“Debian利用shadowsocks和polipo终端代理翻墙”的版本间的差异
跳到导航
跳到搜索
2020年2月29日 (六) 10:38的版本
改进
SSR and privoxy
howto-use-ssr-on-linux-terminal
v2ray
shadowsocks和polipo
终端翻墙的方法,通过shadowsocks和polipo来实现
安装shadowsocks
安装python包管理工具:
sudo apt-get install python-pip
apt
#apt sudo apt install software-properties-common -y #sudo add-apt-repository ppa:max-c-lv/shadowsocks-libev -y sudo apt update #apt安装的 试过不能用 ,得用pip安装的才行 sudo apt install shadowsocks-libev vi /etc/shadowsocks-libev/config.json { "server":"127.0.0.1", "server_port":8388, "local_port":1080, "password":"focobguph", "timeout":60, "method":"chacha20-ietf-poly1305" } sudo systemctl enable shadowsocks-libev.service
pip
apt install python-pip apt install libsodium-dev pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip -U # pip install shadowsocks 老版本的放弃了 #sudo pip install shadowsocks #格式有时不对,要小心 vi shadowsocks.json#新建shadowsocks配置文件shadowsocks.json { "server": "xxx.xxx.xxx.xxx", "server_port": xxxx, "local_port": 1080, "password": "xxxxxxx", "timeout": 600, "method": "aes-256-cfb" } eg echo '{ "server":"linuxsh.org", "server_port":443, "local_port":1080, "password":"laepassword", "timeout":600, "method":"aes-256-cfb" }' >shadowsocks.json 验证Shadowsocks客户端是否正常运行 curl --socks5 127.0.0.1:1080 http://httpbin.org/ip 若Shadowsock客户端已正常运行,则结果如下: { "origin": "x.x.x.x" #你的Shadowsock服务器IP }
How to Set up Shadowsocks-libev Proxy Server on Ubuntu 16.04
安装polipo:
sudo apt-get install polipo -y #修改polipo配置文件 echo 'logSyslog = true logFile = /var/log/polipo/polipo.log proxyAddress = "0.0.0.0" socksParentProxy = "127.0.0.1:1080" socksProxyType = socks5 chunkHighMark = 50331648 objectHighMark = 16384 serverMaxSlots = 64 serverSlots = 16 serverSlots1 = 32' >/etc/polipo/config
启动服务
#启动shadowsocks服务: 如果是pip inst sudo sslocal -c /root/shadowsocks.json -d start #重启polipo服务: /etc/init.d/polipo restart 设置http和https代理: export http_proxy="http://127.0.0.1:8123/" export https_proxy=$http_proxy 如果想长期 加到 /etc/profile cat >> /etc/profile <<EOF export http_proxy=http://127.0.0.1:8123 export https_proxy=http://127.0.0.1:8123 export ftp_proxy=http://127.0.0.1:8123 EOF source /etc/profile #不要代理的 也要加进去 export NO_PROXY='localhost,127.0.0.1,192.168.88.30,192.168.88.31,192.168.88.32,10.96.0.0,10.224.0.0,10.96.0.0/12,10.224.0.0/16' 这里最好是gnome3 手工设置代理呢 如果你是有桌面的话 127.0.0.1 8123 测试 访问谷歌,若有反应则成功: w3m google.com curl www.google.com #但是502 很容易让人误会会不成功我一开始也是这样 这个在ubbuntu16.04 server 中是成功的 centos的要再看一下
自启动
#on debian 10不太行呢 有空再试吧 直接放 /etc/rc.local 吧 #但是在centos7上是成功的呢 看一下有什么不同 cat >> /etc/systemd/system/shadowsocks.service <<EOF [Unit] Description=Shadowsocks [Service] TimeoutStartSec=0 ExecStart=/usr/local/bin/sslocal -c /root/shadowsocks.json #ExecStart=/usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json [Install] WantedBy=multi-user.target EOF systemctl enable shadowsocks.service systemctl start shadowsocks.service systemctl status shadowsocks.service Created symlink /etc/systemd/system/multi-user.target.wants/shadowsocks.service → /etc/systemd/system/shadowsocks.service.
浏览器
#本地apt shadowsock and then ok 20190728 因为我本地的端口是7070 chromium --proxy-server="http=socks5://127.0.0.1:1080" /opt/google/chrome/chrome --proxy-server="https=socks5://127.0.0.1:7070" chromium --proxy-server="http=socks5://127.0.0.1:1080" chromium --proxy-server="https=socks5://127.0.0.1:1080" /opt/google/chrome/chrome --proxy-server="https=socks5://127.0.0.1:1080" chrominum-browser --proxy-server="https=socks5://127.0.0.1:1080"
优化
内网不FQ 和 PAC 请见 配置PAC模式
Enable TCP Fast Open
You can speed up Shadowsocks by enabling TCP fast open. TCP is connection-oriented protocol, which means data can only be exchanged after a connection is established, which is done via the three way handshake. In other words, traditionally, data can only be exchanged after the three way handshake is complete. TCP fast open (TFO) is a mechanism that allows data to be exchanged before three way handshake is complete, saving up to 1 round-trip time (RTT). TCP fast open support is merged to Linux kernel since version 3.7 and enabled by default since version 3.13. You can check your kernel version by running: uname -r To check TCP fast open configuration on your Ubuntu server, run cat /proc/sys/net/ipv4/tcp_fastopen It can return 4 values. 0 means disabled. 1 means it’s enabled for outgoing connection (as a client). 2 means it’s enabled for incoming connection (as a server). 3 means it’s enabled for both outgoing and incoming connection. All my Ubuntu 16.04/17.10 VPS (Virtual Private Server) returned 1 after running the above command. We want tcp_fastopen set to 3 on our server. To achieve that, we can edit the sysctl configuration file. sudo nano /etc/sysctl.conf Then paste the following line at the end of the file. net.ipv4.tcp_fastopen=3 Reload sysctl settings for the change to take effect. sudo sysctl -p Then you will also need to enable TCP fast open in Shadowsocks configuration file. sudo nano /etc/shadowsocks-libev/config.json Add the following line. "fast_open": true So your Shadowsocks server configuration file will look like this: { "server":"your-server-ip-address", "server_port":8388, "local_port":1080, "password":"focobguph", "timeout":60, "method":"chacha20-ietf-poly1305", "fast_open": true } Note that last config line has not comma. Save and close the file. Then restart Shadowsocks server. sudo systemctl restart shadowsocks-libev Check if it’s running. (An error in configuration file can prevent it from restarting.) systemctl status shadowsocks-libev You also need to edit the Shadowsocks client configuration file and restart it to enable TCP fast open on Ubuntu desktop
Enable TCP BBR
我的vps就打开了
这个也可以参考 https://www.linuxbabe.com/ubuntu/enable-google-tcp-bbr-ubuntu
gnome 全局
network proxy HTTP 127.0.0.1 8123 HTTPS 127.0.0.1 8123 这样就可以全局翻墙 然后 安装上chrome 扩展
SS+PAC
Manjaro17.0.1(xfce)+SS+PAC模式配置笔记
xfce
要看一下这个 上次就是终端可以 ss 但是浏览器不行 Xfce桌面环境下通过pac实现自动代理
trouble shooting
"timeout": 600, 这个记得不能设置太短 我一开始也是不可以的,后来改了几处,加上重启什么的 竟然就好了 可能是一开始就是好的呢
method chacha20-ietf-poly1305 not supported
sslocal -c /root/shadowsocks.json -d start INFO: loading config from /root/shadowsocks.json 2020-02-29 13:53:49 ERROR method chacha20-ietf-poly1305 not supported 安装最新的ss apt install python-pip apt install libsodium-dev pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip -U #安装为shadowsocks 3.0.0
Kali2.0 update到最新版本后安装shadowsocks服务报错问题 用于解决openssl升级到1.1.0以上版本,导致shadowsocks2.8.2启动报undefined symbol: EVP_CIPHER_CTX_cleanup错误
最近将kali升级到了最新版本,编译之后shadowsocks无法启动,报错如下: INFO: loading config from ss.json 2016-12-14 22:47:50 INFO loading libcrypto from libcrypto.so.1.1 Traceback (most recent call last): File “/usr/local/bin/sslocal”, line 11, in sys.exit(main()) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/local.py”, line 39, in main config = shell.get_config(True) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/shell.py”, line 262, in get_config check_config(config, is_local) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/shell.py”, line 124, in check_config encrypt.try_cipher(config[‘password’], config[‘method’]) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/encrypt.py”, line 44, in try_cipher Encryptor(key, method) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/encrypt.py”, line 83, in init random_string(self._method_info[1])) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/encrypt.py”, line 109, in get_cipher return m[2](method, key, iv, op) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py”, line 76, in init load_openssl() File “/usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py”, line 52, in load_openssl libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,) File “/usr/lib/python2.7/ctypes/init.py”, line 375, in getattr func = self.getitem(name) File “/usr/lib/python2.7/ctypes/init.py”, line 380, in getitem func = self._FuncPtr((name_or_ordinal, self)) AttributeError: /usr/lib/x86_64-Linux-gnu/libcrypto.so.1.1: undefined symbol: EVP_CIPHER_CTX_cleanup 这个问题是由于在openssl1.1.0版本中,废弃了EVP_CIPHER_CTX_cleanup函数,如官网中所说: EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0. As a result, EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() disappeared. EVP_CIPHER_CTX_init() remains as an alias for EVP_CIPHER_CTX_reset(). 修改方法: # pip install 用vim打开文件:vim /usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py (该路径请根据自己的系统情况自行修改,如果不知道该文件在哪里的话,可以使用find命令查找文件位置) 跳转到52行(shadowsocks2.8.2版本,其他版本搜索一下cleanup) 进入编辑模式 将第52行libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,) 改为libcrypto.EVP_CIPHER_CTX_reset.argtypes = (c_void_p,) 再次搜索cleanup(全文件共2处,此处位于111行),将libcrypto.EVP_CIPHER_CTX_cleanup(self._ctx) 改为libcrypto.EVP_CIPHER_CTX_reset(self._ctx) 保存并退出 启动shadowsocks服务:service shadowsocks start 或 sslocal -c ss配置文件目录
see also
在xfce下的chrome浏览器如何设置代理服务器?(已解决,换浏览器)
如何在ubuntu16通过终端设置shadowsocks实现科学上网
How to Set up Shadowsocks-libev Proxy Server on Ubuntu 16.04/17.10
How To Route Web Traffic Securely Without a VPN Using a SOCKS Tunnel