What Gets Installed on NanoPi

Summary

• —Xray is installed — an open-source proxy server in transparent proxy mode
• —Local network is configured — NanoPi assigns IP addresses to connected devices
• —Routing rules are set up — all traffic transparently goes through the tunnel
• —Performance optimizations are applied for maximum speed on ARM processor
• —Optionally, remote access is configured for maintenance

Xray Proxy Server

The same Xray used on VPS servers is installed, but in client mode — it connects to your input and output nodes and routes all traffic from connected devices through them.

• —Xray files: /opt/xray/ (binary, config, logs)
• —Auto-start service: /etc/systemd/system/xray.service

Packages: unzip, logrotate, iptables, iptables-persistent

Local Network Setup

NanoPi is configured as a gateway for your local network.

• —LAN interface gets a static IP (default: 192.168.77.1)
• —DHCP server automatically assigns addresses to connected devices
• —DNS requests from devices also go through the tunnel

Packages: isc-dhcp-server

Traffic Routing

iptables rules are configured to transparently redirect all TCP and UDP traffic from connected devices through Xray. Devices don't notice anything — NanoPi looks like a regular router to them.

• —IPv6 on LAN is disabled to prevent traffic leaks outside the tunnel

Performance Optimizations

For maximum speed on NanoPi's ARM processor:

• —BBR — TCP acceleration (same as on VPS)
• —CPU set to maximum performance mode
• —Increased network buffers for high throughput
• —Interrupt balancing (irqbalance) — load spread across CPU cores
• —Network optimizations (RPS, GRO/GSO) — faster packet processing

Packages: cpufrequtils, irqbalance, ethtool

Remote Access (Optional)

Optionally, a reverse SSH tunnel is set up through one of your VPS servers. This allows us to remotely access the NanoPi for maintenance and diagnostics, even when it's behind NAT.

• —A dedicated user is created for the tunnel
• —SSH key authentication is used (no password)
• —The tunnel automatically reconnects on connection loss

Packages: autossh

Removal

To fully reset NanoPi to its original state:

sudo systemctl stop xray
sudo systemctl disable xray
sudo systemctl stop isc-dhcp-server
sudo systemctl disable isc-dhcp-server

sudo rm -rf /opt/xray
sudo rm /etc/systemd/system/xray.service
sudo rm /etc/logrotate.d/xray

sudo userdel xray
sudo groupdel xray
sudo apt remove --purge isc-dhcp-server

sudo systemctl daemon-reload
sudo reboot

After reboot, network rules and optimizations will be reset.

Questions

If you have questions about the setup — contact us at @doubletunnelbot

Also see: What Gets Installed on VPS Servers