下面我将在树莓派上安装并配置hans, 下篇文章再介绍kcptun. 只要把树莓派设为默认网关, 局域网内所有设备科学上网.
ProTip: 首先使用手机3G流量, 开放Hotspot供电脑使用, 安装软件后即可停止.
我的补充说明:
在linux vps上。
git clone
ProTip: 首先使用手机3G流量, 开放Hotspot供电脑使用, 安装软件后即可停止.
How It Works
- GFW(iWiFi):
- allow: icmp,dns
- deny: all
- Server:
- eth0: 1.2.3.4
- tun0: 10.1.2.1
- RPi:
- eth0: 192.168.31.177
- tun0: 10.1.2.100
- Client:
- eth0: 192.168.31.102
Client(Firefox) -> RPi(ss-local&hans-client) -> GFW -> Server(ss-server&hans-server) -> Internet
Compile
$ wget https://github.com/friedrich/hans/archive/v0.4.4.tar.gz
$ tar xzf hans-0.4.4.tar.gz
$ cd hans-0.4.4
$ make
$ cp hans /usr/local/bin/
Run
$ hans
Hans - IP over ICMP version 0.4.4
RUN AS SERVER
hans -s network [-fvr] [-p password] [-u unprivileged_user] [-d tun_device] [-m reference_mtu] [-a ip]
RUN AS CLIENT
hans -c server [-fv] [-p password] [-u unprivileged_user] [-d tun_device] [-m reference_mtu] [-w polls]
ARGUMENTS
-s network Run as a server with the given network address for the virtual interface. Linux only!
-c server Connect to a server.
-f Run in foreground.
-v Print debug information.
-r Respond to ordinary pings. Only in server mode.
-p password Use a password.
-u username Set the user under which the program should run.
-d device Use the given tun device.
-m mtu Use this mtu to calculate the tunnel mtu.
The generated echo packets will not be bigger than this value.
Has to be the same on client and server. Defaults to 1500.
-w polls Number of echo requests the client sends to the server for polling.
0 disables polling. Defaults to 10.
-i Change the echo id for every echo request.
-q Change the echo sequence number for every echo request.
-a ip Try to get assigned the given tunnel ip address.
Systemd
Unit File
# /etc/systemd/system/hans.service
[Unit]
Description=IP over ICMP
After=network.target
[Service]
EnvironmentFile=/etc/default/hans
ExecStart=/usr/local/bin/hans $HANS_OPTS
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
Server Config
# /etc/default/hans
HANS_OPTS="-f -s 10.1.2.0 -p password"
Client Config
# /etc/default/hans
HANS_OPTS="-f -c 1.2.3.4 -p password"
Server Setup
$ systemctl daemon-reload
$ systemctl start hans.service
$ ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.1.2.1 P-t-P:10.1.2.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1467 Metric:1
RX packets:4629 errors:0 dropped:0 overruns:0 frame:0
TX packets:4620 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:622863 (608.2 KiB) TX bytes:3991862 (3.8 MiB)
Client Setup
$ systemctl daemon-reload
$ systemctl start hans.service
$ ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.1.2.100 P-t-P:10.1.2.100 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1467 Metric:1
RX packets:617 errors:0 dropped:0 overruns:0 frame:0
TX packets:641 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:441280 (430.9 KiB) TX bytes:93441 (91.2 KiB)
$ ping 10.1.2.1
PING 10.1.2.1 (10.1.2.1) 56(84) bytes of data.
64 bytes from 10.1.2.1: icmp_seq=1 ttl=64 time=145 ms
^C
Socks5 Setup
$ cat /etc/shadowsocks-libev/config.json
{
"server": "10.1.2.1",
"server_port": 8388,
"local_address": "0.0.0.0",
"local_port": 1080,
"password": "********",
"timeout": 60,
"method": "chacha20",
"auth": true
}
$ nc -v 10.1.2.1 8388
Connection to 10.1.2.1 8388 port [tcp/*] succeeded!
^C
$ systemctl start shadowsocks-libev-local@config
$ curl -x socks5h://127.0.0.1:1080 ifconfig.co
1.2.3.4
SSH Setup
# ~/.ssh/config
Host github.com
HostName github.com
ProxyCommand nc -x 192.168.31.177 %h %p
Default Gateway
Server
$ iptables -t nat -A POSTROUTING -o eth0 -s 10.1.2.0/24 -j MASQUERADE
RPi
$ ip route add 1.2.3.4 via 192.168.31.1 $ ip route add 0.0.0.0/1 via 10.1.2.1
$ ip route add 128.0.0.0/1 via 10.1.2.1
$ ip route
0.0.0.0/1 via 10.1.2.1 dev tun0
default via 192.168.31.1 dev wlan0
10.1.2.0/24 dev tun0 proto kernel scope link src 10.1.2.100
1.2.3.4 via 192.168.31.1 dev wlan0
128.0.0.0/1 via 10.1.2.1 dev tun0
$ host ifconfig.co
ifconfig.co has address 188.113.88.193
ifconfig.co has IPv6 address 2001:16d8:ee03::cafe:d00d
$ ip route get 188.113.88.193
188.113.88.193 via 10.1.2.1 dev tun0 src 10.1.2.100
cache
$ curl ifconfig.co
1.2.3.4
$ iptables -t nat -A POSTROUTING -o tun0 -s 192.168.31.0/24 -j MASQUERADE
Client
$ sudo route change default 192.168.31.177
$ sudo networksetup -setdnsservers Wi-Fi 8.8.8.8
$ host ifconfig.co
ifconfig.co has address 188.113.88.193
ifconfig.co has IPv6 address 2001:16d8:ee03::cafe:d00d
$ route get 188.113.88.193
route to: 188.113.88.193
destination: 188.113.88.193
gateway: 192.168.31.177
interface: en0
$ curl ifconfig.co
1.2.3.4
-----------我的补充说明:
在linux vps上。
git clone
https://github.com/friedrich/hans
cd hans
make
(会在当前目录下,生成可执行文件hans)
./hans -s 10.1.2.1 -p mypassword -r
会显示:
./hans: opened tunnel device: tun4
./hans: detaching from terminal
iptables -t nat -A POSTROUTING -s 10.1.2.1/24 -o eth0 -j MASQUERADE
服务器端搭建完成。
在客户机器mac上。
git clone
https://github.com/friedrich/hans
cd hans
make
(会在当前目录下,生成可执行文件hans)
sudo ./hans -c vps-public-ip -p
mypassword
sudo route delete default && sudo route add default 10.1.2.1 && sudo route add vps-public-ip 192.168.1.1 &&
sudo route add default 192.168.1.1 sudo networksetup -setdnsservers "Wi-Fi" 127.0.0.1
运行ss
Hans runs on Linux as a client and a server. It runs on Mac OS X, iPhone/iPod touch, FreeBSD, OpenBSD and Windows as a client only.
Is is inspired by icmptx and adds some features:
Browse the source and contribute on Github.
View the changelog.
To compile hans, unpack it and run "make":
Now you can run a proxy on the server or let it act as a router and use NAT to allow the clients to access the Internet.
On Windows you must run your command prompt as Administrator in order for hans to work.
from http://code.gerade.org/hans/
sudo ~/goproxy-by-snail007/proxy dns -S socks -T tcp -P 127.0.0.1:1080 -p :53
这样,即可用vpn程序Hans翻墙。
项目地址:https://github.com/friedrich/hans
(its fork:
https://github.com/vdveer/pingtunnel)
很类似的项目:
https://github.com/milesdevis/Icmp_tunnel (只能运行在linux桌面系统上)
-------------------------------------------
Hans 'IP over ICMP'
Hans makes it possible to tunnel IPv4 through ICMP echo packets, so you could call it a ping tunnel. This can be useful when you find yourself in the situation that your Internet access is firewalled, but pings are allowed.Hans runs on Linux as a client and a server. It runs on Mac OS X, iPhone/iPod touch, FreeBSD, OpenBSD and Windows as a client only.
Is is inspired by icmptx and adds some features:
Features
- Reliability: Hans works reliably in situations when the client is behind a firewall that allows only one echo reply per request.
- Security: Hans uses a challenge-response based login mechanism.
- Multiple clients: Hans currently supports up to 253 clients, which is the number of available IPs on the virtual subnet.
- Easy setup: Hans automatically assigns IP addresses.
Get Hans
Hans source. Hans Mac OS X binary. Hans Windows binary.Browse the source and contribute on Github.
View the changelog.
Use Hans
First, make sure you kernel supports tun devices. For Mac OS X you can get the drivers here. On Windows you have to install a tap device driver by downloading the Windows Installer of OpenVPN and selecting "TAP Virtual Ethernet Adapter" during the installation.To compile hans, unpack it and run "make":
tar -xzf hans-version.tar.gz
cd hans-version
make
To run as a server (as root):
./hans -s 10.1.2.0 -p password
This will create a new tun device and assign the IP
10.1.2.1 to it. Note that Hans can not receive echo requests on BSD
systems. Therefore the server only works on Linux.To run as a client (as root):
./hans -c server_address -p password
This will connect to the server at "server_addess", create a new tun device and assign an IP from the network 10.1.2.0/24 to it.Now you can run a proxy on the server or let it act as a router and use NAT to allow the clients to access the Internet.
On Windows you must run your command prompt as Administrator in order for hans to work.
from http://code.gerade.org/hans/
----------------------------------------
相关帖子:http://briteming.blogspot.com/2012/02/ping-tunnel.html