Различия

Показаны различия между двумя версиями страницы.

--- router:zapret [2025/12/06 19:10] – mirocow
+++ router:zapret [2026/05/09 22:24] (текущий) – [v2] mirocow
@@ Строка 1: / Строка 1: @@
-{{tag>[asus merlin amtm entware]}}
+{{tag>[asus merlin amtm entware router]}}
 ====== Zapret - DPI bypass multi platform Topics (NFQWS)  ======
@@ Строка 35: / Строка 35: @@
 - 8 - eth0
 - 3
+</code>
+<code bash>
+$ wget https://github.com/bol-van/zapret2/releases/download/v0.9.5.2/zapret2-v0.9.5.2.tar.gz
+$ tar -xvzf zapret2-v0.9.5.2.tar.gz
+$ cd zapret2-v0.9.5.2
+$ ./install_easy.sh
 </code>
@@ Строка 60: / Строка 67: @@
 ==== Текущие настройки ====
+=== v1 ===
 nano /opt/zapret/config
@@ Строка 112: / Строка 121: @@
 NFQWS_OPT_DESYNC="--dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=6 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin"
 NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin"
+# Network settings
 MODE_FILTER=none
 FLOWOFFLOAD=disable
 IFACE_LAN=br0
 IFACE_WAN=eth0
+# Initialization
 INIT_APPLY_FW=1
 DISABLE_IPV6=0
@@ Строка 121: / Строка 134: @@
 </code>
-<code ini>
+=== v2 ===
-# Network settings
-MODE_FILTER=none
+nano /opt/zapret2/config
+<code bash>
+# zapret2 configuration for Asus (Entware)
+# General settings
+WS_USER=nobody
+FWTYPE=iptables
+# IPSET limits for your domain lists
+SET_MAXELEM=522288
+IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
+# List management options
+IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
+IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
+MDIG_THREADS=30
+GZIP_LISTS=1
+# Marks to prevent infinite loops in nfqws
+DESYNC_MARK=0x40000000
+DESYNC_MARK_POSTNAT=0x20000000
+# Enable the engine (NFQWS2 is mandatory for zapret2)
+NFQWS2_ENABLE=1
+NFQWS2_PORTS_TCP=80,443
+NFQWS2_PORTS_UDP=443
+# Packet counters (how many packets to analyze in a stream)
+NFQWS2_TCP_PKT_OUT=20
+NFQWS2_TCP_PKT_IN=10
+NFQWS2_UDP_PKT_OUT=10
+NFQWS2_UDP_PKT_IN=10
+# Main bypass strategy (Fixed LUA 'blob' errors)
+# Note: Ensure the file /opt/zapret2/ipset/youtube_domain_list.txt exists!
+NFQWS2_OPT="
+--filter-tcp=80 --filter-l7=http --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=http_req --lua-desync=fake:blob=fake_default_http --lua-desync=multisplit:pos=2 --new
+--filter-tcp=443 --filter-l7=tls --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=tls_client_hello --lua-desync=fake:blob=fake_default_tls --lua-desync=multidisorder:pos=1,midsld --new
+--filter-udp=443 --filter-l7=quic --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=quic_initial --lua-desync=fake:blob=fake_default_quic:repeats=6 --new
+--filter-tcp=80,443 --payload=tls_client_hello,http_req --lua-desync=fake:blob=fake_default_tls --new
+--filter-udp=443 --payload=quic_initial --lua-desync=fake:blob=fake_default_quic
+"
+# Filtering mode (Using hostlist to match your iptables output)
+MODE_FILTER=hostlist
+# Disable hardware acceleration (Required for Asus)
 FLOWOFFLOAD=disable
+# Network interfaces (Matches your verified iptables rules)
 IFACE_LAN=br0
 IFACE_WAN=eth0
-BIND_INTERFACE=1  # Interface binding for stability
-# Caching and performance
+# Initialization settings
-ENABLE_DNS_CACHE=1
-DNS_CACHE_SIZE=10000
-DNS_CACHE_TTL=300
-# Initialization
 INIT_APPLY_FW=1
-DISABLE_IPV6=0
+DISABLE_IPV6=1
-DEBUGLOG=0
+FILTER_TTL_EXPIRED_ICMP=1
-# Additional optimizations
-#SKIP_IPv4_DISABLED=1
-#SKIP_IPv6_DISABLED=1
-ENABLE_FAST_START=1
-PRELOAD_IPSETS=1  # Ipsets preloading for speed
-# YouTube-specific optimizations
-YOUTUBE_CDN_OPTIMIZE=1
-ENABLE_QUIC_BYPASS=1
-AGGRESSIVE_RETRANSMISSION=1
 </code>