🚀 OpenWrt 部署 Sing-Box 全流程

  SingBox,科学界鼎鼎有名。但一直没尝试,也没接触过,就知道很难,很麻烦。如今,原版Openwrt都部署了,为何不试试SingBox。

安装Sing-Box

  安装是所有步骤里面最简单的。

命令安装

1
2
opkg update
opkg install sing-box

图形界面安装

  • 进入 OpenWrt 的 LuCI → 系统 → 软件包
  • 搜索 sing-box 并安装即可
      
    截屏2025-09-12 14.43.07.png

配置Sing-Box

1
vi /etc/sing-box/config.json


下面给出一个 完整示例配置,你可以直接复制,然后按需添加点信息、修改端口和用户名密码。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
{
  "dns": {
    "servers": [
      {"tag": "local", "type": "udp", "server": "223.5.5.5"},
      {"tag": "public", "type": "https", "server": "dns.alidns.com", "domain_resolver": "local"},
      {"tag": "foreign", "type": "https", "server": "8.8.8.8", "detour": "🚀 节点选择"},
      {"tag": "fakeip", "type": "fakeip", "inet4_range": "198.18.0.0/15", "inet6_range": "fc00::/18"}
    ],
    "rules": [
      {"rule_set": ["geosite-adblock"], "action": "predefined", "rcode": "REFUSED"},
      {"clash_mode": "direct", "server": "local"},
      {"clash_mode": "global", "server": "fakeip"},
      {"query_type": "HTTPS", "action": "reject"},
      {"domain_suffix": ["services.googleapis.cn", "googleapis.cn", "xn--ngstr-lra8j.com"], "server": "foreign"},
      {"rule_set": ["geosite-cn"], "server": "local"},
      {"query_type": ["A", "AAAA"], "server": "fakeip", "rewrite_ttl": 1}
    ],
    "final": "foreign",
    "strategy": "ipv4_only",
    "independent_cache": true,
    "reverse_mapping": true
  },
  "outbounds": [
    {"tag": "🚀 节点选择", "type": "selector", "outbounds": ["♻️ 自动选择", "🎯 全球直连", "KR", "Chatgpt", "韩国arm", "arm", "tw", "hk", "us GCP", "us"]},
    {"tag": "♻️ 自动选择", "type": "urltest", "outbounds": ["KR2", "Chatgpt", "韩国arm", "arm", "tw", "hk", "us GCP", "us"], "interval": "10m", "tolerance": 100},
    {"tag": "📞 Talkatone", "type": "selector", "outbounds": ["us GCP", "us"]},
    {"tag": "💬 Chatgpt", "type": "selector", "outbounds": ["KR2", "Chatgpt"]},
    {"tag": "GLOBAL", "type": "selector", "outbounds": ["🚀 节点选择", "♻️ 自动选择", "📞 Talkatone", "💬 Chatgpt", "🎯 全球直连"]},
    {"tag": "🎯 全球直连", "type": "direct"}
  ],
  "route": {
    "rules": [
      {"action": "sniff", "sniffer": ["http", "tls", "quic", "dns"]},
      {"type": "logical", "mode": "or", "rules": [{"port": 53}, {"protocol": "dns"}], "action": "hijack-dns"},
      {"ip_is_private": true, "outbound": "🎯 全球直连"},
      {"clash_mode": "direct", "outbound": "🎯 全球直连"},
      {"clash_mode": "global", "outbound": "GLOBAL"},
      {"rule_set": "geosite-google", "outbound": "🚀 节点选择"},
      {"rule_set": "geosite-!cn", "outbound": "🚀 节点选择"},
      {"rule_set": "geosite-cn", "outbound": "🎯 全球直连"},
      {"rule_set": "geosite-talkatone", "outbound": "📞 Talkatone"},
      {"rule_set": "geosite-chat", "outbound": "💬 Chatgpt"},
      {"rule_set": "geoip-cn", "outbound": "🎯 全球直连"}
    ],
    "rule_set": [
      {"tag": "geosite-adblock", "type": "remote", "format": "binary", "url": "https://gh-proxy.com/https://raw.githubusercontent.com/privacy-protection-tools/anti-ad.github.io/master/docs/anti-ad-sing-box.srs", "download_detour": "🎯 全球直连"},     
      {"tag": "geosite-chat", "type": "remote", "format": "binary", "url": "https://gh-proxy.com/https://raw.githubusercontent.com/CC342/list/main/category-ai-chat-!cn.srs", "download_detour": "🎯 全球直连"},
      {"tag": "geosite-!cn", "type": "remote", "format": "binary", "url": "https://gh-proxy.com/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/sing/geo/geosite/geolocation-!cn.srs", "download_detour": "🎯 全球直连"},
      {"tag": "geosite-cn", "type": "remote", "format": "binary", "url": "https://gh-proxy.com/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/sing/geo/geosite/cn.srs", "download_detour": "🎯 全球直连"},
      {"tag": "geosite-talkatone", "type": "remote", "format": "binary", "url": "https://gh-proxy.com/https://raw.githubusercontent.com/CC342/list/main/talkatone.srs", "download_detour": "🎯 全球直连"},
      {"tag": "geosite-google", "type": "remote", "format": "binary", "url": "https://gh-proxy.com/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/sing/geo/geosite/google.srs", "download_detour": "🎯 全球直连"},
      {"tag": "geoip-cn", "type": "remote", "format": "binary", "url": "https://gh-proxy.com/https://github.com/qljsyph/ruleset-icon/raw/refs/heads/main/sing-box/geoip/China-ASN-combined-ip.srs", "download_detour": "🎯 全球直连"}
    ],
    "final": "🚀 节点选择",
    "auto_detect_interface": true,
    "default_domain_resolver": {"server": "public"}
  },
  "inbounds": [
    {
      "tag": "tun-in",
      "type": "tun",
      "address": [
        "172.19.0.1/30",
        "fdfe:dcba:9876::1/126"
      ],
      "mtu": 9000,
      "auto_route": true,
      "auto_redirect": true,
      "strict_route": true
    },
    {
      "type": "socks",
      "listen": "0.0.0.0",
      "listen_port": 1080,
      "users": [
        {
          "username": "xx",
          "password": "xxxxxxxx"
        }
      ]
    },
    {
      "type": "http",
      "listen": "0.0.0.0",
      "listen_port": 1081,
      "users": [
        {
          "username": "xx",
          "password": "xxxxxxx"
        }
      ]
  }
  ],
  "experimental": {
    "cache_file": {
      "enabled": true,
      "path": "/etc/sing-box/cache.db",
      "store_fakeip": true
    },
    "clash_api": {
      "external_controller": "0.0.0.0:9099",
      "external_ui": "/etc/sing-box/ui",
      "external_ui_download_url": "https://gh-proxy.com/https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip",
      "external_ui_download_detour": "🎯 全球直连",
      "secret": "",
      "default_mode": "rule"
    }
  },
  "log": {
    "disabled": false,
    "level": "warn",
    "timestamp": true
  }
}

配置解释

  • DNS服务器:配置了四个
    – local:解析国内
    – public:加强DNS安全性
    – foreign:解析国外
    – fakeip:以fakeip出国

  • DNS路由规则:
    – DNS广告过滤
    – 直连走local
    – 全局走fakaip
    – 域名走foreign
    – 漏网走foregin

  • 出站:配置了6个组
    – 节点选择:手动选择
    – 自动选择:根据延迟,自动选择。前提是手动选择,选择了自动选择
    – Chatgpt:AI选择的节点
    – talkatone:专门给虚拟电话的节点,可惜已经登不上
    – Global:全局的节点选择
    – 全球直连:没的选,直接direct

  • 出站规则
    – hijack-dns劫持53端口
    – 把规则集对应到相应的组里。PS:google的规则集,是因为被广告误伤
    – adblock规则集不需要,已经放在DNS服务器过滤了

  • 入站
    – tun口实现透明代理
    – http和socks代理,给docker使用

  • 实验功能
    – zashboard面版,根据喜好更换。

  • 日志
    – level一定要改成warn,不然容器load要爆。

验证配置文件

先检查配置文件是否有语法错误:

1
sing-box check -c /etc/sing-box/config.json

如果返回 configuration OK,就说明没问题。

启动 Sing-Box

1
/etc/init.d/sing-box start

开机自启:

1
/etc/init.d/sing-box enable

停止服务:

1
/etc/init.d/sing-box stop

访问面板

  如果启用了Clash API + Zashboard面板,可以通过浏览器访问:

1
http://路由器IP:9099

默认没有密码(你可以在配置文件 secret 中设置)。

⚡ 到这里,OpenWrt上Sing-Box就部署成功了,并且可以用 tun透明代理、Socks/HTTP代理,配合Docker使用。

参考资料

  1. 七尺宇 - Youtube

PS:andriod版本配置

只需修改inbounds的模块,其他保持不变

  • inbounds
    1、 删除tun模块里面
    "auto_redirect": true, "strict_route": true
    2、添加
    "stack": "system"
    3、只保留tun模块,其他全删除