Shadowsocks同端口伪装

Shadowsocks的新版支持使用obfs伪装流量,在standalone模式下更可以做到同端口浏览器访问时为普通网站,而用SS连接时则为代理。网上没有一个比较完整的教程,最近尝试了一下,记录下来。

Debian 9下从backports安装shadowsocks-libev和simple-obfs,目前的版本分别是是3.0.7和0.0.3:

apt-get -t stretch-backports install shadowsocks-libev simple-obfs

首先假设已经有一个web server在本地,端口8443(使用TLS)。这个web server的端口没有必要对外开放。配置很简单,用nginx或者apache都可以。接下来配置Shadowsocks,以下是config.json:

{
	"server":"127.0.0.1",
	"server_port":8388,
	"local_port":1080,
	"password":"yourpassword",
	"timeout":60,
	"method":"chacha20-ietf-poly1305",
	"reuse_port":true,
	"fast_open":true,
}

Shadowsocks只需要监听从本地来的连接,也就是obfs-server传过来的traffic。simple-obfs的安装包并没有带配置文件(哪怕是模板)和启动脚本,所以这两个都得自己写。

配置文件:

{
	"server":"your_server_ip",
	"server_port":443,
	"dst_addr":"127.0.0.1:8388",
	"timeout":60,
	"obfs":"tls",
	"failover":"127.0.0.1:8443",
	"reuse_port":true,
	"fast_open":true,
}

server放ss server对外的ip,端口为443(伪装成一个HTTPS的网站)。dst_addr是转发ss流量的地址,因为ss在本机所以是127.0.0.1:8388。failover是web server的地址,之前web server的地址就是127.0.0.1:8443,照写。

配置文件放在/etc/shadowsocks-libev/obfs-server.json。然后拷贝一份/etc/default/shadowsocks-libev/etc/default/obfs-server,修改内容为:

# Defaults for obfs-server initscript
# sourced by /etc/init.d/obfs-server
# installed at /etc/default/obfs-server by the maintainer scripts

#
# This is a POSIX shell fragment
#
# Note: `START', `GROUP' and `MAXFD' options are not recognized by systemd.
# Please change those settings in the corresponding systemd unit file.

# Enable during startup?
START=yes

# Configuration file
CONFFILE="/etc/shadowsocks-libev/obfs-server.json"

# Extra command line arguments
DAEMON_ARGS=""

# User and group to run the server as
USER=nobody
GROUP=nogroup

# Number of maximum file descriptors
MAXFD=32768

里面conffile的路径为之前obfs-server的配置文件的路径。接下来是启动脚本,直接用shadowsocks-libev的systemd脚本修改:

# This file is part of obfs-server.
#
# obfs-server is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This file is default for Debian packaging. See also
# /etc/default/obfs-server for environment variables.

[Unit]
Description=obfs-server Default Server Service
Documentation=man:obfs-server(8)
After=network.target

[Service]
Type=simple
EnvironmentFile=/etc/default/obfs-server
User=nobody
Group=nogroup
LimitNOFILE=32768
ExecStart=/usr/bin/obfs-server -c $CONFFILE $DAEMON_ARGS

[Install]
WantedBy=multi-user.target

最后systemctl enable obfs-server shadowsocks-libev && systemctl start obfs-server shadowsocks-libev,这样服务器端的配置就完成了。

客户端配置。客户端可以自己编译,或者从https://github.com/Suwmlee/simple-obfs/releases下载编译好的cygwin的版本。写一个obfs的客户端的配置文件:

{
	"server":"your_server_ip",
	"server_port":443,
	"local_port":1984,
	"timeout":60,
	"obfs":"tls",
}

obfs-local.exe -c config.json启动。ss win客户端设置服务器为127.0.0.1,端口为local_port设置的端口,比如1984。密码和加密方式按ss的配置设置,这样就可以了。

这样用浏览器打开ss服务器只会看到web server提供的内容,然而用ss连接就是代理,成功实现同端口共用。

猜您还喜欢

Build a 5G modem for backup uplink

I got a pretty inexpensive cellular data plan last year, that has unlimited data, along with a crappy tablet. No, I don’t name names, but if you do care abou...