环境准备,将ftp.apnic.net添加到静态路由,防止通过VPN连接失败

$nslookup ftp.apnic.net
Name:    ftp.apnic.net
Addresses: 202.12.29.205

固定IP地址添加到 /etc/hosts

202.12.29.205   ftp.apnic.net

静态路由,直接连接
chnroute-static-route

安装ip-full以支持ip -batch批量导入:

$opkg update
$opkg install ip-full

252 chnroute添加到/etc/iproute2/rt_tables

#
# reserved values
#
128     prelocal
255     local
254     main
253     default
252     chnroute
0       unspec
#
# local
#
#1      inr.ruhep

启动脚本:
/etc/hotplug.d/iface/30-chnroute

#!/bin/sh

[ "$ACTION" = ifup -a "$INTERFACE" = wg0 ] && {
        logger -t chnroute apnic rule downloading.
        sleep 10
        RULES=$(wget -T 60 -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("rule add to %s/%d table chnroute\n", $4, 32-log($5)/log(2)) }')
        if [ ! -z "$RULES" ]; then
                logger -t chnroute download completed. inserting rule.
                echo "$RULES" | gzip - > /root/rules.gz
                echo "$RULES" | ip -batch -
                ip route add default via 192.168.33.1 dev eth0.2 table chnroute proto static
                ip route flush cache
                logger -t chnroute insert completed.
        elif [ -s /root/rules.gz ]; then
                logger -t chnroute download rule failed. inserting backup config.
                zcat /root/rules.gz | ip -batch -
                ip route add default via 192.168.33.1 dev eth0.2 table chnroute proto static
                ip route flush cache
                logger -t chnroute insert backup rule completed.
        else
                logger -t chnroute download rule failed. exit.
        fi
}

[ "$ACTION" = ifdown -a "$INTERFACE" = wg0 ] && {
        logger -t chnroute delete chnroute.
        ip route del default via 192.168.33.1 dev eth0.2 table chnroute proto static
        while :
        do
                RULES=$(ip rule show table chnroute | awk -F ':' '{ printf("rule del prio %d\n", $1) }')
                if [ ! -z "$RULES" ]; then
                        echo "$RULES" | ip -batch -
                else
                        break
                fi
        done
        ip route flush cache
        logger -t chnroute delete completed.
}

重启后测试

$logread -e chnroute
Wed Sep 26 18:25:39 2018 user.notice chnroute: china route rule downloading.
Wed Sep 26 18:25:55 2018 user.notice chnroute: download completed. inserting rule.
Wed Sep 26 18:26:08 2018 user.notice chnroute: insert completed.
$ip rule show table chnroute
$ip route show table chnroute
$ip route get 114.114.114.114
114.114.114.114 via 192.168.33.1 dev eth0.2 table chnroute src 192.168.33.63 uid 0
    cache

$ping 114.114.114.114
PING 114.114.114.114 (114.114.114.114): 56 data bytes
64 bytes from 114.114.114.114: seq=0 ttl=73 time=31.801 ms
64 bytes from 114.114.114.114: seq=1 ttl=89 time=31.620 ms
原文链接:https://marskid.net/2018/09/26/openwrt-chnroute-sh/