Last active
November 10, 2022 19:25
-
-
Save tossmilestone/b8ae168ae029e0a66da125b71979f5a2 to your computer and use it in GitHub Desktop.
V2ray transparent proxy for TCP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| install_v2ray(){ | |
| echo "Install v2ray..." | |
| if [[ ! -f /usr/bin/v2ray/v2ray ]] | |
| then | |
| curl -Ls https://install.direct/go.sh | bash | |
| fi | |
| mkdir -p /etc/v2ray | |
| cat > /etc/v2ray/config.json <<EOF | |
| { | |
| "log":{}, | |
| "dns": { | |
| "servers": ["8.8.8.8", "8.8.4.4", "localhost"] | |
| }, | |
| "stats":{}, | |
| "inbounds":[ | |
| { | |
| "port": 1088, | |
| "listen": "0.0.0.0", | |
| "protocol": "http", | |
| "settings": { | |
| "userLevel": 0, | |
| "auth": "noauth", | |
| "udp": false, | |
| "ip": "127.0.0.1" | |
| }, | |
| "streamSettings": { | |
| "sockopt": { | |
| "mark": 255 | |
| } | |
| } | |
| }, | |
| { | |
| "port": "1099", | |
| "listen": "0.0.0.0", | |
| "protocol": "dokodemo-door", | |
| "settings": { | |
| "userLevel": 0, | |
| "network": "tcp", | |
| "timeout": 30, | |
| "followRedirect": true | |
| }, | |
| "sniffing": { | |
| "enabled": true, | |
| "destOverride": ["http", "tls"] | |
| } | |
| } | |
| ], | |
| "outbounds":[ | |
| { | |
| "protocol":"vmess", | |
| "settings":{ | |
| "vnext":[ | |
| { | |
| "address":"<server>", | |
| "port": <port>, | |
| "users":[ | |
| { | |
| "id":"<uid>", | |
| "alterId": <alterId> | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| "tag":"default" | |
| }, | |
| { | |
| "tag":"direct", | |
| "protocol":"freedom", | |
| "settings":{}, | |
| "streamSettings": { | |
| "sockopt": { | |
| "mark": 255 | |
| } | |
| } | |
| } | |
| ], | |
| "routing":{ | |
| "domainStrategy": "IPIfNonMatch", | |
| "settings": { | |
| "rules": [ | |
| { | |
| "type": "field", | |
| "ip": ["geoip:private"], | |
| "outboundTag": "direct" | |
| }, | |
| { | |
| "type": "field", | |
| "ip": ["geoip:cn"], | |
| "outboundTag": "direct" | |
| }, | |
| { | |
| "type": "field", | |
| "domain": ["geosite:cn"], | |
| "outboundTag": "direct" | |
| } | |
| ] | |
| } | |
| }, | |
| "policy":{}, | |
| "reverse":{}, | |
| "transport":{} | |
| } | |
| EOF | |
| systemctl restart v2ray | |
| echo "Install v2ray OK." | |
| install_iptables | |
| echo "Test v2ray..." | |
| curl https://www.google.com | |
| } | |
| install_iptables() { | |
| echo "Install iptables" | |
| # TCP Redirect | |
| # Create new chain | |
| iptables -t nat -N V2RAY | |
| # Ignore your V2Ray outbound traffic | |
| # It's very IMPORTANT, just be careful. | |
| iptables -t nat -A V2RAY -p tcp -j RETURN -m mark --mark 0xff | |
| # Ignore LANs and any other addresses you'd like to bypass the proxy | |
| # See Wikipedia and RFC5735 for full list of reserved networks. | |
| iptables -t nat -A V2RAY -d 0.0.0.0/8 -j RETURN | |
| iptables -t nat -A V2RAY -d 10.0.0.0/8 -j RETURN | |
| iptables -t nat -A V2RAY -d 127.0.0.0/8 -j RETURN | |
| iptables -t nat -A V2RAY -d 169.254.0.0/16 -j RETURN | |
| iptables -t nat -A V2RAY -d 172.16.0.0/12 -j RETURN | |
| iptables -t nat -A V2RAY -d 192.168.0.0/16 -j RETURN | |
| iptables -t nat -A V2RAY -d 224.0.0.0/4 -j RETURN | |
| iptables -t nat -A V2RAY -d 172.18.0.0/16 -j RETURN | |
| iptables -t nat -A V2RAY -d 129.28.0.0/16 -j RETURN | |
| iptables -t nat -A V2RAY -d 183.60.0.0/16 -j RETURN | |
| iptables -t nat -A V2RAY -d 240.0.0.0/4 -j RETURN | |
| iptables -t nat -A V2RAY -d 8.8.8.8 -j RETURN | |
| iptables -t nat -A V2RAY -d <v2ray server address> -j RETURN | |
| # Anything else should be redirected to Dokodemo-door's local port | |
| iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 1099 | |
| # apply redirect for traffic forworded by this proxy | |
| iptables -t nat -A PREROUTING -p tcp -j V2RAY | |
| # apply redirect for proxy itself | |
| iptables -t nat -A OUTPUT -p tcp -j V2RAY | |
| # UDP Redirect | |
| #iptables -t mangle -N V2RAY | |
| #iptables -t mangle -A V2RAY -p udp -j RETURN -m mark --mark 0xff | |
| #iptables -t mangle -A V2RAY -p udp --dport 53 -j TPROXY --on-port 1099 --tproxy-mark 0x01/0x01 | |
| #iptables -t mangle -N V2RAY_MARK | |
| #iptables -t mangle -A V2RAY_MARK -p udp -j RETURN -m mark --mark 0xff | |
| #iptables -t mangle -A V2RAY_MARK -p udp --dport 53 -j MARK --set-mark 1 | |
| # add route for udp traffic | |
| #ip route add local default dev lo table 100 | |
| #ip rule add fwmark 1 lookup 100 | |
| # Apply the rules | |
| # apply udp tproxy for traffic forworded by this proxy | |
| # iptables -t mangle -A PREROUTING -j V2RAY | |
| # apply udp tproxy for proxy itself | |
| #iptables -t mangle -A OUTPUT -j V2RAY_MARK | |
| iptables -t nat -nvL | |
| } | |
| uninstall_iptables(){ | |
| iptables -t nat -D PREROUTING -p tcp -j V2RAY | |
| iptables -t nat -D OUTPUT -p tcp -j V2RAY | |
| iptables -t nat -F V2RAY | |
| iptables -t nat -X V2RAY | |
| } | |
| main() { | |
| local arglist=("$@") | |
| case "${arglist[0]}" in | |
| install) install_iptables;; | |
| remove) uninstall_iptables;; | |
| *) install_v2ray;; | |
| esac | |
| } | |
| main "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment