egg1234
egg1234
由于cproxy使用cgroup方法,所以在很多应用场合的适应性是比proxychains-ng要好的,但cproxy现在只能支持本机代理端口,实际上是要求用户必须在本机另外搭一个代理,对于很多应用场景其实用户是不想在本机安装太多的第三方软件的,所以我认为如果可能的话cproxy支持使用局域网的socsk5代理是给用户一个更好的选择,毕竟一款应用的适应场景宽一些,用户群就大一些
如果你接受clash for windows这种方式的话,那么也可以试试下面go语言开发的supervisord项目, https://github.com/ochinchina/supervisord 只需要下载https://github.com/ochinchina/supervisord/releases 里面的windows版本,然后写一个supervisord的启动bat批文件,编辑好supervisor.conf初始配置文件,在windows里面指派这个启动bat文件开机启动(windows指派启动文件方法网上很多教程),之后就可以像linux的supervisor一样去操作这个gost的启停及修改配置文件并重新热加载, 另外提醒一下,由于当前这个版本的supervisord有一个windows里面独有的issues,所以千万不要直接用supervisord的web管理界面去停止进程,因为这样停止的进程不能在web界面再启动,最好的方法是修改supervisor.conf配置文件,然后用web界面的reload命令
@ginuerzh 想请教一下keepAlive=1参数按一般理解应该是加在客户端的,为什么icmp协议下keepAlive=1参数是加在服务器端的? 谢谢!
> 作者似乎已经合并了 @segfault-bilibili 大佬的pr,不过似乎并没有发布。用segfault大佬的版本我自己测试是可以选择NONE+空密码的,有需要的各位可以测试下。https://github.com/segfault-bilibili/ShadowsocksGostPlugin 应该要进到下面这个连接才能看到最新的apk下载文件,而且已经是更新到最稳定的2.11.1核心 https://github.com/segfault-bilibili/ShadowsocksGostPlugin/releases
如果使用下面这个2.11.1核心的版本(建议不要用那个gui版),就不需要选加密方式了,直接NONE就可以了,如果使用anxray甚至连密码都不需要设置,如果是sagernet或Matsuri (茉莉),那密码也可以随便乱设一个就可以了,这样所有的配置其实关键都集中在插件的 -F 参数上,与gost客户端命令行的 -F 参数配置无异了,各个版本客户端主配置画面其实没有什么用,就是个承载体 https://github.com/segfault-bilibili/ShadowsocksGostPlugin/releases
绕过模式是在 首选项->路由vpn设置->点弹出画面的“预设”选择->绕过局域网和大陆 导出的v2ray配置(敏感已处理) {"dns":{"disableFallbackIfMatch":true,"hosts":{},"servers":[{"address":"https://8.8.8.8/dns-query","domains":[]},{"address":"https+local://223.5.5.5/dns-query","domains":["geosite:cn"],"skipFallback":true}],"tag":"dns"},"inbounds":[{"listen":"127.0.0.1","port":2080,"protocol":"socks","settings":{"auth":"noauth","udp":true},"sniffing":{"destOverride":["http","tls","quic"],"enabled":true,"metadataOnly":false,"routeOnly":true},"tag":"socks-in"},{"listen":"127.0.0.1","port":2081,"protocol":"http","sniffing":{"destOverride":["http","tls","quic"],"enabled":true,"metadataOnly":false,"routeOnly":true},"tag":"http-in"}],"log":{"loglevel":"warning"},"outbounds":[{"domainStrategy":"AsIs","protocol":"vmess","settings":{"vnext":[{"address":"173.173.173.173","port":12345,"users":[{"alterId":0,"id":"b48beaf4-68ed-38e3-a695-c26b6382c73e","security":"aes-128-gcm"}]}]},"streamSettings":{"network":"tcp","security":"none"},"tag":"g-1"},{"protocol":"freedom","tag":"direct"},{"protocol":"freedom","tag":"bypass"},{"protocol":"blackhole","tag":"block"},{"protocol":"dns","proxySettings":{"tag":"g-1","transportLayer":true},"settings":{"address":"8.8.8.8","network":"tcp","port":53,"userLevel":1},"tag":"dns-out"}],"policy":{"levels":{"1":{"connIdle":30}},"system":{"statsOutboundDownlink":true,"statsOutboundUplink":true}},"routing":{"domainMatcher":"mph","domainStrategy":"AsIs","rules":[{"ip":["223.5.5.5"],"outboundTag":"direct","type":"field"},{"ip":["224.0.0.0/3","169.254.0.0/16"],"outboundTag":"block","type":"field"},{"outboundTag":"block","port":"135-139","type":"field"},{"inboundTag":["socks-in","http-in"],"outboundTag":"dns-out","port":"53","type":"field"},{"inboundTag":["dns-in"],"outboundTag":"dns-out","type":"field"},{"domain":["geosite:category-ads-all","domain:appcenter.ms","domain:app-measurement.com","domain:firebase.io","domain:crashlytics.com","domain:google-analytics.com"],"outboundTag":"block","type":"field"},{"ip":["geoip:cn","geoip:private"],"outboundTag":"bypass","type":"field"},{"domain":["geosite:cn"],"outboundTag":"bypass","type":"field"}]},"stats":{}}
使用的是windows 10 pro 21H2版,宽带路由器没有打开IPv6,内网也没有设置IPv6,其实环境挺简单的 估计你应该也很容易复现这个测试环境
经过排查,原来是必须在 首选项->路由vpn设置 的画面右上角 勾选“FakeDNS” 就能防止在VPN模式下的DNS泄漏 如果没有勾选这个选项,其实在VPN模式一启动的时候,日志框已经会显示一条错误信息 [Warning] app/dispatcher: default route for [tcp:8.8.8.8:443] [Error] app/dns: failed to retrieve response > Post "https://8.8.8.8/dns-query": context canceled 如果是勾选这个选项,在VPN模式启动的时候,日志框是不会出现这个错误信息的
另外vpn模式下还必须设置 首选项->路由vpn设置 的画面左上角的“域名策略”选择“IPIfNonMatch”, 否则访问国内某些网站会测试出代理服务器的IP地址,但是使用国内的DNS服务器,这个更危险
所以我现在的临时解决方法就是干脆在vpn模式下,把本地网卡的DNS地址设置为1.0.0.1或9.9.9.9,即使泄漏也无所谓,只要没有国内DNS地址查询出现就可以了