张无忌

有时候发现 opkg update or apk update 有 wgetSSL verify error

apk update: wgetSSL verify error: unknown error

1. root@OpenWrt:~# apk update
   
2. wgetSSL verify error: unknown error
   
3. ERROR: wget: exited with error 5
   
4. WARNING: updating and opening https://mirrors.tuna.tsinghua.edu.cn/openwrt/releases/25.12.2/targets/mediatek/filogic/packages/packages.adb: unexpected end of file

複製代碼

..

原来时间不对 04:17:15 不对！！！


原先：不正常


点击 "Sync with browser" 和 "Sync with NTP-Server"

修改：正常


apk update 正常。


目录 OpenWrt on GL-MT6000 et al.

platinum

有时候发现 opkg update or apk update 有 wgetSSL verify error

apk update: wgetSSL verify error: unkn ...
张无忌 發表於 2026-4-20 09:20

    有關SSL error, 最近發現如果安裝了 wget-nossl apk, 會卡死
用 wget-ssl 無問題

张无忌

HomeProxy + 美国节点 + 3x-ui（VLESS + Reality + Vision）
VPS 1: RackNerb US10.6/yr
VPS 2: Vultr US60.48/yr
Debian 13 x64

Step 1：Default 22/tcp，再加其他

1. ufw allow 80/tcp
   
2. ufw allow 443/tcp
   
3. 
   
4. ufw status

複製代碼

..

Step 2：Apt update and install git

1. apt update -y && apt install git -y

複製代碼

..

Step 3：安装 3x-ui

1. bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)

複製代碼

..

Step 4：按 Enter

1. Would you like to customize the Panel Port settings? (If not, a random port will be applied) [y/n]:

複製代碼

..

Step 5：按 Enter

1. Generated random port: 42739
   
2. Port set successfully: 42739
   
3. Username and password updated successfully
   
4. Base URI path set successfully
   
5. 
   
6. ═══════════════════════════════════════════
   
7.      SSL Certificate Setup (MANDATORY)
   
8. ═══════════════════════════════════════════
   
9. For security, SSL certificate is required for all panels.
   
10. Let's Encrypt now supports both domains and IP addresses!
    
11. 
    
12. Choose SSL certificate setup method:
    
13. 1. Let's Encrypt for Domain (90-day validity, auto-renews)
    
14. 2. Let's Encrypt for IP Address (6-day validity, auto-renews)
    
15. 3. Custom SSL Certificate (Path to existing files)
    
16. Note: Options 1 & 2 require port 80 open. Option 3 requires manual paths.
    
17. Choose an option (default 2 for IP):

複製代碼

..

Step 6：按 Enter

1. Do you have an IPv6 address to include? (leave empty to skip):

複製代碼

..

Step 7：Setup https，按 Enter

1. Port to use for ACME HTTP-01 listener (default 80):

複製代碼

..

Step 8：Panel

1. ═══════════════════════════════════════════
   
2.      Panel Installation Complete!
   
3. ═══════════════════════════════════════════
   
4. Username:    GsaplvD0Fd
   
5. Password:    XSyhGGaNqu
   
6. Port:        42739
   
7. WebBasePath: gM4CMjjJ0zapaVJMuL
   
8. Access URL:  https://149.248.6.5:42739/gM4CMjjJ0zapaVJMuL
   
9. ═══════════════════════════════════════════

複製代碼

..

Step 9：Add port to allow

1. ufw allow 42739/tcp

複製代碼

..

Step 10：Access URL:  https://149.248.6.5:42739/gM4CMjjJ0zapaVJMuL
1. 443
2. 安全 Reality
3. Get New Cert
4. 客户 Flow=xtls-rprx-vision
5. 创建

Step 11：VLESS + Reality + Vision

1. vless://8e1357ec-b4ca-4b8d-8f3f-3a02da55b82b@149.248.6.5:443?type=tcp&encryption=none&security=reality&pbk=xykpYQWIw2uhLNC5rlrtxySYlALd0zlngP6jBq1px2U&fp=chrome&sni=aws.amazon.com&sid=b7f8ebaad22cbb16&spx=%2F&flow=xtls-rprx-vision#p6cumqoo

複製代碼

..

Step 12. HomeProxy
Add "Step 11" VLESS URL

Performance：
1. In 7 a.m. both VPS were the same. After 8 a.m. RackNerb performed very bad however Vultr was good.
2. The cost of Vultr almost is 6 times higher than that of RackNerb.

References:
[1] MHSanaei / 3x-ui
[2] 别再给机场送钱了！2026 手把手教你自建 VLESS+Reality 天花板节点，稳如老狗，快到飞起！
[3] 3x-ui on Linux server


目录 OpenWrt on GL-MT6000 et al.

张无忌

WireGuard server

以前不太懂安装 OpenWrt WireGuard server [1]，所以都没有安装，但是香港有些朋友要看 FIFA 2026，所以再测试安装，安装信息不是从网上找，而用 Google Gemini AI 找资料，速度比较快。

1: 大陆 ipk repository server，其他不用

1. sed -i 's_https\?://downloads.openwrt.org_https://mirrors.tuna.tsinghua.edu.cn/openwrt_' /etc/opkg/distfeeds.conf

複製代碼

..

2. Install wireguard-tools 和 luci-proto-wireguard

1. opkg update
   
2. opkg install wireguard-tools luci-proto-wireguard

複製代碼

..

1. Configuring ip-tiny.
   
2. Configuring kmod-crypto-lib-chacha20.
   
3. Configuring kmod-crypto-lib-poly1305.
   
4. Configuring kmod-crypto-lib-chacha20poly1305.
   
5. Configuring kmod-crypto-kpp.
   
6. Configuring kmod-crypto-lib-curve25519.
   
7. Configuring kmod-udptunnel4.
   
8. Configuring kmod-udptunnel6.
   
9. Configuring kmod-wireguard.
   
10. Configuring wireguard-tools.
    
11. Configuring luci-lib-uqr.
    
12. Configuring resolveip.
    
13. Configuring luci-proto-wireguard.

複製代碼

..

3. Network restart

1. /etc/init.d/network restart

複製代碼

..

4. Add WireGuard Network Interface
Add new interface

1. a. Name=wg0
   
2. b. Protocol=WireGuard VPN

複製代碼

Save

5. Configure the WireGuard Network Interface

1. 1. Generate new key pair
   
2. 2. Listen port=51820
   
3. 3. IP=10.0.0.1/24

複製代碼

Save

6. Configure WireGuard Peers
Click on Add peer

1. Click on Generate new key pair to populate the public and private key fields
   
2. Allowed IPs: 10.0.0.2/32 or whatever other address you will assign to the client
   
3. Endpoint port: 51820
   
4. Persistent Keep Alive: 25

複製代碼

Save

7. Configure Firewall for WireGuard traffic

1. Name: WireguardVPN (or preferred name)
   
2. Input: accept
   
3. Output: accept
   
4. Intra zone forward: accept
   
5. Masquerading: checked
   
6. MSS Clamping: checked
   
7. Covered networks: wg0
   
8. Allow forward to destination zones: lan and wan
   
9. Allow forward from source zones: lan

複製代碼

Save

8. Go to LuCI → Network → Firewall → Traffic Rules

1. Name: WireGuard-incoming (or preferred name)
   
2. Protocol: UDP <change>
   
3. Source zone: wan
   
4. Source address: -- add IP --
   
5. Source port: any
   
6. Destination zone: Device <change>
   
7. Destination address: -- add IP--
   
8. Destination port: 51820  <change>
   
9. Action: accept

複製代碼

Save, Save & apply

9. /etc/init.d/network restart
多 peers，最后都要 /etc/init.d/network restart


Reference:
[1] WireGuard server

目录 OpenWrt on GL-MT6000 et al.