V2RAY 透明代理

harold

各位大大好
小弟买了NewWifi3 D2,刷了openwrt。 想建做一个V2RAY 透明代理。伺服器的运作正常， 手機也可以跟伺服器連上的。 但在Openwrt上，config 設定好了， 用curl -x socks5h://127.0.0.1:1080 google.com 能成功！ 但行完個iptables script 就出唔到街！！ 希望有高人指點一下！！

hostip2=`dig -t A +short myservername`

iptables -t nat -N V2RAY
iptables -t nat -A V2RAY -d 192.168.1.0/24 -j RETURN
iptables -t nat -A V2RAY -p tcp -j RETURN -m mark --mark 0xff
iptables -t nat -A V2RAY -d $hostip2 -j RETURN
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -p tcp -j V2RAY
iptables -t nat -A OUTPUT -p tcp -j V2RAY


ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100

iptables -t mangle -N V2RAY_MASK
iptables -t mangle -A V2RAY_MASK -d 192.168.1.0/24 -j RETURN
iptables -t mangle -A V2RAY_MASK -d $hostip2 -j RETURN
iptables -t mangle -A V2RAY_MASK -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -p udp -j V2RAY_MASK

harold

回復 2# kingwilliam


    謝謝回覆， 刪了這句， 用curl -x socks5h://127.0.0.1:1080 google.com試， 是成功的
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

但見到個traceroute 唔係經v2ray 出街
都係唔得！！

root@NewWifi2:/etc/config/v2ray# nslookup yahoo.com
;; connection timed out; no servers could be reached


openwet v2raylog
access log

2019/11/04 09:38:50 tcp:127.0.0.1:51382 accepted tcp:google.com:80

Error Log
2019/11/04 09:41:47 [Info] [1233314671] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [3426222809] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:58180: use of closed network connection
2019/11/04 09:41:47 [Info] [1861001045] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:38624: use of closed network connection
2019/11/04 09:41:47 [Info] [1270780447] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [94799612] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:50145: use of closed network connection
2019/11/04 09:41:47 [Info] [4049665343] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [599269511] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [94799612] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [1914257993] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:58998: use of closed network connection
2019/11/04 09:41:47 [Info] [1914257993] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [2073637797] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:50168: use of closed network connection
2019/11/04 09:41:47 [Info] [1757298620] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:58208: use of closed network connection
2019/11/04 09:41:47 [Info] [2073637797] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [433643460] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:43714: use of closed network connection
2019/11/04 09:41:47 [Info] [1936823959] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:56221: use of closed network connection
2019/11/04 09:41:47 [Info] [433643460] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [1936823959] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [859169318] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:39749: use of closed network connection
2019/11/04 09:41:47 [Info] [859169318] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [2910144706] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [3391070210] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:52234: use of closed network connection
2019/11/04 09:41:47 [Info] [3391070210] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:48 [Info] [3417725582] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > context canceled

harold

回復 4# kingwilliam


    即是當全局VPN 是無可能!!我本想放隻盒子上去睇!! 咁應該無行!
我依家socket5/HTTP 都無問題, 一落iptables , 連router的全死, 連DNS 都resolve 唔到!! 頭都痕!! 請問用ss-tproxy 啲啲會唔會簡單一啲

harold

回復 6# kingwilliam


    我好想用你個方法!!! 但我依家腦出血都唔明乜事!!

harold

回復 8# tomleehk


    謝謝你的分享, 但我發現openwet 上SS 無obfs, 加上我要長期用!! 怕被封!!

harold

我依家懷疑緊係唔係我個dokodem-door 有錯, 能否指導一下!! 謝謝你們的付出!!

我己經建咗DNS-over-HTTPS, port 係5353, 但我又唔懂係v2ray轉!!

{
  "log": {
    "access": "/var/log/v2rayaccess.log",
    "error": "/var/log/v2rayerror.log",
    //"loglevel": "warning"
"loglevel": "debug"
},

"inbounds":
[
    {
      "tag":"transparent",
      "port": 12345,
      "protocol": "dokodemo-door",
      "settings": {"network": "tcp,udp","followRedirect": true},
      "sniffing": {"enabled": true,"destOverride": ["http","tls"]},
      "sockopt": {"mark": 255},
      "streamSettings": {"sockopt": { "tproxy": "tproxy" }}
    },
    {
      "port": 1081,
      "protocol": "http",
      "settings": {"network": "tcp,udp"},
      "sockopt": {"mark": 255},
      "sniffing": {"enabled": true,"destOverride": ["http", "tls"]}
    }
   //發現http,socks唔可以一齊行{
   //   "port": 1080,
   //   "protocol": "socks",
   //   "sniffing": {"enabled": true,"destOverride": ["http", "tls"]}
   // }
],

"outbounds":[
   {
   "tag": "proxy",
   "protocol": "vmess",
   "settings": {
     "vnext": [
       {
        "address": "server_address",
         "port": 8080,
         "users": [{"id": "uuid","level": 1,"alterId": 64,"security": "aes-128-gcm"}]
        }
              ]
               },

   "streamSettings": {
    "sockopt": {"mark": 255},
     "network": "ws",
        //"security": "true",
        "security": "tls",
        //"allowInsecure": true,
        "tlsSettings": {"allowInsecure": true,"serverName": "server_address"},
        "wsSettings": { "path": "/v2/" }
        //"mux": {"enabled": true,"concurrency": 8}
                      },
   "mux": {"enabled": true}
},
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {"domainStrategy": "UseIP"},
      "streamSettings": {"sockopt": {"mark": 255}}
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {"response": {"type": "http"}}
    },
    {
      "tag": "dns-out",
      "protocol": "dns",
      "streamSettings": {"sockopt": {"mark": 255}}
    }
  ],

"dns": {
    "servers": [
      "8.8.8.8","1.1.1.1","114.114.114.114",
      {
        "address": "223.5.5.5",
        "port": 53,
        "domains": ["geosite:cn"]
      }
    ]
        },

// "outboundDetour": [
//        {
//            "protocol": "freedom",
//            "settings": {},
//            "tag": "direct"
//        }
//    ],

"routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {"type": "field","inboundTag": ["transparent"],"port": 53,"network": "udp","outboundTag": "dns-out"},
      {"type": "field","inboundTag": ["transparent"],"port": 123,"network": "udp","outboundTag": "direct"},
      {"type": "field","ip": ["223.5.5.5","114.114.114.114"],"outboundTag": "direct"},
      {"type": "field","ip": ["8.8.8.8","1.1.1.1"],"outboundTag": "proxy"},
      {"type": "field","protocol":["bittorrent"],"outboundTag": "direct"},
      {"type": "field","ip": ["geoip:private","geoip:cn"],"outboundTag": "direct" },
      {"type": "field","domain": ["geosite:cn"],"outboundTag": "direct"},
      {"type": "field","ip": ["192.168.1.0/24"],"outboundTag": "direct"}
       ]
           }
}

harold

回復 7# kingwilliam
nslookup yahoo.com
;; connection timed out; no servers could be reached
Server log
2019/11/05 14:05:43 tcp:x.x.x.x:10408 accepted udp:8.8.8.8:53
Server side 見到DNS request, 都返唔到!
當我抽起啲句iptables -t mangle -A PREROUTING -p udp -j V2RAY_MASK

我就可以resolve 到個DNS!! 求命吖!!
nslookup yahoo.com
Server:                127.0.0.1
Address:        127.0.0.1#53

Name:      yahoo.com
Address 1: 98.137.246.7

harold

回復 13# kingwilliam


    有

harold

回復 15# tomleehk


    謝謝你的分享，我用了這個script,dns 可過V2Ray ，但網頁都是直出。好頭痕。。。。

harold

V2ray 用唔到！！

harold

回復 19# kingwilliam


   多謝你的無私詳細付出！！小弟萬分感激！
Openwrt 內的DNS 我在/etc/config/dhcp 內改了5301， 也用nslookup yahoo.com 127.0.0.1#5301 試用是可行的
nslookup yahoo.com 127.0.0.1#53
Server:         127.0.0.1
Address:        127.0.0.1#53
Name:      yahoo.com
Address 1: 98.137.246.8

nslookup yahoo.com 127.0.0.1#5301
Server:         127.0.0.1
Address:        127.0.0.1#5301
Name:      yahoo.com
Address 1: 72.30.35.9

但行完個 script 都係resolve 唔到DNS， ！！ 真的唔明在那裏出問題！！
nslookup yahoo.com 127.0.0.1#53
;; connection timed out; no servers could be reached

nslookup yahoo.com 127.0.0.1#5301
;; connection timed out; no servers could be reached

harold

回復 6# kingwilliam

咁係唔係要udp 123 route去v2ray出。把direct改成proxy

harold

回復 21# kingwilliam

但行完iptable就resolve唔到DNS。

harold

回復 21# kingwilliam


    全部都跟了你的設定。R爆頭。。。

harold

回復 26# kingwilliam


   成功了！！ 我加了一句！！我好多謝你的耐心教導
iptables -t mangle -A V2RAY_MASK -d 127.0.0.1 -j RETURN

但我啲問題， 啲部Openwrt會放在國內用，主要來看電視合子！上下FB，IG，TG，WP！
這樣的設定，能否避免了DNS pollution嗎？dns over https 等於無用嗎？
我用 changeip 做 dynamic dns, 國內能可以用到嗎？

小弟多謝你的教導！！ 真的開心都訓唔著！！
多謝大大！！ 多謝各位的幫助！！