Linux命令 go-shadowsocks2
https://github.com/honwen/Dockers
curl -O https://chrome666.oss-cn-beijing.aliyuncs.com/Proxy_SwitchyOmega_2.5.20.crx
47.88.78.54
obf 混淆用的
docker run -d -e 'PASSWORD=hangruan1234577' -e 'ARGS=--plugin obfs-server --plugin-opts obfs=tls;failover=www.bing.com' -p 8388:8388/tcp -p 8388:8388/udp chenhw2/ss-obfs
socks代理 chenhw2/ss-aio 是 docker 封装了 go-shadowsocks2
COPY --from=builder /go/bin/go-shadowsocks2 /usr/bin/ss-aio
服务端: docker run -d --name ss-aio -e "ARGS=-s ss://AEAD_CHACHA20_POLY1305:hangruan1234577@:8488" -p 8688:8488/tcp -p 8688:8488/udp chenhw2/ss-aio
客户端: docker run -d --name ss-aio -e "ARGS=-c ss://AEAD_CHACHA20_POLY1305:hangruan1234577@47.88.78.54:8688 -socks :1088" -p 30008:1088 chenhw2/ss-aio
使用原版方式 socks代理 go-shadowsocks2
go-shadowsocks2 -s ss://AEAD_CHACHA20_POLY1305:base64password@:8488 -verbose
go-shadowsocks2 -c ss://AEAD_CHACHA20_POLY1305:base64password@xx.xx.xx.xx:8488 -verbose -socks :1088
2. socks代理实现tcptun 正向代理
iperf3 -s
go-shadowsocks2 -s ss://AEAD_CHACHA20_POLY1305:base64password@:8488 -verbose
-tcptun [client端][local_addr]:[local_port]=[server端][remote_addr]:[remote_port]
go-shadowsocks2 -c ss://AEAD_CHACHA20_POLY1305:password=@xx.xx.xx.xx:8488 -verbose -socks :1088 -tcptun :1090=localhost:5201
iperf3 -c 127.0.0.1 -p 1090
本机:1090-->服务器:8488 ->>服务器.localhost:5201
Server
Start a server listening on port 8488 using AEAD_CHACHA20_POLY1305 AEAD cipher with password your-password.
go-shadowsocks2 -s ss://AEAD_CHACHA20_POLY1305:your-password@:8488 -verbose
Client
Start a client connecting to the above server. The client listens on port 1080 for incoming SOCKS5
connections, and tunnels both UDP and TCP on port 8053 and port 8054 to 8.8.8.8:53 and 8.8.4.4:53
respectively.
go-shadowsocks2 -c ss://AEAD_CHACHA20_POLY1305:your-password@[server_address]:8488 \
-verbose -socks :1080 -udptun :8053=8.8.8.8:53,:8054=8.8.4.4:53 \
-tcptun :8053=8.8.8.8:53,:8054=8.8.4.4:53
Replace [server_address] with the server's public address.
Advanced Usage
Use random keys instead of passwords
A random key is almost always better than a password. Generate a base64url-encoded 16-byte random key
go-shadowsocks2 -keygen 16
Start a server listening on port 8848 using AEAD_AES_128_GCM AEAD cipher with the key generated above.
go-shadowsocks2 -s :8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== -verbose
And the corresponding client to connect to it.
go-shadowsocks2 -c [server_address]:8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== -verbose
Netfilter TCP redirect (Linux only)
The client offers -redir and -redir6 (for IPv6) options to handle TCP connections
redirected by Netfilter on Linux. The feature works similar to ss-redir from shadowsocks-libev.
Start a client listening on port 1082 for redirected TCP connections and port 1083 for redirected
TCP IPv6 connections.
go-shadowsocks2 -c [server_address]:8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== \
-redir :1082 -redir6 :1083
TCP tunneling
The client offers -tcptun [local_addr]:[local_port]=[remote_addr]:[remote_port] option to tunnel TCP.
For example it can be used to proxy iperf3 for benchmarking.
Start iperf3 on the same machine with the server.
iperf3 -s
By default iperf3 listens on port 5201.
Start a client on the same machine with the server. The client listens on port 1090 for incoming connections
and tunnels to localhost:5201 where iperf3 is listening.
go-shadowsocks2 -c [server_address]:8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== \
-tcptun :1090=localhost:5201
Start iperf3 client to connect to the tunneld port instead
iperf3 -c localhost -p 1090