Closed armantc closed 1 year ago
Certainly. If you want to proxy UDP, you should use hev-socks5-server on server side vps. BTW, the traffic in direct access is not encrypted or obfuscated.
It should be noted that if you use the global default route, you need to bypass the socks5 server address to avoid it going through the virtual tunnel:
ip route add SOCKS5-SERVER-IP dev INTERNET-IFACE metric 10
ip route add default dev tun0 metric 20
ip -6 route add default dev tun0 metric 20
Certainly. If you want to proxy UDP, you should use hev-socks5-server on server side vps. BTW, the traffic in direct access is not encrypted or obfuscated.
It should be noted that if you use the global default route, you need to bypass the socks5 server address to avoid it going through the virtual tunnel:
ip route add SOCKS5-SERVER-IP dev INTERNET-IFACE metric 10 ip route add default dev tun0 metric 20 ip -6 route add default dev tun0 metric 20
tnx for quick answer , for tap device to use tun0 as gateway what rule must add ? i want be like this : tap_se ==> tun0 ==> eth0
tap_se has subnet 192.168.0.21/24 with netmask 255.255.248.0 and brodcast 192.168.31.255 and ip of router 192.168.24.0
I need more info about your network topology.
ok this is ifconfig result of my vps server , just for security reason i change eth0 inet and broadcast and gateway,
softether vpnserver and local dhcp installed that accept clients connection through l2tp or openvpn , and get them ip on subnet of tap_se
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 45.159.50.149 netmask 255.255.255.0 broadcast 45.159.50.255
ether 00:16:3c:f4:70:d4 txqueuelen 1000 (Ethernet)
RX packets 1788 bytes 185961 (185.9 KB)
RX errors 0 dropped 24 overruns 0 frame 0
TX packets 285 bytes 35281 (35.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 409 bytes 66498 (66.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 409 bytes 66498 (66.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap_se: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.24.0 netmask 255.255.248.0 broadcast 192.168.31.255
ether 5e:90:71:5b:d7:06 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
this is ip route result :
default via 45.159.113.254 dev eth0
45.159.50.0/24 dev eth0 proto kernel scope link src 45.159.50.149
192.168.24.0/21 dev tap_se proto kernel scope link src 192.168.24.0
and for client to have internet access have following iptables rule
iptables -t nat -A POSTROUTING -s 192.168.24.0/21 -o eth0 -j MASQUERADE
and now i want to socksify outgoin traffic of client through socks server
Run hev-socks5-server directly on vpsserver, and hev-socks5-tunnel on another without softether, if encryption is not required. (or use a tcp stream wrapper to encrypt socks5 traffic between server and client. e.g. ssh port forwarding?)
vps server:
hev-socks5-server conf.yml # default config
another host:
hev-socks5-tunnel conf.yml # socks5 sever point to vpsservet
ip route add vpsserver dev eth0
ip route default dev tun0
当然。如果你想代理 UDP,你应该在服务器端 vps 上使用hev-socks5-server。顺便说一句,直接访问中的流量未加密或混淆。
需要注意的是,如果使用全局默认路由,需要绕过socks5服务器地址,避免走虚拟隧道:
ip route add SOCKS5-SERVER-IP dev INTERNET-IFACE metric 10 ip route add default dev tun0 metric 20 ip -6 route add default dev tun0 metric 20
Is there a plan to develop the original udp proxy? If not,lay4 VPN like v2ray xray is not easy to use hev-socks5-tunnel
Is there a plan to develop the original udp proxy? If not,lay4 VPN like v2ray xray is not easy to use hev-socks5-tunnel
Adding UDP associate support is done: https://github.com/heiher/hev-socks5-tunnel/commit/f5311b06fcce4d5255d1feea52c3ba3a7de756c9
socks5:
# Socks5 UDP relay mode (tcp|udp)
udp: 'udp'
Please let me know if you have any other questions.
#!/bin/sh
/usr/bin/hev-socks5-tunnel /usr/bin/hevsocksconfig.yaml \
& ifconfig eth0:0 192.168.70.2 netmask 255.255.255.0
ip rule add pref 300 from 192.168.70.0/24 table tun2socks
iptables -A FORWARD -i eth0:0 -s 192.168.70.0/24 -j ACCEPT
iptables -A FORWARD -i tun0 -d 192.168.70.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.70.0/24 -o tun0 -j MASQUERADE
ip route flush table tun2socks
ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table tun2socks $ROUTE; done
ip route add default via 10.0.0.1 dev tun0 table tun2socks
ip route flush cache
/usr/local/bin/xray run /usr/local/bin/config.json
Someday someone might find this script useful for NATing a local network traffic to Hev tun0 and then pass it by the tun2socks to a Xray or V2ray or V2fly client connection over socks... (PAY ATTENTION TO THE "pref 300" AS IT IS CRITICALLY IMPORTANT)
I had limited Kernel Modules and was not able to utilize Tmark Iptables modules. So had to use a tun2socks adapter and do an old fashion typical nat.
Works fine with latest Hev build.
speedtest -I tun0
Speedtest by Ookla
Server: KPN - Amsterdam (id: 26996)
Idle Latency: 96.52 ms (jitter: 1.17ms, low: 95.34ms, high: 97.32ms)
Download: 452.90 Mbps (data used: 584.0 MB)
290.17 ms (jitter: 69.22ms, low: 95.39ms, high: 458.78ms)
Upload: 378.08 Mbps (data used: 535.0 MB)
121.87 ms (jitter: 8.42ms, low: 102.21ms, high: 162.63ms)
Packet Loss: 0.0%
In my vps server , i install softether vpn server that use tap devie with 192.168.24.0/21 subnet . Traffic of this devoce go throuh gateway if eth0 ip. With some iptables trick can forward tcp to local go simple tunnel and use tls tunnel to coonect to socks server on another vps . Beacuse of many restriction on internet in our country . But mg problem is with udp traffic . How i can forward udp this way . I was test tun2soxks but i cant got it working beacuse when change metrics with way say in exampl , i lost connection to device . Can i do it with hev ?