semigodking/redsocks2

最新推荐文章于 2024-04-08 09:40:00 发布
最新推荐文章于 2024-04-08 09:40:00 发布
阅读量861 收藏
点赞数
分类专栏: 开源
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zyb418/article/details/84677119
版权

https://github.com/semigodking/redsocks

REDSOCKS2

This is a modified version of original redsocks. The name is changed to REDSOCKS2 to distinguish with original redsocks. REDSOCKS2 contains several new features besides many bug fixes to original redsocks.

  1. Redirect TCP connections which are blocked via proxy automatically without need of blacklist.
  2. Redirect UDP based DNS requests via TCP connection.
  3. Integrated shadowsocks proxy support(IPv4 Only).
  4. Redirect TCP connections without proxy.
  5. Redirect TCP connections via specified network interface.
  6. UDP transparent proxy via shadowsocks proxy.
  7. Support Ful-cone NAT Traversal when working with shadowsocks or socks5 proxy.
  8. Integrated HTTPS proxy support(HTTP CONNECT over SSL).
  9. Support TCP Fast Open on local server side and shadowsocks client side 10.Support port reuse (SO_REUSEPORT)

Chinese Reference

HOW TO BUILD

Prerequisites

The following libraries are required.

  • libevent2
  • OpenSSL or PolarSSL

Steps

On general Linux, simply run command below to build with OpenSSL.

$ make

To compile with PolarSSL

$ make USE_CRYPTO_POLARSSL=true

To compile static binaries (with Tomatoware)

$ make ENABLE_STATIC=true

By default, HTTPS proxy support is disabled. To enable this feature, you need to compile like (Require libevent2 compiled with OpenSSL support):

$ make ENABLE_HTTPS_PROXY=true

To compile on newer systems with OpenSSL 1.1.0 and newer (disables shadowsocks support):

$ git apply patches/disable-ss.patch
$ make

Since this variant of redsocks is customized for running with Openwrt, please read documents here (http://wiki.openwrt.org/doc/devel/crosscompile) for how to cross compile.

MacOS

To build on a MacOS system, you will have to install OpenSSL headers and libevent2 For this, brew is your best friends

$ brew install openssl libevent

Makefile include the folder of openssl headers and lib installed by brew.

To build with PF and run on MacOS, you will need some pf headers that are not included with a standard MacOS installation. You can find them on this repository : https://github.com/opensource-apple/xnu And the Makefile will going find this file for you

Configurations

Please see 'redsocks.conf.example' for whole picture of configuration file. Below are additional sample configuration sections for different usage. Operations required to iptables are not listed here.

Redirect Blocked Traffic via Proxy Automatically

To use the autoproxy feature, please change the redsocks section in configuration file like this:

redsocks {
 local_ip = 192.168.1.1;
 local_port = 1081;
 ip = 192.168.1.1;
 port = 9050;
 type = socks5; // I use socks5 proxy for GFW'ed IP
 autoproxy = 1; // I want autoproxy feature enabled on this section.
 // timeout is meaningful when 'autoproxy' is non-zero.
 // It specified timeout value when trying to connect to destination
 // directly. Default is 10 seconds. When it is set to 0, default
 // timeout value will be used.
 // NOTE: decreasing the timeout value may lead increase of chance for
 // normal IP to be misjudged.
 timeout = 13;
 //type = http-connect;
 //login = username;
 //password = passwd;
}

Redirect Blocked Traffic via VPN Automatically

Suppose you have VPN connection setup with interface tun0. You want all all blocked traffic pass through via VPN connection while normal traffic pass through via default internet connection.

redsocks {
	local_ip = 192.168.1.1;
	local_port = 1080;
	interface = tun0; // Outgoing interface for blocked traffic
	type = direct;
	timeout = 13;
	autoproxy = 1;
}

Redirect Blocked Traffic via shadowsocks proxy

Similar like other redsocks section. The encryption method is specified by field 'login'.

redsocks {
	local_ip = 192.168.1.1;
	local_port = 1080;
	type = shadowsocks;
 	ip = 192.168.1.1;
	port = 8388;
	timeout = 13;
	autoproxy = 1;
	login = "aes-128-cfb"; // field 'login' is reused as encryption
						   // method of shadowsocks
	password = "your password"; // Your shadowsocks password
}

redudp {
	local_ip = 127.0.0.1;
	local_port = 1053;
	ip = your.ss-server.com;
	port = 443;
	type = shadowsocks;
	login = rc4-md5;
	password = "ss server password";
	dest_ip = 8.8.8.8;
	dest_port = 53;
	udp_timeout = 3;
}

List of supported encryption methods(Compiled with OpenSSL):

table
rc4
rc4-md5
aes-128-cfb
aes-192-cfb
aes-256-cfb
bf-cfb
camellia-128-cfb
camellia-192-cfb
camellia-256-cfb
cast5-cfb
des-cfb
idea-cfb
rc2-cfb
seed-cfb

List of supported encryption methods(Compiled with PolarSSL):

table
ARC4-128
AES-128-CFB128
AES-192-CFB128
AES-256-CFB128
BLOWFISH-CFB64
CAMELLIA-128-CFB128
CAMELLIA-192-CFB128
CAMELLIA-256-CFB128

Work with GoAgent

To make redsocks2 works with GoAgent proxy, you need to set proxy type as 'http-relay' for HTTP protocol and 'http-connect' for HTTPS protocol
respectively. Suppose your goagent local proxy is running at the same server as redsocks2, The configuration for forwarding connections to GoAgent is like below:

redsocks {
 local_ip = 192.168.1.1;
 local_port = 1081; //HTTP should be redirect to this port.
 ip = 192.168.1.1;
 port = 8080;
 type = http-relay; // Must be 'htt-relay' for HTTP traffic.
 autoproxy = 1; // I want autoproxy feature enabled on this section.
 // timeout is meaningful when 'autoproxy' is non-zero.
 // It specified timeout value when trying to connect to destination
 // directly. Default is 10 seconds. When it is set to 0, default
 // timeout value will be used.
 timeout = 13;
}
redsocks {
 local_ip = 192.168.1.1;
 local_port = 1082; // HTTPS should be redirect to this port.
 ip = 192.168.1.1;
 port = 8080;
 type = http-connect; // Must be 'htt-connect' for HTTPS traffic.
 autoproxy = 1; // I want autoproxy feature enabled on this section.
 // timeout is meaningful when 'autoproxy' is non-zero.
 // It specified timeout value when trying to connect to destination
 // directly. Default is 10 seconds. When it is set to 0, default
 // timeout value will be used.
 timeout = 13;
}

Redirect UDP based DNS Request via TCP connection

Sending DNS request via TCP connection is one way to prevent from DNS poisoning. You can redirect all UDP based DNS requests via TCP connection with the following config section.

tcpdns {
	// Transform UDP DNS requests into TCP DNS requests.
	// You can also redirect connections to external TCP DNS server to
	// REDSOCKS transparent proxy via iptables.
	local_ip = 192.168.1.1; // Local server to act as DNS server
	local_port = 1053;      // UDP port to receive UDP DNS requests
	tcpdns1 = 8.8.4.4;      // DNS server that supports TCP DNS requests
	tcpdns2 = 8.8.8.8;      // DNS server that supports TCP DNS requests
	timeout = 4;            // Timeout value for TCP DNS requests
}

Then, you can either redirect all your DNS requests to the local IP:port configured above by iptables, or just change your system default DNS upstream server as the local IP:port configured above.

 

zyb418
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
Ubuntu编译运行Redsocks2实现透明代理
lvshaorong的博客
10-26 1万+
redsocks1有bug,不能关闭已建立的连接,一旦超越linux的最大限制,就会报“Too many open files”异常,导致服务瘫痪,需要每隔一段时间进行重启 在我的使用还发现redsocks1经常会让NetworkManager对无线网卡的管理崩溃,导致搜索不到wifi信号,需要经常重启NetworkManager 目前国内带有代理功能的Openwrt路由器普遍使用redsocks2,而且redsocks2更新很频繁,经常会有bug修复和新功能出现,所以最好的方式是我们自己去编译github
Iptables+Tproxy+RedSocks2的udp转发相关
TANG_XIAO_BIN的专栏
01-27 2860
Iptables Tproxy RedSocks2
openwrt-redsocks2:适用于OpenWrt的RedSocks2
05-24
RedSocks2 for OpenWrt 简介 本项目是 在 OpenWrt 上的移植 当前版本: 0.60-2 编译 从 OpenWrt 的 编译 # 以 ar71xx 平台为例 tar xjf OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-0.9.33.2.tar.bz2 cd OpenWrt-SDK-ar71xx-* # 获取 Makefile git clone https://github.com/aa65535/openwrt-redsocks2.git package/redsocks2 # 选择要编译的包 Network -> redsocks2 make menuconfig # 开始编译 make package/redsocks2/compile V=99 Name Description C
Openwrt版HAProxy Redsocks2及依赖包 for WNDR4300 OP CC 15.05.1
11-05
Openwrt版HAProxy及依赖包用于WNDR4300 OP CC 15.05.1 HAProxy版本1.5.15-patch13 2015/11/01 依赖包:libltdl 2.4 Redsocks2 依赖包 libevent2
redsocks2 自动代理设置
weixin_33918357的博客
06-09 500
redsock2 可以把一些不支持透明代理的代理服务器重定向一下,这样可以实现透明代理了redsock2安装很简单直接make就可以了,ubuntu需要apt-getintslllibevent-2.0-5libssl-dev安装完成后,直接把 redsocks2 复制到相关目录即可。我这用它做网关, 然后测试了一下,http 和 https 不能一起走,要分开red...
Openwrt版HAProxy Redsocks2及依赖包for ar71xx
11-05
Openwrt版HAProxy及依赖包用于WNDR4300 OP CC 15.05.1 HAProxy版本1.5.15-patch13 2015/11/01 依赖包:libltdl 2.4 Redsocks2 0.65 和luci界面 依赖包 libevent2
(转)redsocks2 自动代理设置
zyb418的专栏
12-01 3945
https://cloud.tencent.com/info/497d16afc72e0416ec60f377fd7fa246.html redsock2 可以把一些不支持透明代理的代理服务器重定向一下,这样可以实现透明代理了 redsock2安装很简单直接make就可以了, ubuntu需要  apt-get intsll libevent-2.0-5 libssl-dev 安装完成...
HAProxy+Redsocks2+luci及依赖包 ar71xx CC 15.05.1
11-14
用于WNDR4300的Redsocks2可执行文件(2016.11编译)和luci界面安装包,HAProxy用于负载均衡的安装包及其依赖包
redsocks:透明的TCP到代理重定向器
04-27
redsocks –透明的TCP到代理重定向器 使用此工具,您可以使用防火墙将任何TCP连接重定向到SOCKS或HTTPS代理,因此重定向可以是系统范围的或网络范围的。 红袜子什么时候有用? 您想使用防火墙策略通过OpenSSH DynamicForward Socks5端口路由部分TCP流量。 那是最初的redsocks开发目标; 您使用DVB ISP,并且此ISP通过一些特殊的守护程序提供Internet连接,该守护程序也称为“ Internet加速器”,并且该加速器充当代理并且没有“透明代理”功能,因此您需要它。 是类似加速器的示例,但是Globax 5具有透明的代理功能。 那是redsocks的第二个发展目标。 由于公司网络的限制,您必须通过代理传递流量。 对于Redsock来说,这从来都不是一个目标,但是用户已经报告了某些代理配置的成功。 什么时候redsocks可能是
redsocks实现透明的socks重定向(开源代码)
03-15
redsocks是一个开源的网络程序,允许你将所有TCP连接重定向到SOCKS货HTTPS代理,代码依赖开源的libevent网络库。 使用环境:Linux/iptables, OpenBSD/pf 和 FreeBSD/ipfw
(转)redsocks 配合iptables设置全局sockts5代理
zyb418的专栏
12-01 7304
架构图: 第一步,安装redsocks 1. 安装依赖 yum install libevent-devel 2. 下载编译 git clone https://github.com/darkk/redsocks cd redsocks make 3. 配置  将redsocks源码目录下的redsocks.conf.example复制为redsocks.conf,编辑red...
探秘 IntelliQ-Redsocks:一个智能代理转发工具
最新发布
gitblog_00015的博客
04-08 727
探秘 IntelliQ-Redsocks:一个智能代理转发工具 项目地址:https://gitcode.com/liuwenru/intelliq-redsocks 在数字世界中,安全和隐私日益成为我们关注的重点,而IntelliQ-Redsocks(GitHub 链接)正是这样一个致力于提供高效、智能代理服务的开源项目。本文将深入解析该项目的技术特性、应用场景和优势,以期让更多开发者和网络安全...
redsocks 透明代理
Terry Tsang
05-06 4372
整体架构 #mermaid-svg-xy325sXVcuv38Dbv .label{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);fill:#333;color:#333}#mermaid-svg-xy325sXVcuv38Dbv .label text{fill:#333}#mermaid-svg-xy325sXVcuv38Dbv .node rect,#mermaid-svg-xy325
Linux下redsocks流量转发结合iptables流量透传出现 socket: Too many open files 和 connect: Bad file descriptor
代码讲故事
10-09 333
Linux下redsocks流量转发结合iptables流量透传出现 socket: Too many open files 和 connect: Bad file descriptor。
redsocks 将socks代理装换成全局代理
zdy0_2004的专栏
09-15 9001
redsocks 将socks代理装换成全局代理 http://www.cnblogs.com/volqiu/p/4811402.html redsocks 需要手动下载编译。前置需求为libevent组件,当然gcc什么的肯定是必须的。 获取源码 git clone https://github.com/darkk/redsocks 安装 libevent 组件 ce
redsocks+iptables+socks5服务商
witto_sdy的专栏
10-21 3141
前言 为了防止代收邮件服务被加入邮件服务商的黑名单,而导致代收失败,将代收服务不定时的更换ip出口。 代理厂商 要想实现多Ip出口,只能购买代理厂商的资源。其中又分为国内厂商与国外厂商。国外厂商支持的协议多,但延迟普遍较大,且容易被GFW封禁,所以不在此次考虑范围内。国内的厂商多而杂,下面将列出一些比较。 厂商 代理类型 每天去重代理数 官网 其他说明 蜻蜓代理 HTTP/HTTPS >15w https://proxy.horocn.com/ 隧道代理方式没有并发数限制 芝麻代理
openwrt实现透明代理
lovelyh1001的博客
09-07 5913
1.安装软件 我的是newifi d2 openwrt官网的固件 redsocks libevent2 1.1.ssh登录路由器 opkg install libevent2-7_2.1.12-1_mipsel_24kc.ipk redsocks2_0.67-4_mipsel_24kc.ipk 1.2.在自定义目录添加redsocks的配置文件 源码教程地址注意一点,该教程里ip没有加引号,是需要加的! base { log_debug = off; log_info = on; dae
WIFI路由之神器openwrt
夏至海的博客
08-20 4193
openwrt路由器上的开源操作系统,我们可以对其进行定制,然后刷到路由器上。路由器性能可以,作为小型服务器no pro。 扩展功能丰富,代理,防火墙,网盘,内网穿透,wifi路由等等。 在此不做openwrt的编译叙述,有现成的固件可以下载。 1、安装好vmware openwrt之后, 2、添加两张网卡,一张nat(内网),一张bridge(外网) 3、启动虚拟...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值