y0ngb1n

Aben Blog

欢迎来到我的技术小黑屋ヾ(◍°∇°◍)ノ゙
github

ASUS RT-AC86U Asuswrt-Merlin Install Tailscale

8c7218e4c00128101961ec00a97218d61347f5ba-1281x560

刷入 Asuswrt-Merlin 固件#

不必担心把路由器刷废了,华硕的路由器可以让你一键重置回来

1)下载固件

先到 https://www.asuswrt-merlin.net/download 下载相应的固件,并解压。(当前最新 RT-AC86U_386.13_2.zip

2)升级固件

登录到你的路由器后台 http://192.168.50.1/,在 系统管理 > 固件升级 中上传固件文件(如 RT-AC86U_386.13_2_ubi.w

3)打开 JFFS 分区

系统管理 > 系统设置 > Persistent JFFS2 partition

  • Format JFFS partition at next boot -
  • Enable JFFS custom scripts and configs -

4)打开 SSH 登录

系统管理 > 系统设置 > SSH Daemon

  • Allow SSH password login -

系统分区说明#

admin@RT-AC86U-67A0:/tmp/home/root# df -h
Filesystem                Size      Used Available Use% Mounted on
ubi:rootfs_ubifs         77.2M     67.1M     10.0M  87% /
devtmpfs                207.9M         0    207.9M   0% /dev
tmpfs                   208.0M    300.0K    207.7M   0% /var
tmpfs                   208.0M     16.2M    191.8M   8% /tmp/mnt
mtd:bootfs                4.4M      3.3M      1.1M  75% /bootfs
tmpfs                   208.0M     16.2M    191.8M   8% /tmp/mnt
mtd:data                  8.0M    592.0K      7.4M   7% /data
tmpfs                   208.0M     16.2M    191.8M   8% /tmp
/dev/mtdblock9           47.0M     34.2M     12.8M  73% /jffs
  • /tmp 空间较大,设备重启后会清空,可用来临时下载文件。
  • /jffs 空间较小,设备重启后仍保留,可用来保存配置文件、安装程序(有限)。

现在新版的 tailscale_1.68.2_arm64.tgz 会释放 tailscale 15.4Mtailscaled 31.1M 两个核心可执行文件。但 /jffs 空间有限,装不下 tailscaletailscaled,可以利用 /tmp 分区持载可执行文件(参考 adyanth/openwrt-tailscale-enabler 在使用时才下载可执行文件)

为了得到稳定的使用体验,我计划只将 tailscaled 安装在 /jffs/tailscale/tailscaled,而 tailscale 不经常使用可以在使用时才下载到 /tmp/tailscale

安装 Tailscale#

/jffs/tailscale/tailscale

#!/bin/sh

# https://github.com/adyanth/openwrt-tailscale-enabler/blob/main/usr/bin/tailscale

set -e

if [ ! -f /tmp/tailscaled ]; then
    arch=`uname -m`
    if [ "$arch" == "mips" ]; then
        endianness=`echo -n I | hexdump -o | awk '{ print (substr($2,6,1)=="1") ? "le" : ""; exit }'`
    elif [ "$arch" == "armv7l" ]; then
        arch=arm
    elif [ "$arch" == "aarch64" ]; then
        arch=arm64
    elif [ "$arch" == "x86_64" ]; then
        arch=amd64
    fi

    tailscale_version="1.68.2"

    latest_version=`wget -O- https://pkgs.tailscale.com/stable/ | grep tailscale_ | head -1 | cut -d'_' -f 2`
    if [ "$tailscale_version" != "$latest_version" ]; then
        tailscale_version=$latest_version
    fi

    version="${tailscale_version}_${arch}${endianness}"

    echo "Downloading Tailscale ${version} .."

    echo -e "tailscale_${version}/tailscaled" > /tmp/tailscale_${version}_files.txt

    wget -O- https://pkgs.tailscale.com/stable/tailscale_${version}.tgz | tar x -zvf - -C /tmp -T /tmp/tailscale_${version}_files.txt

    mv /tmp/tailscale_$version/* /tmp
    rm -rf /tmp/tailscale_${version}*

    echo "Done!"
fi

/tmp/tailscaled "$@"

/jffs/tailscale/tailscaled-startup.sh

#!/bin/sh

tailscaled_pid=`pidof tailscaled`
if [ -z "$tailscaled_pid" ]
then
  modprobe tun
  nohup /jffs/tailscale/tailscaled --no-logs-no-support --state=/jffs/tailscale/tailscaled.state --statedir=/jffs/tailscale >/dev/null 2>&1 & 
else
  echo "tailscaled (pid:$tailscaled_pid) is running..."
fi

if [ -x /opt/bin/tailscale ]; then tailscale down; tailscale up; fi

/bin/sh /jffs/tailscale/tailscale-nat-setup.sh

借助上面的脚本下载 /tmp/tailscale/tmp/tailscaled,再手动将 taiscaled 固化至 /jffs/tailscale/tailscaled

mkdir -p /jffs/tailscale
chmod +x /jffs/tailscale/tailscale /jffs/tailscale/tailscaled-startup.sh
/jffs/tailscale/tailscale # 下载

mv /tmp/tailscaled /jffs/tailscale/tailscaled
/jffs/tailscale/tailscaled-startup.sh # 启动 tailscaled
/jffs/tailscale/tailscale up
# /jffs/tailscale/tailscale set ...

设置开机启动#

Asuswrt-Merlin 为我们预留了多种事件的执行点,如:

  • wan-start
  • firewall-start
  • nat-start
  • init-start
  • ...

可以利用这些事件的执行脚本进行拓展出各种玩法,如实现我们的 tailscale 开机启动功能:

/jffs/scripts/nat-start

#!/bin/sh

modprobe tun
/bin/sh /jffs/tailscale/tailscale-nat-setup.sh

/jffs/scripts/firewall-start

#!/bin/sh

/bin/sh /jffs/tailscale/tailscaled-startup.sh

/jffs/tailscale/tailscale-nat-setup.sh

#!/bin/sh
# https://www.snbforums.com/threads/a-guide-about-installing-zerotier-on-asus-ac68u-router.42648/
logger -t "custom iptables" "Enter" -p user.notice
if ! iptables -C INPUT -i tailscale0 -j ACCEPT ; then
    # tailscale nat
    iptables -I INPUT -i tailscale0 -j ACCEPT
    iptables -I FORWARD -i tailscale0 -j ACCEPT
    iptables -I FORWARD -o tailscale0 -j ACCEPT
    iptables -t nat -I POSTROUTING -o tailscale0 -j MASQUERADE
    logger -t "custom iptables" "rules added" -p user.notice
else
    logger -t "custom iptables" "rules existed skip" -p user.notice
fi

参考链接#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.