Total Pageviews

Friday, 12 May 2017

新的翻墙术:go-shadowsocks2


GoDoc at https://godoc.org/github.com/riobard/go-shadowsocks2/

Features

  • SOCKS5 proxy
  • Support for Netfilter TCP redirect (IPv6 should work but not tested)
  • UDP tunneling (e.g. relay DNS packets)
  • TCP tunneling (e.g. benchmark with iperf3)

Install

先安装go环境,然后
go get -u github.com/riobard/go-shadowsocks2

Basic Usage

Server

Start a server listening on port 8488 using AEAD_CHACHA20_POLY1305 AEAD cipher with password your-password。
go-shadowsocks2 -s ss://AEAD_CHACHA20_POLY1305:your-password@:8488

Client

先安装go环境,然后
go get -u -v github.com/riobard/go-shadowsocks2

Start a client connecting to the above server. The client listens on port 2080 for incoming SOCKS5 connections, and tunnels both UDP and TCP on port 8053 and port 8054 to 8.8.8.8:53 and 8.8.4.4:53 respectively.
go-shadowsocks2 -c ss://AEAD_CHACHA20_POLY1305:your-password@[server_ip_address]:8488 \
     -socks :2080 -udptun :8053=8.8.8.8:53,:8054=8.8.4.4:53 \
                           -tcptun :8053=8.8.8.8:53,:8054=8.8.4.4:53
Replace [server_ip_address] with your server's public address.
(上面在本地机器上运行的命令其实只要运行蓝色部分即可。然后设置本地机器的浏览器的socks5代理服务器为127.0.0.1:2080,浏览器即可翻墙)

(以上服务器部分的命令也可运行为:
go-shadowsocks2 -s ss://aes-256-cfb:your-password@:8489 ,不过此命令是运行
在前台的,容易退出,我们可利用systemd来让它运行在后台:
nano /etc/systemd/system/go-shadowsocks2.service
其内容为:
[Unit]
After=network.target

[Service]
ExecStart=/root/go/gopath/bin/go-shadowsocks2 -s ss://aes-256-cfb:my-password@:8489
Restart=always

[Install]
WantedBy=multi-user.target 
 
然后,
systemctl start go-shadowsocks2
systemctl enable go-shadowsocks2
 
这样,服务器端就搭建完成。 

在本地机器的ss客户端程序-纸飞机中,输入参数-
加密方式:aes-256-cfb ,密码:your-password ,地址:你的服务器的ip, 端口号:8489
然后设置本地机器的浏览器的socks5代理服务器为127.0.0.1:1080,浏览器即可翻墙)
 
(shadowsocks client for macOS:go-ss,
wget https://github.com/FTwOoO/go-shadowsocks-client/files/1799215/gsc.zip
unzip gsc.zip
会解压出一个可执行文件gsc.
./gsc --cipher "aes-256-cfb" --password your-password --c "your-server-ip:8489"

在mac的终端,运行以上命令后,会修改mac系统的代理,然后你用safari即可翻墙。若使用chrome+switchyomega, 然后在switchyomega的弹出菜单中选择“系统代理”,chrome即可翻墙。)

Advanced Usage

Use random keys instead of passwords

A random key is almost always better than a password. Generate a base64url-encoded 16-byte random key
go-shadowsocks2 -keygen 16
Start a server listening on port 8848 using AEAD_AES_128_GCM AEAD cipher with the key generated above.
go-shadowsocks2 -s :8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== -verbose
And the corresponding client to connect to it.
go-shadowsocks2 -c [server_address]:8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== -verbose

Netfilter TCP redirect (Linux only)

The client offers -redir and -redir6 (for IPv6) options to handle TCP connections redirected by Netfilter on Linux. The feature works similar to ss-redir from shadowsocks-libev.
Start a client listening on port 1082 for redirected TCP connections and port 1083 for redirected TCP IPv6 connections.
go-shadowsocks2 -c [server_address]:8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== \
    -redir :1082 -redir6 :1083

TCP tunneling

The client offers -tcptun [local_addr]:[local_port]=[remote_addr]:[remote_port] option to tunnel TCP. For example it can be used to proxy iperf3 for benchmarking.
Start iperf3 on the same machine with the server.
iperf3 -s
By default iperf3 listens on port 5201.
Start a client on the same machine with the server. The client listens on port 1090 for incoming connections and tunnels to localhost:5201 where iperf3 is listening.
go-shadowsocks2 -c [server_address]:8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== \
    -tcptun :1090=localhost:5201
Start iperf3 client to connect to the tunneld port instead
iperf3 -c localhost -p 1090
 
from https://github.com/riobard/go-shadowsocks2 
https://github.com/shadowsocks/go-shadowsocks2
 

https://github.com/riobard/go-shadowsocks2里面说:go环境需要至少为1.9版。但实际上,我在服务器和客户
机器上的go版本都是1.8,并无任何问题。
 

No comments:

Post a Comment