Network 笔记 路由、设备

Setup WPAD on Asus Merlin

By @sskaje

I have flashed my Asus RT-AC68U to Merlin, SSH has been enabled.

This is a tutorial about setting up WPAD on Asus router.


Router: RT-AC68U
Firmware: Merlin 380.59
Router IP:
Local Domain: my.home.local
Router Admin Account: admin
DHCPd: dnsmasq


SSH to router, and check files.

Web root is set to /www, there is a wpad.dat but a dead link to /www/ext/proxy.pac, which does not exist on the router.

Setup WPAD on Asus Merlin by @sskaje:

Incoming search terms:

Network UBNT 路由、设备

EdgeRouter DNAT for Remote Socks Proxy Server

By @sskaje

I set up an HAProxy for socks 5 proxy server on my edgerouters, listening on, forwarding to proxy server tunneled at You can find it: UBNT VPN + Socks5 代理.

I chose this because of failure on setting destination NAT.

The BAD thing is, HAProxy DOES NOT SUPPORT UDP. If I set foxyproxy resolving names from remote, connections are lost.

I tried many many times, and find out why I got failed setting DNAT.

EdgeRouter DNAT for Remote Socks Proxy Server by @sskaje:
Network UBNT VPN 路由、设备

EdgeRouter Lite: Source Based Routing

By @sskaje

I have on my eth0 as LAN, VPN set up.
For some cases, I want to visit some web site via VPN, I set up a socks 5 proxy.
But socks 5 is not an option for iPhone & Android by default.

So I added to eth0 at the same time, traffic from are all forwarded to VPN interface.

If I want my iPhone traffic fully routed to VPN, I just need to change my iPhone WiFi addresses.

EdgeRouter Lite: Source Based Routing by @sskaje:
DNS Network UBNT VPN 笔记 路由、设备

EdgeRouter PPtP Server访问本地DNS服务

By @sskaje

UBNT EdgeRouter 自带了PPTP Server,典型的配置方法是


路由端抓 UDP 53 的包,可以看到pptp客户端发出的dns请求,但是没有回包。

man dnsmasq

-i, –interface=
Listen only on the specified interface(s). Dnsmasq automatically adds the loopback (local) interface to the list of interfaces to use when the –interface option is used. If no –interface or –listen-address options
are given dnsmasq listens on all available interfaces except any given in –except-interface options. IP alias interfaces (eg “eth1:0”) cannot be used with –interface or –except-interface options, use –listen-
address instead. A simple wildcard, consisting of a trailing ‘*’, can be used in –interface and –except-interface options.

尝试了加一个 interface=pptp*,无效。
顺手先把dnsmasq的请求隔离到一个新的网段,服务端的local-ip设成,推送dns,再设置options ‘listen-address=’,解决。

EdgeRouter PPtP Server访问本地DNS服务 by @sskaje:

Incoming search terms:

Network Port Proxy UBNT 笔记 路由、设备

UBNT VPN + Socks5 代理

By @sskaje

VPN的方案可以参考 Set up OpenVPN Site-to-Site on UBNT EdgeRouter LiteEdgeOS PPTP VPN客户端配置

思路2,DPI监测域名或SNI,但是EdgeRouter Lite的最新版beta 1.8.0b3文档不完整,自己测试了一下相关命令,没搞成,理论上有戏。
思路3,本地socks5代理。我一直会用firefox+foxyproxy作为专用浏览器,正常的需求都用chrome。而且最近secure pipes经常掉,不确定什么情况,包括用国内vps代理远端ssh的方案也不行。

尝试了一些方案,包括dante-server 选上行interface, SSH Tunnel + DNAT,都不行。DNAT的方案不想直接用iptables,怕配置命令保存不方便,所以最终回到了haproxy的方案。

VPS上,配置socks5代理。方案很简单,参考命令如下: 和 分别是我两种vpn方案的服务端私有IP。
这行命令被我加到了rc.local。当然,还得配ssh 公钥登录。

路由上,安装配置haproxy。依旧参考 使用HAProxy搭建SSH代理

UBNT VPN + Socks5 代理 by @sskaje:

Incoming search terms: