Keenetic yönlendiricide Linux için AdGuard VPN nasıl kurulur
AdGuard VPN CLI olarak da bilinen Linux için AdGuard VPN, diğer gerekli paketler yüklendikten sonra yönlendiricinizin dâhili belleğinde veya harici USB'sinde en az 22 MB boş depolama alanı gerektirir.
1. Make sure that SSH is enabled on your router
The SSH client is used to send commands to your router from your computer.
To run the SSH server, the SSH server system component must be installed in the Keenetic. You can do this on the General system settings page in the Component options section by clicking the Component options button. SSH sunucusunu arayın ve yükleyin. Bu, Keenetic işletim sisteminizi günceller.
Once the component is installed, the SSH server will be turned on automatically.
To see how to set up SSH server to have optimal security settings, visit the Keenetic Wiki.
2. Yönlendiricinin IP adresini belirle
Çoğu yönlendirici için varsayılan IP adresi 192.168.1.1
veya 192.168.0.1
dir. IP adresini değiştirdiyseniz veya emin değilseniz, bağlı bir cihazdaki IP yapılandırmasını kontrol ederek bulabilirsiniz.
On Windows
Komut İstemi'ni açın:
ipconfig
Look for the Default Gateway under your active network connection. Bu, yönlendiricinizin IP adresidir.
On macOS and Linux
Linux'ta Terminal'i açın ve şu komutu çalıştırın:
ip route | grep default
Or this on Mac:
route -n get default
Varsayılan girişi arayın. Yanındaki IP adresi ise yönlendiricinizin IP adresidir.
3. Use an SSH client to connect to the router
You’ll need an SSH client. Most Linux and macOS systems come with an SSH client pre-installed. For Windows, you can use PowerShell, the built-in SSH client in Windows 10/11, or a third-party application like PuTTY.
Built-in SSH client (Linux, macOS, and Windows 10/11)
Open Terminal or PowerShell.
Run the SSH command:
ssh admin@192.168.1.1
Replace
192.168.1.1
with your router’s IP address.If this is your first time connecting to the router via SSH, you’ll see a message like this:
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
ECDSA key fingerprint is SHA256:...
Are you sure you want to continue connecting (yes/no/[fingerprint])?Type
yes
and press Enter.Enter the router’s password when prompted. The default username is
root
and the default password iskeenetic
.
PuTTY (Windows 8 and earlier)
Download and install PuTTY from the official website.
Open PuTTY.
In the Host Name (or IP address) field, enter your router’s IP address (e.g.,
192.168.1.1
)Ensure the Connection type is set to SSH.
Click Open.
When the Terminal window opens, log in. The default username is
root
and the default password iskeenetic
.
Once logged in, you can use various commands to interact with your router’s Linux-based operating system.
4. Install OPKG Entware
In Keenetic models equipped with a USB port (except Keenetic 4G), you can use the OPKG package manager. It allows you to install third-party software packages to expand routers capabilities.
Starting with version 3.7, for some Keenetic models, it is possible to write OPKG Entware to the UBIFS partition of the router's NAND flash memory, i.e. to the built-in memory of the router. Follow the steps below to install the Entware repository package system on a USB drive or in the router’s internal memory.
How to install OPKG Entware on a USB drive
It is possible to install OPKG packages on the Keenetic models with USB ports that support USB flash drives. These are: KN-1410, KN-1710/1711, KN-1010/1011, KN-2510, KN-2410, KN-1810, KN-1910, KN-2310, KN-2010, KN-2110, KN-2610, KN-2710.
For detailed instructions, visit the official Keenetic Wiki.
How to install OPKG Entware in the router’s internal memory
This method will work with the following models: KN-1010/1011, KN-1810/1811, KN-1910, KN-2010, KN-2110, KN-2310, KN-2410, KN-2510, KN-2610, KN-2710, KN-3810, KN-3610 with the KeeneticOS version 3.7 and later.
For detailed instructions, visit the official Keenetic Wiki.
If your router doesn’t support installing packages on its internal memory, follow the instructions for installing packages on a USB drive.
5. Install AdGuard VPN CLI
In your SSH client, execute the following code to install the packages required for AdGuard VPN CLI:
opkg install curl sudo ca-certificates
Go to the /opt
folder by typing /cd opt
and run the AdGuard VPN CLI installation script:
curl -fsSL https://raw.githubusercontent.com/AdguardTeam/AdGuardVPNCLI/master/scripts/release/install.sh | sh -s -- -v
When asked “Would you like to link the binary to /usr/local/bin?“, reply n
and run this line:
ln -s /opt/adguardvpn_cli/adguardvpn-cli /opt/bin
6. Set up AdGuard VPN CLI
Log in to your account
To use AdGuard VPN for Linux, you need an AdGuard account. You can sign up or log in on our website or in Terminal.
Before logging in, go to Terminal and make sure you are in the right shell interface. If you can see the following text:
KeeneticOS version 4.01.C.7.0-1, copyright (c) 2010-2024 Keenetic Ltd.
THIS SOFTWARE IS A SUBJECT OF KEENETIC LIMITED END-USER LICENCE AGREEMENT. BY USING IT YOU AGREE ON TERMS AND CONDITIONS HEREOF. FOR MORE INFORMATION PLEASE CHECK https://keenetic.com/legalRun this command to exit into the shell needed for the next steps:
exec sh
If you see the following text, you can continue the setup:
BusyBox v1.36.1 (2024-08-08 16:11:23 UTC) built-in shell (ash)
/ #To sign up or log in, type:
adguardvpn-cli login
Connect to VPN
For Keenetic routers, be sure to import the SSL certificate and select a folder for the user directory by running this command before connecting:
export SSL_CERT_FILE=/opt/etc/ssl/certs/ca-certificates.crt
export HOME=/opt/home/adminThis must be done before each session.
Select a VPN server location that best suits your needs.
In general, the closer the server is to you, the faster the connection.
To view available locations, type:
adguardvpn-cli list-locations
To connect to a specific location, type:
adguardvpn-cli connect -l LOCATION_NAME
Replace
LOCATION_NAME
with the city, country, or ISO code of the location you want to connect to.For quick connect, type:
adguardvpn-cli connect
AdGuard VPN will choose the location with the lowest ping and remember it for future quick connections.
Adjust your settings
Get a list of all available AdGuard VPN commands and customize the VPN client to your needs.
To view all commands, type:
adguardvpn-cli --help-all
Enter
yes
when asked “Would you like to set default routes in TUN mode?”
AdGuard VPN CLI will create a tun0 interface for VPN tunneling.
7. Set up firewall rules
This step is designed to configure firewall rules on a Keenetic router to route traffic through AdGuard VPN.
Install
iptables
by running this command via SSH:opkg install iptables
This line installs the
iptables
package, which is a tool for managing network packet filtering rules on Linux systems.Create a new shell script by running the following command:
cat << 'EOF' > /opt/etc/ndm/netfilter.d/001-adguardvpn.sh
#!/opt/bin/sh
for ipt in iptables ip6tables; do
$ipt -D FORWARD -j ADGUARD_FORWARD || true
$ipt -F ADGUARD_FORWARD || true
$ipt -X ADGUARD_FORWARD || true
$ipt -N ADGUARD_FORWARD
$ipt -I FORWARD -j ADGUARD_FORWARD
$ipt -A ADGUARD_FORWARD -i br0 -o tun0 -j ACCEPT
done
EOFAnd make it executable:
chmod +x /opt/etc/ndm/netfilter.d/001-adguardvpn.sh
If you have more brX interfaces, make sure to include them in the script as well to route their traffic. Alternatively, make sure to specify a different routing rule for those interfaces.
This will create a new shell script named 001-adguardvpn.sh
in the /opt/etc/ndm/netfilter.d/
directory, which is where network-related scripts are typically stored on a Keenetic router.
The script creates a custom firewall rule to ensure that traffic from your LAN (br0
) is routed through the AdGuard VPN interface (tun0
). It first cleans up any previous rules related to this configuration, then sets up new rules to direct the traffic appropriately.
8. Set up automatic launch for AdGuard VPN CLI
The following script is designed to automatically establish a VPN connection using AdGuard VPN on your Keenetic router when the WAN interface becomes available (e.g., after a reboot or reconnecting to the Internet).
Run the following command:
cat << E0F > /opt/etc/ndm/wan.d/001-adguardvpn.sh
#!/opt/bin/sh
export SSL_CERT_FILE=/opt/etc/ssl/certs/ca-certificates.crt
export HOME=/opt/home/admin
/opt/adguardvpn_cli/adguardvpn-cli connect &
exit 0
E0F
And make it executable:
chmod +x /opt/etc/ndm/wan.d/001-adguardvpn.sh
The script named 001-adguardvpn.sh
will be saved to /opt/etc/ndm/wan.d/
.
It will start AdGuard VPN when Internet is connected.
Reboot your router to finish setup.
Congrats! Now you have a router secured with AdGuard VPN.