phlinhng

转移配置文件目录至新目录 /usr/local/etc/v2ray

mkdir -p /usr/local/etc/v2ray
mv /etc/v2ray/config.json /usr/local/etc/v2ray/config.json

移除旧脚本安装的 v2ray-core（由于旧脚本停用，只能手动移除）

systemctl stop v2ray
systemctl disable v2ray
rm -f /etc/systemd/system/v2ray.service

利用 NGINX 的 Stream 模塊 sni_preread 功能，可以做到讓 Trojan 和其他網站在同一台機器上共享 443 端口。

V2Ray 白話文教學介紹了如何利用 V2Ray 的路由功能將特定網站（例如 Netflix）的流量經過 Shadowsocks 轉到另一台機器上，達成解鎖流媒體的方法。事實上，可以利用 V2Ray 的任意門協議直接將流量轉發到落地機上，進一步減少使用代理協議產生的開銷，以下為做法。

假設不能看奈飛的機器為 VPS A，可以看奈飛的機器為 VPS B。

基本配置

VPS A: 開兩個 freedom outbound，一個給 80 端口，一個給 443 端口，並配置對應的路由規則
VPS B: 開兩個 dokodemo-door inbound，一個給 80 端口，一個給 443 端口，兩個 inbound 都要設置 sniffing，並配置對應的路由規則

VPS A 設置

{
  "outbounds": [

1. 更換內核至 5.6 以上版本

Debian / Ubuntu 系可直接運行以下指令，安裝 xanmod-edge 內核後重啟。此內核安裝完後會自動啟用 BBR，無需手動配置。

echo 'deb http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-kernel.list
wget -qO - https://dl.xanmod.org/gpg.key | apt-key --keyring /etc/apt/trusted.gpg.d/xanmod-kernel.gpg add -
apt update && apt upgrade -y && apt install linux-xanmod-edge -y

2. 安裝 wireguard-tools 與 resolvconf

apt install wireguard-tools resolvconf -y

Notes

If your local network use public IP ranges instead of private ones, make sure to add respecive RETURN rules to iptables to prevent looping issue
Set clash as DHCP's only DNS server to allow domain-based filter (shunting) rules work
Use lsof -i udp:53 to check if clash's DNS module work fine, otherwise you may have to kill systemd-resolved and any other processes occupying the UDP 53 port
The given scripts will NOT hangle the traffic of gateway itself since it is not recommend to do so. If you want to redirect the egress traffic of the gateway, the following material may be useful

Reference

	# HTTP, SOCKS5 混合端口
	mixed-port: 7890

	# 允许局域网的连接（可用来共享代理）
	allow-lan: true

	# 规则模式：Rule（规则） / Global（全局代理）/ Direct（全局直连）
	mode: Rule

	# 设置日志输出级别 (默认级别：info，级别越高日志输出量越大，越倾向于调试)

	# -- coding: utf-8 --
	# 暴力美學 2.0 - 以空間換時間

	from itertools import permutations

	candA, candB, candC = [], [], []

	for item in permutations(range(1,10)):
	if(item[2] != 9): # 排除第3位是9的
	candA.append(item)

	dd if=/dev/zero of=/swapfile bs=1024 count=1048576 # allocate space
	chmod 600 /swapfile # set permission
	mkswap /swapfile # make swap
	swapon /swapfile # enable swap
	echo "/swapfile swap swap defaults 0 0" \| tee -a /etc/fstab # make swap permanent
	sysctl -w "vm.swappiness=10" # set swap percentage
	echo "vm.swappiness=10" \| tee -a /etc/sysctl.conf # make systctl permanent

	#!/bin/bash

	# censys.io (https://support.censys.io/hc/en-us/articles/360038378552-Frequently-Asked-Questions)
	echo "74.120.14.0/24" >> /tmp/cen_ips
	echo "162.142.125.0/24" >> /tmp/cen_ips
	echo "167.248.133.0/24" >> /tmp/cen_ips
	echo "192.35.168.0/23" >> /tmp/cen_ips

	for cenip in `cat /tmp/cen_ips`; do ufw deny from $cenip to any comment 'censys scanners'; done

	sysctl -w "net.ipv6.conf.enp0s31f6.disable_ipv6=1" # change enp0s1f6 to your main interface i.e. eth0
	echo "net.ipv6.conf.enp0s31f6.disable_ipv6=1" >> /etc/sysctl.conf # save sysctl conf
	echo "precedence ::ffff:0:0/96 100" >> /etc/gai.conf # disable ipv6 dns record