NaiveProxy和V2Ray共存 Naive流量走Socks5代理进V2Ray 墙内CN域名和IP 路由到黑洞blackhole或WARP
需求
如果共享NaiveProxy梯子给朋友,万一朋友开了全局模式,把墙内的CN流量丢进来了,然后梯子又去访问墙内,那么墙就知道这是个梯子了。
所以需要把 墙内CN域名和IP 路由到黑洞blackhole或WARP
而NaiveProxy服务端没有路由功能。
思路
NaiveProxy出来的流量走Socks5代理进V2Ray, 然后利用V2Ray的路由功能分辨出CN的域名和IP, 并分流到黑洞blackhole或WARP.
NaiveProxy服务端(Caddy)
https://github.com/klzgrad/forwardproxy#other
upstream 参数可以指定流量的下一步出口
V2Ray设置inbound和路由
参考
https://www.v2ray.com/en/configuration/protocols/socks.html#inboundconfigurationobject
建立一个inbound为Socks5
具体实践
1. 先把V2Ray和NaiveProxy都搭好
V2Ray教程: https://zelikk.blogspot.com/2022/11/v2ray-vless-vmess-websocket-cdn-tls-caddy-v2.html
Naive教程: https://zelikk.blogspot.com/2022/11/naiveproxy-caddy-v2-vless-vmess-cdn.html
2. Naive服务端(Caddy)增加Socks5出口
修改Naive的Caddyfile, 添加一行
upstream socks5://127.0.0.1:1080
3. V2Ray添加Socks5入口inbound
编辑文件config.json在inbound段下面添加一段
注意跟在原有的这段后面要加个英文逗号,再写Socks5的部分。这是因为json的语法格式。
{"listen": "127.0.0.1","port": 1080,"protocol": "socks","sniffing": {"enabled": true,"destOverride": ["http","tls"]},"settings": {"auth": "noauth","udp": false}}
检查一下config.json文件格式有没有问题
/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json --test
像这样显示 Configuration OK. 说明格式是正确的。
4. 重启Naive服务端(Caddy)和V2Ray
service caddy restart
service v2ray restart检查一下各功能是否正常使用。
当通过Naive节点翻墙时,检查v2ray的日志中是否有记录。
5. 修改V2Ray的路由设置
这里的修改方法就和其它教程里v2ray设置路由的方法是一样的了。
我只举我自己的例子,让墙内CN域名和IP路由到WARP
{"type": "field","outboundTag": "socks5-warp","domain": ["geosite:cn"]},{"type": "field","outboundTag": "socks5-warp","ip": ["geoip:cn"]},
重启v2ray以后,测试效果。
后记
第2步和第3步,用的 1080 这个端口是互相对应的。如果你的VPS上这个端口已经被占用,那就换一个,两个地方要保持一致。也就是说Naive服务端(Caddy)从这个端口丢数据出来,V2Ray从这个端口接收。
--------
第5步,你如果粗暴一点就把tag设置为blocked, 然后在outbound那里tag为blocked的出口是黑洞blackhole.
--------
开Socks5的inbound时,使用的是"listen": "127.0.0.1" 所以这个端口没有对外。你可以使用 ping.pe 等工具测试一下Socks5的端口是不是在外部可以访问。
config.json文件示例
{"log": {"access": "/var/log/v2ray/access.log","error": "/var/log/v2ray/error.log","loglevel": "warning"},"inbounds": [{"listen": "127.0.0.1","port": 9877,"protocol": "vless","settings": {"clients": [{"id": "05b02aa-faa-447-bdd-06863aa8b84","level": 1,"alterId": 0}],"decryption": "none"},"streamSettings": {"network": "ws"},"sniffing": {"enabled": true,"destOverride": ["http","tls"]}},{"tag": "socks_proxy","port": 1080,"listen": "127.0.0.1","protocol": "socks","sniffing": {"enabled": true,"destOverride": ["http","tls"]},"settings": {"auth": "noauth","udp": false}}],"outbounds": [{"protocol": "freedom","settings": {"domainStrategy": "UseIP"},"tag": "direct"},{"protocol": "freedom","settings": {"domainStrategy": "UseIPv4"},"tag": "force-ipv4"},{"protocol": "freedom","settings": {"domainStrategy": "UseIPv6"},"tag": "force-ipv6"},{"protocol": "socks","settings": {"servers": [{"address": "127.0.0.1","port": 40000}]},"tag": "socks5-warp"},{"protocol": "blackhole","settings": {},"tag": "blocked"}],"dns": {"servers": ["https+local://8.8.8.8/dns-query","8.8.8.8","1.1.1.1","localhost"]},"routing": {"domainStrategy": "IPOnDemand","rules": [{"type": "field","ip": ["0.0.0.0/8","10.0.0.0/8","100.64.0.0/10","127.0.0.0/8","169.254.0.0/16","172.16.0.0/12","192.0.0.0/24","192.0.2.0/24","192.168.0.0/16","198.18.0.0/15","198.51.100.0/24","203.0.113.0/24","::1/128","fc00::/7","fe80::/10"],"outboundTag": "blocked"},{"type": "field","outboundTag": "socks5-warp","domain": ["geosite:cn"]},{"type": "field","outboundTag": "socks5-warp","ip": ["geoip:cn"]},{"type": "field","protocol": ["bittorrent"],"outboundTag": "blocked"}]}}
你好,文中的配置文件能全发一下吗?我目前配置outbounds出了点问题
回复删除你好。我更新了配置文件示例在文末。建议你先测试json文件格式无误事再查逻辑问题。
删除/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json --test
感谢您的分享,这解决了我的问题。谢谢。
删除不客气,很高兴帮到你!:)
删除