Last active
October 18, 2022 10:17
-
-
Save meysampg/cf1baf9b11a288c73731d93fcc58797c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "server":"0.0.0.0", | |
| "server_port":80, | |
| "password":"<PASSWORD>", | |
| "timeout":300, | |
| "method":"aes-256-gcm", | |
| "plugin":"v2ray-plugin", | |
| "plugin_opts":"server", | |
| "user":"nobody", | |
| "nameserver": "1.1.1.1", | |
| "fast_open":true, | |
| "reuse_port":true, | |
| "no_delay":true | |
| } |
Author
meysampg
commented
Apr 7, 2020
•
{
"server":"<DOMAIN>",
"server_port":80,
"local_address": "127.0.0.1",
"local_port":4321,
"password":"<PASSWORD>",
"timeout":300,
"method":"aes-256-gcm",
"nameserver":"1.1.1.1",
"mode":"tcp_and_udp",
"fast_open": true,
"plugin": "v2ray-plugin",
"plugin_opts":"host=<DOMAIN>"
}
You should see Your SSL/TLS encryption mode is Full on your cloudflare panel for this configuration:
{
"server":"0.0.0.0",
"server_port":443,
"password":"<PASSWORD>",
"timeout":300,
"user":"nobody",
"nameserver": "1.1.1.1",
"fast_open":true,
"reuse_port":true,
"no_delay":true,
"method":"aes-256-gcm",
"plugin":"v2ray-plugin",
"plugin_opts":"server;tls;cert=/etc/letsencrypt/live/<DOMAIN>/fullchain.pem;key=/etc/letsencrypt/live/<DOMAIN>/privkey.pem;host=<DOMAIN>;loglevel=none"
}
ss-local:
{
"server":"<DOMAIN>",
"server_port":443,
"local_address": "127.0.0.1",
"local_port":4321,
"password":"<PASSWORD>",
"timeout":300,
"method":"aes-256-gcm",
"nameserver":"1.1.1.1",
"mode":"tcp_and_udp",
"fast_open": true,
"plugin": "v2ray-plugin",
"plugin_opts":"tls;host=<DOMAIN>"
}
AndroidClient:
[
{
"server": "<DODMAIN>",
"server_port": 443,
"password": "<PASSWORD>",
"method": "aes-256-gcm",
"plugin": "v2ray",
"plugin_opts": "host=<DODMAIN>;tls",
"remarks": "freedom",
"route": "all",
"remote_dns": "dns.google",
"ipv6": false,
"metered": false,
"proxy_apps": {
"enabled": false
},
"udpdns": false
}
]
https://github.com/teddysun/across/raw/master/bbr.sh
root@freedom:~# cat /etc/sysctl.conf
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all, >1 bitmask of sysrq functions
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
# for what other values do
#kernel.sysrq=438
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
root@freedom:~# cat /opt/ac/ufw.sh
#!/usr/bin/bash
for ip in $(curl -qs https://www.arvancloud.com/fa/ips.txt); do ufw allow from $ip; done
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment