Run socks inside Zerotier
prepare
c make tools
sudo apt install build-essential
3proxy build from source
git clone https://github.com/z3apa3a/3proxy
cd 3proxy
ln -s Makefile.Linux Makefile
make -s
sudo make -s install
zerotier install from official bash script
curl -s https://install.zerotier.com | sudo bash
/var/lib/zerotier-one
/var/lib/zerotier-one/zerotier-one.te
/var/lib/zerotier-one/zerotier-idtool
/var/lib/zerotier-one/zerotier-one.port
/var/lib/zerotier-one/zerotier-one
/var/lib/zerotier-one/zerotier-cli
run
zerotier-cli join XXXXX
/usr/local/3proxy/conf/3proxy.cfg
nscache 65536
nserver 8.8.8.8
nserver 8.8.4.4
config /conf/3proxy.cfg
monitor /conf/3proxy.cfg
log /logs/3proxy-%y%m%d.log D
rotate 60
counter /count/3proxy.3cf
users $/conf/passwd
include /conf/counters
include /conf/bandlimiters
auth strong
deny * * 127.0.0.1
allow * 192.168.195.0/24
proxy -p3011
auth iponly strong
flush
deny * * 127.0.0.1
allow * 192.168.195.68,192.168.195.125,192.168.195.136
allow lgh,rgl
socks -p3010
# allow admin
# admin -p8080
sudo service 3proxy restart
UDP speeder for socks (KCP, alternative)
download kcp binary for linux:
wget https://github.com/xtaci/kcptun/releases/download/v20210922/kcptun-linux-amd64-20210922.tar.gz
tar -zxvf kcpXXX
vi run_server.sh :
/root/server_linux_amd64 -t "192.168.195.181:3010" -l ":3014" -mode fast -nocomp --crypt none --quiet
Client run_client.sh :
client_windows_amd64.exe -r "192.168.195.181:3014" -l ":3010" -mode fast -nocomp --crypt none -autoexpire 900
pause
vi /etc/rc.local
sleep 10 && nohup /root/run_server.sh >/dev/null &
/root may changes to /home/oneusername
optimizations
sudo apt-get remove ubuntu-release-upgrader-core
sudo apt autoremove
sudo apt clean
sudo apt clean cache
sudo dpkg-reconfigure unattended-upgrades
sudo apt remove unattended-upgrades
sudo kill xxx
sudo killall xxx
wget --no-check-certificate -O /opt/bbr.sh https://github.com/teddysun/across/raw/master/bbr.sh
chmod 755 /opt/bbr.sh
/opt/bbr.sh
chrome under socks5
https://www.chromium.org/developers/design-documents/network-stack/socks-proxy/
"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --proxy-server="socks5://192.168.195.181:3010" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE 192.168.195.181"
use zerotier as global traffic VPN
https://zerotier.atlassian.net/wiki/spaces/SD/pages/224395274/Route+between+ZeroTier+and+Physical+Networks
https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693
sudo vi /etc/sysctl.conf
find net.ipv4.ip_forward=1
sudo zerotier-cli listnetworks
PHY_IFACE=eth0; ZT_IFACE=ztXXXXXX
sudo iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
sudo iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT
on client gui, check allow global / default route option
end
Run kcp and 3proxy inside Zerotier.
Use zerotier to encrypt the whole data.
kcp make speed faster and transform 3proxy's TCP to UDP.
all kcp's data are inside Zerotier's SD-WAN
extra
we can use socks and Clash and Clash premium's TAP mode.
mixin yaml
mixin:
dns:
enable: true
enhanced-mode: redir-host
listen: :53
nameserver:
- https://rubyfish.cn/dns-query
- https://doh.dns.sb/dns-query
- https://dns.adguard.com/dns-query
- https://cdn-doh.ssnm.xyz/dns-query
- 119.29.29.29 #腾讯
- 223.5.5.5 #阿里
config yaml
# HTTP 代理端口
port: 7890
# SOCKS5 代理端口
socks-port: 7891
# Linux 和 macOS 的 redir 代理端口
redir-port: 7892
# 允许局域网的连接
allow-lan: true
# 规则模式:Rule(规则) / Global(全局代理)/ Direct(全局直连)
mode: rule
# 设置日志输出级别 (默认级别:silent,即不输出任何内容,以避免因日志内容过大而导致程序内存溢出)。
# 5 个级别:silent / info / warning / error / debug。级别越高日志输出量越大,越倾向于调试,若需要请自行开启。
log-level: silent
# Clash 的 RESTful API
external-controller: '0.0.0.0:9090'
# RESTful API 的口令
secret: ''
# 您可以将静态网页资源(如 clash-dashboard)放置在一个目录中,clash 将会服务于 `RESTful API/ui`
# 参数应填写配置目录的相对路径或绝对路径。
# external-ui: folder
proxies:
- name: local001
type: socks5
server: 127.0.0.1
port: 3010
udp: false
username: lgh
password: xxx
- name: http001
type: http
server: 192.168.195.94
port: 3011
username: lgh
password: xxx
Do not forget to enable TAP device option.
tap device: https://github.com/OpenVPN/tap-windows
clash link: https://github.com/Fndroid/clash_for_windows_pkg/releases
https://github.com/Dreamacro/clash/etc/rc.local 20220531_1157_09