Total Pageviews

Tuesday 27 August 2019

利用全局代理程序:go-tun2socks-by-eycorsican翻墙

在mac机器上。

cd $GOPATH

go get -u -v github.com/eycorsican/go-tun2socks/cmd/tun2socks/


cd src/github.com/eycorsican/go-tun2socks/
make 
(在当前目录下,会生成build目录)
cd build
(可以看到build目录里面出现了一个可执行文件tun2socks)
 ./tun2socks -h 
 
sudo ./tun2socks -proxyServer 127.0.0.1:1080 -proxyType socks -tunAddr 10.255.0.2 -tunGw 10.255.0.1 -tunName tun1
(你的mac机器上,需开着纸飞机
在我的mac机器上,完整命令为:
sudo ~/go1.10.2/go/gopath/src/github.com/eycorsican/go-tun2socks/build/tun2socks -proxyServer 127.0.0.1:1080 -proxyType socks -tunAddr 10.255.0.2 -tunGw 10.255.0.1 -tunName tun1
 
sudo route delete default && sudo route add default 10.255.0.1 &&
sudo route add vps-public-ip 192.168.1.1 && sudo route add default 192.168.1.1 
 
sudo networksetup -setdnsservers "Wi-Fi" 127.0.0.1

cd ~/goproxy-by-snail007 && sudo ./proxy dns -S socks -T tcp -P 127.0.0.1:1080 -p :53 


 


然后,你的整台mac机器就处于翻墙状态了。


(如果运行了以上步骤后,还是翻墙失败,请重新运行dns proxy命令)






注意:运行命令:go get -u -v github.com/eycorsican/go-tun2socks/cmd/tun2socks/之后,在$GOBIN/


里面生成的可执行文件tun2socks是没用的。运行tun2socks -h ,可以看到其参数选项里面没有“-proxyServer”这一


项,所以我们可以删了它:rm -rf $GOBIN/tun2socks










项目地址:


https://github.com/eycorsican/go-tun2socks/


https://github.com/eycorsican/go-tun2socks/issues/30 




https://github.com/huang-ju/go-tun2socks, huang-ju的这个go-tun2socks在eycorsican的go-tun2socks


的基础上,添加了一些启动脚本。


(https://github.com/luckypoem/go-tun2socks-1)
https://github.com/Uhtred009/go-tun2socks-desktop 
----------------------
使用go-tun2socks转发TUN设备上的流量到本地的socks代理
Step1. 准备 socks5 代理
很多代理软件都支持暴露 socks5 协议。略。
Step2. 运行 tun2socks
构建 tun2socks:
git clone https://github.com/eycorsican/go-tun2socks
cd go-tun2socks && make

./build/tun2socks  -h
Usage of ./build/tun2socks:
  -blockOutsideDns
    	Prevent DNS leaks by blocking plaintext DNS queries going out through non-TUN interface (may require admin privileges) (Windows only)
  -loglevel string
    	Logging level. (debug, info, warn, error, none) (default "info")
  -proxyServer string
    	Proxy server address (default "1.2.3.4:1087")
  -proxyType string
    	Proxy handler type (default "socks")
  -tunAddr string
    	TUN interface address (default "10.255.0.2")
  -tunDns string
    	DNS resolvers for TUN interface (only need on Windows) (default "8.8.8.8,8.8.4.4")
  -tunGw string
    	TUN interface gateway (default "10.255.0.1")
  -tunMask string
    	TUN interface netmask, it should be a prefixlen (a number) for IPv6 address (default "255.255.255.0")
  -tunName string
    	TUN interface name (default "tun1")
  -tunPersist
    	Persist TUN interface after the program exits or the last open file descriptor is closed (Linux only)
  -udpTimeout duration
    	UDP session timeout (default 1m0s)
  -version
    	Print version

mv build/tun2socks /usr/local/bin/
# 运行 tun2socks
sudo tun2socks -loglevel debug -proxyServer 127.0.0.1:1080 -proxyType socks -tunAddr 10.255.0.2 -tunGw 10.255.0.1

# 查看 TUN 设备
ifconfig
...
utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet 10.255.0.2 --> 10.255.0.1 netmask 0xffffff00

Step3. 修改路由表,转发 TUN 设备上的流量
# 查看原始路由
sudo route -n get default
# 或者
netstat -nr

# 删除并配置新路由
sudo route delete default
sudo route add default 10.255.0.1
sudo route add vps-public-ip your-default-gateway-ip

# 恢复原始路由
# 停掉 tun2socks 之后,新添加的tun设备会自动删除,刚新添加的路由也会无效
sudo route add default your-default-gateway-ip

到这里,浏览器即使不配置代理,即直连模式也可以正常访问Google了。




----------





What's the difference with the original project


    

  • Add new features (listed below)
    • 

  • Optimize handlers (e.g. new TCP/UDP proxy handler)
    • 

  • Rewrite and remove some implementations
    • 




Main Features



Previous Features


    

  • Support both TCP and UDP
    • 

  • Support both IPv4 and IPv6
    • 

  • Support proxy handler: SOCKS5
    • 

  • ICMP echoing
    • 




New Features


    

  • Fake DNS (Fake IP range: 198.18.0.0/15)
    • 

  • Backend DNS (resolve non-TypeA query)
    • 

  • Hijack DNS (force the specific DNS to get a fake address)
    • 

  • Hosts mapping (e.g. localhost->127.0.0.1)
    • 

  • Web statistics monitor
    • 




Tun2socks Usage


Usage of tun2socks:
  -backendDNS string
     Backend DNS to resolve non-TypeA or non-ClassINET query (must support tcp) (default "8.8.8.8:53,8.8.4.4:53")
  -fakeDNS
     Enable fake DNS
  -fakeDNSAddr string
     Listen address of fake DNS (default ":53")
  -hijackDNS string
     Hijack the specific DNS query to get a fake ip, e.g. '*:53', '8.8.8.8:53,8.8.4.4:53'
  -hosts string
     DNS hosts mapping, e.g. 'example.com=1.1.1.1,example.net=2.2.2.2'
  -loglevel string
     Logging level [info, warning, error, debug, silent] (default "info")
  -monitor
     Enable session statistics monitor
  -monitorAddr string
     Listen address of session monitor, open in your browser to view statistics (default "localhost:6001")
  -proxyServer string
     Proxy server address
  -tunAddr string
     TUN interface address (default "240.0.0.2")
  -tunDNS string
     DNS resolvers for TUN interface (Windows Only) (default "8.8.8.8,8.8.4.4")
  -tunGw string
     TUN interface gateway (default "240.0.0.1")
  -tunMask string
     TUN interface netmask (default "255.255.255.0")
  -tunName string
     TUN interface name (default "utun0")
  -tunPersist
     Persist TUN interface after the program exits or the last open file descriptor is closed (Linux only)
  -udpTimeout duration
     UDP session timeout (default 30s)
  -version
     Show current version of tun2socks




How to Build



go-tun2socks is using cgo and go modules, thus a C compiler and GO version >= 1.13 are required.




git clone https://github.com/xjasonlyu/tun2socks.git
cd tun2socks && go mod download
make clean && make build
./bin/tun2socks -h





My Daily Using (Alpine Demo)



This project is running on my server as a second gateway, so my Apple TV and other devices could access the full internet and AD block function without complex configuration.



Here is my Running Environment


    

  • Linux alpine 4.19.79-0-virt (VM)
    • 

  • Proxy Server: 10.0.0.3
    • 

  • Alpine Address: 10.0.0.2
    • 

  • Router Gateway: 10.0.0.1
    • 

  • Apple TV Address: 10.0.0.120
    • 



This is my alpine tun2socks service file

Follow 3 Steps


    

  • Simply put this config in /etc/init.d/
    • 

  • Give it executable permission chmod +x tun2socks
    • 

  • Launch the service rc-service tun2socks start
    • 




Finally, all you need to do is modify your internet settings.



In this case, I just need configure my Apple TV internet settings from DHCP to Static, and change my gateway and DNS to 10.0.0.2.



Done!



Run




tun2socks -loglevel warning -tunName utun0 -proxyServer 1.2.3.4:1080 -monitor -monitorAddr 0.0.0.0:80 -fakeDNS -hosts localhost=127.0.0.1 -backendDNS 1.1.1.1:53,8.8.8.8:53





Note that the TUN device may have a different name, and it should be a different name on Windows unless you have renamed it, so make sure use ifconfigipconfig or ip addr to check it out.



Create TUN device and Configure Routing Table



Suppose your original gateway is 192.168.0.1. The proxy server address is 1.2.3.4.



The following commands will need root permissions.



macOS



The program will automatically create a TUN device for you on macOS. To show the created TUN device, use ifconfig.



Delete original gateway:




route delete default





Add our TUN interface as the default gateway:




route add default 240.0.0.1





Add a route for your proxy server to bypass the TUN interface:




route add 1.2.3.4/32 192.168.0.1





Linux



The program will not create the TUN device for you on Linux. You need to create the TUN device by yourself:




ip tuntap add mode tun dev tun1
ip addr add 240.0.0.1 dev tun1
ip link set dev tun1 up





Delete original gateway:




ip route del default





Add our TUN interface as the default gateway:




ip route add default via 240.0.0.1





Add a route for your proxy server to bypass the TUN interface:




ip route add 1.2.3.4/32 via 192.168.0.1





Windows



使用教程 - Tutorial in Chinese



To create a TUN device on Windows, you need Tap-windows, refer here for more information.



Add our TUN interface as the default gateway:




# Using 240.0.0.1 is not allowed on Windows, we use 10.0.0.1 instead
route add 0.0.0.0 mask 0.0.0.0 10.0.0.1 metric 6





Add a route for your proxy server to bypass the TUN interface:




route add 1.2.3.4 192.168.0.1 metric 5





This project is using lwIP



This project is using a modified version of lwIP, you can checkout this repo to find out what are the changes: https://github.com/eycorsican/lwip (original author)




------

convert tun data to socks5 proxy.

这是一个利用lwip将tun 解析成TCP或者UDP数据,并使用socks 发出去,所以可以用在android 和ios 上.

from  https://github.com/Evan2698/lwip2socks

这个编译android 和ios 吧。
你需要使用go get 将所有依赖拉下来,不能使用go mod,  然后用


gomobile bind -target=android -ldflags="-s -w" “[你的目录]/lwip2socks/mobile” 进行编译,其实这个基本上就是 https://github.com/eycorsican/go-tun2socks.git 这个人的代码,我修改了一下,然后编译测试一下。后续不怎么维护。


我现在用的是 https://github.com/Evan2698/MyChimney.git ,这里面的AAR 是 https://github.com/Evan2698/chimney-go.git 工程中代码编译的。后续我只维护这个,基本上就是自己用。


因为 gomobile 是不支持go mod 的,所以你依然还要用go get 获取所有依赖,然后使用
gomobile bind -target=android -ldflags="-s -w" /home/evan/GoWorks/src/chimney-go/tun4socks 就可以编译出来。 假设你是程序员。所以我就回复简单。

from  https://github.com/Evan2698/lwip2socks/issues/1#issuecomment-674392974


















Posted by



at



























Labels: