OpenWrt + GOST: A Lightweight Home Network Proxy Solution Implementation

0. Introduction

I have been running a GOST server on a VPS and wanted to implement some traffic forwarding and management on my home router. However, most mainstream management tools primarily target other types of forwarding methods, and support for GOST is not comprehensive, which has led me to abandon using the GOST service. Now, with large models available, there are no problems that cannot be solved, only hands that are unwilling to move, so I decided to manually configure it myself.

This article documents the entire process of installing, configuring, and enabling GOST to start automatically on the router, hoping to provide a reference for friends with similar needs.

1. Device and Environment Information

  • Router Model: Xiaomi Redmi Router AX6S
  • Firmware System: ImmortalWrt 18.06-5.4-SNAPSHOT r11814-ef0c86bdb0
  • LuCI Branch: (git-22.323.17670-f9380b5)
  • Architecture: aarch64 (ARM64)
  • GOST Version: 2.12.0

Download link (choose the version corresponding to your architecture): 👉 gost_2.12.0_linux_arm64.tar.gz

`https://github.com/ginuerzh/gost/releases/download/v2.12.0/gost_2.12.0_linux_arm64.tar.gz`

Note: The configuration file formats for GOST 2.x and GOST 3.x are different. This article uses version 2.12.0. If you are using GOST 3.x, please refer to the official documentation to adjust the configuration syntax below. I do not pursue the latest version, only stability and usability, as it is crucial to be able to use it on older devices in this era of cost reduction and efficiency improvement.

2. GOST Configuration File

Path: <span>/etc/gost/config.json</span>

Example Content:

{  "Debug": true,  "ServeNodes": [    "socks5://:1081"  ],  "ChainNodes": [    "https://username:password@hostname:port#socks5h",    "https://username:password@hostname2:port#socks5h",    "https://username:password@hostname3:port#socks5h"  ]}

Configuration Explanation:

  • <span>ServeNodes</span> indicates the local service listening port.
  • <span>ChainNodes</span> indicates the request chain, allowing for the definition of multiple nodes. This feature is exciting, as if one machine fails, it will automatically switch to another.
  • Note: <span>socks5h</span> indicates the use of remote DNS resolution. I do not understand the specific principles, but I encountered a so-called DNS pollution issue that prevented me from connecting to the server, and the large model suggested I add this string.

3. Setting GOST to Start Automatically

Edit or create the file: <span>/etc/init.d/gost</span>

Content as follows:

#!/bin/sh /etc/rc.common
USE_PROCD=1
START=99
CONF="gost"
PROG="/usr/bin/gost"
start_service() {    local enabled    config_load "gost"    config_get_bool enabled "config" "enabled" 0    [ "$enabled" -eq 1 ] || return 1
    local config_file arguments    config_get config_file "config" "config_file"    config_get arguments "config" "arguments"
    procd_open_instance
    procd_set_param command "$PROG"    if [ -n "$config_file" ]; then        procd_append_param command -C "$config_file"        procd_set_param file "$config_file"    fi    if [ -n "$arguments" ]; then        set -- $arguments        procd_append_param command "$@"    fi
    procd_set_param user gost    procd_set_param group gost    procd_set_param limits core="unlimited"    procd_set_param limits nofile="1000000 1000000"    procd_set_param stderr 1    procd_set_param respawn
    procd_close_instance}
service_triggers() {    procd_add_reload_trigger "$CONF"}

After saving, execute the following commands:

chmod +x /etc/init.d/gost
/etc/init.d/gost enable
/etc/init.d/gost start

If the startup is successful, you can confirm with the following command:

netstat -tunlp | grep 1081

If you see the port being listened to, it means the service is running normally.

4. About the User-Friendly LuCI Management Plugin

The above operations are still command-line based and not very user-friendly, so I wondered if there could be a more user-friendly solution.

Indeed, there is a graphical management plugin called luci-app-gost in the community, which allows GOST to be configured through a web interface. However, in the version of ImmortalWrt I am using, this plugin can be installed successfully but cannot be found in the LuCI interface. After spending half a day researching, I found that this might be related to the system version being outdated, missing dependency libraries, or front-end compatibility issues, so I gave up.

Therefore, if you are using a similar older firmware version as I am, I recommend configuring it directly through the command line for reliability.

5. Intelligent Traffic Forwarding

The large model recommended that I use iptables to achieve traffic redirection, which means that all requests on the router will be forwarded to GOST. However, I only need to do this for certain requests, so this approach clearly does not meet my needs.

The large model reminded me: if I want domestic websites (such as bilibili, baidu) not to go through the proxy, I can add a chnroute detection script, and I can help you generate an automatic version (including IP list download).

I vaguely feel that this is reinventing the wheel, as others have encountered this demand scenario long ago. After browsing through the network-related plugins of OpenWrt, I indeed found a plugin that meets my needs with traffic splitting functionality.

This plugin can intelligently split traffic based on the target website’s IP characteristics, and you only need to fill in the local GOST service running above as a node.

6. Conclusion

The entire process is not complicated; the key points are:

  1. Use the GOST binary file that matches the architecture (e.g., arm64).
  2. Ensure the configuration file path and syntax are correct.
  3. It is recommended to use the <span>procd</span> mode for the startup script for the best compatibility.
  4. If using an older version of ImmortalWrt, the LuCI plugin may not be available.

By following the above steps, you can enable the router to run the GOST service stably, achieving unified traffic forwarding and control for internal network devices.

Disclaimer: This article is for research and internal network management scenarios only and does not involve any cross-border access or bypassing network restrictions. Readers are advised to use the related technology legally and compliantly.

Related posts

  1. 24-Bit Encoder + EtherCAT + GaN: The Fusion of Three Technologies Reshapes Robot Joint Performance
  2. Georgetown University Visit Notes – Day 8
  3. asyhttp: A Remarkable Python Library!
  4. Serial Communication Protocol in C Language for Microcontrollers (Code Sharing)
  5. Developing Super Nodes: Advancing Towards AI Accessibility
  6. Apache HttpClient: A Java HTTP Communication Tool
  7. Encapsulating HTTP Requests and Logging in Go
  8. Guide to Correctly Opening Douyin Command Links
  9. Debugging the Mysterious HTTP Streaming Issue
  10. Understanding Memory Allocation in Embedded Linux: Using malloc and Learning mmap
  11. WeChat Linux Version 4.0 is Here! Official Native Support, Finally on Par with Windows/Mac
  12. Server Not Speaking Human Language? A Guide to HTTP Status Code ‘Jargon Translation’ and Operational Practices
  13. Modbus to MQTT – ADFWEB Gateway Converter – Guangzhou Xinyu IoT
  14. Linux(18): Creating Bash Scripts
  15. Still Confused About Request Parameters in HTTP?
  16. From ‘Choice Paralysis’ to ‘Decisive Action’: How I Built a ‘Decision Navigator’ with Python to Rebuild My Decision-Making System in 4 Months
  17. Industrial 2D Visual Recognition: An Efficient Solution for Automation Upgrades in SMEs
  18. Building Reliable Edge AI for the Future Begins with Device Construction
  19. Numerous Caregiving Robots Shine in the Smart Elderly Care Sector

Leave a Comment