说明
配置和 ss-redir 一样,只是脚本有一些差别,这里只贴出脚本和 V2 客户端配置,其中 V2 服务器的安装配置请自行查找。
详细教程请参考 >>> 使用 ss-redir 给 PS4/PS5/XBOX/NS 主机加速
持久化
由于脚本中有涉及到设置策略路由的地方,只保存 iptables 规则无法实现持久化,所以我选择随 V2 服务启动/停止的方案,详细步骤如下:
- 把脚本保存为
/usr/local/bin/gedirect,并给执行权限; - 增加
/etc/init.d/gedirectd脚本,用于 V2 启动/停止时加速器的启用、清理工作,注意给执行权限; - 添加配置
/usr/local/etc/gedirect.conf文件; - 修改 V2 服务脚本
/etc/systemd/system/v2***@.service,在 [Service] 后添加两行:ExecStartPost=/etc/init.d/gedirectd start ExecStopPost=/etc/init.d/gedirectd stop - 重启 V2 服务;
/usr/local/bin/gedirect
#!/bin/bash
init()
{
# add fwmark
/usr/sbin/ip rule add fwmark 0x56/0x56 table 100
/usr/sbin/ip route add local 0.0.0.0/0 dev lo table 100
/usr/sbin/iptables -t mangle -N GEDIRECT
/usr/sbin/iptables -t mangle -A GEDIRECT -d 0.0.0.0/8 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT -d 10.0.0.0/8 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT -d 127.0.0.0/8 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT -d 169.254.0.0/16 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT -d 172.16.0.0/12 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT -d 192.168.0.0/16 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT -d 224.0.0.0/4 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT -d 240.0.0.0/4 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT -d 255.255.255.255/32 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT -p udp -j TPROXY --on-port $1 --tproxy-mark 0x56/0x56
/usr/sbin/iptables -t mangle -A GEDIRECT -p tcp -j TPROXY --on-port $1 --tproxy-mark 0x56/0x56
/usr/sbin/iptables -t mangle -N GEDIRECT_MASK
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -d 0.0.0.0/8 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -d 10.0.0.0/8 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -d 127.0.0.0/8 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -d 169.254.0.0/16 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -d 172.16.0.0/12 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -d 192.168.0.0/16 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -d 224.0.0.0/4 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -d 240.0.0.0/4 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -d 255.255.255.255/32 -j RETURN
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -j RETURN -m mark --mark 0xff
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -p udp -j MARK --set-mark 0x56/0x56
/usr/sbin/iptables -t mangle -A GEDIRECT_MASK -p tcp -j MARK --set-mark 0x56/0x56
}
clear()
{
# remove iptables rules
/usr/sbin/iptables -t mangle -F GEDIRECT
/usr/sbin/iptables -t mangle -X GEDIRECT 2>/dev/null
/usr/sbin/iptables -t mangle -F GEDIRECT_MASK
/usr/sbin/iptables -t mangle -X GEDIRECT_MASK 2>/dev/null
# remove fwmark
/usr/sbin/ip rule del fwmark 0x56/0x56 table 100 2>/dev/null
/usr/sbin/ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null
}
enable()
{
/usr/sbin/iptables -t mangle -A PREROUTING -s $1 -j GEDIRECT
/usr/sbin/iptables -t mangle -A OUTPUT -s $1 -j GEDIRECT_MASK
}
disable()
{
/usr/sbin/iptables -t mangle -D PREROUTING -s $1 -j GEDIRECT 2>/dev/null
/usr/sbin/iptables -t mangle -D OUTPUT -s $1 -j GEDIRECT_MASK 2>/dev/null
}
# usage
USAGE="
Usage: $(basename $0) COMMAND [ARGS...]
Available commands:
init PROXY_PORT Init the iptables rules.
clear Clear the iptables rules.
enable LOCAL_IP Enable client routing.
disable LOCAL_IP Disable client routing.
show Show enabled IPs.
"
case $1 in
init)
if [ "$2" = "" ]; then
echo "$USAGE"
else
clear
init $2
fi
;;
enable)
if [ "$2" = "" ]; then
echo "$USAGE"
else
disable $2
enable $2
fi
;;
disable)
if [ "$2" = "" ]; then
echo "$USAGE"
else
disable $2
fi
;;
show)
/usr/sbin/iptables-save | /usr/bin/grep "PREROUTING.*GEDIRECT" | awk {print $4}
;;
clear)
clear
;;
*)
echo "$USAGE"
;;
esac
/etc/init.d/gedirectd
#!/bin/bash
# settings
gedirect=/usr/local/bin/gedirect
config=/usr/local/etc/gedirect.conf
start()
{
if [ ! -e "$config" ]; then
echo "not found config file: $config"
return 1
fi
. $config
if [ "$local_port" = "" ]; then
echo "config error"
return 1
fi
$gedirect init $local_port
for cli in $client_list; do
$gedirect enable $cli
done
return 0
}
stop()
{
if [ ! -e "$config" ]; then
echo "not found config file: $config"
return 1
fi
. $config
for cli in $client_list; do
$gedirect disable $cli
done
$gedirect clear
return 0
}
# usage
USAGE="Usage: $(basename $0) start|stop|restart|reload"
case $1 in
start|restart|reload)
stop
start
;;
stop)
stop
;;
*)
echo "$USAGE"
;;
esac
/usr/local/etc/gedirect.conf
# local proxy port
local_port=10801
# client ip list, like: 10.5.5.0/24 10.5.6.101
client_list="10.5.5.0/24 10.5.6.101"
V2 客户端配置
{
"inbounds": [
{
"tag":"transparent",
"port": 10801,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "proxy",
"mux": {
"concurrency": -1,
"enabled": false
},
"protocol": "vless",
"settings": {
"vnext": [
{
<V2服务器配置>
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"allowInsecure": false,
"serverName": "<伪装域名>"
}
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
},
"streamSettings": {
"sockopt": {
"mark": 255
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"streamSettings": {
"sockopt": {
"mark": 255
}
}
}
],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
}
}
© 版权声明
文章版权归作者所有,未经允许请勿转载。如内容涉嫌侵权,请在本页底部进入<联系我们>进行举报投诉!
THE END
暂无评论内容