本文完成于 2018.10.08
测试环境为"友华 WR1200JS 路由器",CPU 是 MT7621AT,只有 16M Flash 可用存储的小机器
建议所有的操作都在 root 身份下完成,主要是环境变量配置一次就行
下载并解压缩最新的 SDK openwrt-sdk-18.06.1-ramips-mt7621_gcc-7.3.0_musl.Linux-x86_64.tar.xz;把它符号链接到一个简短的目录上,并设定必须的环境变量
# ln -s /home/rubyfish/openwrt-sdk-18.06.1-ramips-mt7621_gcc-7.3.0_musl.Linux-x86_64/staging_dir/toolchain-mipsel_24kc_gcc-7.3.0_musl /usr/local/openwrt-sdk
# export PATH=/usr/local/openwrt-sdk/bin:$PATH
# export STAGING_DIR=/usr/local/openwrt-sdk
# export LC_ALL=C
下载并解压缩 openssl-1.1.1,然后:
### 下行的参数改成 --cross-compile-prefix=mipsel-openwrt-linux-musl- 也能工作
# LDFLAGS='-Wl,-rpath=/opt/lib' ./Configure linux-mips32 --prefix=/opt --cross-compile-prefix=mipsel-openwrt-linux- no-async
# make
# make install_sw
### 如果对获得可执行的 openssl 不感兴趣 make install_dev 即可
编译 expat-2.2.6:
### 下行的参数改成 --host=mipsel-openwrt-linux 亦可
# ./configure --prefix=/opt --host=mipsel-openwrt-linux-musl --without-xmlwf --without-docbook
# make
# make install
编译 unbound-1.8.0:
### 下行的参数改成 --host=mipsel-openwrt-linux 亦可
# ./configure --prefix=/opt --host=mipsel-openwrt-linux-musl --with-ssl=/opt --with-libexpat=/opt
# make
# make install
最后手工写入配置文件:
# echo 'server: port: 53535 verbosity: 5 interface: 0.0.0.0 do-not-query-localhost: no access-control: 192.168.0.0/16 allow username: "root" forward-zone: name: "." forward-addr: 118.89.110.78@853 forward-addr:47.96.179.163@853 forward-ssl-upstream: yes' > /opt/etc/unbound/unbound.conf
将 /opt 打包带走:
# tar zcf unbound-1.8.0-opt-shared.tar.gz /opt/etc /opt/sbin/unbound /opt/lib/libunbound.so /opt/lib/libunbound.so.8 /opt/lib/libunbound.so.8.0.0 /opt/lib/libssl.so /opt/lib/libssl.so.1.1 /opt/lib/libcrypto.so /opt/lib/libcrypto.so.1.1 /opt/bin/openssl
到了 openwrt 机器上:
# cd /
root@OpenWrt:/# tar zxf /root/unbound-1.8.0-opt-shared.tar.gz
运行 openssl 测试一下
root@OpenWrt:/# /opt/bin/openssl s_client -tls1_3 -connect118.89.110.78:853 -CApath /etc/ssl/certs -verify_hostname dns.rubyfish.cn
运行 unbound 测试
root@OpenWrt:/# /opt/sbin/unbound -d -d -p
参考:http://dannysun-unknown.blogspot.com/2017/02/openssl-110d-arm.html