我一直很不喜欢V2ray的配置文件(现在依旧不喜欢),觉得太乱,一点儿也不清晰,不同的inbounds和outbounds混在一起,无法清晰地分出每一个服务。其实这也是v2ray的灵活性的体现。
简单来说,v2ray没有服务端、客户端之分,或者说v2ray的客户端、服务端在一起;inbounds做服务端,接受客户端的请求,与客户端的outbounds相对应;outbounds做客户端,向服务端发起请求,与服务端的inbounds相对应。同一个v2ray的inbounds与outbounds之间用routing来连接,routing就用来定义当我的一个inbounds接收到了流量,该把它发送到outbounds中的哪一个。所以v2ray可以做这种事:inbounds接收流量,然后查routing,根据routing的设置转发到指定的outbounds中。
透明代理的配置来自v2的白话文教程:https://toutyrater.github.io/app/tproxy.html
1{
2 "inbounds": [
3 {
4 "tag": "home",
5 "port": YOUR PORT,
6 "protocol": "vmess",
7 "settings": {
8 "clients": [{ "id": YOUR ID }]
9 }
10 },
11 {
12 "tag":"transparent",
13 "port": 12345,
14 "protocol": "dokodemo-door",
15 "settings": {
16 "network": "tcp,udp",
17 "followRedirect": true
18 },
19 "sniffing": {
20 "enabled": true,
21 "destOverride": [
22 "http",
23 "tls"
24 ]
25 },
26 "streamSettings": {
27 "sockopt": {
28 "tproxy": "tproxy"
29 }
30 }
31 },
32 {
33 "port": 1080,
34 "protocol": "socks",
35 "sniffing": {
36 "enabled": true,
37 "destOverride": ["http", "tls"]
38 },
39 "settings": {
40 "auth": "noauth"
41 }
42 }
43 ],
44 "outbounds": [
45 {
46 "tag": "proxy",
47 "protocol": "vmess",
48 "settings": {
49 "vnext": [
50 {
51 "address": "xx.xx.xx.xx",
52 "port": 1231,
53 "users": [{ "id": "YOUR VPS ID" }]
54 }
55 ]
56 },
57 "streamSettings": {
58 "sockopt": {
59 "mark": 255
60 }
61 },
62 "mux": {
63 "enabled": true
64 }
65 },
66 {
67 "tag": "direct",
68 "protocol": "freedom",
69 "settings": {
70 "domainStrategy": "UseIP"
71 },
72 "streamSettings": {
73 "sockopt": {
74 "mark": 255
75 }
76 }
77 },
78 {
79 "tag": "block",
80 "protocol": "blackhole",
81 "settings": {
82 "response": {
83 "type": "http"
84 }
85 }
86 },
87 {
88 "tag": "dns-out",
89 "protocol": "dns",
90 "streamSettings": {
91 "sockopt": {
92 "mark": 255
93 }
94 }
95 }
96 ],
97 "dns": {
98 "servers": [
99 "8.8.8.8",
100 "1.1.1.1",
101 "114.114.114.114",
102 {
103 "address": "223.5.5.5",
104 "port": 53,
105 "domains": [
106 "geosite:cn",
107 "ntp.org",
108 "144.202.94.28"
109 ]
110 }
111 ]
112 },
113 "routing": {
114 "domainStrategy": "IPOnDemand",
115 "rules": [
116 {
117 "type": "field",
118 "inboundTag": ["home"],
119 "outboundTag": "direct"
120 },
121 {
122 "type": "field",
123 "inboundTag": [
124 "transparent"
125 ],
126 "port": 53,
127 "network": "udp",
128 "outboundTag": "dns-out"
129 },
130 {
131 "type": "field",
132 "inboundTag": [
133 "transparent"
134 ],
135 "port": 123,
136 "network": "udp",
137 "outboundTag": "direct"
138 },
139 {
140 "type": "field",
141 "ip": [
142
143 "223.5.5.5",
144 "114.114.114.114"
145 ],
146 "outboundTag": "direct"
147 },
148 {
149 "type": "field",
150 "ip": [
151 "8.8.8.8",
152 "1.1.1.1"
153 ],
154 "outboundTag": "proxy"
155 },
156 {
157 "type": "field",
158 "domain": [
159 "geosite:category-ads-all"
160 ],
161 "outboundTag": "block"
162 },
163 {
164 "type": "field",
165 "protocol":["bittorrent"],
166 "outboundTag": "direct"
167 },
168 {
169 "type": "field",
170 "ip": [
171 "geoip:private"
172 ],
173 "outboundTag": "direct"
174 }
175 ]
176 }
177}
对于可能出现CPU满载的情况,参考:v2ray tproxy透明代理引起CPU占用100%
后续需要配置iptables规则,请参考链接:配置透明代理规则。(在设置iptables规则时,如果执行了其中代理网关本机的部分,会导致跨NAT无法连接,也就是路由器做端口映射后无法从外网连接旁路由,参见:v2ray作为内网网关时,公网访问局域网的服务器出错,既然如此那就不要代理网关本机了)
关于用v2ray做VPN,说实话v2ray并不合格,v2ray只支持TCP/UDP。我将它作为Wireguard的补充方案,是为了预防UDP干扰,不过现在只是做好准备而已。
comments powered by Disqus