zonyitoo
commented
6 months ago I can’t get your point. Could you elaborate it more in detail?
Open vt-alt opened 6 months ago
zonyitoo
commented
6 months ago I can’t get your point. Could you elaborate it more in detail?
vt-alt
commented
6 months ago Idea is that ssserver would not terminate connections on its own but to forward them to some other socks server (such as Warp in my example).
Or from another point of view it's to allow to configure tunnel mode on the ssserver (while now it's only for sslocal).
zonyitoo
commented
6 months ago Or from another point of view it's to allow to configure
tunnelmode on thessserver(while now it's only forsslocal).
Of course. ssserver is designed as a remote server of shadowsocks, so it is only for working with sslocal.
Idea is that
ssserverwould not terminate connections on its own but to forward them to some other socks server (such as Warp in my example).
ssserver is running in a remote server. It's outbound is to connect target remote servers. Why were targets are connected via a socks5 server?
vt-alt
commented
6 months ago In my example browser connects with socks5 to a local shadowsocks-windows, but shadowsocks-windows does not allow to configure tunnel protocol. So idea is to allow remote ssserver (which local shadowsocks connects to) to also allow configuring tunnel or chaining mode.
(ps. This may also be useful for general proxy chaining, like terminating all ssserver connections to Tor which runs on the same remote server as ssserver.)
zonyitoo
commented
6 months ago If I understand it correctly: your ssserver was hidden from sslocal with a socks5 proxy.
Client -> sslocal -----(socks5)-----> ssserver -> TargetSo the key issue in this topology is that sslocal must connect to ssserver with socks5 proxy protocol.
It should be Ok to add Proxy support in the ServerConfig, for example:
{
"servers": [
{
"server": "1.2.3.4",
"server_port": 8999,
"proxy": "socks5://2.3.4.5:1080"
}
]
}For now, you can achieve this goal with other tools, like proxychains.
I don't know if there are any replacements in Windows Platform.
vt-alt
commented
6 months ago My scheme is
browser using socks5 -> local shadowsocks-windows (sslocal) ------> remote ssserverI want to add additional proxy at the ssserver node, such as CF Warp (which supports socks5). But I cannot configure shadowsocks-windows because it's config UI is very basic and it's overrides gui-config.json thus there is no way I can add "protocol": "tunnel" to it.
Yes perhaps I can try to run one ssserver instance under proxychains. Thanks.
chuxi
commented
3 months ago I am figuring how to make such route . Because many resources are blocked from the VPS ips. for example, now I can not post twitter with my vultr server :(
vps server node
| --------------------------------- |
sslocal ---> | ssserver ---> warp socks5 proxy | ---> warp gateway ---> target resource
| --------------------------------- |BTW, To use proxychains (on Debian 11) with systemd service: it turned out that systemd services are not very compatible with LD_PRELOAD they using to wrap connections. So it's ended up using this line (which equals to LD_PRELOAD=libproxychains.so.4) — ExecStart=/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 --preload /usr/lib/x86_64-linux-gnu/libproxychains.so.4 /usr/bin/ss-server -c /etc/shadowsocks/warp.json.
Some sites detect Warp as a kind of public proxy too.
Please allow to chain shadowsocks server to another socks proxy.
For example user wants to connect to a cloudflare Warp gateway (which is in socks5 proxy mode) but to have his side using shadowsocks (on windows). Currently shadowsocks-windows do not allow to configure
tunnelprotocol. This prevents such scheme.So it would allow to use usual shadowsocks windows client (as a socks proxy) that connects as normal to a remote ssserver but that ssserver redirects (not decoded socks5 traffic) to a local warp-server socks5 port.