Linux环境ShadowSocks代理

linux

shadowsockr-python

下载

shadowsocksr

1
git clone https://github.com/showzeng/shadowsocksr

配置

修改配置文件config.json,其中如果需要允许来自局域网的连接,需要修改local_address0.0.0.0

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
    "server": "0.0.0.0",
    "server_ipv6": "::",
    "server_port": 8388,
    "local_address": "127.0.0.1",
    "local_port": 1080,

    "password": "m",
    "method": "aes-128-ctr",
    "protocol": "auth_aes128_md5",
    "protocol_param": "",
    "obfs": "tls1.2_ticket_auth_compatible",
    "obfs_param": "",
    "speed_limit_per_con": 0,
    "speed_limit_per_user": 0,

    "additional_ports" : {}, 
    "additional_ports_only" : false, 
    "timeout": 120,
    "udp_timeout": 60,
    "dns_ipv6": false,
    "connect_verbose_info": 0,
    "redirect": "",
    "fast_open": false
}

修改启动配置中的安装路径:

1
2
eval $(ps -ef | grep -v grep | grep local.py | awk '{ print "kill -9 " $2 }')
nohup python /usr/soft/shadowsocksr/shadowsocks/local.py -c /usr/soft/shadowsocksr/config.json >> /usr/soft/shadowsocksr/shadowsocks/ssserver.log 2>&1 &

执行脚本授权:

1
chmod 755 runssr stopssr

启动

1
./runssr

停止

1
./stopssr

shadowsock-go

下载

github

shadowsocks-client

安装

1
2
3
gunzip shadowsocks-local-linux64-1.1.5.gz
chmod 755 shadowsocks-local-linux64-1.1.5
./shadowsocks-local-linux64-1.1.5 -c config.json

ssr-helper

介绍

ssr-helper是基于node-js的一个命令行界面的ShadowsocksR助手工具。本地可维持了一个SSR服务器列表,并可从中选择服务器使用ShadowosocksR的Python本地客户端连接,且该列表基于分组和备注,易于管理;提供了完善的SSR订阅功能支持。

ssr-helper

安装

nodejs安装

1
2
3
4
yum install epel-release -y
yum install nodejs -y
node --version
npm --version

ssr-helper安装

1
npm install -g ssr-helper

开启TCP FastOpen

ssr-helper默认开启TCP FastOpen(查看源码发现ssr-helper开启TCP FastOpen的设置是写死的,不能通过配置文件关闭TCP FastOpen),如果Linux没有开启TCP FastOpen,会导致shadowsocksr网络连接失败:Connection test failed

临时开启TCP FastOpen,重启后失效:

1
echo 3 > /proc/sys/net/ipv4/tcp_fastopen

永久开启TCP FastOpen,重启后依然有效:

1
2
vim /etc/sysctl.conf
net.ipv4.tcp_fastopen = 3

依赖配置

1
2
3
git clone -b manyuser https://github.com/shadowsocksr-backup/shadowsocksr.git
// 将ssr客户端路径配置到ssr-helper
ssr config /usr/soft/shadowsocksr

其他配置

端口号和是否允许来自局域网的连接的配置在配置文件~/.config/ssr-helper-nodejs/local.json中,修改local.json配置后重新选择节点使配置生效。

1
2
3
4
5
6
{
    "local_address": "127.0.0.1",
    "local_port": 1080,
    "timeout": 300,
    "workers": 1
}

命令行使用

终端下运行 ssr 即可看到欢迎界面 以下仅对常用命令做以介绍,详细的命令列表可运行 ssr help 查阅

  • ssr config [path] : 配置Python Client的路径,绝对路径
  • ssr add : 手动添加服务器,具备友好的界面
  • ssr add [uri] : 使用SSR URI手动添加服务器到列表
  • ssr connect : 选择服务器连接并设置为默认服务器,具备友好的界面
  • ssr ls : 显示服务器信息,具备友好的界面
  • ssr rm : 从列表删除服务器,具备友好的界面(注:删除后连接不会中断,需运行 connect 命令重新连接)
  • ssr edit : 编辑服务器信息,具备友好的界面
  • ssr local : 编辑SSR本地服务信息,编辑后需要重新连接生效
  • ssr start : ShadowsocksR Python Client Daemon的 - start 命令,启动连接,使用CLI配置的默认服务器
  • ssr restart : ShadowsocksR Python Client Daemon的 restart 命令,重新启动连接,使用CLI配置的默认服务器
  • ssr stop : ShadowsocksR Python Client Daemon的 - ssr stop 命令,停止服务,使用CLI配置的默认服务器
  • ssr status : 可查看 ShadowsocksR Python Client Daemon的 运行状态
  • ssr startup : 设置服务开机自启,仅在Systemd启动的Linux平台下有效
  • ssr unstartup : 关闭服务开机自启,仅在Systemd启动的Linux平台下有效
  • ssr delay : 测试服务器的延迟
  • ssr-subscribe add [url] : 添加新的SSR订阅地址
  • ssr-subscribe ls : 列出所有SSR订阅地址和他们的当前标号
  • ssr-subscribe rm [label] : 基于 ssr-subscribe ls 打印的标号删除SSR订阅地址
  • ssr-subscribe update : 从已添加的SSR订阅地址获取服务器信息

ProxyChains

介绍

ProxyChains是Linux下的代理工具。它可以使任何程序通过代理上网,允许TCP和DNS通过代理隧道,支持HTTP、SOCKS4和SOCKS5类型的代理服务器,并且可配置多个代理。ProxyChains通过一个用户定义的代理列表强制连接指定的应用程序,直接断开接收方和发送方的连接。

安装

proxychains-ng

1
2
3
4
./configure --prefix=/usr/soft/proxychains-4.13
make && make install
// 安装proxychains.conf配置文件
make install-config

配置

配置文件proxychains-4.13/etc/proxychains.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# proxychains.conf  VER 4.x
#
#        HTTP, SOCKS4a, SOCKS5 tunneling proxifier with DNS.


# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#
#dynamic_chain
#
# Dynamic - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
#
strict_chain
#
# Strict - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#
#round_robin_chain
#
# Round Robin - Each connection will be done via chained proxies
# of chain_len length
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped).
# the start of the current proxy chain is the proxy after the last
# proxy in the previously invoked proxy chain.
# if the end of the proxy chain is reached while looking for proxies
# start at the beginning again.
# otherwise EINTR is returned to the app
# These semantics are not guaranteed in a multithreaded environment.
#
#random_chain
#
# Random - Each connection will be done via random proxy
# (or proxy chain, see  chain_len) from the list.
# this option is good to test your IDS :)

# Make sense only if random_chain or round_robin_chain
#chain_len = 2

# Quiet mode (no output from library)
#quiet_mode

# Proxy DNS requests - no leak for DNS data
proxy_dns 

# set the class A subnet number to use for the internal remote DNS mapping
# we use the reserved 224.x.x.x range by default,
# if the proxified app does a DNS request, we will return an IP from that range.
# on further accesses to this ip we will send the saved DNS name to the proxy.
# in case some control-freak app checks the returned ip, and denies to 
# connect, you can use another subnet, e.g. 10.x.x.x or 127.x.x.x.
# of course you should make sure that the proxified app does not need
# *real* access to this subnet. 
# i.e. dont use the same subnet then in the localnet section
#remote_dns_subnet 127 
#remote_dns_subnet 10
remote_dns_subnet 224

# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000

### Examples for localnet exclusion
## localnet ranges will *not* use a proxy to connect.
## Exclude connections to 192.168.1.0/24 with port 80
# localnet 192.168.1.0:80/255.255.255.0

## Exclude connections to 192.168.100.0/24
# localnet 192.168.100.0/255.255.255.0

## Exclude connections to ANYwhere with port 80
# localnet 0.0.0.0:80/0.0.0.0

## RFC5735 Loopback address range
## if you enable this, you have to make sure remote_dns_subnet is not 127
## you'll need to enable it if you want to use an application that 
## connects to localhost.
# localnet 127.0.0.0/255.0.0.0

## RFC1918 Private Address Ranges
# localnet 10.0.0.0/255.0.0.0
# localnet 172.16.0.0/255.240.0.0
# localnet 192.168.0.0/255.255.0.0

# ProxyList format
#       type  ip  port [user pass]
#       (values separated by 'tab' or 'blank')
#
#       only numeric ipv4 addresses are valid
#
#
#        Examples:
#
#            	socks5	192.168.67.78	1080	lamer	secret
#		http	192.168.89.3	8080	justu	hidden
#	 	socks4	192.168.1.49	1080
#	        http	192.168.39.93	8080	
#		
#
#       proxy types: http, socks4, socks5
#        ( auth types supported: "basic"-http  "user/pass"-socks )
#
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5 	127.0.0.1 1080

proxychains-ng支持多种代理模式,默认strict_chain。

  • dynamic_chain:动态模式,按照代理列表顺序自动选取可用代理
  • strict_chain:严格模式,严格按照代理列表顺序使用代理,所有代理必须可用
  • round_robin_chain:轮询模式,自动跳过不可用代理
  • random_chain:随机模式,随机使用代理

proxychains-ng的添加代理服务器,只需将代理地址加入[ProxyList]中,例如:

1
2
3
[ProxyList]
socks5  127.0.0.1 1080
http    127.0.0.1 1080

使用

代理命令

1
./bin/proxychains4 curl www.google.com

代理bash

用proxychains4代理一个shell,在shell中执行的命令就会自动使用代理.

1
2
./bin/proxychains4 -q /bin/bash
curl www.google.com

添加别名

修改配置文件/etc/bashrc,添加别名配置:

1
2
alias proxy='/usr/soft/proxychains-4.13/bin/proxychains4'
alias proxybash='/usr/soft/proxychains-4.13/bin/proxychains4 -q /bin/bash'

然后执行命令source /etc/bashrc使配置生效。然后就可以使用刚刚自定义的别名来代理命令:

1
2
// 代理命令
proxy curl www.google.com
1
2
3
// 代理bash
proxybash
curl www.google.com

polipo

介绍

Shadowsocks使用socks5协议,而终端很多工具目前只支持http和https等协议,所以需要将socks5协议转换成http协议,然后为终端设置代理。

安装

1
2
3
4
5
yum install -y texi2html texinfo
git clone https://github.com/jech/polipo.git
cd polipo
make all
make install

配置

修改配置文件/opt/polipo/config

1
2
3
4
5
socksParentProxy = "127.0.0.1:1080"
socksProxyType = socks5

proxyAddress="0.0.0.0"
proxyPort=1081

启动

1
nohup /opt/polipo/polipo -c /opt/polipo/config &
>