VTWORAY批量转socks5到PPTP(原创)
最近⼀个需求,需要装socks5协议转成PPTP来使⽤,本来考虑是使⽤tproxy的,但配起来没有那么顺畅(后来发现是socks5服务器没有搭好)最后⽤vtworay搭建成功,单进程可以转换多个,⽐tproxy多进程更⽅便
vtworay配置⽂件
// Config file of vtworay. This file follows standard JSON format, with comments support.
// Uncomment entries below to satisfy your needs. Also read our manual for more detail at
///
{
"log": {
// By default, vtworay writes access log to stdout.
"access": "/var/log/vtworay/access.log",
// By default, vtworay write error log to stdout.
// "error": "/var/log/vtworay/error.log",
// Log level, one of "debug", "info", "warning", "error", "none"
"loglevel": "warning"
},
// List of inbound proxy configurations.
"inbounds": [{
// Port to listen on. You may need root access if the value is less than 1024.
"port": 1080,
// IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces.
"listen": "127.0.0.1",
/
/ Tag of the inbound proxy. May be ud for routing.
"tag": "socks-inbound",
// Protocol name of inbound proxy.
"protocol": "socks",
// Settings of the protocol. Varies bad on protocol.
"ttings": {
"auth": "noauth",
"udp": fal,
"ip": "127.0.0.1"
},
// Enable sniffing on TCP connection.
"sniffing": {
"enabled": true,
// Target domain will be overriden to the one carried by the connection, if the connection is HTTP or HTTPS.
"destOverride": ["http", "tls"]
}
},{
"tag":"iptables",
"port": 8888, //透明代理开放的端⼝号
"protocol": "dokodemo-door",
"ttings": {
"followRedirect": true//这⾥要为true才能接受来⾃iptables的流量
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
}
],
// List of outbound proxy configurations.
"outbounds": [{
// Protocol name of the outbound proxy.
"protocol": "freedom",
/
/ Settings of the protocol. Varies bad on protocol.
"ttings": {},
// Tag of the outbound. May be ud for routing.
"tag": "direct"
},{
"protocol": "blackhole",
"ttings": {},
"tag": "blocked"
},{
"protocol":"socks",
"ttings":{
"rvers":[{
"address": "106.13.20.201",
"port": 1080
}]
},
"tag":"socksout"
}
],
// Transport is for global transport ttings. If you have multiple transports with same ttings
// (say mKCP), you may put it here, instead of in each individual inbound/outbounds.
//"transport": {},
/
/ Routing controls how traffic from inbounds are nt to outbounds.
"routing": {
"domainStrategy": "IPOnDemand",
"rules":[
{
// Blocks access to private IPs. Remove this if you want to access your router.
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
},
{
/
/ Blocks major ads.
"type": "field",
"domain": ["geosite:category-ads"],
"outboundTag": "blocked"
},
{
"type":"field",
// "inboundTag":"iptables",
"source":[
"10.10.10.1"
],
"outboundTag":"socksout"
},
{
"type":"field",
// "inboundTag":"iptables",
"source":[
"10.10.10.2"
],
"outboundTag":"direct"
}
]
},
// Dns ttings for domain resolution.
"dns": {
// Static hosts, similar to hosts file.
"hosts": {
// to another domain on CloudFlare. This domain will be ud when querying IPs
"": "",
// The following ttings help to eliminate DNS poisoning in mainland China.
// It is safe to comment the out if this is not the ca for you.
"domain:github.io": "",
"": "",
"domain:瞎逗": ""
},
"rvers": [
"1.1.1.1",
{
"address": "114.114.114.114",
"port": 53,
// List of domains that u this DNS first.
"domains": [
"geosite:cn"
]
},
"8.8.8.8",
"localhost"
]
},
// Policy controls some internal behavior of how vtworay handles connections.
// It may be on connection level by ur levels in 'levels', or global ttings in 'system.'
"policy": {
// Connection policys by ur levels
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0
}
},
"system": {
"statsInboundUplink": fal,
"statsInboundDownlink": fal,
"statsOutboundUplink": fal,
"statsOutboundDownlink": fal
}
},
/
/ Stats enables internal stats counter.
// This tting can be ud together with Policy and Api.
//"stats":{},
// Api enables gRPC APIs for external programs to communicate with vtworay instance.
//"api": {
//"tag": "api",
//"rvices": [
// "HandlerService",
// "LoggerService",
// "StatsService"
//]
/
/},
// You may add other entries to the configuration, but they will not be recognized by vtworay. "other": {}
}
iptables配置⽂件
# Generated by iptables-save v1.4.21 on Mon Dec 21 17:48:35 2020
*filter
:INPUT ACCEPT [1061:156114]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [780:202895]
COMMIT
# Completed on Mon Dec 21 17:48:35 2020
# Generated by iptables-save v1.4.21 on Mon Dec 21 17:48:35 2020
*nat
:PREROUTING ACCEPT [18:1251]
:INPUT ACCEPT [18:1251]
:OUTPUT ACCEPT [12:732]
:POSTROUTING ACCEPT [12:732]
:SSTCP - [0:0]
-A PREROUTING -p tcp -j SSTCP
-A SSTCP -d 0.0.0.0/8 -j RETURN
-A SSTCP -d 10.0.0.0/8 -j RETURN
-A SSTCP -d 127.0.0.0/8 -j RETURN
-
A SSTCP -d 169.254.0.0/16 -j RETURN
-A SSTCP -d 172.16.0.0/12 -j RETURN
-A SSTCP -d 192.168.0.0/16 -j RETURN
-A SSTCP -d 224.0.0.0/4 -j RETURN
-A SSTCP -d 240.0.0.0/4 -j RETURN
-A SSTCP -i ppp+ -p tcp -j REDIRECT --to-ports 8888
-A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Dec 21 17:48:35 2020
pptpd配置⽂件
############################################################################### # $Id: f,v 1.112011/05/1900:02:50 quozl Exp $
#
# Sample Poptop configuration file /f
#
# Changes are effective when pptpd is restarted.
############################################################################### # TAG: ppp
# Path to the pppd program, default'/usr/sbin/pppd' on Linux
#
#ppp /usr/sbin/pppd
# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in'/etc/ppp/options'
#
option /etc/ppp/options.pptpd
# TAG: debug
# Turns on (more) debugging to syslog
#
#debug
# TAG: stimeout
# Specifies timeout (in conds) on starting ctrl connection
#
# stimeout 10
# TAG: noipparam
# Suppress the passing of the client's IP address to PPP, which is
# done by default otherwi.
#
#noipparam
# TAG: logwtmp
# U wtmp(5) to record client connections and disconnections.
#
logwtmp
# TAG: vrf <vrfname>
# Switches PPTP & GRE sockets to the specified VRF, which must exist # Only available if VRF support was compiled into pptpd.
#
#vrf test
# TAG: bcrelay <if>
# Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1
# TAG: delegate
# Delegates the allocation of client IP address to pppd.
#
# Without this option, which is the default, pptpd manages the list of
# IP address for clients and pass the next free address to pppd.
# With this option, pptpd does not pass an address, and so pppd may u # radius or chap-crets to allocate an address.
#
#delegate
# TAG: connections
# Limits the number of client connections that may be accepted.
#
# If pptpd is allocating IP address (e.g. delegate is not
# ud) then the number of connections is also limited by the
# remoteip option. The default is100.
#connections 100
# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# The options are ignored if delegate option is t.
#
# Any address work as long as the local machine takes care of the
# routing. But if you want to u MS-Windows networking, you should
# u IP address out of the LAN address space and u the proxyarp # option in the pppd options file, or run bcrelay.
#
# You can specify single IP address perated by commas or you can # specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within address.
#
# 2. If you give more IP address than the value of connections,
# it will start at the beginning of the list and go until it
# gets connections IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be t to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
localip 10.10.10.254
remoteip 10.10.10.1-100
PPTP帐号密码
# Secrets for authentication using CHAP
# client rver cret IP address
u1 * p1 10.10.10.1
u2 * p2 10.10.10.2
对于 vtworay,使⽤routing字段,针对source ip地址和outboundTag进⾏路由实现公⽹SOCKS5出⼝对内⽹PPTP的IP 附vtworay的路由属性:
{
"type": "field",
"domain": [
"",
"qq.com",
"geosite:cn"
],
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"fc00::/7",
"fe80::/10",
"geoip:cn"
],
"port": "53,443,1000-2000",
"network": "tcp",
"source": [
"10.0.0.1"
]
,
"ur": [
""
],
"inboundTag": [
"tag-vmess"
],
"protocol":["http", "tls", "bittorrent"],
"attrs": "attrs[':method'] == 'GET'",
"outboundTag": "direct",
"balancerTag": "balancer"
}
