Asuswrt-Merlin yönlendiricide Linux için AdGuard VPN nasıl kurulur

Sistem gereksinimleri

AdGuard VPN CLI requires at least 22 MB of free storage space on your router’s disk or external USB after installing necessary packages.
Asuswrt-Merlin donanım yazılımı: Yönlendiricinizin Asuswrt-Merlin donanım yazılımını çalıştırdığından emin olun.
USB drive: A USB drive formatted in a native Linux file system (ext2, ext3, or ext4). We will go through the formatting process in this guide.

1. Determine your router’s IP address

Çoğu yönlendirici için varsayılan IP adresi 192.168.1.1 veya 192.168.0.1dir. If you’ve changed the IP address or if you’re unsure, you can find it by checking the IP configuration on a connected device.

On Windows

Komut İstemi'ni açın:
```
ipconfig
```
Look for the Default Gateway under your active network connection. Bu, yönlendiricinizin IP adresidir.

On Mac/Linux

Open Terminal and run this command for Linux:
```
ip route | grep default
```
Or this one for Mac:
```
route -n get default
```
Look for the default entry. Yanındaki IP adresi ise yönlendiricinizin IP adresidir.

2) Make sure SSH and JFFS custom scripts are enabled on the router

First, make sure that SSH access is enabled on your router. Bu ayar genellikle yönlendiricinin web arayüzünde bulunur. Yönlendirme kurallarını belirlemek için JFFS özel betikler kullanılacaktır.

Log in to the web interface. This is usually accessible via a web browser at http://192.168.1.1. Otherwise, replace 192.168.1.1 with your router’s IP address.
Scroll down to Advanced settings, Administration → System.
Scroll to Service, click Enable SSH → LAN.
Select 22 in Port and Yes in Allow Password Login.
Go up to Persistent JFFS2 partition and enable JFFS custom scripts and configs.
Click Apply at the bottom of the page.

3) Use an SSH client to connect to the router

You’ll need an SSH client. Most Linux and macOS systems come with an SSH client pre-installed. For Windows, you can use PowerShell, the built-in SSH client in Windows 10/11, or a third-party application like PuTTY.

Built-in SSH client (Linux, macOS, and Windows 10/11)

Open Terminal or PowerShell.
Run the SSH command:
```
ssh admin@192.168.1.1
```
Replace 192.168.1.1 with your router’s IP address and admin with your admin username.

If this is your first time connecting to the router via SSH, you’ll see a message like this:

The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
ECDSA key fingerprint is SHA256:...
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type yes and press Enter.

Enter the router’s password when prompted. The SSH login username and password are the same as the admin credentials.

PuTTY (Windows 10'dan öncesi)

PuTTY'yi resmi siteden indirin ve kurun.
PuTTY'yi açın.
In the Host Name (or IP address) field, enter your router’s IP address (e.g., 192.168.1.1).
Make sure the Connection type is set to SSH.
Aç öğesine tıklayın.
Terminal penceresi açıldığında, yönlendiricinin kimlik bilgilerini girin. The SSH login username and password are the same as the admin credentials.

4) Install Entware using SSH

Once logged into your SSH client, you can use various commands to interact with your router’s Linux-based operating system. To proceed, you will need to install Entware OPKG Manager. Yönlendirici yeteneklerini genişletmek için üçüncü taraf yazılım paketleri yüklemenize olanak tanır. Skip to the next step if you already have it installed.

Note that you cannot use both Optware (outdated alternative) and Entware at the same time.

Asus DownloadMaster, Optware tabanlıdır ve bu nedenle Entware ile uyumlu değildir. DownloadMaster'ı kaldırmanız ve Entware tarafından sağlanan alternatiflere bakmanız gerekecektir.

After uninstalling, make sure that "asusware.arm" or "asusware.*" dir on the mounted disk partition is deleted. Aksi takdirde, Entware düzgün çalışmaz. DownloadMaster'ı kaldırdıktan sonra yönlendiricinin yeniden başlatıldığından emin olun.

You will need to plug a USB disk that's formatted in a native Linux file system (ext2, ext3 or ext4). Bir diski biçimlendirmek için amtm kullanın. Plug a USB disk into your router, then start amtm with:

amtm

Bir diski biçimlendirmek ve yönlendiriciye bağlamak için bu seçeneği kullanın:

fd

Go through the formatting process and select the recommended options. All files from the USB disk will be deleted. For this setup to work, USB disk should always stay connected.

After mounting your USB, the router will reboot. To start the installation process, first reconnect to your router over SSH.

Ardından amtm uygulamasını çalıştırmak için şu komutu çalıştırın:

amtm

The menu will offer you the option ep to initiate the Entware installation.

If you are running a firmware version older than 384.15 (or 384.13_4 for the RT-AC87U and RT-AC3200), then you start the installation by running the following command instead.

entware-setup.sh

If the entware-setup.sh script is not found, download and run the following script to install Entware:

wget -O - http://bin.entware.net/armv7sf-k3.2/installer/generic.sh | sh

e tuşuna basarak amtm'den çıkın.

5. Install AdGuard VPN CLI

Paket listelerini güncelleyin:

opkg update

Gerekli paketleri yükleyin:

opkg install curl ca-certificates

cd /opt komutunu çalıştırarak /opt klasörüne gidin ve AdGuardVPN CLI kurulum betiğini çalıştırın:

curl -fsSL https://raw.githubusercontent.com/AdguardTeam/AdGuardVPNCLI/master/scripts/release/install.sh | sh -s -- -v

When asked “Would you like to link the binary to /usr/local/bin?“, reply y. If failed to link the binary, run this line:

ln -s /opt/adguardvpn_cli/adguardvpn-cli /opt/bin

Import the SSL certificate and the tun module and set an alternative folder for the user directory. By default, it will be stored in /tmp and you’ll lose your settings after a reboot. Run this before each new session.

export SSL_CERT_FILE=/opt/etc/ssl/certs/ca-certificates.crt
export HOME=/opt/home/admin
modprobe tun

6. Set up AdGuard VPN CLI

Hesabınıza giriş yapın
To use AdGuard VPN for Linux, you need an AdGuard account.
You can sign up on our website or in the Terminal.
Kaydolmak veya giriş yapmak için şunu yazın:
```
adguardvpn-cli login
```
VPN'e bağlanın
İhtiyaçlarınıza en uygun VPN sunucu konumunu seçin.
Genel olarak, sunucu size ne kadar yakınsa bağlantı o kadar hızlı olur.
Mevcut konumları görüntülemek için şunu yazın:
```
adguardvpn-cli list-locations
```
Belirli bir konuma bağlanmak için şunu yazın:
```
adguardvpn-cli connect -l LOCATION_NAME
```
LOCATION_NAME yerine bağlanmak istediğiniz konumun şehri, ülkesi veya ISO koduyla değiştirin.
Hızlı bağlantı için şunu yazın:
```
adguardvpn-cli connect
```
AdGuard VPN, mevcut en hızlı konumu seçer ve gelecekteki hızlı bağlantılar için bunu hatırlar.
"TUN modunda varsayılan yönlendirmeleri ayarlamak ister misiniz?" diye sorulduğunda evet girin
AdGuard VPN CLI will create a tun0 interface for VPN tunneling.
Adjust your settings
Get a list of all available AdGuard VPN commands and customize the VPN client to your needs.
To view all commands, type:
```
adguardvpn-cli --help-all
```

7) Set up your firewall rules and auto-launch for AdGuard VPN

This step configures firewall rules on an Asuswrt-Merlin router to route traffic through AdGuard VPN.

Create a new script by running the following command:

cat << 'EOF' > /jffs/scripts/wan-event
#!/bin/sh

if [ "$2" = "connected" ]; then
    export SSL_CERT_FILE=/opt/etc/ssl/certs/ca-certificates.crt
    export HOME=/opt/home/admin
    modprobe tun
    /opt/adguardvpn_cli/adguardvpn-cli connect &
    for ipt in iptables ip6tables; do
        $ipt -D FORWARD -j ADGUARD_FORWARD || true
        $ipt -F ADGUARD_FORWARD || true
        $ipt -X ADGUARD_FORWARD || true
        $ipt -N ADGUARD_FORWARD
        $ipt -I FORWARD -j ADGUARD_FORWARD
        $ipt -A ADGUARD_FORWARD -i br0 -o tun0 -j ACCEPT
    done
    exit 0
fi
EOF

And make it executable:

chmod a+rx /jffs/scripts/wan-event

If you have more brX interfaces, make sure to include them in the script as well to route their traffic. Alternatively, make sure to specify a different routing rule for those interfaces.

This script will ensure that all traffic goes through the VPN tunnel. After rebooting or reconnecting to the Internet, AdGuard VPN will connect automatically to your last used location.

Reboot your router to finish setup.
Tebrikler! Artık AdGuard VPN ile güvence altına alınmış bir yönlendiriciniz var.
If you want to SSH into your router again to send any commands to AdGuard VPN, make sure to run this first:
```
export SSL_CERT_FILE=/opt/etc/ssl/certs/ca-certificates.crt
export HOME=/opt/home/admin
modprobe tun
```

1. Determine your router’s IP address​

On Windows​

On Mac/Linux​

2) Make sure SSH and JFFS custom scripts are enabled on the router​

3) Use an SSH client to connect to the router​

Built-in SSH client (Linux, macOS, and Windows 10/11)​

PuTTY (Windows 10'dan öncesi)​

4) Install Entware using SSH​

5. Install AdGuard VPN CLI​

6. Set up AdGuard VPN CLI​

7) Set up your firewall rules and auto-launch for AdGuard VPN​