Brook VPN + Socks from China through Internet

brook-vpn-socks-from-china-to-internet.md

Setup Brook

URL: https://storage.googleapis.com/txthinking/brook/index.html

curl -4 -L https://storage.googleapis.com/txthinking/brook/brook_linux_amd64 -o ./brook
mv ./brook /usr/bin/brook
chmod +x /usr/bin/brook

Setup resolv.conf

nano /etc/resolv.conf

nameserver 114.114.114.114
nameserver 119.29.29.29
nameserver 223.5.5.5

Setup Apt sources

nano /etc/apt/sources.list

deb https://mirrors.tuna.tsinghua.edu.cn/debian unstable main contrib non-free

deb https://mirrors.tuna.tsinghua.edu.cn/debian bullseye-updates main contrib non-free

#deb http://mirrors.tencentyun.com/debian-security bullseye/updates main contrib non-free

deb https://mirrors.tuna.tsinghua.edu.cn/debian bullseye-backports main contrib non-free

deb https://mirrors.tuna.tsinghua.edu.cn/debian bullseye-proposed-updates main contrib non-free

deb https://mirrors.tuna.tsinghua.edu.cn/debian-security testing-security main contrib non-free

Setup wget using HTTP

nano /etc/wgetrc or nano ~/.wgetrc

use_proxy=yes
http_proxy=127.0.0.1:8010
#https_proxy=127.0.0.1:8080

wget -T 30 --tries 3 http://ifconfig.co/ip

Setup outside China VM Brook server

Outside China VPN server

nano /etc/systemd/system/brook-vpn.service

[Unit]
Description=Brook vpn
After=network.target nss-lookup.target

[Service]
Type=simple
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true

ExecStart=/usr/bin/brook server -l :993 --password mysecurepassword321@!
Restart=on-failure

[Install]
WantedBy=multi-user.target

Outside China Socks5 server

nano /etc/systemd/system/brook-socks5.service

[Unit]
Description=Brook socks5
After=network.target nss-lookup.target

[Service]
Type=simple
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true

ExecStart=/usr/bin/brook socks5 --socks5 0.0.0.0:991 --username admin --password iamsuperadmin
Restart=on-failure

[Install]
WantedBy=multi-user.target

Let China VPS forward connection to outside VPS

Setup in China Brook VPN Client

Listen socks5 http service

nano /etc/systemd/system/brook-client-vpn.service

[Unit]
Description=Brook vpn
After=network.target nss-lookup.target

[Service]
Type=simple
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true

ExecStart=brook client --server my.internet.computer.com:993 --password mysecurepassword321@! --socks5 127.0.0.1:1080 --http 127.0.0.1:8010
Restart=on-failure

[Install]
WantedBy=multi-user.target

Validate:

# Curl ipv4
curl -4 -Lx http://127.0.0.1:8010 https://ifconfig.co/ip
curl -Lx socks5h://127.0.0.1:1080 https://ifconfig.co/ip

# curl ipv6
curl -6 -Lx socks5h://[::1]:1080 https://ifconfig.co/ip

(will return outside China VPS IP)

---

Let chinese oversea connect into China Internet

Setup in China Brook Socks5

cat brook-socks5.service
[Unit]
Description=Brook socks5
After=network.target nss-lookup.target

[Service]
Type=simple
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true

ExecStart=brook socks5 -l 0.0.0.0:991 --username admin --password iamsuperadmin
Restart=on-failure

[Install]
WantedBy=multi-user.target

Other solution

Setup a HTTP Proxy forward to Socks5 as upstream

nano /etc/systemd/system/brook-socks5-to-http.service

[Unit]
Description=Brook socks5
After=network.target nss-lookup.target

[Service]
Type=simple
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true

ExecStart=brook socks5tohttp -s 127.0.0.1:1080 -l 127.0.0.1:8080

Restart=on-failure

[Install]
WantedBy=multi-user.target