V2RAY 透明代理
各位大大好小弟买了NewWifi3 D2,刷了openwrt。 想建做一个V2RAY 透明代理。伺服器的运作正常, 手機也可以跟伺服器連上的。 但在Openwrt上,config 設定好了, 用curl -x socks5h://127.0.0.1:1080 google.com 能成功! 但行完個iptables script 就出唔到街!! 希望有高人指點一下!!
hostip2=`dig -t A +short myservername`
iptables -t nat -N V2RAY
iptables -t nat -A V2RAY -d 192.168.1.0/24 -j RETURN
iptables -t nat -A V2RAY -p tcp -j RETURN -m mark --mark 0xff
iptables -t nat -A V2RAY -d $hostip2 -j RETURN
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -p tcp -j V2RAY
iptables -t nat -A OUTPUT -p tcp -j V2RAY
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N V2RAY_MASK
iptables -t mangle -A V2RAY_MASK -d 192.168.1.0/24 -j RETURN
iptables -t mangle -A V2RAY_MASK -d $hostip2 -j RETURN
iptables -t mangle -A V2RAY_MASK -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -p udp -j V2RAY_MASK 尝试删除这 command
# iptables -t nat -A OUTPUT -p tcp -j V2RAY [i=s] 本帖最後由 harold 於 2019-11-4 17:52 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47638&ptid=7774]2#[/url] [i]kingwilliam[/i] [/b]
謝謝回覆, 刪了這句, 用curl -x socks5h://127.0.0.1:1080 google.com試, 是成功的
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
但見到個traceroute 唔係經v2ray 出街
都係唔得!!
root@NewWifi2:/etc/config/v2ray# nslookup yahoo.com
;; connection timed out; no servers could be reached
openwet v2raylog
access log
2019/11/04 09:38:50 tcp:127.0.0.1:51382 accepted tcp:google.com:80
Error Log
2019/11/04 09:41:47 [Info] [1233314671] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [3426222809] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:58180: use of closed network connection
2019/11/04 09:41:47 [Info] [1861001045] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:38624: use of closed network connection
2019/11/04 09:41:47 [Info] [1270780447] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [94799612] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:50145: use of closed network connection
2019/11/04 09:41:47 [Info] [4049665343] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [599269511] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [94799612] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [1914257993] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:58998: use of closed network connection
2019/11/04 09:41:47 [Info] [1914257993] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [2073637797] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:50168: use of closed network connection
2019/11/04 09:41:47 [Info] [1757298620] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:58208: use of closed network connection
2019/11/04 09:41:47 [Info] [2073637797] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [433643460] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:43714: use of closed network connection
2019/11/04 09:41:47 [Info] [1936823959] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:56221: use of closed network connection
2019/11/04 09:41:47 [Info] [433643460] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [1936823959] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [859169318] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:39749: use of closed network connection
2019/11/04 09:41:47 [Info] [859169318] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [2910144706] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [3391070210] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:52234: use of closed network connection
2019/11/04 09:41:47 [Info] [3391070210] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:48 [Info] [3417725582] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > context canceled v2ray 只處理 tcp和udp. 所以ping, traceroute 和pptp 這類是不會處理的。 [i=s] 本帖最後由 harold 於 2019-11-14 09:40 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47640&ptid=7774]4#[/url] [i]kingwilliam[/i] [/b]
即是當全局VPN 是無可能!!我本想放隻盒子上去睇!! 咁應該無行!
我依家socket5/HTTP 都無問題, 一落iptables , 連router的全死, 連DNS 都resolve 唔到!! 頭都痕!! 請問用ss-tproxy 啲啲會唔會簡單一啲 [i=s] 本帖最後由 kingwilliam 於 2019-11-6 11:37 編輯 [/i]
先分開 全局VPN 問題.
mytvsuper box 我都有用, 完全沒問題. 只要設定好 透明代理 就完成(但一定要有tcp和udp, 因mytv box 是用tcp https取data, udp取ntp, 如不能連接udp 123, 隻box就會停在黑畫面不停轉圈)
如你是tvb隻 mytv box帶上國內收看的話 有幾點要留意
760 大約 高峰6.5Mbit/s 平均700kbit/s
1080 大約 高峰8.5Mbit/s 平均900kbit/s
平均每 10秒取1次buffer
所以QoS只要保持到3Mbit/s 基本上一定流暢 [i=s] 本帖最後由 kingwilliam 於 2019-11-6 11:41 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47641&ptid=7774]5#[/url] [i]harold[/i] [/b]
再解答 為甚麼你"原先"的iptable一落就會死, 而抽起 "# iptables -t nat -A OUTPUT -p tcp -j V2RAY" 就正常.(利申, linux我也是半途出家, 有錯請包容)
iptables PREROUTING 是指有 packet 入來如何處理
iptables output 是指 系統本身, 如張自已也送上 v2ray, 就會形成 dead loop(在這例子)
所以 v2ray 留意幾點
1. v2ray 最基本是用來上網(tcp and udp)
2. 如想處理所有 protocol (即不只tcp udp, 還包括pptp ping traceroute 這類), 就要 vpn over v2ray
3. VPN over v2ray 要選tcp 或 udp 的vpn(所以不能用pptp, 因pptp要用GRE) [i=s] 本帖最後由 tomleehk 於 2019-11-5 10:23 編輯 [/i]
[quote]回復 kingwilliam
請問用ss-tproxy 啲啲會唔會簡單一啲
[size=2][color=#999999]harold 發表於 2019-11-5 09:16[/color] [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47641&ptid=7774][img]http://www.telecom-cafe.com/forum/images/common/back.gif[/img][/url][/size][/quote]
純經驗分享
openwrt + ss-client + iptables 做透明代理我試過喺work 嘅
當中亦喺ss-client設定 加上 iptables scripts
測試方法我用bt download去確定 udp 能轉發至 server
但因為無長期實際需要, 純研究性質, 無再深入研究及實踐 [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47642&ptid=7774]6#[/url] [i]kingwilliam[/i] [/b]
我好想用你個方法!!! 但我依家腦出血都唔明乜事!! [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47644&ptid=7774]8#[/url] [i]tomleehk[/i] [/b]
謝謝你的分享, 但我發現openwet 上SS 無obfs, 加上我要長期用!! 怕被封!! [i=s] 本帖最後由 harold 於 2019-11-14 09:37 編輯 [/i]
我依家懷疑緊係唔係我個dokodem-door 有錯, 能否指導一下!! 謝謝你們的付出!!
我己經建咗DNS-over-HTTPS, port 係5353, 但我又唔懂係v2ray轉!!
{
"log": {
"access": "/var/log/v2rayaccess.log",
"error": "/var/log/v2rayerror.log",
//"loglevel": "warning"
"loglevel": "debug"
},
"inbounds":
[
{
"tag":"transparent",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {"network": "tcp,udp","followRedirect": true},
"sniffing": {"enabled": true,"destOverride": ["http","tls"]},
"sockopt": {"mark": 255},
"streamSettings": {"sockopt": { "tproxy": "tproxy" }}
},
{
"port": 1081,
"protocol": "http",
"settings": {"network": "tcp,udp"},
"sockopt": {"mark": 255},
"sniffing": {"enabled": true,"destOverride": ["http", "tls"]}
}
//發現http,socks唔可以一齊行{
// "port": 1080,
// "protocol": "socks",
// "sniffing": {"enabled": true,"destOverride": ["http", "tls"]}
// }
],
"outbounds":[
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "server_address",
"port": 8080,
"users": [{"id": "uuid","level": 1,"alterId": 64,"security": "aes-128-gcm"}]
}
]
},
"streamSettings": {
"sockopt": {"mark": 255},
"network": "ws",
//"security": "true",
"security": "tls",
//"allowInsecure": true,
"tlsSettings": {"allowInsecure": true,"serverName": "server_address"},
"wsSettings": { "path": "/v2/" }
//"mux": {"enabled": true,"concurrency": 8}
},
"mux": {"enabled": true}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {"domainStrategy": "UseIP"},
"streamSettings": {"sockopt": {"mark": 255}}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {"response": {"type": "http"}}
},
{
"tag": "dns-out",
"protocol": "dns",
"streamSettings": {"sockopt": {"mark": 255}}
}
],
"dns": {
"servers": [
"8.8.8.8","1.1.1.1","114.114.114.114",
{
"address": "223.5.5.5",
"port": 53,
"domains": ["geosite:cn"]
}
]
},
// "outboundDetour": [
// {
// "protocol": "freedom",
// "settings": {},
// "tag": "direct"
// }
// ],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{"type": "field","inboundTag": ["transparent"],"port": 53,"network": "udp","outboundTag": "dns-out"},
{"type": "field","inboundTag": ["transparent"],"port": 123,"network": "udp","outboundTag": "direct"},
{"type": "field","ip": ["223.5.5.5","114.114.114.114"],"outboundTag": "direct"},
{"type": "field","ip": ["8.8.8.8","1.1.1.1"],"outboundTag": "proxy"},
{"type": "field","protocol":["bittorrent"],"outboundTag": "direct"},
{"type": "field","ip": ["geoip:private","geoip:cn"],"outboundTag": "direct" },
{"type": "field","domain": ["geosite:cn"],"outboundTag": "direct"},
{"type": "field","ip": ["192.168.1.0/24"],"outboundTag": "direct"}
]
}
} [i=s] 本帖最後由 harold 於 2019-11-5 14:07 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47643&ptid=7774]7#[/url] [i]kingwilliam[/i] [/b]
nslookup yahoo.com
;; connection timed out; no servers could be reached
Server log
2019/11/05 14:05:43 tcp:x.x.x.x:10408 accepted udp:8.8.8.8:53
Server side 見到DNS request, 都返唔到!
當我抽起啲句iptables -t mangle -A PREROUTING -p udp -j V2RAY_MASK
我就可以resolve 到個DNS!! :'( 求命吖!!
nslookup yahoo.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: yahoo.com
Address 1: 98.137.246.7 [i=s] 本帖最後由 kingwilliam 於 2019-11-5 16:47 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47647&ptid=7774]11#[/url] [i]harold[/i] [/b]
今晚才有空細看你的config, 看完再回覆你。
你的NewWifi3 D2,刷了openwrt。
1。還保留 port 53 dns嗎?
1a。如有可否port53轉到5301? [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47649&ptid=7774]13#[/url] [i]kingwilliam[/i] [/b]
有 [i=s] 本帖最後由 tomleehk 於 2019-11-5 18:25 編輯 [/i]
我當年Openwrt + ss-client udp轉發所用嘅script, 不知有無幫助[code]ip route add local default dev lo table 100
ip rule add fwmark 1 lookup 100
iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 1080 --tproxy-mark 0x01/0x01
iptables -t mangle -A SHADOWSOCKS_MARK -p udp --dport 53 -j MARK --set-mark 1
iptables -t mangle -I -d 127.0.0.0/24 -j RETURN
iptables -t mangle -I PREROUTING -d 192.168.0.0/16 -j RETURN
iptables -t mangle -I PREROUTING -d 10.42.0.0/16 -j RETURN
iptables -t mangle -I PREROUTING -d 0.0.0.0/8 -j RETURN
iptables -t mangle -I PREROUTING -d 10.0.0.0/8 -j RETURN
iptables -t mangle -I PREROUTING -d 172.16.0.0/12 -j RETURN
iptables -t mangle -I PREROUTING -d 224.0.0.0/4 -j RETURN
iptables -t mangle -I PREROUTING -d 240.0.0.0/4 -j RETURN
iptables -t mangle -I PREROUTING -d 169.254.0.0/16 -j RETURN
iptables -t mangle -I PREROUTING -d 255.255.0.0/8 -j RETURN
iptables -t mangle -A PREROUTING -j SHADOWSOCKS
iptables -t mangle -A PREROUTING -j SHADOWSOCKS
iptables -t mangle -A OUTPUT -j SHADOWSOCKS_MARK
[/code]其中 --on-port 1080, 1080 喺 ss-client 嘅 listening port
太耐無研究..而家唔記得d細節:dizzy: [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47651&ptid=7774]15#[/url] [i]tomleehk[/i] [/b]
謝謝你的分享,我用了這個script,dns 可過V2Ray ,但網頁都是直出。好頭痕。。。。 [i=s] 本帖最後由 tomleehk 於 2019-11-5 19:53 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47652&ptid=7774]16#[/url] [i]harold[/i] [/b]
我當年Openwrt + ss-client tcp轉發所用嘅script, 不知有無幫助[code]#!/bin/sh
#create a new chain named SHADOWSOCKS
iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
iptables -t nat -A SHADOWSOCKS -p tcp --dport 993 -j RETURN
# Ignore LANs IP address
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080
# Apply the rules
iptables -t nat -I PREROUTING -p tcp -j SHADOWSOCKS
[/code]其中
iptables -t nat -A SHADOWSOCKS -p tcp --dport 993 -j RETURN
--dport 993, 993 喺 server side 嘅listening port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080
--to-ports 1080 , 1080 喺 client side 嘅listening port
Good Luck !! V2ray 用唔到!!:'( [i=s] 本帖最後由 kingwilliam 於 2019-11-6 06:34 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47647&ptid=7774]11#[/url] [i]harold[/i] [/b]
*
*
*
以下config.json是跟你之前的config作了一些改動
!!!一定要修改openwrt內dns port到5301!!!
*
*
*
加入部份
<-- add by kingwilliam (有1項)
刪除部份
<-- disabled by kingwilliam (有7項)[code] {
"log": {
"access": "/var/log/v2rayaccess.log",
"error": "/var/log/v2rayerror.log",
//"loglevel": "warning"
"loglevel": "debug"
},
"inbounds": [
{
"tag":"transparent",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {"network": "tcp,udp","followRedirect": true},
"sniffing": {"enabled": true,"destOverride": ["http","tls"]}
// "sockopt": {"mark": 255} <-- disabled by kingwilliam
// "streamSettings": {"sockopt": { "tproxy": "tproxy" }} <-- disabled by kingwilliam
},
// dokodemo-door:53 <--- add by kingwilliam
{
"tag": "dns-in",
"port": 53,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1",
"port": 5301,
"network": "udp,tcp"
}
},
{
"port": 1081,
"protocol": "http",
"sniffing": {"enabled": true,"destOverride": ["http", "tls"]}
// "settings": {"network": "tcp,udp"}, <-- disabled by kingwilliam
// "sockopt": {"mark": 255}, <-- disabled by kingwilliam
},
{
"port": 1080,
"protocol": "socks",
"sniffing": {"enabled": true,"destOverride": ["http", "tls"]}
}
],
"outbounds":[
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "server_address",
"port": 8080,
"users": [{"id": "uuid","level": 1,"alterId": 64,"security": "aes-128-gcm"}]
}
]
},
"streamSettings": {
"sockopt": {"mark": 255},
"network": "ws",
//"security": "true",
"security": "tls",
//"allowInsecure": true,
"tlsSettings": {"allowInsecure": true,"serverName": "server_address"},
"wsSettings": { "path": "/v2/" }
//"mux": {"enabled": true,"concurrency": 8}
},
"mux": {"enabled": true}
},
{
"tag": "direct",
"protocol": "freedom",
// "settings": {"domainStrategy": "UseIP"}, <-- disabled by kingwilliam
"streamSettings": {"sockopt": {"mark": 255}}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {"response": {"type": "http"}}
},
{
"tag": "dns-out",
"protocol": "dns",
"streamSettings": {"sockopt": {"mark": 255}}
}
],
"dns": {
"servers": [
"8.8.8.8","1.1.1.1",
//,"114.114.114.114", <-- disabled by kingwilliam
{
"address": "223.5.5.5",
"port": 53,
"domains": ["geosite:cn","ntp.org","changip.com","amy.dns04.com"]
}
]
},
"routing": {
// "domainStrategy": "IPOnDemand", <-- disabled by kingwilliam
"rules": [
// {"type": "field","inboundTag": ["transparent"],"port": 53,"network": "udp","outboundTag": "dns-out"}, <-- disabled by kingwilliam
// dns route <- add by kingwilliam
{
"type": "field",
"inboundTag": "dns-in",
"outboundTag": "dns-out"
},
{"type": "field","inboundTag": ["transparent"],"port": 123,"network": "udp","outboundTag": "direct"},
{"type": "field","ip": ["223.5.5.5","114.114.114.114"],"outboundTag": "direct"},
{"type": "field","ip": ["8.8.8.8","1.1.1.1"],"outboundTag": "proxy"},
{"type": "field","protocol":["bittorrent"],"outboundTag": "direct"},
{"type": "field","ip": ["geoip:private","geoip:cn"],"outboundTag": "direct" },
{"type": "field","domain": ["geosite:cn"],"outboundTag": "direct"},
{"type": "field","ip": ["192.168.1.0/24"],"outboundTag": "direct"}
]
}
}[/code]*
*
*
iptables
加入部份
iptables -t mangle -A V2RAY_MARK -p udp --dport 53 -j RETURN
刪除部份
<-- disabled by kingwilliam (有1項)[code]hostip2=`dig -t A +short myservername`
iptables -t nat -N V2RAY
iptables -t nat -A V2RAY -d $hostip2 -j RETURN
iptables -t nat -A V2RAY -d 0.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 127.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 192.168.1.0/24 -j RETURN
iptables -t nat -A V2RAY -d 224.0.0.0/4 -j RETURN
iptables -t nat -A V2RAY -d 240.0.0.0/4 -j RETURN
iptables -t nat -A V2RAY -p tcp -j RETURN -m mark --mark 0xff
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -p tcp -j V2RAY
# iptables -t nat -A OUTPUT -p tcp -j V2RAY <-- disabled by kingwilliam
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N V2RAY_MASK
iptables -t mangle -A V2RAY_MASK -d $hostip2 -j RETURN
iptables -t mangle -A V2RAY_MASK -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A V2RAY_MASK -d 192.168.1.0/24 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY_MARK -p udp --dport 53 -j RETURN
iptables -t mangle -A V2RAY_MASK -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -p udp -j V2RAY_MASK[/code]*
*
*
[[[ 解說 ]]]
1。iptables 內的 mark0xff 等同 config.json 內的"sockopt": {"mark": 255}, 目的是識別 那個數據包是入, 那個數據包是出.
所以入的數據不用打mark (就是這原因 config.json 內所有inbound "sockopt": {"mark": 255} 都給刪除.
同一原因, outbound全都要保留
iptables -t nat -A V2RAY -p tcp -j RETURN -m mark --mark 0xff
意思是 tcp 有mark 255 就直連
2。你在routing內攔截udp 53, 好多人都在官網發問接近問題,所以我加入dokodemo-door:53, 同時在iptables 加入udp 53直連. 前題是openwrt dns port 一定要改走.
3。direct freedom 不用刻意用 "useip". 沒甚麼作為 所以給刪除
4。dns servers 內114. 不應同 1.1. 8.8. 放在同一層 所以給刪除
5。 routing 不需用 "ipondemand", 在你的設定看不到有需要 所以給刪除
6。inbounds socks同http 是可以共全的, 同時在 http "settings": {"network": "tcp,udp"} 也給我刪除.
以上改動希望可以幫到你, 如有問題請告知, 看看可否再調配 [i=s] 本帖最後由 harold 於 2019-11-5 22:54 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47655&ptid=7774]19#[/url] [i]kingwilliam[/i] [/b]
多謝你的無私詳細付出!!小弟萬分感激!
Openwrt 內的DNS 我在/etc/config/dhcp 內改了5301, 也用nslookup yahoo.com 127.0.0.1#5301 試用是可行的
nslookup yahoo.com 127.0.0.1#53
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: yahoo.com
Address 1: 98.137.246.8
nslookup yahoo.com 127.0.0.1#5301
Server: 127.0.0.1
Address: 127.0.0.1#5301
Name: yahoo.com
Address 1: 72.30.35.9
但行完個 script 都係resolve 唔到DNS, :'( !! 真的唔明在那裏出問題!!
nslookup yahoo.com 127.0.0.1#53
;; connection timed out; no servers could be reached
nslookup yahoo.com 127.0.0.1#5301
;; connection timed out; no servers could be reached [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47656&ptid=7774]20#[/url] [i]harold[/i] [/b]
V2ray config 都已update? 因加入了dokodemo 53 [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47642&ptid=7774]6#[/url] [i]kingwilliam[/i] [/b]
咁係唔係要udp 123 route去v2ray出。把direct改成proxy [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47657&ptid=7774]21#[/url] [i]kingwilliam[/i] [/b]
但行完iptable就resolve唔到DNS。 [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47657&ptid=7774]21#[/url] [i]kingwilliam[/i] [/b]
全部都跟了你的設定。R爆頭。。。 [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47660&ptid=7774]24#[/url] [i]harold[/i] [/b]
抱歉, 原來小了 routing dns
已在之前coding後補加入[code]// dns route <- add by kingwilliam
{
"type": "field",
"inboundTag": "dns-in",
"outboundTag": "dns-out"
}[/code]可再試試 [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47658&ptid=7774]22#[/url] [i]harold[/i] [/b]
其實 udp 123 只是 ntp (network time protocol) 影響不太大, routing 內的 udp 123, 可以刪除. [i=s] 本帖最後由 harold 於 2019-11-14 09:35 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47662&ptid=7774]26#[/url] [i]kingwilliam[/i] [/b]
成功了!! 我加了一句!!我好多謝你的耐心教導
iptables -t mangle -A V2RAY_MASK -d 127.0.0.1 -j RETURN
但我啲問題, 啲部Openwrt會放在國內用,主要來看電視合子!上下FB,IG,TG,WP!
這樣的設定,能否避免了DNS pollution嗎?dns over https 等於無用嗎?
我用 changeip 做 dynamic dns, 國內能可以用到嗎?
小弟多謝你的教導!! 真的開心都訓唔著!!
多謝大大!! 多謝各位的幫助!! [i=s] 本帖最後由 harold 於 2019-11-6 00:08 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47661&ptid=7774]25#[/url] [i]kingwilliam[/i] [/b]
謝謝你的努力!! 加咗啲句時得時唔得!!:'( [i=s] 本帖最後由 kingwilliam 於 2019-11-6 07:16 編輯 [/i]
[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47664&ptid=7774]28#[/url] [i]harold[/i] [/b]
在上面的iptables tcp同udp已追加四組subnet[code]iptables -t nat -A V2RAY -d 0.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 127.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 224.0.0.0/4 -j RETURN
iptables -t nat -A V2RAY -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 240.0.0.0/4 -j RETURN[/code]可再試試 [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=47663&ptid=7774]27#[/url] [i]harold[/i] [/b]
Q1: 主要來看MYTV 電視合子.
A1: 在 [url]http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&ptid=7774&pid=47642[/url] 有一些數據 如你要看mytv superbox, 寬頻下限要有3Mbit/s 有10Mbit/s最好(是翻牆後的速度)
Q2:要睇FB,IG,TG,WP
A2: 一定沒問題
Q3: dns over https 等於無用嗎?
A3: dns over v2ray 即等同 dns over https. 如你在openwrt已設定dns over https應已用不到
Q4: 這樣的設定,能否避免了DNS pollution嗎?
A4: 能
Q5: 我用 changeip 做 dynamic dns, 國內能可以用到嗎?
A5: 要試
頁:
[1]
2