1234
返回列表 發帖
harold

Rank: 1
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2019-11-4 16:33 | 只看該作者

V2RAY 透明代理

各位大大好
小弟买了NewWifi3 D2,刷了openwrt。 想建做一个V2RAY 透明代理。伺服器的运作正常, 手機也可以跟伺服器連上的。 但在Openwrt上,config 設定好了, 用curl -x socks5h://127.0.0.1:1080 google.com 能成功! 但行完個iptables script 就出唔到街!! 希望有高人指點一下!!

hostip2=`dig -t A +short myservername`

iptables -t nat -N V2RAY
iptables -t nat -A V2RAY -d 192.168.1.0/24 -j RETURN
iptables -t nat -A V2RAY -p tcp -j RETURN -m mark --mark 0xff
iptables -t nat -A V2RAY -d $hostip2 -j RETURN
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -p tcp -j V2RAY
iptables -t nat -A OUTPUT -p tcp -j V2RAY


ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100

iptables -t mangle -N V2RAY_MASK
iptables -t mangle -A V2RAY_MASK -d 192.168.1.0/24 -j RETURN
iptables -t mangle -A V2RAY_MASK -d $hostip2 -j RETURN
iptables -t mangle -A V2RAY_MASK -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -p udp -j V2RAY_MASK
收藏 分享

kingwilliam

Rank: 1
2#
發表於 2019-11-4 17:26 | 只看該作者
尝试删除这 command

# iptables -t nat -A OUTPUT -p tcp -j V2RAY

TOP

harold

Rank: 1
3#
發表於 2019-11-4 17:50 | 只看該作者
本帖最後由 harold 於 2019-11-4 17:52 編輯

回復 2# kingwilliam


    謝謝回覆, 刪了這句, 用curl -x socks5h://127.0.0.1:1080 google.com試, 是成功的
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

但見到個traceroute 唔係經v2ray 出街
都係唔得!!

root@NewWifi2:/etc/config/v2ray# nslookup yahoo.com
;; connection timed out; no servers could be reached


openwet v2raylog
access log

2019/11/04 09:38:50 tcp:127.0.0.1:51382 accepted tcp:google.com:80

Error Log
2019/11/04 09:41:47 [Info] [1233314671] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [3426222809] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:58180: use of closed network connection
2019/11/04 09:41:47 [Info] [1861001045] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:38624: use of closed network connection
2019/11/04 09:41:47 [Info] [1270780447] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [94799612] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:50145: use of closed network connection
2019/11/04 09:41:47 [Info] [4049665343] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [599269511] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [94799612] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [1914257993] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:58998: use of closed network connection
2019/11/04 09:41:47 [Info] [1914257993] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [2073637797] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:50168: use of closed network connection
2019/11/04 09:41:47 [Info] [1757298620] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:58208: use of closed network connection
2019/11/04 09:41:47 [Info] [2073637797] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [433643460] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:43714: use of closed network connection
2019/11/04 09:41:47 [Info] [1936823959] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:56221: use of closed network connection
2019/11/04 09:41:47 [Info] [433643460] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [1936823959] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [859169318] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:39749: use of closed network connection
2019/11/04 09:41:47 [Info] [859169318] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [2910144706] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:47 [Info] [3391070210] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/dns: connection ends > read udp [::]:52234: use of closed network connection
2019/11/04 09:41:47 [Info] [3391070210] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2019/11/04 09:41:48 [Info] [3417725582] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > context canceled

TOP

kingwilliam

Rank: 1
4#
發表於 2019-11-5 07:20 | 只看該作者
v2ray 只處理 tcp和udp. 所以ping, traceroute 和pptp 這類是不會處理的。

TOP

harold

Rank: 1
5#
發表於 2019-11-5 09:16 | 只看該作者
本帖最後由 harold 於 2019-11-14 09:40 編輯

回復 4# kingwilliam


    即是當全局VPN 是無可能!!我本想放隻盒子上去睇!! 咁應該無行!
我依家socket5/HTTP 都無問題, 一落iptables , 連router的全死, 連DNS 都resolve 唔到!! 頭都痕!! 請問用ss-tproxy 啲啲會唔會簡單一啲

TOP

kingwilliam

Rank: 1
6#
發表於 2019-11-5 09:48 | 只看該作者
本帖最後由 kingwilliam 於 2019-11-6 11:37 編輯

先分開 全局VPN 問題.

mytvsuper box 我都有用, 完全沒問題. 只要設定好 透明代理 就完成(但一定要有tcp和udp, 因mytv box 是用tcp https取data, udp取ntp, 如不能連接udp 123, 隻box就會停在黑畫面不停轉圈)

如你是tvb隻 mytv box帶上國內收看的話 有幾點要留意
760 大約 高峰6.5Mbit/s 平均700kbit/s
1080 大約 高峰8.5Mbit/s 平均900kbit/s
平均每 10秒取1次buffer
所以QoS只要保持到3Mbit/s 基本上一定流暢

TOP

kingwilliam

Rank: 1
7#
發表於 2019-11-5 09:56 | 只看該作者
本帖最後由 kingwilliam 於 2019-11-6 11:41 編輯

回復 5# harold

再解答 為甚麼你"原先"的iptable一落就會死, 而抽起 "# iptables -t nat -A OUTPUT -p tcp -j V2RAY" 就正常.(利申, linux我也是半途出家, 有錯請包容)

iptables PREROUTING 是指有 packet 入來如何處理
iptables output 是指 系統本身, 如張自已也送上 v2ray, 就會形成 dead loop(在這例子)

所以 v2ray 留意幾點
1. v2ray 最基本是用來上網(tcp and udp)
2. 如想處理所有 protocol (即不只tcp udp, 還包括pptp ping traceroute 這類), 就要 vpn over v2ray
3. VPN over v2ray 要選tcp 或 udp 的vpn(所以不能用pptp, 因pptp要用GRE)

TOP

tomleehk

Rank: 1
8#
發表於 2019-11-5 10:10 | 只看該作者
本帖最後由 tomleehk 於 2019-11-5 10:23 編輯
回復  kingwilliam

請問用ss-tproxy 啲啲會唔會簡單一啲

harold 發表於 2019-11-5 09:16



   
純經驗分享

openwrt + ss-client + iptables 做透明代理我試過喺work 嘅
當中亦喺ss-client設定 加上 iptables scripts

測試方法我用bt download去確定 udp 能轉發至 server

但因為無長期實際需要, 純研究性質, 無再深入研究及實踐

TOP

harold

Rank: 1
9#
發表於 2019-11-5 13:52 | 只看該作者
回復 6# kingwilliam


    我好想用你個方法!!! 但我依家腦出血都唔明乜事!!

TOP

harold

Rank: 1
10#
發表於 2019-11-5 13:54 | 只看該作者
回復 8# tomleehk


    謝謝你的分享, 但我發現openwet 上SS 無obfs, 加上我要長期用!! 怕被封!!

TOP

harold

Rank: 1
11#
發表於 2019-11-5 13:58 | 只看該作者
本帖最後由 harold 於 2019-11-14 09:37 編輯

我依家懷疑緊係唔係我個dokodem-door 有錯, 能否指導一下!! 謝謝你們的付出!!

我己經建咗DNS-over-HTTPS, port 係5353, 但我又唔懂係v2ray轉!!

{
  "log": {
    "access": "/var/log/v2rayaccess.log",
    "error": "/var/log/v2rayerror.log",
    //"loglevel": "warning"
"loglevel": "debug"
},

"inbounds":
[
    {
      "tag":"transparent",
      "port": 12345,
      "protocol": "dokodemo-door",
      "settings": {"network": "tcp,udp","followRedirect": true},
      "sniffing": {"enabled": true,"destOverride": ["http","tls"]},
      "sockopt": {"mark": 255},
      "streamSettings": {"sockopt": { "tproxy": "tproxy" }}
    },
    {
      "port": 1081,
      "protocol": "http",
      "settings": {"network": "tcp,udp"},
      "sockopt": {"mark": 255},
      "sniffing": {"enabled": true,"destOverride": ["http", "tls"]}
    }
   //發現http,socks唔可以一齊行{
   //   "port": 1080,
   //   "protocol": "socks",
   //   "sniffing": {"enabled": true,"destOverride": ["http", "tls"]}
   // }
],

"outbounds":[
   {
   "tag": "proxy",
   "protocol": "vmess",
   "settings": {
     "vnext": [
       {
        "address": "server_address",
         "port": 8080,
         "users": [{"id": "uuid","level": 1,"alterId": 64,"security": "aes-128-gcm"}]
        }
              ]
               },

   "streamSettings": {
    "sockopt": {"mark": 255},
     "network": "ws",
        //"security": "true",
        "security": "tls",
        //"allowInsecure": true,
        "tlsSettings": {"allowInsecure": true,"serverName": "server_address"},
        "wsSettings": { "path": "/v2/" }
        //"mux": {"enabled": true,"concurrency": 8}
                      },
   "mux": {"enabled": true}
},
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {"domainStrategy": "UseIP"},
      "streamSettings": {"sockopt": {"mark": 255}}
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {"response": {"type": "http"}}
    },
    {
      "tag": "dns-out",
      "protocol": "dns",
      "streamSettings": {"sockopt": {"mark": 255}}
    }
  ],

"dns": {
    "servers": [
      "8.8.8.8","1.1.1.1","114.114.114.114",
      {
        "address": "223.5.5.5",
        "port": 53,
        "domains": ["geosite:cn"]
      }
    ]
        },

// "outboundDetour": [
//        {
//            "protocol": "freedom",
//            "settings": {},
//            "tag": "direct"
//        }
//    ],

"routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {"type": "field","inboundTag": ["transparent"],"port": 53,"network": "udp","outboundTag": "dns-out"},
      {"type": "field","inboundTag": ["transparent"],"port": 123,"network": "udp","outboundTag": "direct"},
      {"type": "field","ip": ["223.5.5.5","114.114.114.114"],"outboundTag": "direct"},
      {"type": "field","ip": ["8.8.8.8","1.1.1.1"],"outboundTag": "proxy"},
      {"type": "field","protocol":["bittorrent"],"outboundTag": "direct"},
      {"type": "field","ip": ["geoip:private","geoip:cn"],"outboundTag": "direct" },
      {"type": "field","domain": ["geosite:cn"],"outboundTag": "direct"},
      {"type": "field","ip": ["192.168.1.0/24"],"outboundTag": "direct"}
       ]
           }
}

TOP

harold

Rank: 1
12#
發表於 2019-11-5 14:02 | 只看該作者
本帖最後由 harold 於 2019-11-5 14:07 編輯

回復 7# kingwilliam
nslookup yahoo.com
;; connection timed out; no servers could be reached
Server log
2019/11/05 14:05:43 tcp:x.x.x.x:10408 accepted udp:8.8.8.8:53
Server side 見到DNS request, 都返唔到!
當我抽起啲句iptables -t mangle -A PREROUTING -p udp -j V2RAY_MASK

我就可以resolve 到個DNS!! 求命吖!!
nslookup yahoo.com
Server:                127.0.0.1
Address:        127.0.0.1#53

Name:      yahoo.com
Address 1: 98.137.246.7

TOP

kingwilliam

Rank: 1
13#
發表於 2019-11-5 16:23 | 只看該作者
本帖最後由 kingwilliam 於 2019-11-5 16:47 編輯

回復 11# harold

今晚才有空細看你的config, 看完再回覆你。

你的NewWifi3 D2,刷了openwrt。
1。還保留 port 53 dns嗎?
1a。如有可否port53轉到5301?

TOP

harold

Rank: 1
14#
發表於 2019-11-5 16:47 | 只看該作者
回復 13# kingwilliam


    有

TOP

tomleehk

Rank: 1
15#
發表於 2019-11-5 16:54 | 只看該作者
本帖最後由 tomleehk 於 2019-11-5 18:25 編輯

我當年Openwrt + ss-client udp轉發所用嘅script, 不知有無幫助
  1. ip route add local default dev lo table 100
  2. ip rule add fwmark 1 lookup 100
  3. iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 1080 --tproxy-mark 0x01/0x01
  4. iptables -t mangle -A SHADOWSOCKS_MARK -p udp --dport 53 -j MARK --set-mark 1

  6. iptables -t mangle -I  -d 127.0.0.0/24 -j RETURN  
  7. iptables -t mangle -I PREROUTING -d 192.168.0.0/16 -j RETURN  
  8. iptables -t mangle -I PREROUTING -d 10.42.0.0/16 -j RETURN  
  9. iptables -t mangle -I PREROUTING -d 0.0.0.0/8 -j RETURN  
  10. iptables -t mangle -I PREROUTING -d 10.0.0.0/8 -j RETURN  
  11. iptables -t mangle -I PREROUTING -d 172.16.0.0/12 -j RETURN  
  12. iptables -t mangle -I PREROUTING -d 224.0.0.0/4 -j RETURN  
  13. iptables -t mangle -I PREROUTING -d 240.0.0.0/4 -j RETURN  
  14. iptables -t mangle -I PREROUTING -d 169.254.0.0/16 -j RETURN  
  15. iptables -t mangle -I PREROUTING -d 255.255.0.0/8 -j RETURN

  17. iptables -t mangle -A PREROUTING -j SHADOWSOCKS
  18. iptables -t mangle -A PREROUTING -j SHADOWSOCKS
  19. iptables -t mangle -A OUTPUT -j SHADOWSOCKS_MARK
複製代碼
其中  --on-port 1080, 1080 喺 ss-client 嘅 listening port

太耐無研究..而家唔記得d細節

TOP

1234
返回列表