Различия

Показаны различия между двумя версиями страницы.

--- router:zapret [2025/12/06 18:35] – mirocow
+++ router:zapret [2026/05/09 22:24] (текущий) – [v2] mirocow
@@ Строка 1: / Строка 1: @@
-{{tag>[asus merlin amtm entware]}}
+{{tag>[asus merlin amtm entware router]}}
 ====== Zapret - DPI bypass multi platform Topics (NFQWS)  ======
@@ Строка 35: / Строка 35: @@
 - 8 - eth0
 - 3
+</code>
+<code bash>
+$ wget https://github.com/bol-van/zapret2/releases/download/v0.9.5.2/zapret2-v0.9.5.2.tar.gz
+$ tar -xvzf zapret2-v0.9.5.2.tar.gz
+$ cd zapret2-v0.9.5.2
+$ ./install_easy.sh
 </code>
@@ Строка 60: / Строка 67: @@
 ==== Текущие настройки ====
+=== v1 ===
 nano /opt/zapret/config
 <code bash>
-# Basic system settings
 WS_USER=nobody
 FWTYPE=iptables
-SET_MAXELEM=2097152  # Increased for more entries
+SET_MAXELEM=1048576
-IPSET_OPT="hashsize 524288 maxelem $SET_MAXELEM"  # Increased for performance
+IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
-IP2NET_OPT4="--prefix-length=20-30 --v4-threshold=2/3"  # Expanded prefixes
+IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
-IP2NET_OPT6="--prefix-length=44-64 --v6-threshold=2"
+IP2NET_OPT6="--prefix-length=48-64 --v6-threshold=3"
+AUTOHOSTLIST_RETRANS_THRESHOLD=3
-# Hostlist auto-update settings
+AUTOHOSTLIST_FAIL_THRESHOLD=3
-AUTOHOSTLIST_RETRANS_THRESHOLD=2
+AUTOHOSTLIST_FAIL_TIME=30
-AUTOHOSTLIST_FAIL_THRESHOLD=2
-AUTOHOSTLIST_FAIL_TIME=15  # Reduced wait time
 AUTOHOSTLIST_DEBUGLOG=0
+MDIG_THREADS=50
-# Performance
-MDIG_THREADS=200  # Significantly increased for multithreading
 GZIP_LISTS=1
-ENABLE_MEMORY_OPTIMIZATION=1  # New option for memory optimization
-# Packet marking
 DESYNC_MARK=0x40000000
 DESYNC_MARK_POSTNAT=0x20000000
-# TPWS (completely disabled to save resources)
 TPWS_SOCKS_ENABLE=0
+TPPORT_SOCKS=987
+TPWS_SOCKS_OPT="
+--filter-tcp=80 --methodeol  <HOSTLIST> --new
+--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
+"
 TPWS_ENABLE=0
+TPWS_PORTS=80,443
-# NFQWS - main method (enabled with aggressive settings)
+TPWS_OPT="
+--filter-tcp=80 --methodeol --split-pos=2,midsld --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --new
+--filter-tcp=443 --split-pos=2,midsld --disorder --hostlist=/opt/zapret/ipset/youtube_domain_list.txt
+"
 NFQWS_ENABLE=1
-NFQWS_PORTS_TCP=80,443,8080  # Additional ports added
+NFQWS_PORTS_TCP=80,443
-NFQWS_PORTS_UDP=443,80
+NFQWS_PORTS_UDP=443
-NFQWS_TCP_PKT_OUT=8  # Increased for stability
+NFQWS_TCP_PKT_OUT=$((6+$AUTOHOSTLIST_RETRANS_THRESHOLD))
-NFQWS_TCP_PKT_IN=4
+NFQWS_TCP_PKT_IN=3
-NFQWS_UDP_PKT_OUT=10  # Increased for QUIC
+NFQWS_UDP_PKT_OUT=$((6+$AUTOHOSTLIST_RETRANS_THRESHOLD))
-NFQWS_UDP_PKT_IN=2
+NFQWS_UDP_PKT_IN=0
-# Enabled modes
 MODE_HTTP=1
 MODE_HTTPS=1
@@ Строка 105: / Строка 110: @@
 NFQWS_OPT="
 # YouTube rules
---filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --new
+--filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-ttl=1 --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --new
+--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1 --dpi-desync-ttl=1 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --new
-# YouTube TCP 443 - multiple methods
+#--filter-udp=443 --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt
---filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --new
-# YouTube UDP 443 - aggressive QUIC bypass
 --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt
-# Main rules - enhanced
+# Main rules
-#--filter-tcp=80,443 --dpi-desync=fake --dpi-desync-ttl=0
+--filter-tcp=80,443 --dpi-desync=fake --dpi-desync-ttl=0
-#--filter-udp=443 --dpi-desync=fake --dpi-desync-ttl=0
+--filter-udp=443 --dpi-desync=fake --dpi-desync-ttl=0
 "
+NFQWS_OPT_DESYNC="--dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=6 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin"
-# Extended desync options
+NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin"
-#NFQWS_OPT_DESYNC="--dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=6 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin"
-#NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin"
 # Network settings
@@ Строка 128: / Строка 127: @@
 IFACE_LAN=br0
 IFACE_WAN=eth0
-BIND_INTERFACE=1  # Interface binding for stability
-# Caching and performance
-ENABLE_DNS_CACHE=1
-DNS_CACHE_SIZE=10000
-DNS_CACHE_TTL=300
 # Initialization
@@ Строка 139: / Строка 132: @@
 DISABLE_IPV6=0
 DEBUGLOG=0
-# Additional optimizations
+</code>
-#SKIP_IPv4_DISABLED=1
-#SKIP_IPv6_DISABLED=1
-ENABLE_FAST_START=1
-PRELOAD_IPSETS=1  # Ipsets preloading for speed
-# YouTube-specific optimizations
+=== v2 ===
-YOUTUBE_CDN_OPTIMIZE=1
-ENABLE_QUIC_BYPASS=1
+nano /opt/zapret2/config
-AGGRESSIVE_RETRANSMISSION=1
+<code bash>
+# zapret2 configuration for Asus (Entware)
+# General settings
+WS_USER=nobody
+FWTYPE=iptables
+# IPSET limits for your domain lists
+SET_MAXELEM=522288
+IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
+# List management options
+IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
+IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
+MDIG_THREADS=30
+GZIP_LISTS=1
+# Marks to prevent infinite loops in nfqws
+DESYNC_MARK=0x40000000
+DESYNC_MARK_POSTNAT=0x20000000
+# Enable the engine (NFQWS2 is mandatory for zapret2)
+NFQWS2_ENABLE=1
+NFQWS2_PORTS_TCP=80,443
+NFQWS2_PORTS_UDP=443
+# Packet counters (how many packets to analyze in a stream)
+NFQWS2_TCP_PKT_OUT=20
+NFQWS2_TCP_PKT_IN=10
+NFQWS2_UDP_PKT_OUT=10
+NFQWS2_UDP_PKT_IN=10
+# Main bypass strategy (Fixed LUA 'blob' errors)
+# Note: Ensure the file /opt/zapret2/ipset/youtube_domain_list.txt exists!
+NFQWS2_OPT="
+--filter-tcp=80 --filter-l7=http --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=http_req --lua-desync=fake:blob=fake_default_http --lua-desync=multisplit:pos=2 --new
+--filter-tcp=443 --filter-l7=tls --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=tls_client_hello --lua-desync=fake:blob=fake_default_tls --lua-desync=multidisorder:pos=1,midsld --new
+--filter-udp=443 --filter-l7=quic --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=quic_initial --lua-desync=fake:blob=fake_default_quic:repeats=6 --new
+--filter-tcp=80,443 --payload=tls_client_hello,http_req --lua-desync=fake:blob=fake_default_tls --new
+--filter-udp=443 --payload=quic_initial --lua-desync=fake:blob=fake_default_quic
+"
+# Filtering mode (Using hostlist to match your iptables output)
+MODE_FILTER=hostlist
+# Disable hardware acceleration (Required for Asus)
+FLOWOFFLOAD=disable
+# Network interfaces (Matches your verified iptables rules)
+IFACE_LAN=br0
+IFACE_WAN=eth0
+# Initialization settings
+INIT_APPLY_FW=1
+DISABLE_IPV6=1
+FILTER_TTL_EXPIRED_ICMP=1
 </code>