56.0/24",
"109.239.140.0/24",
"149.154.167.0/24",
"149.154.175.0/24"
]
},
{
"type": "field",
"outboundTag": "direct",
"domain": [
"domain:12306.cn",
"domain:51ym.me",
"domain:52pojie.cn",
"domain:8686c.com",
"domain:abercrombie.com",
"domain:adobesc.com",
"domain:air-matters.com",
"domain:air-matters.io",
"domain:airtable.com",
"domain:akadns.net",
"domain:apache.org",
"domain:api.crisp.chat",
"domain:api.termius.com",
"domain:appshike.com",
"domain:appstore.com",
"domain:aweme.snssdk.com",
"domain:bababian.com",
"domain:battle.net",
"domain:beatsbydre.com",
"domain:bet365.com",
"domain:bilibili.cn",
"domain:ccgslb.com",
"domain:ccgslb.net",
"domain:chunbo.com",
"domain:chunboimg.com",
"domain:clashroyaleapp.com",
"domain:cloudsigma.com",
"domain:cloudxns.net",
"domain:cmfu.com",
"domain:culturedcode.com",
"domain:dct-cloud.com",
"domain:didialift.com",
"domain:douyutv.com",
"domain:duokan.com",
"domain:dytt8.net",
"domain:easou.com",
"domain:ecitic.net",
"domain:eclipse.org",
"domain:eudic.net",
"domain:ewqcxz.com",
"domain:fir.im",
"domain:frdic.com",
"domain:fresh-ideas.cc",
"domain:godic.net",
"domain:goodread.com",
"domain:haibian.com",
"domain:hdslb.net",
"domain:hollisterco.com",
"domain:hongxiu.com",
"domain:hxcdn.net",
"domain:images.unsplash.com",
"domain:img4me.com",
"domain:ipify.org",
"domain:ixdzs.com",
"domain:jd.hk",
"domain:jianshuapi.com",
"domain:jomodns.com",
"domain:jsboxbbs.com",
"domain:knewone.com",
"domain:kuaidi100.com",
"domain:lemicp.com",
"domain:letvcloud.com",
"domain:lizhi.io",
"domain:localizecdn.com",
"domain:lucifr.com",
"domain:luoo.net",
"domain:mai.tn",
"domain:maven.org",
"domain:miwifi.com",
"domain:moji.com",
"domain:moke.com",
"domain:mtalk.google.com",
"domain:mxhichina.com",
"domain:myqcloud.com",
"domain:myunlu.com",
"domain:netease.com",
"domain:nfoservers.com",
"domain:nssurge.com",
"domain:nuomi.com",
"domain:ourdvs.com",
"domain:overcast.fm",
"domain:paypal.com",
"domain:paypalobjects.com",
"domain:pgyer.com",
"domain:qdaily.com",
"domain:qdmm.com",
"domain:qin.io",
"domain:qingmang.me",
"domain:qingmang.mobi",
"domain:qqurl.com",
"domain:rarbg.to",
"domain:rrmj.tv",
"domain:ruguoapp.com",
"domain:sm.ms",
"domain:snwx.com",
"domain:soku.com",
"domain:startssl.com",
"domain:store.steampowered.com",
"domain:symcd.com",
"domain:teamviewer.com",
"domain:tmzvps.com",
"domain:trello.com",
"domain:trellocdn.com",
"domain:ttmeiju.com",
"domain:udache.com",
"domain:uxengine.net",
"domain:weather.bjango.com",
"domain:weather.com",
"domain:webqxs.com",
"domain:weico.cc",
"domain:wenku8.net",
"domain:werewolf.53site.com",
"domain:windowsupdate.com",
"domain:wkcdn.com",
"domain:workflowy.com",
"domain:xdrig.com",
"domain:xiaojukeji.com",
"domain:xiaomi.net",
"domain:xiaomicp.com",
"domain:ximalaya.com",
"domain:xitek.com",
"domain:xmcdn.com",
"domain:xslb.net",
"domain:xteko.com",
"domain:yach.me",
"domain:yixia.com",
"domain:yunjiasu-cdn.net",
"domain:zealer.com",
"domain:zgslb.net",
"domain:zimuzu.tv",
"domain:zmz002.com",
"domain:samsungdm.com"
]
},
{
"type": "field",
"outboundTag": "adblock",
"domain": [
"geosite:category-ads-all"
]
},
{
"type": "field",
"outboundTag": "direct",
"ip": [
"geoip:private"
]
},
"domain:webqxs.com",
"domain:weico.cc",
"domain:wenku8.net",
"domain:werewolf.53site.com",
"domain:windowsupdate.com",
"domain:wkcdn.com",
"domain:workflowy.com",
"domain:xdrig.com",
"domain:xiaojukeji.com",
"domain:xiaomi.net",
"domain:xiaomicp.com",
"domain:ximalaya.com",
"domain:xitek.com",
"domain:xmcdn.com",
"domain:xslb.net",
"domain:xteko.com",
"domain:yach.me",
"domain:yixia.com",
"domain:yunjiasu-cdn.net",
"domain:zealer.com",
"domain:zgslb.net",
"domain:zimuzu.tv",
"domain:zmz002.com",
"domain:samsungdm.com"
]
},
{
"type": "field",
"outboundTag": "adblock",
"domain": [
"geosite:category-ads-all"
]
},
{
"type": "field",
"outboundTag": "direct",
"ip": [
"geoip:private"
]
},
{
"type": "field",
"outboundTag": "direct",
"ip": [
"geoip:cn"
]
},
{
"type": "field",
"outboundTag": "direct",
"domain": [
"geosite:cn"
]
}
]
}
}
- Router Configuration
Click on WAN to edit
Click on Advanced Settings, uncheck Automatically obtain DNS server, and add custom DNS servers
Then click Save
Click on WAN6 to edit
Similarly, uncheck Automatically obtain DNS server, and add custom DNS servers
Click Save
Finally, save and apply
- Test DNS Leak
Open the website: https://ipleak.net/#dnsleak
If the tested DNS servers do not show the Chinese flag, it indicates that the DNS leak prevention configuration is successful.