glider on edgerouter

10-setup-glider.sh

#!/usr/bin/env bash
GLIDER_TAR_BALL=/config/user-data/glider.tgz
DEST_FOLDER=/tmp/glider
BIN_FILE=/tmp/glider/glider
OLD_FILE=/tmp/glider/glider.old
PID_FILE=/tmp/glider/glider.pid
CFG_FILE=/tmp/glider/glider.conf
QUIET=
#VPS_IP=`getent ahostsv4 <your server domain> | head -1 | awk '{print $1}'`
VPS_IP=x.x.x.x
#echo VPS IP is $VPS_IP
#echo glider CFG is $CFG_FILE

# create target folder
mkdir -p $DEST_FOLDER

# generate config file
cat << EOF > $CFG_FILE
listen=redir://:1081
#listen=<your other listen>
dns=:1053
dnsserver=8.8.8.8:53
dnsserver=8.8.4.4:53
strategy=lha
checkinterval=300
checkdisabledonly
#forward=<your server schema>
#forward=smux://192.168.11.100:1080,socks5://
EOF

# replace vps IP
sed -i "s/VPS_IP/$VPS_IP/g" $CFG_FILE

# extract glider
if [ "$1" != "restart" ]; then
  # echo "$1 - extract glider..."
  [ -f $BIN_FILE ] && mv -f $BIN_FILE $OLD_FILE; tar -C $DEST_FOLDER -xf $GLIDER_TAR_BALL
fi

# start glider
killall -9 glider
sleep 5s
start-stop-daemon -c nobody -g nogroup $QUIET -oSbmp $PID_FILE -x $BIN_FILE

# dnsmasq, "10-gfwlist.conf" generated by https://github.com/cokebar/gfwlist2dnsmasq
NEED_RESTART_DNS=0
DNS_GFWLIST_DST=/etc/dnsmasq.d/10-gfwlist.conf
DNS_CUSTOM_DST=/etc/dnsmasq.d/20-my-custom-gfwlist.conf
DNS_GFWLIST_SRC=/config/user-data/dnsmasq.d/10-gfwlist.conf
DNS_CUSTOM_SRC=/config/user-data/dnsmasq.d/20-my-custom-gfwlist.conf

[ ! -f $DNS_GFWLIST_DST -o ! -f $DNS_CUSTOM_DST ] && NEED_RESTART_DNS=1

[ ! -f $DNS_GFWLIST_DST ] && [ -f $DNS_GFWLIST_SRC ] && ln -sf $DNS_GFWLIST_SRC $DNS_GFWLIST_DST
[ ! -f $DNS_CUSTOM_DST ] && [ -f $DNS_CUSTOM_SRC ] && ln -sf $DNS_CUSTOM_SRC $DNS_CUSTOM_DST

[ "$NEED_RESTART_DNS" == "1" ] && systemctl restart dnsmasq

20-sci-net.sh

#!/bin/sh

GFW_LIST=gfwlist
WHITE_LIST=wlist
CHAIN=GLIDER
LOCAL_MARKER=0x1234
IPT="iptables -t nat"
IPTA="$IPT -A $CHAIN"

### check and create ipset list ###
ipset -q -n -L $GFW_LIST > /dev/null 2>&1 || ipset -! create $GFW_LIST hash:net
ipset -q -n -L $WHITE_LIST > /dev/null 2>&1 || ipset -! create $WHITE_LIST hash:net hashsize 64 maxelem 100

### add telegram IP subnets
ipset -! add $GFW_LIST 149.154.164.0/22
ipset -! add $GFW_LIST 149.154.160.0/22
ipset -! add $GFW_LIST 91.108.56.0/22
ipset -! add $GFW_LIST 91.108.4.0/22
ipset -! add $GFW_LIST 91.108.8.0/22

### add white list IP subnets  !!!!CHANGE ME!!!!
ipset -! add $WHITE_LIST 192.168.0.0/27

### clean up iptable rules
$IPT -F $CHAIN > /dev/null 2>&1
$IPT -D PREROUTING -p tcp -j $CHAIN > /dev/null 2>&1
$IPT -D OUTPUT -p tcp -j MARK --set-mark $LOCAL_MARKER > /dev/null 2>&1
$IPT -D OUTPUT -p tcp -j $CHAIN > /dev/null 2>&1
$IPT -X $CHAIN > /dev/null 2>&1

### create new chain
$IPT -N $CHAIN

### only allow specific range of sources and not from local ###
$IPTA -m set ! --match-set $WHITE_LIST src -m mark ! --mark $LOCAL_MARKER -j RETURN

### ignore not in gfwlist
$IPTA -m set ! --match-set $GFW_LIST dst -j RETURN

### redir ###
$IPTA -p tcp -j REDIRECT --to-ports 1081

### redirect NAT traffic ###
$IPT -I PREROUTING -p tcp -j $CHAIN

### redirect local traffic ###
$IPT -A OUTPUT -p tcp -j MARK --set-mark $LOCAL_MARKER
$IPT -A OUTPUT -p tcp -j $CHAIN