虚拟专用服务器

虚拟专用服务器

我想通过 Shadowsocks 设置 Wireguard 混淆,因为我所在国家/地区的 ISP 开始阻止 Wireguard 和 OpenVPN 与外国服务器的连接,导致 WG 停止工作。

我尝试按照以下方法进行设置指南,但它对我不起作用,可能是因为作者使用了未维护的-libev版本,我正在使用-锈版本,所以也许我在修改它的配置时存在错误。

这是我的配置

虚拟专用服务器

Wireguard

[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = 60207
PrivateKey = <key>
PostUp = iptables -I INPUT -p udp --dport 60207 -j ACCEPT
PostUp = iptables -I FORWARD -i eth0 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -I FORWARD -i wg0 -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D INPUT -p udp --dport 60207 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <key>
PresharedKey = <key>
AllowedIPs = 10.66.66.66/32,fd42:42:42::66/128

影子袜子

{
    "servers": [
        {
            "server":"0.0.0.0",
            "server_port":8388,
            "password":<password>,
            "timeout":300,
            "method":"chacha20-ietf-poly1305",
            "mode": "tcp_and_udp"
        }
    ]
}

日志

当我在本地机器上启用 Wireguard 时,我可以在本地看到流量日志(见下文),但在服务器端看不到任何内容。

INFO  [82651:139628357638784] [shadowsocks_service::server::tcprelay] shadowsocks tcp server listening on 0.0.0.0:8388, inbound address 0.0.0.0:8388
INFO  [82651:139628357638784] [shadowsocks_service::server::udprelay] shadowsocks udp server listening on 0.0.0.0:8388, inbound address 0.0.0.0:8388
TRACE [82651:139628357638784] [shadowsocks_service::server::udprelay] udp server starting extra 1 recv workers

当地的

Wireguard

[Interface]
PrivateKey = <key>
Address = 10.66.66.66/32,fd42:42:42::66/128
DNS = 10.66.66.10,1.1.1.1,1.0.0.1

[Peer]
PublicKey = <key>
PresharedKey = <key>
Endpoint = 127.0.0.1:1081
AllowedIPs = 0.0.0.0/0,::/0

影子袜子

{
    "servers": [
       {
            "server":<VPS IP>,
            "server_port":8388,
            "method":"chacha20-ietf-poly1305",
            "password":<password>,
            "timeout":300
       }
    ],
    "locals": [
        {
            "protocol": "tunnel",
            "local_address": "127.0.0.1",
            "local_port":1081,
            "mode":"udp_only",
            "forward_address":<VPS IP>,
            "forward_port":60207
        },
        {
            "local_address": "127.0.0.1",
            "local_port":1080
        }
    ]
}

(不使用 Wireguard 时,默认通过 1080 端口的代理连接也可以)

日志

当我在本地机器上启用 Wireguard 时,有一些流量在进行,但我无法访问任何外部网站或 Wireguard 网络内的地址。

TRACE [43072:131681119897280] [shadowsocks_service::local::net::udp::association] udp relay 127.0.0.1:25098 -> <VPS IP>:60207 (proxied) with 148 bytes
TRACE [43072:131681119897280] [shadowsocks::relay::udprelay::aead] UDP packet generated aead salt b"\x82\xa4\xc0\x8b\xc6\xb1|}^\x1ds\xb0\xd5K\x17C\x17\xa2\xcdoz^\xd9\xc0g\xb0\xe7\x9a\x07\x9abB"
TRACE [43072:131681119897280] [shadowsocks::relay::udprelay::proxy_socket] UDP server client send to <VPS IP>:60207, control: UdpSocketControlData { client_session_id: 14887344535427807600, server_session_id: 0, packet_id: 2, user: None }, payload length 148 bytes, packet length 203 bytes
TRACE [43072:131681119897280] [shadowsocks_service::local::net::udp::association] udp relay 127.0.0.1:25098 -> <VPS IP>:60207 (proxied) with 148 bytes
TRACE [43072:131681119897280] [shadowsocks::relay::udprelay::aead] UDP packet generated aead salt b"\xd3\xdd\xfa\xff\xcc\xee$\x0c\x17v=\xfc\x15 \xf9\xf7\xa2\xa6\xaa\xab\xc7p\xf3\x7f4B!\xaa&vJ\x87"

我是否配置有错误或者可能存在什么问题?

答案1

如果有帮助的话,为了使 shadowsockets rust 作为穿过 wireguard 的隧道工作,我使用了 shadowsocks-rust 和 shadowsocks-libev 的混合,其中 shadowsocks-rust 是服务器,shadowsocks-libev 是客户端。

我的配置如下:

Shadowsocks-rust服务器端:

{
"server": "0.0.0.0",
"server_port": <server-port>,
"fast_open": true,
"password":"<your-password>", 
"mode": "udp_only",
"method": "chacha20-ietf-poly1305",
"timeout": 300,
"udp_timeout": 300,
"udp_max_associations": 512

}

Shadowsocks-libev 客户端:

{
"server": "<server-ip>",
"mode":"udp_only",
"server_port":<server-port>,
"local_port":1080,
"password":"<your-password>",
"timeout":300,
"method":"chacha20-ietf-poly1305",
"tunnel_address": "127.0.0.1:<wireguard-port>"

}

Wireguard 客户端:

[Interface]
Address = 10.7.0.4/24
PrivateKey = <your-private-key>

MTU = 1353 #important to make shadowsocks work

PostUp = /etc/wireguard/wireguard_up.sh
PostDown = /etc/wireguard/wireguard_down.sh

[Peer]
PublicKey = <your-public-key>
PresharedKey = <your-preshared-key
AllowedIPs = 0.0.0.0/0
Endpoint = 127.0.0.1:1080 #Endpoint Shadowsocks
PersistentKeepalive = 25

在 PostUp / PostDown 中我添加了到服务器的路由如下:

route add -net <your-server-ip> netmask 255.255.255.255 gw <your-local-default-gateway>

我希望它有帮助。

编辑:您遵循的指南将 100% 有效,因为我遵循该指南第一次就让 shadowsock-libev 工作。该指南唯一缺少的是您必须添加MTU =1353到 wireguard 客户端。

使用 rust 和 libev 的混合优势在于性能。我不知道为什么,但 rust 服务器端的性能比 libev 更好。

相关内容