就当是笔记啦 ╮( ̄▽ ̄"")╭ 感谢 Project V 及其所有 contributors
下面的脚本唯一 assumed 的是服务器那边 v2ray 开启了 mKCP,具体 assumed 的 mKCP 配置如下
"streamSettings": { "tlsSettings": { "allowInsecure": true }, "security": "none", "kcpSettings": { "header": { "type": "srtp" }, "mtu": 1350, "congestion": true, "tti": 20, "uplinkCapacity": 100, "writeBufferSize": 1, "readBufferSize": 1, "downlinkCapacity": 200 }, "network": "kcp" },
要使用的话,要么改一下自己服务器那边的配置,要么就改一下下面脚本中高亮的部分即可~(总之保持一致就可以( ´▽`)
用法的话也很简单了,复制下面所有代码到 v2ray-tproxy.sh
(或者别的喜欢的文件名也行233333,之后自己替换一下下面的命令,让文件名跟你取的保持一致即可),
假设你的内网网段是 10.0.1.0/24
,v2ray 服务器 IP 是 1.2.3.4
,端口是 12345
,以及用户 ID 是 12345678-90ab-cdef-1234-567890abcdef
的话,那就执行如下命令~
# 以 root 用户执行下面所有的操作 sudo su # 从官方的脚本安装 v2ray bash <(curl -L -s https://install.direct/go.sh) # 复制后一段的代码到 ./v2ray-tproxy.sh # 然后赋予可执行权限 ./v2ray-tproxy.sh chmod +x ./v2ray-tproxy.sh # 设置 v2ray 透明代理 ./v2ray-tproxy.sh '10.0.1.0/24' '1.2.3.4' '12345' '12345678-90ab-cdef-1234-567890abcdef'
v2ray-tproxy.sh
的内容如下~
#!/bin/bash # Credits to v2ray project # This script is written by Cocoa <[email protected]> # And this script is based on https://toutyrater.github.io/app/tproxy.html, massive thanks # # Usage: # sudo ./v2ray-tproxy.sh CIDR局域网网段 服务器IP 服务器端口 用户ID # # Example: # sudo ./v2ray-tproxy.sh '10.0.1.0/24' '1.2.3.4' '12345' '12345678-90ab-cdef-1234-567890abcdef' function deploy_iptables_rules { echo "[INFO] Deploying iptables rules" ip rule add fwmark 1 table 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -N V2RAY iptables -t mangle -A V2RAY -d 127.0.0.1/32 -j RETURN iptables -t mangle -A V2RAY -d 224.0.0.0/4 -j RETURN iptables -t mangle -A V2RAY -d 255.255.255.255/32 -j RETURN # 直连局域网,避免 V2Ray 无法启动时无法连网关的 SSH iptables -t mangle -A V2RAY -d "$1" -p tcp -j RETURN # 直连局域网,53 端口除外, 因为要使用 V2Ray 的 iptables -t mangle -A V2RAY -d "$1" -p udp ! --dport 53 -j RETURN # 给 UDP 打标记 1,转发至 12345 端口 iptables -t mangle -A V2RAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1 # 给 TCP 打标记 1,转发至 12345 端口 iptables -t mangle -A V2RAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1 # 应用规则 iptables -t mangle -A PREROUTING -j V2RAY iptables -t mangle -N V2RAY_MASK iptables -t mangle -A V2RAY_MASK -d 224.0.0.0/4 -j RETURN iptables -t mangle -A V2RAY_MASK -d 255.255.255.255/32 -j RETURN # 直连局域网 iptables -t mangle -A V2RAY_MASK -d "$1" -p tcp -j RETURN # 直连局域网,53 端口除外, 因为要使用 V2Ray 的 DNS iptables -t mangle -A V2RAY_MASK -d "$1" -p udp ! --dport 53 -j RETURN # 直连 SO_MARK 为 0xff 的流量 (0xff 是 16 进制数,数值上等同与上面 V2Ray 配置的 255), 此规则目的是避免代理本机(网关)流量出现回环问题 iptables -t mangle -A V2RAY_MASK -j RETURN -m mark --mark 0xff # 给 UDP 打标记,重路由 iptables -t mangle -A V2RAY_MASK -p udp -j MARK --set-mark 1 # 给 TCP 打标记,重路由 iptables -t mangle -A V2RAY_MASK -p tcp -j MARK --set-mark 1 # 应用规则 iptables -t mangle -A OUTPUT -j V2RAY_MASK } function dump_iptables_rules { echo "[INFO] Dumping added iptables rules to /etc/iptables/rules.v4" mkdir -p /etc/iptables && iptables-save > /etc/iptables/rules.v4 } function set_autorestoring_iptables_rules_service { echo "[INFO] Adding systemd service for auto-restoring the added iptables rules" cat <<EOF >/etc/systemd/system/v2ray-iptables.service [Unit] Description=Tproxy rule After=network.target Wants=network.target [Service] Type=oneshot ExecStart=/sbin/ip rule add fwmark 1 table 100 ; /sbin/ip route add local 0.0.0.0/0 dev lo table 100 ; /sbin/iptables-restore /etc/iptables/rules.v4 [Install] WantedBy=multi-user.target EOF systemctl enable v2ray-iptables } function generate_v2ray_config { echo "[INFO] Generating v2ray config" cat <<EOF >/etc/v2ray/config.json { "inbounds": [ { "tag":"transparent", "port": 12345, "protocol": "dokodemo-door", "settings": { "network": "tcp,udp", "followRedirect": true }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "streamSettings": { "sockopt": { "tproxy": "tproxy" } } }, { "listen": "0.0.0.0", "port": 1080, "protocol": "socks", "sniffing": { "enabled": true, "destOverride": ["http", "tls"] }, "settings": { "auth": "noauth" } }, { "listen": "0.0.0.0", "protocol": "http", "settings": { "timeout": 360 }, "port": "1087" } ], "outbounds": [ { "streamSettings": { "tlsSettings": { "allowInsecure": true }, "security": "none", "kcpSettings": { "header": { "type": "srtp" }, "mtu": 1350, "congestion": true, "tti": 20, "uplinkCapacity": 100, "writeBufferSize": 1, "readBufferSize": 1, "downlinkCapacity": 200 }, "network": "kcp" }, "tag": "proxy", "protocol": "vmess", "settings": { "vnext": [ { "address": "$1", "port": $2, "users": [ { "id": "$3", "alterId": 64, "level": 1, "security": "auto" } ] } ] }, "streamSettings": { "sockopt": { "mark": 255 } }, "mux": { "enabled": false } }, { "tag": "direct", "protocol": "freedom", "settings": { "domainStrategy": "UseIP" }, "streamSettings": { "sockopt": { "mark": 255 } } }, { "tag": "block", "protocol": "blackhole", "settings": { "response": { "type": "http" } } }, { "tag": "dns-out", "protocol": "dns", "streamSettings": { "sockopt": { "mark": 255 } } } ], "dns": { "servers": [ "8.8.8.8", "1.1.1.1", "114.114.114.114", { "address": "223.5.5.5", "port": 53, "domains": [ "geosite:cn", "ntp.org" ] } ] }, "routing": { "domainStrategy": "IPOnDemand", "rules": [ { "type": "field", "inboundTag": [ "transparent" ], "port": 53, "network": "udp", "outboundTag": "dns-out" }, { "type": "field", "inboundTag": [ "transparent" ], "port": 123, "network": "udp", "outboundTag": "direct" }, { "type": "field", "ip": [ "223.5.5.5", "114.114.114.114" ], "outboundTag": "direct" }, { "type": "field", "ip": [ "8.8.8.8", "1.1.1.1" ], "outboundTag": "proxy" }, { "type": "field", "domain": [ "geosite:category-ads-all" ], "outboundTag": "block" }, { "type": "field", "protocol":["bittorrent"], "outboundTag": "direct" }, { "type": "field", "ip": [ "geoip:private", "geoip:cn" ], "outboundTag": "direct" }, { "type": "field", "domain": [ "geosite:cn" ], "outboundTag": "direct" } ] } } EOF } function modify_num_of_max_open_files { echo "[INFO] Setting number of max open files to 1000000" sed -i 's/Status=23/Status=23\nLimitNPROC=500\nLimitNOFILE=1000000\n' /etc/systemd/system/v2ray.service } function start_v2ray_transparent_proxy_service { echo "[INFO] Starting v2ray transparent proxy service" systemctl daemon-reload systemctl restart v2ray } function main { deploy_iptables_rules $1 dump_iptables_rules set_autorestoring_iptables_rules_service generate_v2ray_config $2 $3 $4 modify_num_of_max_open_files start_v2ray_transparent_proxy_service } # sudo ./v2ray-tproxy.sh '10.0.1.0/24' 1.2.3.4 12345 12345678-90ab-cdef-1234-567890abcdef main $1 $2 $3 $4