v2ray config & iptables 配置

研究了好几天,终于把 v2ray 配置通了,参考了 open-wrt 里的 v2ray配置。复制粘贴,修改自己的外网 IP、Port 和 user 里的 id,规则可以直接使用。

  • v2ray config 配置

    {
    "log": {
        "access": "\/dev\/null",
        "loglevel": "warning",
        "error": "\/var\/log\/v2ray-error.log"
    },
    "dns": {
        "hosts": {
            "example.com": "127.0.0.1"
        },
        "servers": [
            "1.1.1.1",
            "8.8.8.8",
            {
                "address": "114.114.114.114",
                "port": 53,
                "domains": [
                    "geosite:cn"
                ]
            },
            {
                "address": "223.5.5.5",
                "port": 53,
                "domains": [
                    "geosite:cn"
                ]
            }
        ]
    },
    "routing": {
        "domainStrategy": "IPOnDemand",
        "rules": [
            {
                "type": "field",
                "ip": [
                    "geoip:private",
                    "geoip:cn"
                ],
                "outboundTag": "direct"
            },
            {
                "type": "field",
                "domain": [
                    "geosite:cn"
                ],
                "outboundTag": "direct"
            },
            {
                "type": "field",
                "protocol": [
                    "bittorrent"
                ],
                "outboundTag": "direct"
            },
            {
                "type": "field",
                "port": "53",
                "network": "udp",
                "inboundTag": [
                    "transparent"
                ],
                "outboundTag": "dns_out"
            },
            {
                "type": "field",
                "ip": [
                    "114.114.114.114",
                    "223.5.5.5"
                ],
                "outboundTag": "direct"
            },
            {
                "type": "field",
                "ip": [
                    "1.1.1.1",
                    "8.8.8.8",
                    "208.67.222.222"
                ],
                "outboundTag": "proxy"
            },
            {
                "type": "field",
                "port": "123",
                "network": "udp",
                "outboundTag": "direct"
            }
        ]
    },
    "inbounds": [
        {
            "listen": "0.0.0.0",
            "port": 1080,
            "protocol": "socks",
            "settings": {
                "auth": "noauth",
                "udp": true,
                "ip": "127.0.0.1"
            },
            "streamSettings": {
                "sockopt": {
    
                }
            },
            "sniffing": {
                "enabled": false
            }
        },
        {
            "listen": "0.0.0.0",
            "port": 1081,
            "protocol": "dokodemo-door",
            "settings": {
                "followRedirect": true,
                "network": "tcp"
            },
            "streamSettings": {
                "sockopt": {
                    "tproxy": "redirect"
                }
            },
            "tag": "transparent",
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls"
                ]
            }
        }
    ],
    "outbounds": [
        {
            "sendThrough": "192.168.1.2", // 本地 IP
            "protocol": "vmess",
            "settings": {
                "vnext": [
                    {
                        "address": "18.11.73.16", // 公网 IP
                        "port": 12345, // 公网 Port
                        "users": [
                            {
                                "id": "2801d11b-c67c-455c-b8ff-0bf131b0ea56",
                                "alterId": 64,
                                "security": "aes-128-gcm"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
    
                },
                "sockopt": {
                    "mark": 255
                }
            },
            "tag": "proxy"
        },
        {
            "protocol": "freedom",
            "settings": {
    
            },
            "streamSettings": {
                "sockopt": {
                    "mark": 255
                }
            },
            "tag": "direct"
        },
        {
            "protocol": "blackhole",
            "settings": {
    
            },
            "streamSettings": {
                "sockopt": {
                    "mark": 255
                }
            },
            "tag": "block"
        },
        {
            "protocol": "dns",
            "settings": {
    
            },
            "streamSettings": {
                "sockopt": {
                    "mark": 255
                }
            },
            "tag": "dns_out"
        }
    ]
    }
  • iptables 配置

    #!/bin/sh
    
    #删除设置
    iptables -t nat -F
    iptables -t nat -X V2RAY
    #Create New Chain rules / 创建新链
    iptables -t nat -N V2RAY
    
    #添加链`V2RAY`到链`OUTPUT`上
    iptables -t nat -A OUTPUT -p tcp -j V2RAY
    
    #Skip the v2ray server IP / 绕过v2ray服务端地址
    iptables -t nat -A V2RAY -d 18.11.73.16/32 -j RETURN
    
    iptables -t nat -A V2RAY -p tcp -m mark --mark 0xff -j RETURN
    
    #Skip LAN IP / 绕过一些局域网地址
    iptables -t nat -A V2RAY -d 0.0.0.0/8 -j RETURN
    iptables -t nat -A V2RAY -d 10.0.0.0/8 -j RETURN
    iptables -t nat -A V2RAY -d 127.0.0.0/8 -j RETURN
    iptables -t nat -A V2RAY -d 169.254.0.0/16 -j RETURN
    iptables -t nat -A V2RAY -d 172.16.0.0/12 -j RETURN
    iptables -t nat -A V2RAY -d 192.168.0.0/16 -j RETURN
    iptables -t nat -A V2RAY -d 224.0.0.0/4 -j RETURN
    iptables -t nat -A V2RAY -d 240.0.0.0/4 -j RETURN
    
    #Do the Redirect work / 将所有tcp流量转发到端口v2ray任意门的端口进行代理
    iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 1081
    
    #Add it to the PREROUTING Rule For NAT Traffic (for router... / 路由器用,转发所有NAT上的TCP流量,不会代理路由器自己产生的TCP数据
    iptables -t nat -A PREROUTING -p tcp -j V2RAY

原创文章,作者:ifee,如若转载,请注明出处:https://www.ifee.win/blog/2021/07/16/v2ray-%e9%85%8d%e7%bd%ae/

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注