群晖安装OpenWrt（iStoreOS）构建旁路由配置OpenClash

95,089

2023-1-08 21:36

1814 字

8 分钟

前段时间通过【群晖Docker安装和运行Clash并自动更新订阅】实现科学上网，在连接WiFi的时候填写代理地址实现，Quest2 VR以及一般的手机等常见设备都支持，这种方式相对来讲比较简单。不过不是所有设备都支持网络代理，像Apple TV就不支持，因此可以考虑使用旁路由，可以在旁路由中安装OpenClash来，并配置好订阅地址实现。

注意：本文不涉及怎么购买订阅地址，请自行解决。

软路由原理

常规网络以及软路由和旁路由网络连接拓扑：

软路由就是给电脑、NAS、或者专门软路由硬件设备安装OpenWrt开源路由器固件，然后通过软路由连接光猫。

软路由侵入性比较强，需要代替现有路由器联网，然后再把现有路由器接到软路由上，也就是至少需要两个网口才能实现，一个连接光猫，一个连接路由器。

旁路由（旁路网关）是软路由的另外一种使用方式，不改变现有网络布局，侵入性比较小，旁路由作为一个普通网络设备接入主路由，配置好之后只需要把网关地址指向旁路由地址（可以在主路由中统一设置，也可以单独在需要的设备中设置）。

注意：我这里使用的DS920+虽然有两个网口，但是旁路由只需要一个网口就够用，并不需要两根网线两个端口

下载固件

目前固件很多，有官方固件，也可以自己编译，还有一些是编译好的固件，KOOLCENTER提供的编译好的固件并直接提供映像（已经安装好的磁盘镜像），有KoolShare以及iStoreOS等，iStoreOS比较新，更新频率较高，而且界面比较美观，建议选择比较新的固件，兼容性会好一些。

地址：https://fw.koolcenter.com/iStoreOS/x86_64/

实际选用固件地址：https://fw.koolcenter.com/iStoreOS/x86_64/istoreos-21.02.3-2022121613-x86-64-squashfs-combined.img.gz

群晖安装OpenWrt

首先需要安装虚拟机套件，然后在虚拟机套件中安装OpenWrt系统

安装虚拟机套件

首先要在群晖套件中找到并安装虚拟机套件Virtual Machine Manager，然后打开虚拟机套件

配置存储，如果以前使用过，这里应该已经配置好了

上传固件映像

首先解压刚才下载的OpenWrt固件，得到一个img结尾的文件，可以上传到群晖系统中，也可以先放在本地，在【选择安装文件】中选择映像：

把OpenWrt的映像添加进去。

进入下一步并完成。

导入虚拟机

点击【虚拟机】，然后【新增】中选择【导入】刚才添加的虚拟机映像

进入下一步，配置下CPU和内存使用等，根据自己的硬件能力配置，据说比较老的固件需要点CPU那个齿轮，配置CPU`兼容模式，最新版不需要了。

下一步选择上传的映像

下一步选择网络，默认即可

配置自动启动

选择一个管理用户，然后下一步完成即可，到此为止已经算是安装好了，后面就是要做一些配置了。

注意：因为是虚拟机，可以拍快照，如果出现一些难以解决的问题可以回滚到快照

配置OpenWrt系统

导入完成之后开机，然后可以连接，进入一个新的网页终端，iStoreOS的系统比较大，启动较慢，可能需要等一等才能进入终端。

回车之后可以进入类似Linux的终端

配置IP地址

需要把路由器配置成和主路由同一个网段，默认IP是192.168.100.1，我这里使用的是红米AX6路由器，因此是192.168.31.*网段，可以到路由器中去看看已经使用的网络地址，并选择一个没有使用的IP地址。我这里使用192.168.31.2

vim /etc/config/network

按i键进入编辑模式，找到192.168.100.1修改为192.168.31.2，然后Esc退出编辑模式，然后输入:wq保存（基本vim的操作）

然后重启

reboot

登录OpenWrt

重启完成之后，可以在浏览器访问OpenWrt的后台了，地址：http://192.168.31.2，密码默认是password。

修改默认密码【系统】-【管理权】：

默认情况下，OpenWrt是由DHCP自动分配IP功能，也就是局域网中由两个DHCP服务器，一般情况作为旁路由都会把旁路由的DHCP功能关闭，目前版本可以自动实现相关配置。

配置旁路由

配置IP地址(192.168.31.2)和网关等，网关设置为主路由的IP地址

配置完成。

测试旁路由

可以用电脑配置一个IP地址测试一下，只要能上网就表示成功了，主要是把网关和DNS指向旁路由的固定IP：192.168.31.2。

Apple TV配置

安装OpenClash插件

iStoreOS提供的OpenWrt【服务】中已经自带几个插件，如果不需要可以手动关掉。

iStore菜单下可以安装一些常见的插件，比较方便

注意：安装插件有一定风险，虚拟机可以先拍个快照，万一系统崩溃可以快速回退

下载OpenClash

目前要安装OpenClash，最好升级下内核，不然可能会报错

https://downloads.openwrt.org/snapshots/targets/x86/64/packages/

下载OpenClash`：

下载地址：https://github.com/vernesong/OpenClash/releases

实际下载文件：https://ghproxy.com/https://github.com/vernesong/OpenClash/releases/download/v0.45.78-beta/luci-app-openclash_0.45.78-beta_all.ipk

上传并安装

先上传到OpenWrt中，在【系统】-【文件传输】中把下载的两个文件都上传到/tmp/upload目录下：

kernel的ipk可以在界面点安装，不过OpenClash要在安装好依赖之后才能点击安装，可以都在终端用命令安装。

进入终端（默认账号是root/password，如果修改过密码，使用自己修改后的密码），按照OpenClash的文档安装依赖

# 升级核心，不升级可能会提示 pkg_hash_check_unresolved: cannot find dependency kernel
opkg install /tmp/upload/kernel_5.15.86-1-9f9e11a5e946333b83ba37f6864e5c49_x86_64.ipk
# 升级
opkg update
# 安装依赖
opkg install coreutils-nohup bash dnsmasq-full curl ca-certificates ipset ip-full libcap libcap-bin ruby ruby-yaml kmod-tun kmod-inet-diag unzip kmod-nft-tproxy luci-compat luci luci-base
# 安装OpenClash
opkg install /tmp/upload/luci-app-openclash_0.45.78-beta_all.ipk

安装成功之后，在【服务】中就有【OpenClash】了。

配置OpenClash

在配置文件订阅中，新增自己的订阅地址

启动OpenClash之后，可以看到网站访问性检查已经正常了

可以在电脑上尝试访问下https://google.com，成功的话就表示配置完成。

iStoreOS OpenClash OpenWrt 旁路由群晖

jebyn

5月前
2024-6-28 14:06:28

旁路由这种方式会导致群晖自己的DDNS解析到错误的地址，导致DDNS不可用
黑暗骑士

10月前
2024-2-04 21:18:27

内核那个连接失效了，下载哪一个
小天

10月前
2024-1-18 9:22:54

新版本的虚拟机安装后一直no bootable device,百度完后说是虚拟机版本要退回2.3.1以上才可以，不折腾了，感谢分享。
- 不用谢
  
  小天
  
  10月前
  2024-1-31 15:15:57
  
  可以使用pve来安装黑群、openwrt
Genio

12月前
2023-12-06 14:29:36

装好了，但是流量一大openwrt就死机是怎么回事呢？
格子老师

12月前
2023-12-05 11:24:05

openclash 订阅地址去哪里找啊
- 不用谢
  
  格子老师
  
  10月前
  2024-1-31 15:13:38
  
  https://nodefree.org/f/freenode，有免费节点
dhsdyd

12月前
2023-12-03 14:06:12

救命了啊，一直安装不上看到这篇教程才成功
海白菜123

1年前
2023-10-19 10:14:57

大佬你好，进入系统配置旁路由IP地址，显示exit status 1，这是什么原因？
xavier

1年前
2023-8-24 14:22:42

用docker装openwrt可以吗？和用群晖虚拟机有什么区别呢
萌新

2年前
2023-4-27 18:50:47

大佬，docker 安装openwrt和Virtual Machine Manager安装有什么区别么
- gary
  博主
  萌新
  
  2年前
  2023-4-27 18:59:12
  
  理论差不多，只是虚拟化程度不一样，群晖虚拟机有很多其他功能，比如可以比较方便打快照，快速恢复版本
- - lanke62
    
    gary
    
    1年前
    2023-8-01 22:04:34
    
    感谢站长分享，已经用起来了，但想精简、优化一下openwrt，因为看起来有点臃肿。
HELP

2年前
2023-3-14 13:19:34
您好, 安装依赖就提示错误了怎么办, help:
root@iStoreOS:~# opkg install coreutils-nohup bash dnsmasq-full curl ca-certificates ipset ip-full libcap libcap-bin ruby ruby-yaml kmod-tun kmod-inet-diag unzip kmod-nft-tproxy luci-compat luci luci-base
Package coreutils-nohup (8.32-6) installed in root is up to date.
Package bash (5.1.16-1) installed in root is up to date.
Package dnsmasq-full (2.85-9) installed in root is up to date.
Package curl (7.83.1-4.1) installed in root is up to date.
Package ca-certificates (20211016-1) installed in root is up to date.
Package ipset (7.6-1) installed in root is up to date.
Package ip-full (5.11.0-3) installed in root is up to date.
Package libcap (2.43-1) installed in root is up to date.
Package libcap-bin (2.43-1) installed in root is up to date.
Package ruby (3.0.5-1) installed in root is up to date.
Package ruby-yaml (3.0.5-1) installed in root is up to date.
Unknown package ‘kmod-tun’.
Package kmod-inet-diag (5.4.188-1) installed in root is up to date.
Package unzip (6.0-8) installed in root is up to date.
Unknown package ‘kmod-nft-tproxy’.
Package luci-compat (git-23.053.32660-c5a5c15) installed in root is up to date.
Package luci (git-22.258.47264-284140f) installed in root is up to date.
Package luci-base (git-23.069.52656-5f30aa0) installed in root is up to date.
Collected errors:
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-reject
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-ipt
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-ipt-core
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nfnetlink
- pkg_hash_fetch_best_installation_candidate: Packages for kmod-nfnetlink found, but incompatible with the architectures configured
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-ipt-ipset
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-conntrack
- pkg_hash_fetch_best_installation_candidate: Packages for kmod-nf-conntrack found, but incompatible with the architectures configured
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-ipt-conntrack
- pkg_hash_fetch_best_installation_candidate: Packages for kmod-ipt-conntrack found, but incompatible with the architectures configured
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-conntrack-netlink
- pkg_hash_fetch_best_installation_candidate: Packages for kmod-nf-conntrack-netlink found, but incompatible with the architectures configured
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-tun
- pkg_hash_fetch_best_installation_candidate: Packages for kmod-tun found, but incompatible with the architectures configured
- opkg_install_cmd: Cannot install package kmod-tun.
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-netlink-diag
- pkg_hash_fetch_best_installation_candidate: Packages for kmod-netlink-diag found, but incompatible with the architectures configured
- opkg_install_cmd: Cannot install package kmod-nft-tproxy.
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-conntrack6
- pkg_hash_fetch_best_installation_candidate: Packages for kmod-nf-conntrack6 found, but incompatible with the architectures configured
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-nat
- pkg_hash_fetch_best_installation_candidate: Packages for kmod-nf-nat found, but incompatible with the architectures configured
- pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-ipt-nat
- pkg_hash_fetch_best_installation_candidate: Packages for kmod-ipt-nat found, but incompatible with the architectures configured
您好, 安装依赖就提示错误了怎么办, help: root@iStoreOS:~# opkg install coreutils-nohup bash dnsmasq-full curl ca-certificates ipset ip-full libcap libcap-bin ruby ruby-yaml kmod-tun kmod-inet-diag unzip kmod-nft-tproxy luci-compat luci luci-base Package coreutils-nohup (8.32-6) installed in root is up to date. Package bash (5.1.16-1) installed in root is up to date. Package dnsmasq-full (2.85-9) installed in root is up to date. Package curl (7.83.1-4.1) installed in root is up to date. Package ca-certificates (20211016-1) installed in root is up to date. Package ipset (7.6-1) installed in root is up to date. Package ip-full (5.11.0-3) installed in root is up to date. Package libcap (2.43-1) installed in root is up to date. Package libcap-bin (2.43-1) installed in root is up to date. Package ruby (3.0.5-1) installed in root is up to date. Package ruby-yaml (3.0.5-1) installed in root is up to date. Unknown package 'kmod-tun'. Package kmod-inet-diag (5.4.188-1) installed in root is up to date. Package unzip (6.0-8) installed in root is up to date. Unknown package 'kmod-nft-tproxy'. Package luci-compat (git-23.053.32660-c5a5c15) installed in root is up to date. Package luci (git-22.258.47264-284140f) installed in root is up to date. Package luci-base (git-23.069.52656-5f30aa0) installed in root is up to date. Collected errors: * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-reject * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-ipt * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-ipt-core * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nfnetlink * pkg_hash_fetch_best_installation_candidate: Packages for kmod-nfnetlink found, but incompatible with the architectures configured * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-ipt-ipset * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-conntrack * pkg_hash_fetch_best_installation_candidate: Packages for kmod-nf-conntrack found, but incompatible with the architectures configured * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-ipt-conntrack * pkg_hash_fetch_best_installation_candidate: Packages for kmod-ipt-conntrack found, but incompatible with the architectures configured * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-conntrack-netlink * pkg_hash_fetch_best_installation_candidate: Packages for kmod-nf-conntrack-netlink found, but incompatible with the architectures configured * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-tun * pkg_hash_fetch_best_installation_candidate: Packages for kmod-tun found, but incompatible with the architectures configured * opkg_install_cmd: Cannot install package kmod-tun. * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-netlink-diag * pkg_hash_fetch_best_installation_candidate: Packages for kmod-netlink-diag found, but incompatible with the architectures configured * opkg_install_cmd: Cannot install package kmod-nft-tproxy. * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-conntrack6 * pkg_hash_fetch_best_installation_candidate: Packages for kmod-nf-conntrack6 found, but incompatible with the architectures configured * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-nf-nat * pkg_hash_fetch_best_installation_candidate: Packages for kmod-nf-nat found, but incompatible with the architectures configured * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.4.188-1-db222399ef90ea6bd3453fe08b323a74) for kmod-ipt-nat * pkg_hash_fetch_best_installation_candidate: Packages for kmod-ipt-nat found, but incompatible with the architectures configured
- 匿名
  
  HELP
  
  2年前
  2023-3-28 6:12:16
  
  不要更新内核，更新最新内核之后可能会导致找不到相应内核版本的kmod软件包。
果子狸

2年前
2023-2-11 11:47:53

感谢，最近也是自己折腾了一个旁路由来玩，
- 不用谢
  
  果子狸
  
  10月前
  2024-1-31 15:15:38
  
  可以使用pve来安装黑群、openwrt