socks5-tls 配置示例

2018/3/26 posted in  FuckGFW comments

v2ray

测试发现 Surge 使用证书连接时会有问题, 其它客户端是正常的

  • 4 个客户端(iOS下的shadowrocket, quantumult, macOS下的surge和gost)连接socks-tls服务器,有Verify Certificate
    • shadowrocket, quantumult, gost 正常,surge有问题
  • 服务端同时使用v2ray和gost测试的
  • surge 设置 skip-cert-verify=true 才会正常工作
  • 证书是letsencrypt,从ecc换成rsa,测试结果也一样

所以我在Surge里配置了 skip-cert-verify=true

surge 配置示例

s5-tls.dsh.li = socks5-tls, s5-tls.dsh.li, 443, hello, world, skip-cert-verify=true

v2ray 配置文件服务端

{
   "log":{
      "access":"/var/log/v2ray/access.log",
      "error":"/var/log/v2ray/error.log",
      "loglevel":"warning"
   },
   "inbound":{
      "port":443,
      "protocol":"socks",
      "settings":{
         "auth":"password",
         "accounts":[
            {
               "user":"hello",
               "pass":"world"
            }
         ],
         "udp":false,
         "ip":"127.0.0.1",
         "timeout":0,
         "userLevel":0
      },
      "streamSettings":{
         "network":"tcp",
         "security":"tls",
         "tlsSettings":{
            "certificates":[
               {
                  "certificateFile":"/etc/v2ray/v2ray.crt",
                  "keyFile":"/etc/v2ray/v2ray.key"
               }
            ]
         }
      }
   },
   "outbound":{
      "protocol":"freedom",
      "settings":{

      }
   },
   "outboundDetour":[
      {
         "protocol":"blackhole",
         "settings":{

         },
         "tag":"blocked"
      }
   ],
   "routing":{
      "strategy":"rules",
      "settings":{
         "rules":[
            {
               "type":"field",
               "ip":[
                  "0.0.0.0/8",
                  "10.0.0.0/8",
                  "100.64.0.0/10",
                  "127.0.0.0/8",
                  "169.254.0.0/16",
                  "172.16.0.0/12",
                  "192.0.0.0/24",
                  "192.0.2.0/24",
                  "192.168.0.0/16",
                  "198.18.0.0/15",
                  "198.51.100.0/24",
                  "203.0.113.0/24",
                  "::1/128",
                  "fc00::/7",
                  "fe80::/10"
               ],
               "outboundTag":"blocked"
            }
         ]
      }
   }
}

v2ray-core 客户端配置示例

{
   "log":{
      "loglevel":"warning"
   },
   "inbound":{
      "port":6789,
      "listen":"127.0.0.1",
      "protocol":"socks",
      "settings":{
         "auth":"noauth",
         "udp":false,
         "ip":"127.0.0.1"
      }
   },
   "outbound":{
      "protocol":"socks",
      "settings":{
         "servers":[
            {
               "address":"you server",
               "port": 443,
               "users":[
                  {
                     "user":"hello",
                     "pass":"3.1415",
                     "level":0
                  }
               ]
            }
         ]
      },
      
      "streamSettings": {
         "network": "tcp",
         "security": "tls"
      }

   },
   "policy":{
      "levels":{
         "0":{
            "uplinkOnly":0
         }
      }
   }
}

Gost

服务端 Gost 配置 Socks5-TLS, 证书使用 Gost 自带的

sudo ./gost_2.4_linux_amd64/gost -L socks5+tls://hello:3.1415@:443

本机可以使用gost连接

./gost -L=:8080 -F=socks5+tls://hello:3.1415@s5-tls.dsh.li:443

surge 配置示例

gcp.sock5 = socks5-tls, 104.199.214.166, 443, hello, world, skip-cert-verify=true

Quantumult 配置, 使用内置证书的话, 需要关闭证书验证