科学上网,理性爱国

最近因为国庆的原因,shadowsocks一直被封,而且就算换了ip地址也会在短短20分钟就会被封禁。所以为了科学上网,只能找出新的方式,也就是v2ray了。

关于v2ray:

直接搬一下官网的介绍吧:
V2Ray 是 Project V 下的一个工具。Project V 是一个包含一系列构建特定网络环境工具的项目,而 V2Ray 属于最核心的一个。 官方中介绍Project V 提供了单一的内核和多种界面操作方式。内核(V2Ray)用于实际的网络交互、路由等针对网络数据的处理,而外围的用户界面程序提供了方便直接的操作流程。不过从时间上来说,先有 V2Ray 才有 Project V。 如果还是不理解,那么简单地说,V2Ray 是一个与 Shadowsocks 类似的代理软件,可以用来科学上网(翻墙)学习国外先进科学技术。 社区readme
官网readme

安装:

安装方式比较简单,直接按照官网的不同os的安装方式就行。需要注意的是,v2ray的服务端和shadowsocks一样,服务端和客户端其实是同样的程序,所以你只需要在两边都同样的安装就可以,我这边的vps是ubuntu,所以就按照ubuntu的方式进行安装,其他方式可以参考官方安装指南

bash <(curl -L -s https://install.direct/go.sh)

这个时候你需要知道你的文件所在的位置:

/usr/bin/v2ray/v2ray:V2Ray 程序;
/usr/bin/v2ray/v2ctl:V2Ray 工具;
/etc/v2ray/config.json:配置文件;
/usr/bin/v2ray/geoip.dat:IP 数据文件
/usr/bin/v2ray/geosite.dat:域名数据文件

配置服务端:

服务端的配置文件在/etc/v2ray/config.json中

{
  "inbounds": [{
    "port": 12345,//1
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "5b6073e8-70b4-4cf7-b9ef-60fcff8d4489",//2
          "alterId": 64//3
        }
      ]
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}

服务端的配置是注意1,2,3这三个地方是需要配置的,默认uuid应该是配置好了的,在你安装的时候,然后选择一个自己喜欢的端口进行监听就行。
启动服务

service v2ray start

这样你的vps就已经在开始监听1处的端口,收到网络请求就会走v2ray相关的逻辑了。

客户端配置:

因为我本身客户端是mac的,所以就说一下mac客户端的配置吧,其他的基本同理,只需要记住对应的端口和uuid。
mac和window是有压缩包的,在下载完压缩包后解压缩出来就可以看到同样的config.json

// Config file of V2Ray. This file follows standard JSON format, with comments support.
// Uncomment entries below to satisfy your needs. Also read our manual for more detail at
// https://www.v2ray.com/
{
  "log": {
    // By default, V2Ray writes access log to stdout.
    // "access": "/path/to/access/log/file",

    // By default, V2Ray write error log to stdout.
    // "error": "/path/to/error/log/file",

    // Log level, one of "debug", "info", "warning", "error", "none"
    "loglevel": "warning"
  },
  // List of inbound proxy configurations.
  "inbounds": [{
    // Port to listen on. You may need root access if the value is less than 1024.
    "port": 1080,

    // IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces.
    "listen": "127.0.0.1",

    // Tag of the inbound proxy. May be used for routing.
    "tag": "socks-inbound",

    // Protocol name of inbound proxy.
    "protocol": "socks",

    // Settings of the protocol. Varies based on protocol.
    "settings": {
      "auth": "noauth",
      "udp": false,
      "ip": "127.0.0.1"
    },

    // Enable sniffing on TCP connection.
    "sniffing": {
      "enabled": true,
      // Target domain will be overriden to the one carried by the connection, if the connection is HTTP or HTTPS.
      "destOverride": ["http", "tls"]
    }
  }],
  // List of outbound proxy configurations.
  "outbounds": [{
    // Protocol name of the outbound proxy.
    "protocol": "vmess",

    // Settings of the protocol. Varies based on protocol.
    "settings": {
      "vnext": [
             {
	      "address": "35.201.180.24",
	      "port": 12345,
	      "users": [
	               {
	                "id": "5b6073e8-70b4-4cf7-b9ef-60fcff8d4489",
	        	"alterId": 64
	                }
		        ]
              }
	      ]
    },

    // Tag of the outbound. May be used for routing.
    "tag": "direct"
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],

  // Transport is for global transport settings. If you have multiple transports with same settings
  // (say mKCP), you may put it here, instead of in each individual inbound/outbounds.
  //"transport": {},

  // Routing controls how traffic from inbounds are sent to outbounds.
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules":[
      {
        // Blocks access to private IPs. Remove this if you want to access your router.
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      },
      {
        // Blocks major ads.
        "type": "field",
        "domain": ["geosite:category-ads"],
        "outboundTag": "blocked"
      }
    ]
  },

  // Dns settings for domain resolution.
  "dns": {
    // Static hosts, similar to hosts file.
    "hosts": {
      // Match v2ray.com to another domain on CloudFlare. This domain will be used when querying IPs for v2ray.com.
      "domain:v2ray.com": "www.vicemc.net",

      // The following settings help to eliminate DNS poisoning in mainland China.
      // It is safe to comment these out if this is not the case for you.
      "domain:github.io": "pages.github.com",
      "domain:wikipedia.org": "www.wikimedia.org",
      "domain:shadowsocks.org": "electronicsrealm.com"
    },
    "servers": [
      "1.1.1.1",
      {
        "address": "114.114.114.114",
        "port": 53,
        // List of domains that use this DNS first.
        "domains": [
          "geosite:cn"
        ]
      },
      "8.8.8.8",
      "localhost"
    ]
  },

  // Policy controls some internal behavior of how V2Ray handles connections.
  // It may be on connection level by user levels in 'levels', or global settings in 'system.'
  "policy": {
    // Connection policys by user levels
    "levels": {
      "0": {
        "uplinkOnly": 0,
        "downlinkOnly": 0
      }
    },
    "system": {
      "statsInboundUplink": false,
      "statsInboundDownlink": false
    }
  },

  // Stats enables internal stats counter.
  // This setting can be used together with Policy and Api. 
  //"stats":{},

  // Api enables gRPC APIs for external programs to communicate with V2Ray instance.
  //"api": {
    //"tag": "api",
    //"services": [
    //  "HandlerService",
    //  "LoggerService",
    //  "StatsService"
    //]
  //},

  // You may add other entries to the configuration, but they will not be recognized by V2Ray.
  "other": {}
}

哈哈,这次的客户端比较长,但是我们需要关注的也就是outbounds,因为我们是需要关注我们输出的位置。在outbounds中配置好对应的端口,还有对应的uuid,alertid。就算配置完成了。然后启动客户端。

./v2ray

好,应该已经能够完成连接了。当你开心的去拿上梯子去翻的时候,却发现还是没有办法上网,这是为什么原因呢。
这是因为当前的客户端只监听了inbound端口,然后从outbound端口出。那么你当前的http请求都是走的80端口,当然就不会从v2ray经过了。所以还需要将当前的所有网络连接都重新定向到设定的端口,默认也就是1080端口。
这个地方修改的方式就很多了,我这里采用的chrome+switchomega,将当前浏览器的所有连接都走本地的127.0.0.1:1080端口。
这样其实原理也就很清楚了:
1.本地的网络连接走127.0.0.1:1080端口,经过v2ray的inbounds监听,于是会连接到服务的对端,也就是outbounds
2.服务端监听的inbound端口收到客户端发来的请求,发现outbounds就是freedom,于是就自由连接,再将结果返回客户端
3.这样就完成了一整个的代理