search

ihciah / shadow-tls

A proxy to expose real tls handshake to the firewall
https://www.ihcblog.com/a-better-tls-obfs-proxy/
MIT License
2.3k stars 265 forks source link

suggest modifying memlock unlimited #37

Open wangliangliang2 opened 1 year ago

wangliangliang2 commented 1 year ago

link

To modify this limit globally, you can modify the /etc/security/limits.conf file and add two lines:
* hard memlock unlimited
* soft memlock unlimited

origin method don't work on debian 11 and this work on debian 11 echo "DefaultLimitMEMLOCK=infinity" >> /etc/systemd/system.conf && reboot

another thing:
can shadow-tls relay client's udp data to backend which is shadowsocks?

ihciah commented 1 year ago

Thanks for report! It seems you modify the ulimit in another way.

No. ShadowTLS is only a tcp wrapper. And shadowsocks will relay udp traffic with tcp stream. So if you want to relay udp directly with ShadowTLS, it will not work. But if you carry udp packet with shadowsocks, and wrap shadowsocks with ShadowTLS, it works.