Raspberry Pi Running Distribution Agent
I seem to have been having trouble with various agents recently, so I took the time to read the Sing-box documentation, plus various video tutorials, and fumbled around a lot on my own.
sing-box is a universal proxy platform that is very powerful. It supports many inbound and outbound protocols and is very convenient to use.
This article records my personal usage, which may be useful to some readers. Some descriptions may not be professional enough, but they are definitely practical. Readers are welcome to follow the official account and leave messages for communication.
Because I have a Raspberry Pi 2 Model B that has been idle for many years, I checked that the rated power is 3.0 watts (5V/600mA), which is very suitable for use as a small gateway + dnsmasq domain name cache. The gateway can act as a proxy and can also block some advertisements.
First draw a network architecture diagram to facilitate readers' understanding.
Just like a common home network. Just connect an extra Raspberry Pi to the home router. The gateways and dns servers of other devices are set to the IP address of the Raspberry Pi.
The following are the steps:
1. Install the official system on Raspberry Pi
Originally, there was nothing to write about this step. There are many tutorials on the Internet to teach you how to flash the official system for the Raspberry Pi. I haven’t flashed the system of Raspberry Pi for many years. I found out that the official tool is called Raspberry Pi Imager, which is very easy to use (I remember that I used the dd command to flash the system) and can save a lot of trouble.
First select your Raspberry Pi model, then select the operating system image you want to install (if you have a network card in this step, you can select a custom image, just select the image downloaded from your computer), then select the SD card and click After Next, you can set the hostname, user password, enable ssh, automatically import keys, etc.
I chose the simplest image, which is more than 400 MB. After all, it does not require a desktop or too many functions.
This gadget can really be said to be a considerate little housekeeper. You will know how to use it just by reading the text description. After installing it, just remove the SD card and insert it into the Raspberry Pi card slot.
If you think about it carefully, this indeed lowers the operating threshold and is convenient and easy to use. When selecting storage, remember to confirm that the SD card is selected, otherwise it will kill the system, which will be a big trouble.
2. Configure dnsmasq on Raspberry Pi
Log in to the Raspberry Pi via ssh. As an aside, if you don’t know the IP assigned to the Raspberry Pi (for example, in an environment where the router is not controlled), you can use the packet capture software wireshark to capture the arp broadcast packets, or ping them one by one with the same IP address as your computer. IP😂, luckily I can find it quickly.
Generally, if there are not many devices mounted on the router, the IP will not change much. Of course, you can also set a fixed IP.
Check the basic information, debian system, armv7l CPU, and have switched to the source of Jiaotong University (choose a source close to you, it is fast).
1mephisto@raspberrypi:~ $ cat /etc/os-release
2PRETTY_NAME="Raspbian GNU/Linux 12 (bookworm)"
3NAME="Raspbian GNU/Linux"
4VERSION_ID="12"
5VERSION="12 (bookworm)"
6VERSION_CODENAME=bookworm
7ID=raspbian
8ID_LIKE=debian
9HOME_URL="http://www.raspbian.org/"
10SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
11BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
12mephisto@raspberrypi:~ $ uname -a
13Linux raspberrypi 6.6.28+rpt-rpi-v7 #1 SMP Raspbian 1:6.6.28-1+rpt1 (2024-04-22) armv7l GNU/Linux
14mephisto@raspberrypi:~ $ cat /etc/apt/sources.list
15#org
16#deb [ arch=armhf ] http://raspbian.raspberrypi.com/raspbian/ bookworm main contrib non-free rpi
17# Uncomment line below then 'apt-get update' to enable 'apt-get source'
18#deb-src http://raspbian.raspberrypi.com/raspbian/ bookworm main contrib non-free rpi
19
20#ustc
21# deb http://mirrors.ustc.edu.cn/raspberrypi/debian/ bookworm main
22#deb-src http://mirrors.ustc.edu.cn/raspberrypi/debian/ bookworm main
23
24#sjtu
25deb http://mirrors.sjtug.sjtu.edu.cn/raspbian/raspbian/ bookworm main contrib non-free rpi
26mephisto@raspberrypi:~ $
Install dnsmasq, which is suitable for use in small network scenarios. It is mainly used to cache domain names, add custom domain names, and is used in combination with NetworkManager.
1sudo apt install dnsmasq
To configure dnsmasq, please refer to this arch document: https://wiki.archlinux.org/title/NetworkManager#dnsmasq
1mephisto@raspberrypi:~ $ cd /etc/NetworkManager/
2mephisto@raspberrypi:/etc/NetworkManager $ ls
3NetworkManager.conf conf.d dispatcher.d dnsmasq-shared.d dnsmasq.d system-connections
4mephisto@raspberrypi:/etc/NetworkManager $ cat conf.d/dns.conf
5[main]
6dns=dnsmasq
7mephisto@raspberrypi:/etc/NetworkManager $ cat dnsmasq.d/
8cache.conf listen.conf
9mephisto@raspberrypi:/etc/NetworkManager $ cat dnsmasq.d/cache.conf
10server=223.5.5.5 # Domain name server Alibaba’s
11cache-size=1000 # Cache 1000 dns records, or dns records with a certain memory size. If you are interested, check the dnsmasq source code to confirm.
12strict-order # Not important, see dnsmasq documentation
13address=/www.example.com/ 192.168.18.190 # Define the domain name yourself, because I ran lighttpd to host the pac on the Raspberry Pi silly girl, and also used it to verify whether dnsmasq is configured correctly.
14mephisto@raspberrypi:/etc/NetworkManager $ cat dnsmasq.d/listen.conf
15listen-address=::1,127.0.0.1,192.168.18.190 # The network card that the dns service listens to, port 53
16mephisto@raspberrypi:/etc/NetworkManager $
The specific settings are as shown above, dns=dnsmasq means that the dns part of the enabled NetworkManager is taken over by dnsmasq.
Notice! In this way, you don’t need to start dnsmasq on the computer, NetworkManager will do it for you.
1mephisto@raspberrypi:/etc/NetworkManager $ systemctl is-enabled dnsmasq
2disabled
3mephisto@raspberrypi:/etc/NetworkManager $ ps -ef | grep NetworkManager
4root 508 1 0 Apr27 ? 00:00:10 /usr/sbin/NetworkManager --no-daemon
5nobody 1524 508 0 Apr27 ? 00:00:46 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/NetworkManager/ dnsmasq.pid --listen-address=127.0.0.1 --cache-size=400 --clear-on-reload --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop .NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d
6mephisto 17990 17355 50 14:29 pts/0 00:00:00 grep --color=auto NetworkManager
7mephisto@raspberrypi:/etc/NetworkManager $
3. Configure sing-box client on Raspberry Pi
Open ip_forward first
1mephisto@raspberrypi:~ $ cat /etc/sysctl.conf |grep ip_forward
2net.ipv4.ip_forward=1
3mephisto@raspberrypi:~ $ sysctl -p
4sysctl: permission denied on key "net.ipv4.ip_forward"
5mephisto@raspberrypi:~ $ sysctl net.ipv4.ip_forward
6net.ipv4.ip_forward = 1
Install sing-box
1sudo curl -fsSL https://sing-box.app/gpg.key -o /etc/apt/keyrings/sagernet.asc
2sudo chmod a+r /etc/apt/keyrings/sagernet.asc
3echo "deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/sagernet.asc] https://deb.sagernet.org/ * *" | \
4 sudo tee /etc/apt/sources.list.d/sagernet.list > /dev/null
5sudo apt-get update
6sudo apt-get install sing-box
In order to facilitate the understanding of the sing-box client, I suggest readers who are not afraid of trouble to read the official documentation first. After all, the software is constantly being updated and the configuration will also change. After understanding the configuration items, you can write your own rules.
Or go to major video websites to watch videos. Some of the videos are unclear or outdated, leading to misunderstandings.
Client configuration:
1
2mephisto@raspberrypi:/etc/sing-box $ cat config.json
3{
4 "dns": {
5 "servers": [
6 {
7 "tag": "cf",
8 "address": "https://1.1.1.1/dns-query"
9 },
10 {
11 "tag": "local",
12 "address": "223.5.5.5",
13 "detour": "direct"
14 },
15 {
16 "tag": "block",
17 "address": "rcode://success"
18 }
19 ],
20 "rules": [
21 {
22 "outbound": "any",
23 "server": "local"
24 },
25 {
26 "geosite": "cn",
27 "server": "local"
28 }
29 ],
30 "strategy": "ipv4_only"
31 },
32 "inbounds": [
33 {
34 "type": "tun", # In tun mode, there will eventually be an additional tun virtual network card on the Raspberry Pi.
35 "stack": "system",
36 "inet4_address": "172.19.0.1/30",
37 "auto_route": true,
38 "strict_route": true,
39 "sniff": true
40 }
41 ],
42 "outbounds": [
43 {
44 "type": "hysteria2",
45 "tag": "proxy",
46 "server": "stock.mephisto.cc", # Fill in your domain name
47 "server_port": 443,
48 "up_mbps": 20,
49 "down_mbps": 100,
50 "password": "your_password", # Password
51 "tls": {
52 "enabled": true,
53 "server_name": "stock.mephisto.cc", # Certificate domain name
54 "insecure": true # If the frame number verification fails, enable it. In my case, my certificate has expired. It is estimated that the server certificate has not been refreshed and the browser access is normal.
55 }
56 },
57 {
58 "type": "direct",
59 "tag": "direct"
60 },
61 {
62 "type": "block",
63 "tag": "block"
64 },
65 {
66 "type": "dns",
67 "tag": "dns-out"
68 }
69 ],
70 "route": {
71 "rules": [
72 {
73 "protocol": "dns",
74 "outbound": "dns-out"
75 },
76 {
77 "geosite": "cn",
78 "geoip": [
79 "private",
80 "cn"
81 ],
82 "outbound": "direct"
83 }
84 ],
85 "auto_detect_interface": true
86 }
87}
Originally, the configuration I was referring to also had an ad blocking function, but I removed it myself. After all, I own a small website and am not very averse to ads. Interested readers can search for relevant configurations online.
4. Configure gateway and dns on the computer
There are thousands of online tutorials for this step, so I’ll just take a screenshot 😂
For the gateway, I automatically dhcp the Wi-Fi connection first and then change it, otherwise the link cannot be established. If it is wired, there is no such problem if I set it directly.
Set the Raspberry Pi IP in dns first, and then set the router IP. Double insurance, the Raspberry Pi IP should be used first.
5. Test verification
Choose to test on Mac, other devices are similar.
Test the domain name cache. I have not confirmed whether this is cached by sing-box or dnsmasq.
1mephisto@RMBP ~> dig omg.com | grep "Query time"
2;; Query time: 716 msec
3mephisto@RMBP ~> dig omg.com | grep "Query time"
4;; Query time: 49 msec
Anyway, the effect is achieved, I am too lazy to distinguish. 716ms --> 49ms, dropped by an order of magnitude. If it is your computer's local dnsmasq cache, it is usually 0ms.
To test the custom domain name, directly access the default domain name www.example.com of lighttpd, and the default test page will return normally.
Dig confirmed, it is also ok.
1mephisto@RMBP ~> dig www.example.com
2
3; <<>> DiG 9.10.6 <<>> www.example.com
4;; global options: +cmd
5;; Got answer:
6;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10055
7;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
8
9;; OPT PSEUDOSECTION:
10; EDNS: version: 0, flags:; udp: 4096
11;; QUESTION SECTION:
12;www.example.com. IN A
13
14;; ANSWER SECTION:
15www.example.com. 0 IN A 192.168.18.190
16
17;; Query time: 108 msec
18;; SERVER: 192.168.18.190#53(192.168.18.190)
19;; WHEN: Sun Apr 28 15:24:03 CST 2024
20;; MSG SIZE rcvd: 60
The above can confirm that dnsmasq on the Raspberry Pi is working properly.
Next, confirm the diversion proxy function and test the IP
Visit the domain name test again:
1mephisto@RMBP ~> curl baidu.com
2<html>
3<meta http-equiv="refresh" content="0;url=http://www.baidu.com/">
4</html>
5mephisto@RMBP ~> curl google.com
6<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
7<TITLE>301 Moved</TITLE></HEAD><BODY>
8<H1>301 Moved</H1>
9The document has moved
10<A HREF="http://www.google.com/">here</A>.
11</BODY></HTML>
12mephisto@RMBP ~>
It can be seen that the sing-box function is normal and I personally think it is quite easy to use. The Raspberry Pi has better performance than ordinary routers and can also be used as a Linux server. There is no need to install additional software on mobile phones and other devices.
Copyright statement:
- All content that is not sourced is original., please do not reprint without authorization (because the typesetting is often disordered after reprinting, the content is uncontrollable, and cannot be continuously updated, etc.);
- For non-profit purposes, to deduce any content of this blog, please give the relevant webpage address of this site in the form of 'source of original text' or 'reference link' (for the convenience of readers).
See Also:
- Solve the problem that network configuration cannot be changed and saved under Linux
- labwc environment enables wlogout
- Solving the stuck problem under Atuin ZFS
- Wine installs 64-bit WeChat
- How to fix Waybar WeChat icon error
- Envelope Encryption Brief
- Maintaining WeChat public account records in Linux environment
- Wayland environment automatically switches wallpaper
- SuperTuxKart Trial
- Why can't your kill command list the signal table