hysteria2与reality共存安装

hysteria2与reality共存安装

admin
2023-10-06 / 0 评论 / 498 阅读 / 正在检测是否收录...

前言
1.目前伪装最好的两种协议,一个代表tcp协议(reality)的目前巅峰,一个新型UDP协议(hysteria2)的宠儿。
2.这次用的sing-box搭建(https://sing-box.sagernet.org/zh/),因为简单。之前一直用八合一,最大的问题就是各种伪装后,机器就只能拿来科学上网了,因为安装Nginx,搭建个网页啥的都很麻烦。
3.教程亮点,无需自备域名。
3.passwall发现没有类似的设置教程,所以出一个。

安装sing-box
正式版

bash -c "$(curl -L https://sing-box.vercel.app)" @ install

直接安装预发布版(支持hysteria2)

bash -c "$(curl -L https://sing-box.vercel.app)" @ install --beta

如何需要卸载

bash -c "$(curl -L https://sing-box.vercel.app)" @ remove

等会用得到的指令
重启

systemctl restart sing-box

状态

systemctl status sing-box

实时日志

journalctl -u sing-box -o cat -f
服务端vps搭建
自签证书申请,这里申请的是bing.com,申请了10年,可以用到你vps商家跑路了

mkdir -p /etc/hysteria && openssl ecparam -genkey -name prime256v1 -out /etc/hysteria/private.key && openssl req -new -x509 -days 3650 -key /etc/hysteria/private.key -out /etc/hysteria/cert.pem -subj "/CN=bing.com"

搭建组合选择
参考网站 https://github.com/chika0801/sing-box-examples 后期可以根据需求自由组合
为什么选择reality和hysteria2
1.reality目前是TCP协议里面号称最安全的
2.hysteria2作者是最用心的,教程写得很清楚(https://v2.hysteria.network/zh/
开始
编辑confing文件

nano /usr/local/etc/sing-box/config.json

按照以下修改

{
    "inbounds": [
        {
            "type": "hysteria2",
            "listen": "::",
            "listen_port": 8444,
            "users": [
                {
                    "password": "" //你的密码
                }
            ],
            "masquerade": "https://bing.com",
            "tls": {
                "enabled": true,
                "alpn": [
                    "h3"
                ],
                "certificate_path": "/etc/hysteria/cert.pem",
                "key_path": "/etc/hysteria/private.key"
            }
        },
        {
            "type": "vless",
            "listen": "::",
            "listen_port": 443,
            "users": [
                {
                    "uuid": "", //vps上执行sing-box generate uuid
                    "flow": "xtls-rprx-vision"
                }
            ],
            "tls": {
                "enabled": true,
                "server_name": "www.tesla.com",
                "reality": {
                    "enabled": true,
                    "handshake": {
                        "server": "www.tesla.com",
                        "server_port": 443
                    },
                    "private_key": "", //vps上执行sing-box generate reality-keypair
                    "short_id": [
                        "0123456789abcdef"// 0到f,长度为2的倍数,长度上限为16,默认这个也可以
                    ]
                }
            }
        }
    ],
    "outbounds": [
        {
            "type": "direct"
        }
    ]
}

然后重启

systemctl restart sing-box

再查看日志

journalctl -u sing-box -o cat -f

没问题就OK拉,开始导入passwall了因为申请的是自签证书,所有设置,都是开启允许不安全连接
电脑V2rayN 客户端配置

server: 122.82.xxx.40:8443
auth: 435vdfwn22n633

bandwidth:
  up: 30 mbps
  down: 150 mbps
  
tls:
  sni: bing.com
  insecure: true #使用自签时需要改成true

socks5:
  listen: 127.0.0.1:1088
http:
  listen: 127.0.0.1:8088

sing-box配置文件(Android/IOS)

{
  "dns": {
    "servers": [
      {
        "tag": "cf",
        "address": "https://1.1.1.1/dns-query"
      },
      {
        "tag": "local",
        "address": "223.5.5.5",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": "category-ads-all",
        "server": "block",
        "disable_cache": true
      },
      {
        "outbound": "any",
        "server": "local"
      },
      {
        "geosite": "cn",
        "server": "local"
      }
    ],
    "strategy": "ipv4_only"
  },
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "strict_route": false,
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "hysteria2",
      "tag": "proxy",
      "server": "ip",
      "server_port": 443,
      "up_mbps": 20,
      "down_mbps": 100,
      "password": "123456",
      "tls": {
        "enabled": true,
        "server_name": "a.com",
        "insecure": false
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": "cn",
        "geoip": [
          "private",
          "cn"
        ],
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true
  }
}

端口跳跃

apt install iptables-persistent
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 20000:40000 -j DNAT --to-destination :8444
ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 20000:40000 -j DNAT --to-destination :8444
iptables -t nat -nL --line
netfilter-persistent save

一键安装

wget -N --no-check-certificate https://raw.githubusercontent.com/Misaka-blog/hysteria-install/main/hy2/hysteria.sh && bash hysteria.sh
bash <(wget -qO- https://raw.githubusercontent.com/fscarmen/sing-box/main/sing-box.sh)

相关链接
v2rayN 下载:https://github.com/2dust/v2rayN/releases
Hysteria 2下载:https://github.com/apernet/hysteria/releases
Hysteria 2文档:https://v2.hysteria.network/zh/

sing-box文档:https://sing-box.sagernet.org/zh/
Android客户端(SFA):https://install.appcenter.ms/users/nekohasekai/apps/sfa/distribution_groups/publictest
IOS客户端(TestFlight):https://testflight.apple.com/join/AcqO44FH (1.5.0 beta版支持Hysteria 2)
IOS客户端(AppStore):https://apps.apple.com/us/app/sing-box/id6451272673 (暂不支持Hysteria 2)

服务器相关指令

0

评论 (0)

取消