標題:
Openwrt V2ray 透明代理 tls + ws (實踐編)
[打印本頁]
作者:
tomleehk
時間:
2019-12-20 20:37
標題:
Openwrt V2ray 透明代理 tls + ws (實踐編)
本帖最後由 tomleehk 於 2019-12-21 08:39 編輯
Openwrt V2ray 透明代理 tls + ws (實踐編)
參考網上文章, 呢d網友嘅文章比較完整
V2RAY透明代理
https://ibcl.us/HC5962-V2Ray_20190518/
https://xdays.me/V2RAY%E9%80%8F%E6%98%8E%E4%BB%A3%E7%90%86/
左砌右砌加加減減, 初步睇結果喺成功做到tcp+dns轉發, 速度唔算好高, 足夠一般使用
作者:
tomleehk
時間:
2019-12-21 07:36
本帖最後由 tomleehk 於 2019-12-21 11:28 編輯
將v2ray作為OpenWrt 透明代理, 需要安裝一些package
opkg update <<ENTER>>
opkg install bash kmod-ipt-tproxy iptables-mod-tproxy bind-dig <<ENTER>>
作者:
tomleehk
時間:
2019-12-21 07:41
本帖最後由 tomleehk 於 2019-12-27 12:20 編輯
v2ray.json
{
"inbounds": [
{
"port": 1080,
"listen": "0.0.0.0",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth",
"udp": true
}
},
{
"port": 8080,
"listen": "0.0.0.0",
"protocol": "http",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"timeout": 300
}
},
{
"port": 12345,
"protocol": "dokodemo-door",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"network": "tcp,udp",
"timeout": 0,
"followRedirect": true
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "server ip",
"port": 443,
"users": [
{
"id": "779e81cb-79b6-3377-b2b5-ce402c21b8f5",
"security": "aes-128-gcm",
"alterId": 64
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {"allowInsecure": true,"serverName": "server url"},
"wsSettings": {
"path": "/vpath"
}
}
}
]
}
複製代碼
v2ray 啟動 script
#!/bin/sh /etc/rc.common
# "new" style init script
# Look at /lib/functions/service.sh on a running system for explanations of what other SERVICE_
# options you can use, and when you might want them.
START=80
STOP=20
APP=v2ray
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
PREFIX=/usr/bin
start() {
service_start $PREFIX/v2ray -config $PREFIX/v2ray.json
$PREFIX/client_proxy.sh start
}
stop() {
$PREFIX/client_proxy.sh stop
service_stop $PREFIX/v2ray
}
複製代碼
成功啟動後可以用
ps | grep "v2ray"
curl -Is -x 127.0.0.1:8080
https://www.google.com
curl -x socks5://127.0.0.1:1080
www.google.com
睇吓有無正確嘅response
留意port 1080及port 8080呢2段嘅config只喺方便用curl測試connection,
本身運作上並非必要
作者:
tomleehk
時間:
2019-12-21 07:43
本帖最後由 tomleehk 於 2019-12-21 08:37 編輯
Iptable scripts
#!/bin/bash
# -*- coding: utf-8 -*-
start() {
# Chain TCP
iptables -t nat -N V2RAY
# Reserved IP TCP
iptables -t nat -A V2RAY -d 0.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 10.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 127.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 169.254.0.0/16 -j RETURN
iptables -t nat -A V2RAY -d 172.16.0.0/12 -j RETURN
iptables -t nat -A V2RAY -d 192.168.0.0/16 -j RETURN
iptables -t nat -A V2RAY -d 224.0.0.0/4 -j RETURN
iptables -t nat -A V2RAY -d 240.0.0.0/4 -j RETURN
# VPS IP
iptables -t nat -A V2RAY -d <v2ray server ip> -j RETURN
# Apply Forwarding Rules TCP
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -p tcp -j V2RAY
iptables -t nat -A OUTPUT -p tcp -j V2RAY
# UDP Redirect
iptables -t mangle -N V2RAY
iptables -t mangle -A V2RAY -p udp -j RETURN -m mark --mark 0xff
iptables -t mangle -A V2RAY -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
iptables -t mangle -N V2RAY_MARK
iptables -t mangle -A V2RAY_MARK -p udp -j RETURN -m mark --mark 0xff
iptables -t mangle -A V2RAY_MARK -p udp --dport 53 -j MARK --set-mark 1
# add route for udp traffic
ip route add local default dev lo table 100
ip rule add fwmark 1 lookup 100
# Apply the rules
# apply udp tproxy for traffic forworded by this proxy
iptables -t mangle -A PREROUTING -j V2RAY
# apply udp tproxy for proxy itself
iptables -t mangle -A OUTPUT -j V2RAY_MARK
}
stop() {
iptables -t nat -D PREROUTING -p tcp -j V2RAY
iptables -t nat -D OUTPUT -p tcp -j V2RAY
iptables -t nat -F V2RAY
iptables -t nat -X V2RAY
iptables -t mangle -D PREROUTING -j V2RAY
iptables -t mangle -F V2RAY
iptables -t mangle -X V2RAY
iptables -t mangle -D OUTPUT -j V2RAY
iptables -t mangle -F V2RAY_MARK
iptables -t mangle -X V2RAY_MARK
ip rule del fwmark 1 lookup 100
ip route del local default dev lo table 100
}
case $1 in
start)
start
;;
stop)
stop
;;
*)
echo "$0 start|stop"
;;
esac
複製代碼
規則中 v2ray listening port (12345)要按實際情況修改。
作者:
tomleehk
時間:
2019-12-21 12:56
本帖最後由 tomleehk 於 2019-12-21 13:02 編輯
dns , routing tab 可按實際情況config
暫時一切tcp轉發,dns轉發功能都work
作者:
yiucsw
時間:
2019-12-21 21:04
看起来,透明代理複雜多。Performance 如何?
作者:
tomleehk
時間:
2019-12-22 11:45
本帖最後由 tomleehk 於 2019-12-22 11:50 編輯
穩定性足夠..ofca 跑速約15mb..
用iptables 效能已經喺最好..
初步試只可直連v2ray server, 經 cdn 好似cloudflare喺唔通, 留番俾其人有需要嘅人研究吓
作者:
yiucsw
時間:
2020-1-15 08:35
本帖最後由 yiucsw 於 2020-1-15 08:48 編輯
昨天重装Newif3 v2ray client. 看到Luci-app-v2ray 有更新,試了一下,只要加你的vmess outbound parameter. V2ray 便能用。再跟你的TPROXY v2ray.config,click troxy tab。好像便 不用set sock5, whatismyipaddress 顯示Server IP 地址。不知道是不是TRPROXY。
感謝你的幫忙。
*luci-app-v2ray 是在中國Client用的。不用set iptables, 不用set startup script.
作者:
yiucsw
時間:
2020-1-15 09:00
本帖最後由 yiucsw 於 2020-1-15 09:04 編輯
luci-app-v2ray generated script.
{
"log": {
"access": "\/var\/log\/v2ray-access.log",
"loglevel": "warning",
"error": "\/var\/log\/v2ray-error.log"
},
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{
"type": "field",
"ip": [
"geoip:private",
"geoip:cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"protocol": [
"bittorrent"
],
"outboundTag": "direct"
},
{
"type": "field",
"port": "53",
"network": "udp",
"inboundTag": [
"transparent"
],
"outboundTag": "dns_out"
},
{
"type": "field",
"ip": [
"1.1.1.1",
"8.8.8.8",
"208.67.222.222"
],
"outboundTag": "proxy"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 1080,
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": false
},
"streamSettings": {
"sockopt": {
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"port": 1081,
"protocol": "dokodemo-door",
"settings": {
"followRedirect": true,
"network": "tcp"
},
"streamSettings": {
"sockopt": {
"tproxy": "redirect"
}
},
"tag": "transparent",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"sendThrough": "0.0.0.0",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "yourservr.dynu.net",
"port": 443,
"users": [
{
"id": "8b737d60-a000-4a0f-8de3-218fa0c0a3d8",
"alterId": 64,
"security": "chacha20-poly1305"
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "yourserver.dynu.net",
"allowInsecure": true,
"allowInsecureCiphers": false,
"disableSystemRoot": false,
"certificates": [
]
},
"wsSettings": {
"path": "\/vpath"
},
"sockopt": {
"mark": 255
}
},
"tag": "proxy",
"mux": {
"enabled": true,
"concurrency": 8
}
},
{
"protocol": "freedom",
"settings": {
},
"streamSettings": {
"sockopt": {
"mark": 255
}
},
"tag": "direct"
},
{
"protocol": "dns",
"settings": {
},
"streamSettings": {
"sockopt": {
"mark": 255
}
},
"tag": "dns_out"
}
]
}
複製代碼
Hope it works。
作者:
321
時間:
2020-2-18 12:45
mips router跑v2ray似乎很吃力,要用上softfloat去執行,效能底下.
建議用trojan,因為不依賴CPU floating 計算功能,所以效率高很多
歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/)
Powered by Discuz! 7.2
