我想通过 Shadowsocks 设置 Wireguard 混淆,因为我所在国家/地区的 ISP 开始阻止 Wireguard 和 OpenVPN 与外国服务器的连接,导致 WG 停止工作。
我尝试按照以下方法进行设置这指南,但它对我不起作用,可能是因为作者使用了未维护的-libev版本,我正在使用-锈版本,所以也许我在修改它的配置时存在错误。
这是我的配置
虚拟专用服务器
Wireguard
[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = 60207
PrivateKey = <key>
PostUp = iptables -I INPUT -p udp --dport 60207 -j ACCEPT
PostUp = iptables -I FORWARD -i eth0 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -I FORWARD -i wg0 -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D INPUT -p udp --dport 60207 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <key>
PresharedKey = <key>
AllowedIPs = 10.66.66.66/32,fd42:42:42::66/128
影子袜子
{
"servers": [
{
"server":"0.0.0.0",
"server_port":8388,
"password":<password>,
"timeout":300,
"method":"chacha20-ietf-poly1305",
"mode": "tcp_and_udp"
}
]
}
日志
当我在本地机器上启用 Wireguard 时,我可以在本地看到流量日志(见下文),但在服务器端看不到任何内容。
INFO [82651:139628357638784] [shadowsocks_service::server::tcprelay] shadowsocks tcp server listening on 0.0.0.0:8388, inbound address 0.0.0.0:8388
INFO [82651:139628357638784] [shadowsocks_service::server::udprelay] shadowsocks udp server listening on 0.0.0.0:8388, inbound address 0.0.0.0:8388
TRACE [82651:139628357638784] [shadowsocks_service::server::udprelay] udp server starting extra 1 recv workers
当地的
Wireguard
[Interface]
PrivateKey = <key>
Address = 10.66.66.66/32,fd42:42:42::66/128
DNS = 10.66.66.10,1.1.1.1,1.0.0.1
[Peer]
PublicKey = <key>
PresharedKey = <key>
Endpoint = 127.0.0.1:1081
AllowedIPs = 0.0.0.0/0,::/0
影子袜子
{
"servers": [
{
"server":<VPS IP>,
"server_port":8388,
"method":"chacha20-ietf-poly1305",
"password":<password>,
"timeout":300
}
],
"locals": [
{
"protocol": "tunnel",
"local_address": "127.0.0.1",
"local_port":1081,
"mode":"udp_only",
"forward_address":<VPS IP>,
"forward_port":60207
},
{
"local_address": "127.0.0.1",
"local_port":1080
}
]
}
(不使用 Wireguard 时,默认通过 1080 端口的代理连接也可以)
日志
当我在本地机器上启用 Wireguard 时,有一些流量在进行,但我无法访问任何外部网站或 Wireguard 网络内的地址。
TRACE [43072:131681119897280] [shadowsocks_service::local::net::udp::association] udp relay 127.0.0.1:25098 -> <VPS IP>:60207 (proxied) with 148 bytes
TRACE [43072:131681119897280] [shadowsocks::relay::udprelay::aead] UDP packet generated aead salt b"\x82\xa4\xc0\x8b\xc6\xb1|}^\x1ds\xb0\xd5K\x17C\x17\xa2\xcdoz^\xd9\xc0g\xb0\xe7\x9a\x07\x9abB"
TRACE [43072:131681119897280] [shadowsocks::relay::udprelay::proxy_socket] UDP server client send to <VPS IP>:60207, control: UdpSocketControlData { client_session_id: 14887344535427807600, server_session_id: 0, packet_id: 2, user: None }, payload length 148 bytes, packet length 203 bytes
TRACE [43072:131681119897280] [shadowsocks_service::local::net::udp::association] udp relay 127.0.0.1:25098 -> <VPS IP>:60207 (proxied) with 148 bytes
TRACE [43072:131681119897280] [shadowsocks::relay::udprelay::aead] UDP packet generated aead salt b"\xd3\xdd\xfa\xff\xcc\xee$\x0c\x17v=\xfc\x15 \xf9\xf7\xa2\xa6\xaa\xab\xc7p\xf3\x7f4B!\xaa&vJ\x87"
我是否配置有错误或者可能存在什么问题?
答案1
如果有帮助的话,为了使 shadowsockets rust 作为穿过 wireguard 的隧道工作,我使用了 shadowsocks-rust 和 shadowsocks-libev 的混合,其中 shadowsocks-rust 是服务器,shadowsocks-libev 是客户端。
我的配置如下:
Shadowsocks-rust服务器端:
{
"server": "0.0.0.0",
"server_port": <server-port>,
"fast_open": true,
"password":"<your-password>",
"mode": "udp_only",
"method": "chacha20-ietf-poly1305",
"timeout": 300,
"udp_timeout": 300,
"udp_max_associations": 512
}
Shadowsocks-libev 客户端:
{
"server": "<server-ip>",
"mode":"udp_only",
"server_port":<server-port>,
"local_port":1080,
"password":"<your-password>",
"timeout":300,
"method":"chacha20-ietf-poly1305",
"tunnel_address": "127.0.0.1:<wireguard-port>"
}
Wireguard 客户端:
[Interface]
Address = 10.7.0.4/24
PrivateKey = <your-private-key>
MTU = 1353 #important to make shadowsocks work
PostUp = /etc/wireguard/wireguard_up.sh
PostDown = /etc/wireguard/wireguard_down.sh
[Peer]
PublicKey = <your-public-key>
PresharedKey = <your-preshared-key
AllowedIPs = 0.0.0.0/0
Endpoint = 127.0.0.1:1080 #Endpoint Shadowsocks
PersistentKeepalive = 25
在 PostUp / PostDown 中我添加了到服务器的路由如下:
route add -net <your-server-ip> netmask 255.255.255.255 gw <your-local-default-gateway>
我希望它有帮助。
编辑:您遵循的指南将 100% 有效,因为我遵循该指南第一次就让 shadowsock-libev 工作。该指南唯一缺少的是您必须添加MTU =1353
到 wireguard 客户端。
使用 rust 和 libev 的混合优势在于性能。我不知道为什么,但 rust 服务器端的性能比 libev 更好。