Building a Home Network Router with N1
前言
在互联网时代,信息获取和网络连接已成为日常生活不可或缺的一部分。然而,网络防火墙和广告弹窗却困扰着许多用户。为了突破限制,提升网络体验,搭建个人旁路由成为了一个值得考虑的方案。
旁路由,顾名思义,是指在主路由之外,额外建立一条网络连接路径。通过旁路由,我们可以将特定流量(例如翻墙或去广告)单独处理,而不影响家庭其他成员的正常网络使用。
以下是搭建个人旁路由的主要优势:
不可说: 访问被限制的网站和内容。
去广告: 过滤烦人的广告弹窗,提升网页浏览体验。
隐私保护: 隐藏您的真实 IP 地址,保护您的网络隐私。
安全上网: 抵御网络攻击,提高网络安全防护能力
OpenWrt系统
系统来源
从论坛下载固件
推荐恩山论坛,论坛有各种网友编译的固件,可以根据自己的设备和需求,按需下载
按需定制化
工具网站
功能和参数定制
选择设备型号和名称:这里以我的N1为例
自定义构建固件
- 出厂软件包:建议不要动
- 常用软件包:可以按需选择,如果列表中没有,直接在输入框内键入关键词,即可选择
- 互联网:Clash必备 (建议再选择一个备用)
- 后台地址:建议直接固定局域网IP,接下来设置和安装就需要直接输入此IP
- Docker:作为玩具,怎么可以少的了这个
- 假装IstoreOS:作为玩具,怎么可以少的了这个
- IPv6:打开
- 旁路由模式:为的就是这个,这里打开,省去接下来设置的步骤
- IPv4网关:家庭主路由网关
非赞助用户,一天只有一次构建过程,务必认真填写,如有可能建议赞助
构建和下载固件
刻录
推荐balenaEtcher:只为全平台推荐,话说什么时候可以出apple silicon的版本
系统烧录
刷机流程
- 将刻录的U盘插入N1,再接电源
- 等待几分钟之后,🛜可以发现openwrt的热点,无密码直接链接
- 电脑IP直接按刚才配置,设置固定IP,否则无法登陆
- 打开Openwrt的网页,刷机:
- 系统–晶晨宝盒–安装OpenWrt–选择设备型号–安装(具体入下图)
Clash设置
插件Bug
由于Clash部分版本的问题,导致无法更新和安装插件,需要执行如下命令:
SSH进入Openwrt
1 | |
插件下载地址
DNS设置
为AdGuard Home起作用
Adguard Home
更新核心
6060重定向设置为:重定向53端口到AdGuardHome
更新密码
- 更多选项:改变网页登陆密码
更改网页登陆密码:输入需设置的密码
载入计算模块
将计算结果填入:手动设置
保存并应用
Adguard设置
Adguard Home 配置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292http:
pprof:
port: 6060
enabled: false
address: 0.0.0.0:3000
session_ttl: 720h
users:
- name: admin
password: $2y$10$IGMLdaSfnTHCd2yub1Fx1ON2EiboNoWbRMfMsRCJpLAJRaDW1vMVi
auth_attempts: 99
block_auth_min: 0
http_proxy: ""
language: ""
theme: auto
dns:
bind_hosts:
- 0.0.0.0
port: 5354
anonymize_client_ip: false
ratelimit: 0
ratelimit_subnet_len_ipv4: 24
ratelimit_subnet_len_ipv6: 56
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- 127.0.0.1:7874
- 127.0.0.1:7890
upstream_dns_file: ""
bootstrap_dns:
- 221.12.1.227
fallback_dns: []
upstream_mode: parallel
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet:
custom_ip: ""
enabled: false
use_custom: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
bootstrap_prefer_ipv6: false
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams: []
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
serve_plain_dns: true
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 784
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
querylog:
ignored: []
interval: 6h
size_memory: 1000
enabled: true
file_enabled: true
statistics:
ignored: []
interval: 24h
enabled: true
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard DNS filter
id: 1
- enabled: true
url: https://adaway.org/hosts.txt
name: AdAway Default Blocklist
id: 2
- enabled: true
url: https://raw.githubusercontent.com/xinggsf/Adblock-Plus-Rule/master/rule.txt
name: 乘风广告过滤规则
id: 1649483422
- enabled: true
url: https://anti-ad.net/easylist.txt
name: 'CHN: anti-AD'
id: 1649484084
- enabled: true
url: https://easylist-downloads.adblockplus.org/easylistchina.txt
name: EasyList China
id: 1649484085
- enabled: true
url: https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-adguard.txt
name: anti-ad-adguard
id: 1649484198
- enabled: true
url: https://easylist-downloads.adblockplus.org/easyprivacy.txt
name: easyprivacy
id: 1649954258
- enabled: true
url: https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts
name: 大圣净化
id: 1650076290
- enabled: true
url: https://raw.githubusercontent.com/vokins/yhosts/master/hosts
name: yhosts
id: 1650076291
- enabled: true
url: https://raw.githubusercontent.com/o0HalfLife0o/list/master/ad.txt
name: a1d
id: 1654089502
- enabled: true
url: https://raw.githubusercontent.com/Goooler/1024_hosts/master/hosts
name: googler
id: 1654089509
- enabled: true
url: https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt
name: ee
id: 1654089510
- enabled: true
url: http://sub.adtchrome.com/adt-chinalist-easylist.txt
name: cw
id: 1654089511
- enabled: true
url: https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/adblock-for-dnsmasq.conf
name: ec1
id: 1654089512
- enabled: true
url: https://raw.githubusercontent.com/rentianyu/Ad-set-hosts/master/adguard
name: rentianyu / Ad-set-hosts
id: 1687449634
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt
name: Dandelion Sprout's Anti-Malware List
id: 1687578182
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_42.txt
name: ShadowWhisperer's Malware List
id: 1687578183
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt
name: Scam Blocklist by DurableNapkin
id: 1687578184
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt
name: NoCoin Filter List
id: 1687578185
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt
name: Stalkerware Indicators List
id: 1687578186
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt
name: Phishing URL Blocklist (PhishTank and OpenPhish)
id: 1687578187
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt
name: The Big List of Hacked Malware Web Sites
id: 1687578188
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt
name: Malicious URL Blocklist (URLHaus)
id: 1687578189
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_29.txt
name: 'CHN: AdRules DNS List'
id: 1707799154
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_21.txt
name: 'CHN: anti-AD'
id: 1707799155
- enabled: true
url: https://raw.githubusercontent.com/217heidai/adblockfilters/main/rules/adblockdns.txt
name: https://github.com/217heidai/adblockfilters
id: 1707799156
whitelist_filters: []
user_rules:
- '@@||vk.com^$important'
- '@@||twitter.com^$important'
- '@@||twitter.com^$client=''127.0.0.1'''
- '@@||www.similarweb.com^$important'
- '@@||similarweb.com^$important'
- '@@||t.co^$important'
- '@@||mercadolibre.com^$important'
- '@@||mercadolibre.com^$client=''127.0.0.1'''
- '@@||dc.services.visualstudio.com^$important'
- '@@||dc.services.visualstudio.com^$client=''127.0.0.1'''
- '@@||northeurope-2.in.applicationinsights.azure.com^$client=''127.0.0.1'''
- '@@||northeurope-2.in.applicationinsights.azure.com^$important'
- '@@||wabi-north-europe-g-primary-redirect.analysis.windows.net^$important'
- '@@||wabi-north-europe-g-primary-redirect.analysis.windows.net^$client=''127.0.0.1'''
- '@@||mon.us.tiktokv.com^$important'
- '@@||mcs.us.tiktokv.com^$client=''127.0.0.1'''
- '@@||s.click.aliexpress.com^$important'
- '@@||s.click.aliexpress.com^$client=''127.0.0.1'''
- '@@||analytics.google.com^$client=''127.0.0.1'''
- '@@||analytics.google.com^$important'
- '@@||wl.spotify.com^$important'
- '@@||advertising.amazon.com^$client=''127.0.0.1'''
- '@@||*.amazon.com^$important'
- ""
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
filtering:
blocking_ipv4: ""
blocking_ipv6: ""
blocked_services:
schedule:
time_zone: UTC
ids: []
protection_disabled_until: null
safe_search:
enabled: false
bing: true
duckduckgo: true
google: true
pixabay: true
yandex: true
youtube: true
blocking_mode: default
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
rewrites: []
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
filters_update_interval: 24
blocked_response_ttl: 10
filtering_enabled: true
parental_enabled: false
safebrowsing_enabled: false
protection_enabled: true
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log:
file: ""
max_backups: 0
max_size: 100
max_age: 3
compress: false
local_time: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 28最终效果
Building a Home Network Router with N1
http://example.com/2024/02/13/Building-a-Home-Network-Router-with-N1/