OpenWrt 23.05 router Sing-Box client, homeproxy configuration tutorial

How to use HomeProxy to surf the Internet from scratch

Sing-Box is a flexible proxy client, commonly usedrouterNetwork proxy configuration is done on the Sing-Box client, while HomeProxy provides users with an easy-to-use proxy management interface. By combining the Sing-Box client with HomeProxy, users can implement global proxy on the router to ensure that all devices in the LAN can share the same proxy service. The configuration process includes installing the Sing-Box client, setting the proxy protocol and server information, and then managing and monitoring the proxy in HomeProxy. This solution can not only improve network privacy, but also bypass geographical restrictions and optimize network connection speed.

luci-app-homeproxy is a Sing-Box client that can run on OpenWrt 23.05+. It is a redevelopment based on homeproxy. It is a fork of homeproxy, adding support for selectors, urltest, rule sets and conflicts, and is tailored specifically for custom routing.

Compatible with Socks5, HTTP(S),Shadowsocks, Vmess, Trojan, Wireguard, Hysteria(2), Vless, ShadowTLS, TUIC and other protocols, and implements policy proxy through flexible rule configuration.

As a sing-box proxy tool for the OpenWrt platform, HomeProxy has gradually become the new favorite of router proxy tools with its excellent performance, rich protocol support and detailed diversion strategy configuration.

HomeProxy Installation

The HomeProxy routing system version requires OpenWrt 23.05+ or ImmortalWrt 23.05+ and only supports firewall4. The chip supports ARM64/AMD64.

Download address:https://github.com/douglarek/luci-app-homeproxy/releases/tag/2024050500

• luci-app-homeproxy_release-2024050500_all.ipk

The installation of HomeProxy is relatively simple. Download the corresponding "ipk" software package, then enter the "System" -> "Software Package" interface of the router, click "Upload Software Package", upload the downloaded ipk file to the router and install it. HomeProxy itself does not require other dependent software packages and can be installed directly. However, due to its working proxy mode, it needs to use "ip-full" and "kmod-tun", otherwise it will not work properly. Use the router's software package management tool, update the list, and directly install these two software packages.

After HomeProxy is successfully installed, a "HomeProxy" menu item will be added to the router's service menu. If it is not displayed after installation, restart the router.

HomeProxy Configuration

Entering the main interface of HomeProxy, you will see two rows of Tab labels from top to bottom. The first row is "Client Settings", "Node Settings", "Server Settings" and "Service Status", and the second row is the detailed settings of the first row of labels.

The main interface will display the running status of HomeProxy. Click the "Open Control Panel" button to open the metacubexd console, which is a web tool similar to the Clash Web UI panel. It is used to display the running status of HomeProxy as well as information such as nodes and routing rules.

The "Client Settings" tab is used to set the configuration items when sing-box is used as a proxy client, which is also the core function of HomeProxy.

The "Node Settings" tab is used to add proxy nodes, which can be added manually or by subscription.

The "Server Settings" tab is used to set the configuration items of the sing-box proxy server. You can start and add the proxy protocol to make the router a proxy server.

The "Service Status" tab can display real-time logs and perform connection tests to verify whether you can successfully access the Internet scientifically.

The configuration logic of HomeProxy as a client is to add nodes first, then configure the client, and finally perform a connection test to verify whether the configuration is working properly.

Add Node

"Node Settings" contains two tabs: "Node" and "Subscription", which are used to add nodes manually and by subscription.

The "Subscription" tab contains some configuration items for adding subscription nodes. Adding the subscription address of the proxy airport in "Subscription Address" will add the subscription address to the configuration items. As for the settings such as "Automatic Update", "Use Proxy Update" and "Allow Insecure Connection", just check and complete the settings according to actual usage needs. After all subscriptions are added, click "Save and Apply" to add the proxy node in the subscription address to the node list.

The "Nodes" tab will list all proxy nodes that correspond to the "outbounds" items in the sing-box configuration.

At this point, you can also add node content by importing sharing links or adding them manually.

After entering the node name in the input box, click the "Add" button to manually add the node:

Select the protocol type of the node in the "Type" drop-down box, then enter the corresponding configuration content according to the setting items corresponding to the protocol, and finally click Save to complete the manual node addition.

"Selector" and "URLTest" are two types of group nodes supported by sing-box, which are proxy manual selection and automatic test selection respectively. Group nodes will group multiple existing nodes into a virtual node, and select certain nodes from the group through the corresponding selection strategy to achieve the best effect. Group nodes are added according to actual conditions. If there are few nodes or detailed routing strategies, they can also be not set.

If the "Direct Connection" item in the drop-down box is used in any "Outbound" configuration item in HomeProxy, you need to add a node of type "Direct Connection" in the node, otherwise HomeProxy will fail and stop running because sing-box cannot find the outbound route.

Client Settings

The client configuration is the most complex part of HomeProxy, mainly because the sing-box configuration is too detailed. In fact, HomeProxy has classified the configuration into different categories, which greatly simplifies the complexity of the configuration. As long as you pay attention to some default items, you can independently complete a fully functional client configuration.

As shown in Figure 1, HomeProxy's client settings include nine items: "Routing Settings", "Routing Nodes", "Routing Rules", "Rule Sets", "DNS Settings", "DNS Servers", "DNS Rules", "Access Control" and "Control Panel".

HomeProxy's client settings can be divided into three parts: routing, DNS, and control panel, while the rule set is a rule item used by both routing and DNS. Since HomeProxy has the following built-in rule sets, if there is no special need, the rule set part can be left unset and the built-in rule set can be used directly:

• hp-geoip-cn
• hp-geoip-private
• hp-geosite-cn
• hp-geosite-microsoft-cn
• hp-geosite-netflix
• hp-geoip-netflix

Since the "rule set" is a conditional item for routing rules and DNS rules, it needs to be set first, and the rest of the content is set from left to right, and basically no major problems will occur.

To add a rule set manually, enter the rule set name in the input box of the "Rule Set" tab, and then click the Add button, and the Add Rule Set page will pop up:

There are two types of rule sets: local and remote, which represent local rule set files or rule set files provided on the Internet. Local rule sets require a file path, while remote rule set files require the URL accessed by the rule set file and the specified outbound node. Rule set files are divided into source address format and binary format, which represent text format and binary file format, and are related to the rule set file itself. If the format is wrong, HomeProxy will stop running after referencing this rule. If you want to add a rule set, you can find the corresponding rule set file from the Internet and then add it.

Once the ruleset is added, you can proceed with routing and DNS settings.

First, set up the route. The route setting items are divided into three parts: route setting, route node and route rule. Among them, route setting is the basic rule setting of sing-box route configuration; route node is the content that identifies the proxy node as a route item for use by the route rule; and the route rule is to set the corresponding access rules for different traffic according to the rule conditions, so as to achieve the purpose of traffic diversion and improve the proxy usage experience.

The routing settings are described as follows:

• Routing mode: This is the working mode of HomeProxy. Only custom routing mode can be used.
• Routing port: used to specify which ports' traffic can be proxied. You can select all ports or use the default common ports only.
• Proxy mode: used to specify the working mode of HomeProxy. The default is to forward all TCP/UDP, which will forward the traffic of 5030 5031 and 5333. Of course, other modes can also be used, which is based on a full understanding of sing-box.
• IPv6 support: used to set whether HomeProxy supports IPv6 network. It is recommended to uncheck it. The setting of "no support" here will not affect the subsequent setting of IPv6 routing rules.
• Bypass China traffic: Used to set whether to use firewall rules to forward traffic NAT directly through the firewall, thereby reducing HomeProxy's performance consumption. Choose whether to enable it according to your needs
• Override target address: used to set whether to use the sniffed domain name to overwrite the connection target, used to prevent DNS pollution. You can choose whether to enable it according to your needs, but it is recommended not to enable it.
• Default Outbound: Used to set the default outbound traffic route, which is the outbound path used as a backup when the outbound traffic does not match all routing rules. Note that if the default same-station option is "Disabled", HomeProxy will stop working.

After that, set the routing node. The added routing node will be reflected as a drop-down list in the default outbound of the routing setting. However, the system will contain two routing nodes, direct connection and block, by default. This is very tricky. If the routing node is not set correctly, HomeProxy will not be able to start at all, and the log will also show inexplicable things, so pay more attention to the details when setting it up.

As mentioned before, routing nodes are the process of establishing connections between proxy nodes and routing nodes. All proxy nodes can establish corresponding routing nodes and use them as outbound routes. Already added routing nodes will be displayed in the node list. If you need to add a new node, you can enter the routing node name in the input box and click the Add button. The following Add Node page will pop up:

When adding a routing node, select the outbound proxy node, keep the others as default, and then click Save to add the routing node. If there are special requirements, you can adjust the settings, but this is based on a full understanding of the sing-box configuration file, otherwise it is easy to make mistakes.

After the routing node is set, you can set the routing rules. When you need to add a routing rule, just enter the routing rule name in the input box, and then click Add to enter the routing rule setting page. Since there are many options to set, the example only selects the Chinese mainland IP and website in the rule set, and uses the anti-select function to indicate non-matching content, and uses the "route_Default" routing node for proxy outbound.

After the routing rules are set, click the Save button to add a routing rule. The successfully added routing rules will be listed on the routing page:

Note that routing rules have a sequence. The above rules are matched first, corresponding to the block, direct, and various types of outbound nodes of the sing-box configuration item. For rules that use the outbound type of direct connection, you need to set the routing rule with the outbound node as direct connection. In the example, a rule is set to block quic traffic, but there is no need to set a blocking node for the rule to take effect.

As for more detailed routing rules, you can set them according to your personal needs. According to the combination of complex routing rule conditions, you can set different outbound paths for different applications to achieve the purpose of accurate diversion. The example does not make more detailed settings. The general rule description can be summarized as blocking quic traffic, websites and IPs in mainland China and private IPs in the rule set are directly accessed, and other traffic is accessed through a proxy. This proxy access uses a node group to select the best node through URL testing.

Then set up DNS. Since the proxy needs to make a lot of DNS queries and DNS can also use different servers, it needs to be set up carefully.

To set up DNS, you must first set up the resolution strategy and other content:

After setting the DNS resolution strategy and default DNS server, choose whether to disable DNS cache as needed. After everything is completed, save the configuration to set the basic DNS items.

Since domestic DNS servers have problems with incorrect resolution of some websites, it is generally necessary to set up multiple DNS servers to handle domain name requests from overseas servers. Enter the DNS server tab, enter the name of the DNS server in the input box, and click the Add button to enter the DNS server settings page:

The example adds a GOOGLE TCP DNS server (DoT). Since ordinary DNS requests are sent via UDP, if the outbound route is a proxy node, and the proxy node does not support UDP forwarding, the domain name resolution will fail, so TCP is used to connect to the DNS server. The "address resolver" in the configuration item is to deal with the situation where the domain name is used as the DNS server (for example: https://dns.alidns.com/dns-query), so the address resolver needs to be used to resolve the domain name of this DNS server.

After all DNS servers are added successfully, the corresponding information will be displayed in the DNS server tab list:

Finally, set the DNS rules, which are the routing rules and resolution rules used when accessing the DNS server. Similar to the routing settings, a fine combination of conditions is required to set accurate DNS rule items. After all the rules are set, they will be displayed in the DNS tab list. Since the content of DNS rule settings is similar to that of routing rules, I will not go into details here.

After completing the above settings, the main settings of HomeProxy are completed. As for access control and control panel, they are configured using the Web UI page. If there are no special requirements, just keep the default.

Use of HomeProxy

The use of HomeProxy is no different from other proxy clients and can be used normally after startup.

You can go to the Service Status tab to view the operation logs of HomeProxy and sing-box, or click the Test button of the internal and external network websites to check whether the proxy is working properly.

Checking the listening information of HomeProxy calling sing-box, we can find that it listens to ports 5330, 5331, and 5333, of which 5330 is a mixed port, that is, it supports both HTTP and SOCKS proxy. We only need to set the browser's network proxy to the router's IP address and use port 5330 to access the Internet through HomeProxy. As for other modes, the usage is similar.

At this point, the detailed tutorial for using HomeProxy is complete. I hope it can help everyone understand the configuration logic and detailed adjustments of HomeProxy and sing-box, so that you can fully enjoy the convenience brought by excellent proxy tools.

Clash for Windows installation tutorial Clash node free subscription link