V2Ray

V2Ray Tun

// Pre-configuration
net.ipv4.ip_forward=1

// DNS config: /etc/systemd/resolved.conf
DNS=127.0.0.1

// tun.service
#!/bin/bash

while [ 1 ]
  
do
  sleep 5
  tun0_route=`ifconfig|grep -ci "tun0"`
  if [ $tun0_route -eq 0 ];then
  	ip link set tun0 up
  	ip addr add 198.18.0.1/15 dev tun0
    ip route add 91.108.56.0/22 via 198.18.0.1 dev tun0
    ip route add 91.108.4.0/22 via 198.18.0.1 dev tun0
    ip route add 91.108.8.0/22 via 198.18.0.1 dev tun0
    ip route add 91.108.16.0/22 via 198.18.0.1 dev tun0
    ip route add 91.108.12.0/22 via 198.18.0.1 dev tun0
    ip route add 149.154.160.0/20 via 198.18.0.1 dev tun0
    ip route add 91.105.192.0/23 via 198.18.0.1 dev tun0
    ip route add 91.108.20.0/22 via 198.18.0.1 dev tun0
    ip route add 185.76.151.0/24 via 198.18.0.1 dev tun0
  else
    sleep 600
  fi
done

服务器部署

安装apache2

apt install apache2
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_wstunnel
sudo a2enmod proxy_http
sudo a2enmod rewrite
sudo a2enmod headers

修改port、添加页面配置文件

安装v2ray

配置文件
证书文件

服务器安全组

443端口

V2ray命令请前往Linux常用命令/V2Ray

Tls Websocket转发v2ray代理

##Apache2 config
<VirtualHost *:443>

        ServerName vps.lado.online.
        ServerAlias vps.lado.online.
		DocumentRoot /var/www/

        SSLEngine On

		SSLCertificateFile /etc/v2ray/vps.lado.online_public.crt
		SSLCertificateKeyFile /etc/v2ray/vps.lado.online.key
		SSLCertificateChainFile /etc/v2ray/vps.lado.online_chain.crt
		
		RewriteEngine On
        RewriteCond %{HTTP:Upgrade} =websocket [NC]
        RewriteRule /vmess(.*)           ws://localhost:9527/$1 [P,L]
        RewriteCond %{HTTP:Upgrade} !=websocket [NC]
        RewriteRule /vmess(.*)           http://localhost:9527/$1 [P,L]

        ##Proxy to port 9527
        #Replace xxx.xxx.xxx.xxx with your servers IP adress or hostname
        #Replace yourCertname with your servers SSL certificate name
        #SSLProxyEngine On
        #Proxypass /ray http://127.0.0.1:9527
        #ProxyPassReverse /ray http://127.0.0.1:9527

</VirtualHost>

V2Ray iptables

## TUN interface
ip link set tun0 up
ip addr add 198.18.0.1/15 dev tun0

##clean
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z

iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z

##iptables list
iptables -t nat -L
iptables -t mangle -L

##service v2ray
service v2ray restart
service v2ray status

##persistent save
sudo netfilter-persistent save

## CIDR iptables
iptables -t nat -N V2RAY
iptables -t nat -A V2RAY -d 149.154.0.0/16 -p tcp -j REDIRECT --to-ports 9527
iptables -t nat -A V2RAY -d 91.108.0.0/16 -p tcp -j REDIRECT --to-ports 9527
iptables -t nat -A V2RAY -d 91.105.0.0/16 -p tcp -j REDIRECT --to-ports 9527
iptables -t nat -A V2RAY -d 185.76.0.0/16 -p tcp -j REDIRECT --to-ports 9527
iptables -t nat -A PREROUTING -p tcp -j V2RAY

#iptables -t nat -A V2RAY -s 10.0.0.128/25 -j RETURN
##TCP
iptables -t nat -N V2RAY
iptables -t nat -A V2RAY -d 127.0.0.1/8 -j RETURN
iptables -t nat -A V2RAY -d 255.255.255.255/32 -j RETURN
iptables -t nat -A V2RAY -d 10.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 9527
iptables -t nat -A PREROUTING -p tcp -j V2RAY

##eth (Not use)
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o enp3s0 -j MASQUERADE
##TCP origin (Not use)
iptables -t nat -N V2RAY
iptables -t nat -A V2RAY -d 10.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 9527
iptables -t nat -A PREROUTING -p tcp -j V2RAY

sniffing后才可以分流

PreviousACME NextKMS

Last updated 0 minutes ago