前言
实现方法来自GitHub:yangchuansheng/love-gfw。
本文采用Shadowsocks实现与外网通讯,如有需要,你也可以换成其他的软件,例如Gost/ShadowsocksR/V2Ray等。
本教程基于Debian10 x86_64环境建立,其他环境大同小异。
1.切换至ROOT用户(已是ROOT用户请无视)
- sudo su
2.更新系统环境&校对时间
- apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
- apt-get install -y ca-certificates wget curl vim nano ntpdate git golang haveged proxychains
- cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && ntpdate time.nist.gov
3.安装shadowsocks-libev
- apt-get install shadowsocks-libev -y
- systemctl stop shadowsocks-libev && systemctl disable shadowsocks-libev
- rm -f /lib/systemd/system/shadowsocks-libev.service
- systemctl daemon-reload
4.配置shadowsocks-libev
- cd /etc/shadowsocks-libev && vim /etc/shadowsocks-libev/config.json
不过多解释,懂的人都懂,这里举个简单的例子(实际填写请去除“//”及之后的内容):
- {
- "server":"1.1.1.1", // SS服务器IP
- "mode":"tcp_and_udp", // 同时监听TCP&UDP协议
- "server_port":11451, // SS服务器端口
- "local_port":1080, // 本地监听端口
- "password":"GFWNM$L-114514-1919810", // 连接密码
- "timeout":300,
- "fast_open":true, // 启用TCP快速打开(可选)
- "method":"aes-128-gcm" // 加密协议
- }
5.配置ss-local
将下面的内容写入到/etc/systemd/system/ss-local.service
- [Unit]
- Description=Shadowsocks-Libev Client Service
- After=network.target
- [Service]
- User=nobody
- Group=nogroup
- LimitNOFILE=1048576
- CapabilityBoundingSet=~CAP_SYS_ADMIN
- ExecStart=/usr/bin/ss-local -u -c /etc/shadowsocks-libev/config.json
- [Install]
- WantedBy=multi-user.target
然后执行:
- systemctl enable ss-local && systemctl start ss-local
现在让我们执行下面这条命令看看效果吧,其中1080为本地监听端口号
- > curl -s --socks5 127.0.0.1:1080 google.com
301 <span class="hljs-selector-tag">Moved</span>
301 Moved
- The document has moved
here.
-
如一切无误,此时ss-local已经开始正常工作。
6.安装 gotun2socks
- sed -i '/127.0.0.1 9050/d' /etc/proxychains.conf
- echo -e "socks5 127.0.0.1 1080" >>/etc/proxychains.conf
- proxychains go get github.com/yinghuocho/gotun2socks/bin/gotun2socks
- mv -f /root/go/bin/gotun2socks /usr/bin/gotun2socks
- rm -rf /root/go
7.获取中国IP段
- cd /etc/shadowsocks-libev
将下面的内容写入到 /etc/shadowsocks-libev/get_cn_ip.sh
- #!/bin/bash
- wget -c https://ftp.apnic.net/stats/apnic/delegated-apnic-latest
- cat delegated-apnic-latest | awk -F '|' '/CN/&&/ipv4/ {print $4 "/" 32-log($5)/log(2)}' | cat > /etc/shadowsocks-libev/cn_rules.conf
然后执行
- chmod +x /etc/shadowsocks-libev/get_cn_ip.sh && /etc/shadowsocks-libev/get_cn_ip.sh
8.配置路由表启动、删除脚本&环境变量
- cd /etc/shadowsocks-libev
将下面的内容写到/etc/shadowsocks-libev/start-socksfwd
- #!/bin/bash
- source /etc/shadowsocks-libev/socksfwd
- ip route add "$SOCKS_SERVER" via "$GATEWAY_IP"
- for i in $(cat /etc/shadowsocks-libev/cn_rules.conf)
- do
- ip route add "$i" via "$GATEWAY_IP"
- done
- ip route del default
- ip route add 0.0.0.0/1 via "$TUN_NETWORK_GATEWAY"
- ip route add 128.0.0.0/1 via "$TUN_NETWORK_GATEWAY"
然后执行
- chmod +x /etc/shadowsocks-libev/start-socksfwd
将下面的内容写到/etc/shadowsocks-libev/stop-socksfwd
- #!/bin/bash
- source /etc/shadowsocks-libev/socksfwd
- ip route del 128.0.0.0/1 via "$TUN_NETWORK_GATEWAY"
- ip route del 0.0.0.0/1 via "$TUN_NETWORK_GATEWAY"
- ip route add default via "$GATEWAY_IP"
- for i in $(cat /etc/shadowsocks-libev/cn_rules.conf)
- do
- ip route del "$i" via "$GATEWAY_IP"
- done
- ip route del "$SOCKS_SERVER" via "$GATEWAY_IP"
然后执行
- chmod +x /etc/shadowsocks-libev/stop-socksfwd
将下面的内容写到/etc/shadowsocks-libev/socksfwd,请根据实际情况修改其中的值
- # SS服务器IP的地址
- SOCKS_SERVER="1.1.1.1"
- # SS监听的本地IP地址+端口
- SOCKS_ADDRESS="127.0.0.1:1080"
- # 网关(路由器)的 IP 地址
- # GATEWAY_IP=$(ip route|grep "default"|awk '{print $3}')
- GATEWAY_IP="192.168.1.1"
- # 选一个不冲突的tun设备号
- TUN_NETWORK_DEV="tun0"
- # 选一个不冲突的内网IP段的前缀
- TUN_NETWORK_PREFIX="12.0.0"
- # TUN_NETWORK_GATEWAY="$TUN_NETWORK_PREFIX.1"
- TUN_NETWORK_GATEWAY="12.0.0.1"
- # TUN_NETWORK_ADDRESS="$TUN_NETWORK_PREFIX.2"
- TUN_NETWORK_ADDRESS="12.0.0.2"
9.设置防污染DNS
版本可能有更迭,请自行前往shadowsocks/ChinaDNS获取最新文件
- cd ~
- wget https://github.com/shadowsocks/ChinaDNS/releases/download/1.3.2/chinadns-1.3.2.tar.gz
- tar -zxvf chinadns-1.3.2.tar.gz >/dev/null && rm chinadns-1.3.2.tar.gz
- cd ~/chinadns-1.3.2 && ./configure && make
- mv -f src/chinadns /usr/bin/chinadns && mv -f chnroute.txt /etc/shadowsocks-libev/chnroute.txt
- cd ~ && rm -rf ~/chinadns-1.3.2
将下面的内容写入到/etc/systemd/system/chinadns.service
- [Unit]
- Description=ChinaDNS Client
- After=network.target
- [Service]
- ExecStart=/usr/bin/chinadns -c /etc/shadowsocks-libev/chnroute.txt
- [Install]
- WantedBy=multi-user.target
然后执行:
- systemctl enable chinadns && systemctl start chinadns
- echo "nameserver 127.0.0.1" >/etc/resolv.conf && chattr +i /etc/resolv.conf
10.配置gotun2socks启动脚本
将下面的内容写入到/etc/systemd/system/autoproxy.service
- [Unit]
- Description=Transparent SOCKS5 forwarding
- After=network-online.target
- [Service]
- Type=simple
- EnvironmentFile=/etc/shadowsocks-libev/socksfwd
- ExecStart=/usr/bin/gotun2socks -tun-device "$TUN_NETWORK_DEV" -tun-address "$TUN_NETWORK_ADDRESS" -tun-gw "$TUN_NETWORK_GATEWAY" -local-socks-addr "$SOCKS_ADDRESS" -tun-dns "127.0.0.1"
- ExecStartPost=/etc/shadowsocks-libev/start-socksfwd
- ExecStopPost=/etc/shadowsocks-libev/stop-socksfwd
- LimitNOFILE=1048576
- [Install]
- WantedBy=multi-user.target
然后执行:
- systemctl enable autoproxy && systemctl start autoproxy
11.开启流量转发
- sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
- sed -i '/net.ipv6.conf.all.forwarding/d' /etc/sysctl.conf
- sed -i '/net.ipv4.tcp_syn_retries/d' /etc/sysctl.conf
- sed -i '/net.ipv4.tcp_synack_retries/d' /etc/sysctl.conf
- echo -e "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
- echo -e "net.ipv6.conf.all.forwarding = 1" >>/etc/sysctl.conf
- echo -e "net.ipv4.tcp_syn_retries = 5" >>/etc/sysctl.conf
- echo -e "net.ipv4.tcp_synack_retries = 5" >>/etc/sysctl.conf
- sysctl -p
现在让我们执行下面这两条命令看看效果吧
- > curl -s ip.sb
- 1.1.1.1 # 你的SS服务器IP
- > curl -s members.3322.org/dyndns/getip
- 2.2.2.2 # 你的实际IP
如一切无误,此时gotun2socks已经开始正常工作,并且智能分流已成功实现。
如果局域网内的其他设备也想实现智能分流,将网关和DNS设置为这台设备的IP地址即可。
后话
其实这个方法,不仅可以部署在你自己的Linux设备(包括支持运行OpenWRT/LEDE等固件的路由器)上,也可以部署到国内/国外的VPS上,玩的方法很多,看你怎么玩。
最后顺便吐槽一句,原作者埋下的坑,是真的多!
上一篇:魔改版oneindex
下一篇:一款基于Web的免费在线矢量图(SVG)编辑工具
友情链接