Redsocks OpenWRT with LuCI Web UI

Redsocks is a transparent TCP-to-SOCKS redirector proxy client. This project provides a simple script and configuration setup to easily run Redsocks on an OpenWRT router, complete with a modern LuCI Web UI interface (for OpenWrt 21.02+ / 22.03+ / 23.05+ / 24.10+ / 25.12+).

It is ideal for routing all LAN traffic through a SOCKS5/SOCKS4 proxy server (e.g., for bypass configurations or SOCKS5 proxies).

---

1. Quick Installation (One-Command Run)

Run the following command in your router's SSH terminal to automatically download, install dependencies, and configure the LuCI Web UI:

cd /tmp && wget --no-check-certificate https://github.com/emonbhuiyan/Redsocks-OpenWRT/raw/main/install.sh && chmod +x install.sh && sh install.sh && rm install.sh && cd /

Once installed, clear your browser cache and refresh your router's web admin page.

---

2. Configuration Options

Option A: Web UI Configuration (Recommended)

1. Log into your router's web interface (LuCI).
2. Navigate to Services -> Redsocks Proxy.
3. Toggle the Enable Redsocks Service checkbox.
4. Input your Proxy Server IP/Host, Port, and authentication details (if required).
5. Click Save & Apply.

Option B: Command Line Configuration (UCI)

Instead of manually editing /etc/redsocks.conf, you can configure the service using OpenWrt's native UCI configuration utility:

# Enable the service
uci set redsocks.global.enabled='1'

# Set proxy host and port
uci set redsocks.connection.ip='xx.xx.xx.xx'
uci set redsocks.connection.port='xxxx'

# Set proxy type (socks5, socks4, http-connect, http-relay)
uci set redsocks.connection.type='socks5'

# Set authentication (optional)
uci set redsocks.connection.login='username'
uci set redsocks.connection.password='password'

# Save and apply changes
uci commit redsocks
/etc/init.d/redsocks reload

---

3. Service Commands (SSH Terminal)

• Start service manually:

  /etc/init.d/redsocks start

• Stop service manually:

  /etc/init.d/redsocks stop

• Restart service:

  /etc/init.d/redsocks restart

• Enable service on boot:

  /etc/init.d/redsocks enable

• Disable service on boot:

  /etc/init.d/redsocks disable

---

4. Manual Installation Step-by-Step

If you prefer to configure everything manually:

Step 1: Update packages and install dependencies

For OpenWrt 24.10 and older (using opkg ):

opkg update
opkg install iptables iptables-mod-nat-extra redsocks

For OpenWrt 25.12 and newer (using apk ):

apk update
apk add iptables iptables-mod-nat-extra redsocks

Step 2: Download configuration and script files

Copy the directories from this repository into your router's filesystem:

• UCI Configuration: Save etc/config/redsocks to /etc/config/redsocks
• Init Service Script: Save etc/init.d/redsocks to /etc/init.d/redsocks and run chmod +x /etc/init.d/redsocks
• LuCI Sidebar Entry: Save usr/share/luci/menu.d/luci-app-redsocks.json to /usr/share/luci/menu.d/luci-app-redsocks.json
• LuCI ACL Rules: Save usr/share/rpcd/acl.d/luci-app-redsocks.json to /usr/share/rpcd/acl.d/luci-app-redsocks.json
• LuCI JavaScript view: Save www/luci-static/resources/view/services/redsocks.js to /www/luci-static/resources/view/services/redsocks.js

Step 3: Refresh LuCI services

rm -rf /tmp/luci-indexcache /tmp/luci-modulecache
/etc/init.d/rpcd restart
/etc/init.d/uhttpd restart

---

5. Uninstallation

To completely remove the LuCI Web UI components, uninstall package dependencies, and restore original configurations, run the following command in your router's SSH terminal:

cd /tmp && wget --no-check-certificate https://github.com/emonbhuiyan/Redsocks-OpenWRT/raw/main/uninstall.sh && chmod +x uninstall.sh && sh uninstall.sh && rm uninstall.sh && cd /

---

6. Optional: Leak Prevention (WebRTC & DNS Leaks)

By default, transparent proxies only intercept TCP traffic. Because WebRTC STUN queries and standard DNS lookups run over UDP, they can bypass the proxy and leak your real WAN IP or ISP's DNS servers.

If you want to secure these leaks, you can implement these optional, non-intrusive configurations:

A. Prevent DNS Leaks (DNS-over-HTTPS)

By encrypting DNS requests over HTTPS (TCP port 443), they are automatically captured by Redsocks and securely routed through your SOCKS5 proxy:

1. SSH into your router and install the lightweight DoH client:

• For OpenWrt 24.10 and older (using opkg ):

  opkg update
  opkg install https-dns-proxy

• For OpenWrt 25.12 and newer (using apk ):

  apk update
  apk add https-dns-proxy

2. Enable and start the service:

   /etc/init.d/https-dns-proxy enable
   /etc/init.d/https-dns-proxy start

• To Disable: Stop and disable the DoH service:

  /etc/init.d/https-dns-proxy stop
  /etc/init.d/https-dns-proxy disable

• To Uninstall: Completely remove the package:

  • For OpenWrt 24.10 and older (using opkg ):

    opkg remove https-dns-proxy

  • For OpenWrt 25.12 and newer (using apk ):

    apk del https-dns-proxy

B. Prevent WebRTC Leaks (Block WAN UDP)

Force browsers to fall back to secure TCP connections for WebRTC by blocking outgoing UDP traffic from client devices (except standard DNS on port 53 and NTP time sync on port 123):

1. Navigate to Network -> Firewall -> Custom Rules in LuCI (or edit /etc/firewall.user).
2. Add the following rule:

   # Block client UDP traffic to WAN to prevent WebRTC leaks
   iptables -I FORWARD -i br-lan -o wan -p udp --dport ! 53 --dport ! 123 -j REJECT

   (Note: This rule will block UDP-based online multiplayer games. Skip this step if you play games that require UDP).
3. Restart the firewall to apply:

   /etc/init.d/firewall restart

• To Disable / Uninstall: Remove the iptables line from your custom rules list and restart the firewall:

  /etc/init.d/firewall restart

---

GitAds Sponsored