Debian利用shadowsocks和polipo终端代理翻墙

来自linux中国网wiki
Evan讨论 | 贡献2020年3月10日 (二) 09:40的版本 →‎优化
跳到导航 跳到搜索

改进

SSR and privoxy

howto-use-ssr-on-linux-terminal

v2ray

linux下使用v2ray客户端以及PAC配置

requ

OS debian or ubuntu

shadowsocks和polipo

终端翻墙的方法,通过shadowsocks和polipo来实现

安装shadowsocks

安装python包管理工具:

sudo apt-get install python-pip

apt

#apt 
sudo apt install software-properties-common -y
#sudo add-apt-repository ppa:max-c-lv/shadowsocks-libev -y
sudo apt update

#apt安装的 试过不能用 ,得用pip安装的才行 
sudo apt install shadowsocks-libev  

vi /etc/shadowsocks-libev/config.json
{
 "server":"127.0.0.1",
 "server_port":8388,
 "local_port":1080,
 "password":"focobguph",
 "timeout":60,
 "method":"chacha20-ietf-poly1305"
}

sudo systemctl enable shadowsocks-libev.service

pip


apt install python-pip
 apt install libsodium-dev
  pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip -U
 # pip install shadowsocks 老版本的放弃了
#sudo pip install shadowsocks #格式有时不对,要小心
vi shadowsocks.json#新建shadowsocks配置文件shadowsocks.json
{
"server": "xxx.xxx.xxx.xxx",
"server_port": xxxx,
"local_port": 1080,
"password": "xxxxxxx",
"timeout": 600,
"method": "aes-256-cfb"
}

eg

echo '{
    "server":"linuxsh.org",
    "server_port":443,
    "local_port":1080,
    "password":"laepassword",
    "timeout":600,
    "method":"aes-256-cfb"
}' >shadowsocks.json 


验证Shadowsocks客户端是否正常运行

    curl --socks5 127.0.0.1:1080 http://httpbin.org/ip

若Shadowsock客户端已正常运行,则结果如下:
    {
      "origin": "x.x.x.x"       #你的Shadowsock服务器IP
    }

How to Set up Shadowsocks-libev Proxy Server on Ubuntu 16.04

安装polipo:

sudo apt-get install polipo -y

#修改polipo配置文件
echo 'logSyslog = true
logFile = /var/log/polipo/polipo.log
proxyAddress = "0.0.0.0"
socksParentProxy = "127.0.0.1:1080"
socksProxyType = socks5
chunkHighMark = 50331648
objectHighMark = 16384
serverMaxSlots = 64
serverSlots = 16
serverSlots1 = 32' >/etc/polipo/config 

启动服务

#启动shadowsocks服务: 如果是pip inst
sudo  sslocal -c /root/shadowsocks.json -d start
#重启polipo服务:
 /etc/init.d/polipo restart
设置http和https代理:
export http_proxy="http://127.0.0.1:8123/"
export https_proxy=$http_proxy 

如果想长期 加到 /etc/profile


cat >> /etc/profile <<EOF
export http_proxy=http://127.0.0.1:8123
export https_proxy=http://127.0.0.1:8123
export ftp_proxy=http://127.0.0.1:8123
EOF

 source /etc/profile

#不要代理的 也要加进去
export NO_PROXY='localhost,127.0.0.1,192.168.88.30,192.168.88.31,192.168.88.32,10.96.0.0,10.224.0.0,10.96.0.0/12,10.224.0.0/16'

这里最好是gnome3 手工设置代理呢 如果你是有桌面的话

127.0.0.1 8123
测试
访问谷歌,若有反应则成功:
w3m google.com
curl www.google.com #但是502 很容易让人误会会不成功我一开始也是这样

这个在ubbuntu16.04 server 中是成功的 centos的要再看一下


也可以直接apt 代理 
.apt.conf文件中配置http代理信息(永久有效)

    sudo gedit /etc/apt/apt.conf在您的apt.conf文件中加入下面这行
    Acquire::http::Proxy "http://proxy_addr:proxy_port";

其它机器代理

cat >> /etc/profile <<EOF
export http_proxy=http://polipo IP:8123
export https_proxy=http://polipo IP:8123
export ftp_proxy=http://polipo IP:8123
EOF

 source /etc/profile #这样其它机器在同一个局域网就不用安装polipo了 直接代理 

自启动

#on debian 10不太行呢  有空再试吧   直接放 /etc/rc.local 吧 
#但是在centos7上是成功的呢  看一下有什么不同
cat  >> /etc/systemd/system/shadowsocks.service <<EOF
[Unit]
Description=Shadowsocks

[Service]
TimeoutStartSec=0
ExecStart=/usr/local/bin/sslocal -c /root/shadowsocks.json
#ExecStart=/usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json
[Install]
WantedBy=multi-user.target
EOF



systemctl enable shadowsocks.service
systemctl start shadowsocks.service
systemctl status shadowsocks.service


Created symlink /etc/systemd/system/multi-user.target.wants/shadowsocks.service → /etc/systemd/system/shadowsocks.service.

浏览器


#本地apt shadowsock and then  ok 20190728 因为我本地的端口是7070
chromium --proxy-server="http=socks5://127.0.0.1:1080"
/opt/google/chrome/chrome --proxy-server="https=socks5://127.0.0.1:7070"


chromium --proxy-server="http=socks5://127.0.0.1:1080"
chromium --proxy-server="https=socks5://127.0.0.1:1080"
/opt/google/chrome/chrome --proxy-server="https=socks5://127.0.0.1:1080"

chrominum-browser --proxy-server="https=socks5://127.0.0.1:1080"

https://www.linuxdashen.com/%E5%9C%A8%E5%91%BD%E4%BB%A4%E8%A1%8C%E4%B8%8B%E4%B8%BAchromium%E5%92%8Cgoogle-chrome%E6%B5%8F%E8%A7%88%E5%99%A8%E8%AE%BE%E7%BD%AE%E4%BB%A3%E7%90%86

优化

终端代理方法proxychains

shadowsocks透明代理的几种实现方式:ss-redir,privoxy,tproxy


ss-local 终端代理(gfwlist)

内网不FQ 和 PAC 请见 配置PAC模式

Enable TCP Fast Open

You can speed up Shadowsocks by enabling TCP fast open. TCP is connection-oriented protocol, which means data can only be exchanged after a connection is established, which is done via the three way handshake. In other words, traditionally, data can only be exchanged after the three way handshake is complete. TCP fast open (TFO) is a mechanism that allows data to be exchanged before three way handshake is complete, saving up to 1 round-trip time (RTT).

TCP fast open support is merged to Linux kernel since version 3.7 and enabled by default since version 3.13. You can check your kernel version by running:

uname -r

To check TCP fast open configuration on your Ubuntu server, run

cat /proc/sys/net/ipv4/tcp_fastopen

It can return 4 values.

    0 means disabled.
    1 means it’s enabled for outgoing connection (as a client).
    2 means it’s enabled for incoming connection (as a server).
    3 means it’s enabled for both outgoing and incoming connection.

All my Ubuntu 16.04/17.10 VPS (Virtual Private Server) returned 1 after running the above command. We want tcp_fastopen set to 3 on our server. To achieve that, we can edit the sysctl configuration file.

sudo nano /etc/sysctl.conf

Then paste the following line at the end of the file.

net.ipv4.tcp_fastopen=3

Reload sysctl settings for the change to take effect.

sudo sysctl -p

Then you will also need to enable TCP fast open in Shadowsocks configuration file.

sudo nano /etc/shadowsocks-libev/config.json

Add the following line.

"fast_open": true

So your Shadowsocks server configuration file will look like this:

{
 "server":"your-server-ip-address",
 "server_port":8388,
 "local_port":1080,
 "password":"focobguph",
 "timeout":60,
 "method":"chacha20-ietf-poly1305",
 "fast_open": true
}

Note that last config line has not comma. Save and close the file. Then restart Shadowsocks server.

sudo systemctl restart shadowsocks-libev

Check if it’s running. (An error in configuration file can prevent it from restarting.)

systemctl status shadowsocks-libev

You also need to edit the Shadowsocks client configuration file and restart it to enable TCP fast open on Ubuntu desktop

Enable TCP BBR

我的vps就打开了

这个也可以参考 https://www.linuxbabe.com/ubuntu/enable-google-tcp-bbr-ubuntu

gnome 全局

network proxy HTTP 127.0.0.1 8123 HTTPS 127.0.0.1 8123 这样就可以全局翻墙 然后 安装上chrome 扩展

SS+PAC

Manjaro17.0.1(xfce)+SS+PAC模式配置笔记

xfce

要看一下这个 上次就是终端可以 ss 但是浏览器不行 Xfce桌面环境下通过pac实现自动代理

为Xfce4桌面环境设置全局代理

Xfce设置代理Proxy

trouble shooting

"timeout": 600,  这个记得不能设置太短 我一开始也是不可以的,后来改了几处,加上重启什么的 竟然就好了  可能是一开始就是好的呢

method chacha20-ietf-poly1305 not supported

sslocal -c /root/shadowsocks.json -d start
INFO: loading config from /root/shadowsocks.json
2020-02-29 13:53:49 ERROR    method chacha20-ietf-poly1305 not supported


sudo pip  uninstall shadowsocks

安装最新的ss 
apt install python-pip
 apt install libsodium-dev
 
 pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip -U
#安装为shadowsocks 3.0.0
 

Kali2.0 update到最新版本后安装shadowsocks服务报错问题 用于解决openssl升级到1.1.0以上版本,导致shadowsocks2.8.2启动报undefined symbol: EVP_CIPHER_CTX_cleanup错误

最近将kali升级到了最新版本,编译之后shadowsocks无法启动,报错如下:

INFO: loading config from ss.json 
2016-12-14 22:47:50 INFO loading libcrypto from libcrypto.so.1.1 
Traceback (most recent call last): 
File “/usr/local/bin/sslocal”, line 11, in 
sys.exit(main()) 
File “/usr/local/lib/python2.7/dist-packages/shadowsocks/local.py”, line 39, in main 
config = shell.get_config(True) 
File “/usr/local/lib/python2.7/dist-packages/shadowsocks/shell.py”, line 262, in get_config 
check_config(config, is_local) 
File “/usr/local/lib/python2.7/dist-packages/shadowsocks/shell.py”, line 124, in check_config 
encrypt.try_cipher(config[‘password’], config[‘method’]) 
File “/usr/local/lib/python2.7/dist-packages/shadowsocks/encrypt.py”, line 44, in try_cipher 
Encryptor(key, method) 
File “/usr/local/lib/python2.7/dist-packages/shadowsocks/encrypt.py”, line 83, in init 
random_string(self._method_info[1])) 
File “/usr/local/lib/python2.7/dist-packages/shadowsocks/encrypt.py”, line 109, in get_cipher 
return m[2](method, key, iv, op) 
File “/usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py”, line 76, in init 
load_openssl() 
File “/usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py”, line 52, in load_openssl 
libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,) 
File “/usr/lib/python2.7/ctypes/init.py”, line 375, in getattr 
func = self.getitem(name) 
File “/usr/lib/python2.7/ctypes/init.py”, line 380, in getitem 
func = self._FuncPtr((name_or_ordinal, self)) 
AttributeError: /usr/lib/x86_64-Linux-gnu/libcrypto.so.1.1: undefined symbol: EVP_CIPHER_CTX_cleanup

这个问题是由于在openssl1.1.0版本中,废弃了EVP_CIPHER_CTX_cleanup函数,如官网中所说:

EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0. As a result, EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() disappeared. 
EVP_CIPHER_CTX_init() remains as an alias for EVP_CIPHER_CTX_reset().

修改方法:

# pip install
用vim打开文件:vim /usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py (该路径请根据自己的系统情况自行修改,如果不知道该文件在哪里的话,可以使用find命令查找文件位置)
跳转到52行(shadowsocks2.8.2版本,其他版本搜索一下cleanup)
进入编辑模式
将第52行libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,) 
改为libcrypto.EVP_CIPHER_CTX_reset.argtypes = (c_void_p,)
再次搜索cleanup(全文件共2处,此处位于111行),将libcrypto.EVP_CIPHER_CTX_cleanup(self._ctx) 
改为libcrypto.EVP_CIPHER_CTX_reset(self._ctx)
保存并退出
启动shadowsocks服务:service shadowsocks start 或 sslocal -c ss配置文件目录

see also

Ubuntu16.04 终端翻墙

CentOS 7 安装 Shadowsocks 科学上网

在xfce下的chrome浏览器如何设置代理服务器?(已解决,换浏览器)


让终端走代理的几种方法

如何在ubuntu16通过终端设置shadowsocks实现科学上网

用于debian9的shadowsocks翻墙脚本


How to Set up Shadowsocks-libev Proxy Server on Ubuntu 16.04/17.10

如何在ubuntu上配置透明代理(全局翻墙)

简易linux代理服务器tinyproxy的搭建与使用

How To Route Web Traffic Securely Without a VPN Using a SOCKS Tunnel

如何在ubuntu上配置透明代理(全局翻墙)