Debian利用shadowsocks和polipo终端代理翻墙
跳到导航
跳到搜索
目录
改进
SSR and privoxy
howto-use-ssr-on-linux-terminal
v2ray
requ
OS debian,ubuntu or kali
shadowsocks和polipo
终端翻墙的方法,通过shadowsocks和polipo来实现
安装shadowsocks
安装python包管理工具:
sudo apt-get install python-pip
apt
#apt
sudo apt install software-properties-common -y
#sudo add-apt-repository ppa:max-c-lv/shadowsocks-libev -y
sudo apt update
#apt安装的 试过不能用 ,得用pip安装的才行
sudo apt install shadowsocks-libev
vi /etc/shadowsocks-libev/config.json
{
"server":"127.0.0.1",
"server_port":8388,
"local_port":1080,
"password":"focobguph",
"timeout":60,
"method":"chacha20-ietf-poly1305"
}
sudo systemctl enable shadowsocks-libev.service
pip
apt install python-pip
apt install libsodium-dev
pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip -U
# pip install shadowsocks 老版本的放弃了
#sudo pip install shadowsocks #格式有时不对,要小心
vi shadowsocks.json#新建shadowsocks配置文件shadowsocks.json
{
"server": "xxx.xxx.xxx.xxx",
"server_port": xxxx,
"local_port": 1080,
"password": "xxxxxxx",
"timeout": 600,
"method": "aes-256-cfb"
}
eg
echo '{
"server":"linuxsh.org",
"server_port":443,
"local_port":1080,
"password":"laepassword",
"timeout":600,
"method":"aes-256-cfb"
}' >shadowsocks.json
验证Shadowsocks客户端是否正常运行
curl --socks5 127.0.0.1:1080 http://httpbin.org/ip
若Shadowsock客户端已正常运行,则结果如下:
{
"origin": "x.x.x.x" #你的Shadowsock服务器IP
}
How to Set up Shadowsocks-libev Proxy Server on Ubuntu 16.04
安装polipo:
CentOS7.x安装配置Shadowsocks客户端终端翻墙#安装配置Privoxy
# 警告: Polipo 已经停止维护,建议使用 squid, privoxy 等其它方案 sudo apt-get install polipo -y #修改polipo配置文件 echo 'logSyslog = true logFile = /var/log/polipo/polipo.log proxyAddress = "0.0.0.0" socksParentProxy = "127.0.0.1:1080" socksProxyType = socks5 chunkHighMark = 50331648 objectHighMark = 16384 serverMaxSlots = 64 serverSlots = 16 serverSlots1 = 32' >/etc/polipo/config
ubuntu上使用shadowsocks + polipo配置socks5和http代理
https://wiki.archlinux.org/index.php/Polipo_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)
Privoxy
如果没用 polipo 例如今天ubuntu20.04 https://wiki.linuxchina.net/index.php/CentOS7.x%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AEShadowsocks%E5%AE%A2%E6%88%B7%E7%AB%AF%E7%BB%88%E7%AB%AF%E7%BF%BB%E5%A2%99#.E5.AE.89.E8.A3.85.E9.85.8D.E7.BD.AEPrivoxy
#2024 sudo apt install privoxy systemctl enable privoxy systemctl start privoxy systemctl status privoxy
启动服务
#启动shadowsocks服务: 如果是pip inst
sudo sslocal -c /root/shadowsocks.json -d start
#重启polipo服务:
/etc/init.d/polipo restart
设置http和https代理:
export http_proxy="http://127.0.0.1:8123/"
export https_proxy=$http_proxy
如果想长期 加到 /etc/profile
cat >> /etc/profile <<EOF
export http_proxy=http://127.0.0.1:8123
export https_proxy=http://127.0.0.1:8123
export ftp_proxy=http://127.0.0.1:8123
EOF
source /etc/profile
#不要代理的 也要加进去
export NO_PROXY='localhost,127.0.0.1,192.168.88.30,192.168.88.31,192.168.88.32,10.96.0.0,10.224.0.0,10.96.0.0/12,10.224.0.0/16'
这里最好是gnome3 手工设置代理呢 如果你是有桌面的话
127.0.0.1 8123
测试
访问谷歌,若有反应则成功:
w3m google.com
curl www.google.com #但是502 很容易让人误会会不成功我一开始也是这样
这个在ubbuntu16.04 server 中是成功的 centos的要再看一下
也可以直接apt 代理
.apt.conf文件中配置http代理信息(永久有效)
sudo gedit /etc/apt/apt.conf在您的apt.conf文件中加入下面这行
Acquire::http::Proxy "http://proxy_addr:proxy_port";
其它机器代理
cat >> /etc/profile <<EOF export http_proxy=http://polipo IP:8123 export https_proxy=http://polipo IP:8123 export ftp_proxy=http://polipo IP:8123 EOF source /etc/profile #这样其它机器在同一个局域网就不用安装polipo了 直接代理
自启动
#on debian 10不太行呢 有空再试吧 直接放 /etc/rc.local 吧 #但是在centos7上是成功的呢 看一下有什么不同 cat >> /etc/systemd/system/shadowsocks.service <<EOF [Unit] Description=Shadowsocks [Service] TimeoutStartSec=0 ExecStart=/usr/local/bin/sslocal -c /root/shadowsocks.json #ExecStart=/usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json [Install] WantedBy=multi-user.target EOF systemctl enable shadowsocks.service systemctl start shadowsocks.service systemctl status shadowsocks.service Created symlink /etc/systemd/system/multi-user.target.wants/shadowsocks.service → /etc/systemd/system/shadowsocks.service.
浏览器
#本地apt shadowsock and then ok 20190728 因为我本地的端口是7070 chromium --proxy-server="http=socks5://127.0.0.1:1080" /opt/google/chrome/chrome --proxy-server="https=socks5://127.0.0.1:7070" chromium --proxy-server="http=socks5://127.0.0.1:1080" chromium --proxy-server="https=socks5://127.0.0.1:1080" /opt/google/chrome/chrome --proxy-server="https=socks5://127.0.0.1:1080" chrominum-browser --proxy-server="https=socks5://127.0.0.1:1080"
优化
shadowsocks透明代理的几种实现方式:ss-redir,privoxy,tproxy
内网不FQ 和 PAC 请见 配置PAC模式
Enable TCP Fast Open
You can speed up Shadowsocks by enabling TCP fast open. TCP is connection-oriented protocol, which means data can only be exchanged after a connection is established, which is done via the three way handshake. In other words, traditionally, data can only be exchanged after the three way handshake is complete. TCP fast open (TFO) is a mechanism that allows data to be exchanged before three way handshake is complete, saving up to 1 round-trip time (RTT).
TCP fast open support is merged to Linux kernel since version 3.7 and enabled by default since version 3.13. You can check your kernel version by running:
uname -r
To check TCP fast open configuration on your Ubuntu server, run
cat /proc/sys/net/ipv4/tcp_fastopen
It can return 4 values.
0 means disabled.
1 means it’s enabled for outgoing connection (as a client).
2 means it’s enabled for incoming connection (as a server).
3 means it’s enabled for both outgoing and incoming connection.
All my Ubuntu 16.04/17.10 VPS (Virtual Private Server) returned 1 after running the above command. We want tcp_fastopen set to 3 on our server. To achieve that, we can edit the sysctl configuration file.
sudo nano /etc/sysctl.conf
Then paste the following line at the end of the file.
net.ipv4.tcp_fastopen=3
Reload sysctl settings for the change to take effect.
sudo sysctl -p
Then you will also need to enable TCP fast open in Shadowsocks configuration file.
sudo nano /etc/shadowsocks-libev/config.json
Add the following line.
"fast_open": true
So your Shadowsocks server configuration file will look like this:
{
"server":"your-server-ip-address",
"server_port":8388,
"local_port":1080,
"password":"focobguph",
"timeout":60,
"method":"chacha20-ietf-poly1305",
"fast_open": true
}
Note that last config line has not comma. Save and close the file. Then restart Shadowsocks server.
sudo systemctl restart shadowsocks-libev
Check if it’s running. (An error in configuration file can prevent it from restarting.)
systemctl status shadowsocks-libev
You also need to edit the Shadowsocks client configuration file and restart it to enable TCP fast open on Ubuntu desktop
Enable TCP BBR
我的vps就打开了
这个也可以参考 https://www.linuxbabe.com/ubuntu/enable-google-tcp-bbr-ubuntu
gnome 全局
network proxy HTTP 127.0.0.1 8123 HTTPS 127.0.0.1 8123 这样就可以全局翻墙 然后 安装上chrome 扩展
SS+PAC
Manjaro17.0.1(xfce)+SS+PAC模式配置笔记
xfce
要看一下这个 上次就是终端可以 ss 但是浏览器不行 Xfce桌面环境下通过pac实现自动代理
trouble shooting
"timeout": 600, 这个记得不能设置太短 我一开始也是不可以的,后来改了几处,加上重启什么的 竟然就好了 可能是一开始就是好的呢
method chacha20-ietf-poly1305 not supported
sslocal -c /root/shadowsocks.json -d start INFO: loading config from /root/shadowsocks.json 2020-02-29 13:53:49 ERROR method chacha20-ietf-poly1305 not supported sudo pip uninstall shadowsocks 安装最新的ss apt install python-pip apt install libsodium-dev pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip -U #安装为shadowsocks 3.0.0
Kali2.0 update到最新版本后安装shadowsocks服务报错问题 用于解决openssl升级到1.1.0以上版本,导致shadowsocks2.8.2启动报undefined symbol: EVP_CIPHER_CTX_cleanup错误
最近将kali升级到了最新版本,编译之后shadowsocks无法启动,报错如下: INFO: loading config from ss.json 2016-12-14 22:47:50 INFO loading libcrypto from libcrypto.so.1.1 Traceback (most recent call last): File “/usr/local/bin/sslocal”, line 11, in sys.exit(main()) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/local.py”, line 39, in main config = shell.get_config(True) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/shell.py”, line 262, in get_config check_config(config, is_local) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/shell.py”, line 124, in check_config encrypt.try_cipher(config[‘password’], config[‘method’]) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/encrypt.py”, line 44, in try_cipher Encryptor(key, method) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/encrypt.py”, line 83, in init random_string(self._method_info[1])) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/encrypt.py”, line 109, in get_cipher return m[2](method, key, iv, op) File “/usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py”, line 76, in init load_openssl() File “/usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py”, line 52, in load_openssl libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,) File “/usr/lib/python2.7/ctypes/init.py”, line 375, in getattr func = self.getitem(name) File “/usr/lib/python2.7/ctypes/init.py”, line 380, in getitem func = self._FuncPtr((name_or_ordinal, self)) AttributeError: /usr/lib/x86_64-Linux-gnu/libcrypto.so.1.1: undefined symbol: EVP_CIPHER_CTX_cleanup 这个问题是由于在openssl1.1.0版本中,废弃了EVP_CIPHER_CTX_cleanup函数,如官网中所说: EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0. As a result, EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() disappeared. EVP_CIPHER_CTX_init() remains as an alias for EVP_CIPHER_CTX_reset(). 修改方法: # pip install 用vim打开文件:vim /usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py (该路径请根据自己的系统情况自行修改,如果不知道该文件在哪里的话,可以使用find命令查找文件位置) 跳转到52行(shadowsocks2.8.2版本,其他版本搜索一下cleanup) 进入编辑模式 将第52行libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,) 改为libcrypto.EVP_CIPHER_CTX_reset.argtypes = (c_void_p,) 再次搜索cleanup(全文件共2处,此处位于111行),将libcrypto.EVP_CIPHER_CTX_cleanup(self._ctx) 改为libcrypto.EVP_CIPHER_CTX_reset(self._ctx) 保存并退出 启动shadowsocks服务:service shadowsocks start 或 sslocal -c ss配置文件目录
see also
在xfce下的chrome浏览器如何设置代理服务器?(已解决,换浏览器)
如何在ubuntu16通过终端设置shadowsocks实现科学上网
How to Set up Shadowsocks-libev Proxy Server on Ubuntu 16.04/17.10
How To Route Web Traffic Securely Without a VPN Using a SOCKS Tunnel
