V2RAY内置一个dokodemo-door以便用户进行重定向,达到科学上网的目的。

然而,这种上网方式并不稳定,时常出现CPU爆满、内存溢出等的问题。

所以,这里不再使用dokodemo-door。

开始安装redsocks:

apt install redsocks #在开始之前请确保12345端口未被占用
Code language: PHP (php)

配置文件(/etc/redsocks.conf):

base { // debug: connection progress & client list on SIGUSR1 log_debug = off; // info: start and end of client session log_info = on; /* possible `log' values are: * stderr * "file:/path/to/file" * syslog:FACILITY facility is any of "daemon", "local0"..."local7" */ log = "syslog:daemon"; // detach from console daemon = on; /* Change uid, gid and root directory, these options require root * privilegies on startup. * Note, your chroot may requre /etc/localtime if you write log to syslog. * Log is opened before chroot & uid changing. */ user = redsocks; group = redsocks; // chroot = "/var/chroot"; /* possible `redirector' values are: * iptables - for Linux * ipf - for FreeBSD * pf - for OpenBSD * generic - some generic redirector that MAY work */ redirector = iptables; redsocks_conn_max = 10000; rlimit_nofile = 10240; } redsocks { /* `local_ip' defaults to 127.0.0.1 for security reasons, * use 0.0.0.0 if you want to listen on every interface. * `local_*' are used as port to redirect to. */ local_ip = 0.0.0.0; local_port = 12345; // `ip' and `port' are IP and tcp-port of proxy-server // You can also use hostname instead of IP, only one (random) // address of multihomed host will be used. ip = 192.168.21.1; port = 1080; // known types: socks4, socks5, http-connect, http-relay type = socks5; // login = "foobar"; // password = "baz"; }
Code language: PHP (php)

有时候连接会达到限制,而被强制关闭,以下是官方的说明文档:

base { // debug: connection progress log_debug = off; // info: start and end of client session log_info = on; /* possible `log' values are: * stderr * "file:/path/to/file" * syslog:FACILITY facility is any of "daemon", "local0"..."local7" */ log = stderr; // log = "file:/path/to/file"; // log = "syslog:local7"; // detach from console daemon = off; /* Change uid, gid and root directory, these options require root * privilegies on startup. * Note, your chroot may requre /etc/localtime if you write log to syslog. * Log is opened before chroot & uid changing. * Debian, Ubuntu and some other distributions use `nogroup` instead of * `nobody`, so change it according to your system if you want redsocks * to drop root privileges. */ // user = nobody; // group = nobody; // chroot = "/var/chroot"; /* possible `redirector' values are: * iptables - for Linux * ipf - for FreeBSD * pf - for OpenBSD * generic - some generic redirector that MAY work */ redirector = iptables; /* Override per-socket values for TCP_KEEPIDLE, TCP_KEEPCNT, * and TCP_KEEPINTVL. see man 7 tcp for details. * `redsocks' relies on SO_KEEPALIVE option heavily. */ //tcp_keepalive_time = 0; //tcp_keepalive_probes = 0; //tcp_keepalive_intvl = 0; // Every `redsocks` connection needs two file descriptors for sockets. // If `splice` is enabled, it also needs four file descriptors for // pipes. `redudp` is not accounted at the moment. When max number of // connection is reached, redsocks tries to close idle connections. If // there are no idle connections, it stops accept()'ing new // connections, although kernel continues to fill listenq. // Set maximum number of open file descriptors (also known as `ulimit -n`). // 0 -- do not modify startup limit (default) // rlimit_nofile = 0; // Set maximum number of served connections. Default is to deduce safe // limit from `splice` setting and RLIMIT_NOFILE. // redsocks_conn_max = 0; // Close connections idle for N seconds when/if connection count // limit is hit. // 0 -- do not close idle connections // 7440 -- 2 hours 4 minutes, see RFC 5382 (default) // connpres_idle_timeout = 7440; // `max_accept_backoff` is a delay in milliseconds to retry `accept()` // after failure (e.g. due to lack of file descriptors). It's just a // safety net for misconfigured `redsocks_conn_max`, you should tune // redsocks_conn_max if accept backoff happens. // max_accept_backoff = 60000; } redsocks { /* `local_ip' defaults to 127.0.0.1 for security reasons, * use 0.0.0.0 if you want to listen on every interface. * `local_*' are used as port to redirect to. */ local_ip = 127.0.0.1; local_port = 12345; // listen() queue length. Default value is SOMAXCONN and it should be // good enough for most of us. // listenq = 128; // SOMAXCONN equals 128 on my Linux box. // Enable or disable faster data pump based on splice(2) syscall. // Default value depends on your kernel version, true for 2.6.27.13+ // splice = false; // `ip' and `port' are IP and tcp-port of proxy-server // You can also use hostname instead of IP, only one (random) // address of multihomed host will be used. ip = example.org; port = 1080; // known types: socks4, socks5, http-connect, http-relay type = socks5; // login = "foobar"; // password = "baz"; // known ways to disclose client IP to the proxy: // false -- disclose nothing // http-connect supports: // X-Forwarded-For -- X-Forwarded-For: IP // Forwarded_ip -- Forwarded: for=IP # see RFC7239 // Forwarded_ipport -- Forwarded: for="IP:port" # see RFC7239 // disclose_src = false; // various ways to handle proxy failure // close -- just close connection (default) // forward_http_err -- forward HTTP error page from proxy as-is // on_proxy_fail = close; } redudp { // `local_ip' should not be 0.0.0.0 as it's also used for outgoing // packets that are sent as replies - and it should be fixed // if we want NAT to work properly. local_ip = 127.0.0.1; local_port = 10053; // `ip' and `port' of socks5 proxy server. ip = 10.0.0.1; port = 1080; login = username; password = pazzw0rd; // redsocks knows about two options while redirecting UDP packets at // linux: TPROXY and REDIRECT. TPROXY requires more complex routing // configuration and fresh kernel (>= 2.6.37 according to squid // developers[1]) but has hack-free way to get original destination // address, REDIRECT is easier to configure, but requires `dest_ip` and // `dest_port` to be set, limiting packet redirection to single // destination. // [1] http://wiki.squid-cache.org/Features/Tproxy4 dest_ip = 8.8.8.8; dest_port = 53; udp_timeout = 30; udp_timeout_stream = 180; } dnstc { // fake and really dumb DNS server that returns "truncated answer" to // every query via UDP, RFC-compliant resolver should repeat same query // via TCP in this case. local_ip = 127.0.0.1; local_port = 5300; } // you can add more `redsocks' and `redudp' sections if you need.
Code language: PHP (php)
分类: Linux

0 条评论

发表回复

Avatar placeholder

您的电子邮箱地址不会被公开。

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据