Cross The GFW
https://stackia.notion.site/2369da8fe56d416d87569c50cd8bbb7d
记录 FQ 相关原理, 招数, 不断更新中... https://github.com/hoochanlon
个人用户国内腾讯云,国外 do,vultr,linode 这三家
https://github.com/ShadowsocksR-Live/iShadowsocksR ios shadowrocket
https://github.com/WuKongNotNull/awesome-free-vpn
https://github.com/ShadowsocksR-Live/shadowsocksr-native/wiki 原理 https://program-think.blogspot.com/2009/05/how-to-break-through-gfw.html
1. 科学上网介绍
https://www.triadprogram.com/is-it-illegal-to-use-vpn-in-china/ 违法吗
2. GFW封锁手段
2.1. DNS相关
2.1.1. DNS劫持
DNS 服务器上的DNS缓存里的记录被人为修改成错误的,浏览器查询到IP自然就是错误的
最有可能干这事的呢,就是国内的ISP
2.1.2. DNS污染(DNS欺骗)
又有如下叫法,都是一个意思:
DNS欺骗:DNS Spoofing
DNS污染:域名缓存投毒(DNS Cache Poisoning)
如果你的DNS server使用的是国外的,如谷歌提供的“8.8.8.8”,“8.8.4.4”等,每次DNS查询你都会经过国际出口,这时GFW会通过DNS污染伪造DNS查询结果,造成网站无法访问
“域名污染”的原理大概是这样:(直接污染)
当你的电脑向域名服务器发送了“域名查询”的请求,然后域名服务器把回应发送给你的电脑,这之间是有一个时间差的。如果某个攻击者能够在域名服务器的“DNS应答”还没有到达你的电脑之前,先伪造一个错误的“DNS应答”发给你电脑。那么你的电脑收到的就是错误的信息,并得到一个错误的 IP地址。
最有可能干这事的,就是GFW了(当然只要位于电脑和DNS server 间的所有攻击者都能DNS污染,比如ISP,骇客)
以上是GFW实现DNS污染的两种方式之一,属于直接污染,还有一种间接污染的方法,下面说说。
GFW的设备部署在每个国际出口,如果你用的DNS server 在国外, DNS请求和应答必定会经过国际出口,GFW在这个过程中做手脚,是为直接污染。
如果你使用国内的DNS server,如:ISP提供的DNS server,那么恭喜你,除了会被“域名劫持”外,还会被“间接域名污染”, 整个过程是这样的:
- 你访问某个网站 www.xxx.yyy.com
- 浏览器向“ISP提供的DNS server”发出DNS 请求,“ISP提供的DNS server”缓存中没有记录,这台“ISP提供的DNS server”会去“www.xxx.yyy.com”这个网站的上一级域名(yyy.com,或者com)对应的“权威域名服务器”去进行“域名查询”,而这个“权威域名服务器”在国外,会经过国际出口,被GFW污染
- 最后“ISP提供的DNS server”拿到的IP地址是已经被污染了的错误的响应,而且“ISP提供的DNS server”会将这个错误的记录保存在DNS缓存中(如果有其他的DNS请求,错误的记录将被返回,造成更大范围的DNS污染)
2.2. IP封锁(IP黑名单)
直接屏蔽掉某些IP地址,简单粗暴。
2.3. 敏感字过滤
GFW会维护一个长长的敏感词列表,并且经常更新,如果网页中包含敏感词,会被屏蔽。
2.4. CNNIC的CA证书造成中间人攻击
CA 是“Certificate Authority”的缩写 CA 证书,顾名思义,就是CA颁发的证书。 作用: 验证网站是否可信(针对HTTPS) 验证某文件是否可信(是否被篡改)
所以CA 证书对于 https 协议的重要性(可以防止攻击者伪造虚假网站)不言而喻; 中间人攻击:各个公司的软件的根证书中包含了cnnic的ca证书后,配合GFW进行DNS域名污染
3. 应对手段
3.1. 修改DNS服务器
应对【域名劫持】,但是对域名污染无效
Google 不愧是牛X的公司,而且很人性化——它提供了如下两个很好记的 DNS 服务器。
8.8.8.8
8.8.4.4
为了防止 GFW 把 Google 的 DNS 服务器封杀掉,我们还得多再备份几个。下面这些 DNS 的 IP 可就没 Google 的 DNS 那么好记了。
OpenDNS:
208.67.222.222
208.67.220.220
台湾中华电讯的DNS:
168.95.192.1
168.95.192.2
香港宽频的DNS:
203.80.96.9
203.80.96.10
3.2. 修改本机hosts文件
应对域名污染----且只能用于影响力巨大的网站
缺点:
(1) 如果你访问的是 HTTP 协议的网页,且内容包含敏感词,那么此招数照样没戏;
(2) 如果 GFW 不光封域名,还封 IP,那么此招数也还是没戏;
(3) 如果某个网站的 IP 已经变化了,那你就要与时俱进地修改你的 hosts 文件
Windows 系统,可以使用如下命令打开 hosts 文件:
notepad %SystemRoot%\system32\drivers\etc\hosts
Linux 在这个文件里: /etc/hosts
打开之后,把那些被封锁的网站的 IP 及域名加入 hosts 文件(每行一个)即可
74.125.227.198 drive.google.com
修改完成后, 保存, 输入命令“ipconfig /flushdns” 刷新DNS缓存
3.3. HTTPS 的加密 web 代理
对抗IP封锁
基于 HTTPS 方式的加密 Web 代理,主要好处是:无需安装其它软件,光靠浏览器就可以搞定。
但是有个明显的缺点,就是用的人一多就容易引起GFW注意,自然就挂掉了,所以需要自个找到好用的代理
3.4. vpn 代理软件
trojan
https://p4gefau1t.github.io/trojan-go/basic/trojan/
3.4.1. clash
https://github.com/Dreamacro/clash
https://github.com/juewuy/ShellClash shell 一件安装
https://github.com/yichengchen/clashX mac client
https://github.com/zzzgydi/clash-verge client
https://github.com/Loyalsoldier/clash-rules
https://github.com/Dreamacro/clash-dashboard
https://github.com/haishanh/yacd dashboard
https://github.com/aiboboxx/clashfree 免费节点
https://github.com/openRunner/clash-freenode
https://github.com/WilliamStar007/ClashX-V2Ray-TopFreeProxy
使用 Go 语言编写,基于规则的跨平台代理软件, (基于规则的隧道,无需服务器和虚拟主机), 支持 SS / VMess 协议
Clash for Windows 是目前在 Windows 上最好用的图形化分支。通过 Clash API 来配置和控制 Clash 核心程序,降低了 Clash 的使用成本
shell clash
运行在路由器中
3.4.2. shadowsocks
3.4.2.1. 搭建脚本
shadowsocks, windows客户端在这里, 可以自己租用国外vps搭建server端, 也可以使用好心人分享的搭建好的帐号:1 (host添加 “104.18.18.18 free-ss.site” 访问), 2, 3; macos 客户端: Shadowsocks-NG
- Shadowsocks-go: 二进制编译, 轻量, 快速
- Shadowsocks-python: 无功无过,也是最原始的版本,近年来更新速度略慢
- Shadowsocks-libev: 一直处于更新之中,最大的特点是支持obfs混淆
- ShadowsocksR: 从作者到产品都极负争议性, obfs混淆模式开创者, 但是前一段时间SSR服务器普遍遭到GFW的封杀.
还有一个特别的, vpn gate, 下载即用, 本质还是走代理, 只不过没有一个中心化的 server 了,每个人都是一个 server, 我为人人, 人人为我. 不过现在好像被墙了,想要上网, 需要先下载, 想下载, 需要先上网 这变成了一个鸡生蛋,蛋生鸡的问题...Orz
# 分享 vps 搭建 shadowsocks-libev server 的脚本 (https://www.24kplus.com/linux/1371.html)
# 另外可参考 https://www.flyzy2005.com/fan-qiang/shadowsocks/install-shadowsocks-in-one-command/ (ssr, 验证 bbr 是否开启成功)
# 另外可参考 https://github.com/teddysun/shadowsocks_install/tree/master
wget https://down.24kplus.com/linux/shadowsocks/centos-shadowsocks-libev.sh
chmod +x centos-shadowsocks-libev.sh && ./centos-shadowsocks-libev.sh
脚本内容:
#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
echo "#"
echo "# Auto install shadowsocks-libev server"
echo "#"
echo "# Copyright (C) 2019 24K PLUS"
echo "#"
echo "# System Required: CentOS 7/8"
echo "#"
echo "# Welcome to https://www.24kplus.com"
echo "#"
red='\033[0;31m'
green='\033[0;32m'
yellow='\033[0;33m'
plain='\033[0m'
[[ $EUID -ne 0 ]] && echo -e "[${red}Error${plain}] This script must be run as root!" && exit 1
cur_dir=$( pwd )
libtool_file="libtool-2.4.6"
libtool_url="https://down.24kplus.com/linux/libtool-2.4.6.tar.gz"
shadowsocks_libev_config="/etc/shadowsocks-libev/config.json"
shadowsocks_libev_service="/etc/systemd/system/shadowsocks-libev.service"
libsodium_file="libsodium-1.0.18-stable"
libsodium_url="https://down.24kplus.com/linux/libsodium-1.0.18-stable.tar.gz"
mbedtls_file="mbedtls-2.16.3"
mbedtls_url="https://down.24kplus.com/linux/mbedtls/mbedtls-2.16.3-gpl.tgz"
localconf_file="local"
localconf_url="https://down.24kplus.com/linux/shadowsocks/local.conf"
common_ciphers=(
xchacha20-ietf-poly1305
chacha20-ietf-poly1305
chacha20
aes-256-gcm
aes-256-cfb
)
install_main(){
check_sys
install_prepare
install_dependencies
install_libtool
install_mbedtls
install_libsodium
check_bbr_status
if [ $? -eq 0 ]; then
check_kernel_version
if [ $? -eq 1 ]; then
enable_bbr
fi
fi
optimization_sys_config
install_shadowsocks_libev
install_completed_libev
config_firewall
install_cleanup
}
getversion(){
grep -oE "[0-9.]+" /etc/redhat-release
}
check_sys(){
if [ -f /etc/redhat-release ]; then
echo ""
else
echo "Only supported CentOS 7/8."
exit 1
fi
local version="$(getversion)"
sys_main_ver=${version%%.*}
if [ "$sys_main_ver" != '7' ] && [ "$sys_main_ver" != '8' ]; then
echo "Only supports CentOS 7/8."
exit 1
fi
}
check_kernel_version(){
kernel_version=$(uname -r | awk -F'.' '{print $1}')
kernel_main_version=$(uname -r | awk -F'.' '{print $2}')
if [ $kernel_version -eq 4 ] && [ $kernel_main_version -lt 9 ]; then
echo "Google BBR only supports kernel version 4.9 or higher"
return 0
elif [ $kernel_version -lt 4 ]; then
echo "Google BBR only supports kernel version 4.9 or higher"
return 0
fi
return 1
}
get_libev_ver(){
libev_ver=$(wget --no-check-certificate -qO- https://api.github.com/repos/shadowsocks/shadowsocks-libev/releases/latest | grep 'tag_name' | cut -d\" -f4)
[ -z ${libev_ver} ] && echo -e "[${red}Error${plain}] Get shadowsocks-libev latest version failed" && exit 1
}
download_shadowsocks_libev(){
cd ${cur_dir}
get_libev_ver
shadowsocks_libev_file="shadowsocks-libev-$(echo ${libev_ver} | sed -e 's/^[a-zA-Z]//g')"
local shadowsocks_libev_url="https://github.com/shadowsocks/shadowsocks-libev/releases/download/${libev_ver}/${shadowsocks_libev_file}.tar.gz"
download "${shadowsocks_libev_file}.tar.gz" "${shadowsocks_libev_url}"
}
download(){
local filename=$(basename $1)
if [ -f ${1} ]; then
echo "${filename} [found]"
else
echo "${filename} not found, download now..."
wget --no-check-certificate -c -t3 -T60 -O ${1} ${2}
if [ $? -ne 0 ]; then
echo -e "[${red}Error${plain}] Download ${filename} failed."
exit 1
fi
fi
}
install_libtool(){
if [ ! -f /usr/bin/libtool ] && [ ! -f /usr/local/bin/libtool ]; then
cd ${cur_dir}
download "${libtool_file}.tar.gz" "${libtool_url}"
tar -zxf ${libtool_file}.tar.gz
cd ${libtool_file}
./configure --prefix=/usr && make && make install && ldconfig
if [ $? -ne 0 ]; then
echo -e "[${red}Error${plain}] ${libtool_file} install failed."
install_cleanup
exit 1
fi
else
echo -e "[${green}Info${plain}] libtool already installed."
fi
}
install_libsodium(){
if [ ! -f /usr/lib/libsodium.a ]; then
cd ${cur_dir}
download "${libsodium_file}.tar.gz" "${libsodium_url}"
tar -zxf ${libsodium_file}.tar.gz
cd libsodium-stable
./configure --prefix=/usr && make && make install && ldconfig
if [ $? -ne 0 ]; then
echo -e "[${red}Error${plain}] ${libsodium_file} install failed."
install_cleanup
exit 1
fi
else
echo -e "[${green}Info${plain}] libsodium already installed."
fi
}
install_mbedtls(){
if [ ! -f /usr/lib/libmbedtls.a ] && [ ! -f /usr/bin/mbedtls_hello ] && [ ! -f /usr/local/bin/mbedtls_hello ]; then
cd ${cur_dir}
download "${mbedtls_file}-gpl.tgz" "${mbedtls_url}"
tar -xf ${mbedtls_file}-gpl.tgz
cd ${mbedtls_file}
make && make DESTDIR=/usr install && ldconfig
if [ $? -ne 0 ]; then
echo -e "[${red}Error${plain}] ${mbedtls_file} install failed."
install_cleanup
exit 1
fi
else
echo -e "[${green}Info${plain}] mbedtls already installed."
fi
}
install_shadowsocks_libev(){
download_shadowsocks_libev
cd ${cur_dir}
tar -zxf ${shadowsocks_libev_file}.tar.gz
cd ${shadowsocks_libev_file}
./configure --disable-documentation && make && make install
if [ $? -eq 0 ]; then
config_shadowsocks_libev
systemctl start shadowsocks-libev
systemctl enable shadowsocks-libev
else
echo
echo -e "[${red}Error${plain}] shadowsocks-libev install failed."
install_cleanup
exit 1
fi
}
install_completed_libev(){
clear
echo
echo -e "Congratulations, shadowsocks-libev server install completed!"
echo -e "Your Server IP : ${red} $(get_ip) ${plain}"
echo -e "Your Server Port : ${red} ${shadowsocksport} ${plain}"
echo -e "Your Password : ${red} ${shadowsockspwd} ${plain}"
echo -e "Your Encryption Method: ${red} ${shadowsockscipher} ${plain}"
}
install_cleanup(){
cd ${cur_dir}
rm -rf libsodium-stable ${libsodium_file}.tar.gz
rm -rf ${mbedtls_file} ${mbedtls_file}-gpl.tgz
rm -rf ${libtool_file} ${libtool_file}.tar.gz
rm -rf ${shadowsocks_libev_file} ${shadowsocks_libev_file}.tar.gz
}
check_kernel_headers(){
if rpm -qa | grep -q headers-$(uname -r); then
return 0
else
return 1
fi
}
config_shadowsocks_libev(){
if [ ! -d "$(dirname ${shadowsocks_libev_config})" ]; then
mkdir -p $(dirname ${shadowsocks_libev_config})
fi
cat > ${shadowsocks_libev_config}<<-EOF
{
"server":"0.0.0.0",
"server_port":${shadowsocksport},
"password":"${shadowsockspwd}",
"timeout":600,
"method":"${shadowsockscipher}",
"fast_open":true,
"mode":"tcp_only"
}
EOF
cat > ${shadowsocks_libev_service}<<-EOF
[Unit]
Description=shadowsocks-libev server
After=network.target
[Service]
Type=simple
ExecStartPre=/bin/sh -c 'ulimit -n 51200'
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks-libev/config.json
Restart=on-abort
[Install]
WantedBy=multi-user.target
EOF
}
error_detect_depends(){
local command=$1
local depend=`echo "${command}" | awk '{print $4}'`
echo -e "[${green}Info${plain}] Starting to install package ${depend}"
${command} > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "[${red}Error${plain}] Failed to install ${red}${depend}${plain}"
exit 1
fi
}
install_dependencies(){
local gcc_path=$(command -v gcc)
if [ "${gcc_path}" == "" ]; then
error_detect_depends "yum -y install gcc"
fi
yum_depends=(
gettext autoconf automake make pcre-devel asciidoc xmlto c-ares-devel libev-devel wget tar m4 perl
)
for depend in ${yum_depends[@]}; do
error_detect_depends "yum -y install ${depend}"
done
if [ "$sys_main_ver" == '8' ]; then
install_python2
fi
}
install_python2(){
if [ ! -f /usr/lib64/libpython2.7.so.1.0 ]; then
error_detect_depends "yum -y install python2"
fi
}
config_firewall(){
systemctl status firewalld > /dev/null 2>&1
if [ $? -eq 0 ]; then
default_zone=$(firewall-cmd --get-default-zone)
firewall-cmd --permanent --zone=${default_zone} --add-port=${shadowsocksport}/tcp
firewall-cmd --permanent --zone=${default_zone} --add-port=${shadowsocksport}/udp
firewall-cmd --reload
else
echo -e "[${yellow}Warning${plain}] firewalld looks like not running or not installed, please enable port ${shadowsocksport} manually if necessary."
fi
}
install_prepare_port() {
while true
do
dport=$(shuf -i 9000-19999 -n 1)
echo -e "Please enter a port for shadowsocks-libev [1-65535]"
read -p "(Default port: ${dport}):" shadowsocksport
[ -z "${shadowsocksport}" ] && shadowsocksport=${dport}
expr ${shadowsocksport} + 1 &>/dev/null
if [ $? -eq 0 ]; then
if [ ${shadowsocksport} -ge 1 ] && [ ${shadowsocksport} -le 65535 ] && [ ${shadowsocksport:0:1} != 0 ]; then
echo
echo "port = ${shadowsocksport}"
echo
break
fi
fi
echo -e "[${red}Error${plain}] Please enter a correct number [1-65535]"
done
}
install_prepare_password(){
local mkpasswd_path=$(command -v mkpasswd)
if [ "${mkpasswd_path}" == "" ]; then
error_detect_depends "yum -y install expect"
fi
radompassword=$(mkpasswd -l 18 -d 2 -s 4)
echo "Please enter password for shadowsocks-libev"
read -p "(Default password: ${radompassword}):" shadowsockspwd
[ -z "${shadowsockspwd}" ] && shadowsockspwd=${radompassword}
echo
echo "password = ${shadowsockspwd}"
echo
}
install_prepare_cipher(){
while true
do
echo -e "Please select stream cipher for shadowsocks-libev:"
for ((i=1;i<=${#common_ciphers[@]};i++ )); do
hint="${common_ciphers[$i-1]}"
echo -e "${green}${i}${plain}) ${hint}"
done
read -p "Which cipher you'd select(Default: ${common_ciphers[0]}):" pick
[ -z "$pick" ] && pick=1
expr ${pick} + 1 &>/dev/null
if [ $? -ne 0 ]; then
echo -e "[${red}Error${plain}] Please enter a number"
continue
fi
if [[ "$pick" -lt 1 || "$pick" -gt ${#common_ciphers[@]} ]]; then
echo -e "[${red}Error${plain}] Please enter a number between 1 and ${#common_ciphers[@]}"
continue
fi
shadowsockscipher=${common_ciphers[$pick-1]}
echo
echo "cipher = ${shadowsockscipher}"
echo
break
done
}
check_bbr_status() {
local param=$(lsmod | grep bbr | awk '{print $1}')
if [[ "${param}" == "tcp_bbr" ]]; then
echo "[${green}Info${plain}] Your Google BBR enabled"
return 1
else
return 0
fi
}
enable_bbr() {
modprobe tcp_bbr
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
sysctl -p
echo "[${green}Info${plain}] Google BBR enabled"
}
optimization_sys_config(){
cd ${cur_dir}
if [ ! -f /etc/sysctl.d/local.conf ]; then
download "${localconf_file}.conf" "${localconf_url}"
mv ${localconf_file}.conf /etc/sysctl.d/local.conf
sysctl --system
fi
if [ "$(grep "* soft nofile" /etc/security/limits.conf)" == "" ]; then
echo "* soft nofile 51200" >> /etc/security/limits.conf
fi
if [ "$(grep "* hard nofile" /etc/security/limits.conf)" == "" ]; then
echo "* hard nofile 51200" >> /etc/security/limits.conf
fi
}
get_ip(){
local IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )
[ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 api.24kplus.com/myip )
echo ${IP}
}
get_char(){
SAVEDSTTY=$(stty -g)
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
install_prepare(){
install_prepare_password
install_prepare_port
install_prepare_cipher
echo
echo "Press any key to start...or Press Ctrl+C to cancel"
char=`get_char`
}
install_main
3.4.2.2. 通过一键脚本
一键 ss
git clone -b master https://github.com/flyzy2005/ss-fly
ss-fly/ss-fly.sh -i <ss pwd> [port] # pwd 最好只包含字母+数字, port 可选, 默认 1024
# 如果需要改密码或者改端口,只需要重新再执行一次搭建ss脚本代码
# 或者修改/etc/shadowsocks.json这个配置文件
# 卸载
ss-fly/ss-fly.sh -uninstall
# 常用操作
启动:/etc/init.d/ss-fly start
停止:/etc/init.d/ss-fly stop
重启:/etc/init.d/ss-fly restart
状态:/etc/init.d/ss-fly status
查看ss链接:ss-fly/ss-fly.sh -sslink
修改配置文件:vim /etc/shadowsocks.json
一键 ssr
git clone -b master https://github.com/flyzy2005/ss-fly
ss-fly/ss-fly.sh -ssr # 会进入到输入参数的界面,包括服务器端口,密码,加密方式,协议,混淆, 可以直接输入回车选择默认值
# 卸载 ssr
./shadowsocksR.sh uninstall
# ssr 操作
启动:/etc/init.d/shadowsocks start
停止:/etc/init.d/shadowsocks stop
重启:/etc/init.d/shadowsocks restart
状态:/etc/init.d/shadowsocks status
配置文件路径:/etc/shadowsocks.json
日志文件路径:/var/log/shadowsocks.log
代码安装目录:/usr/local/shadowsocks
一键开启BBR加速
ss-fly/ss-fly.sh -bbr
reboot # 重启
# 这条返回 net.ipv4.tcp_available_congestion_control = bbr cubic reno 则证明 开启成功
sysctl net.ipv4.tcp_available_congestion_control
3.4.2.3. pac 规则
https://adblockplus.org/en/filter-cheatsheet
通配符支持。
比如*.example.com/*实际书写时可省略*, 如.example.com/, 和*.example.com/*效果一样
正则支持, 以\开始结束
\xxxx\
\[\w]+:\/\/example.com\
标记走代理的域名 (同时覆盖 http 和 https, ftp 协议)
^ 符号,意思是要么在这个符号的地方结束,要么后面跟着?,/等字符。
表示除了字母、数字或者 _ – . % 之外的任何字符。如 http://example.com^ ,http://example.com/ 和 http://example.com:8000/ 均满足条件,而 http://example.com.ar/ 不满足条件。
||github.com^,
||youtube.com,
注释
!comment
标记例外的域名 (指定域名不走代理)
存疑? 也可能是 @@@xxx.com
@@||baidu.com,
标记开头 (以指定字符串开头的 url 走代理)
|http://xxx,
标记结尾 (指定字符串结尾的 url 走代理)
xxx.com|,
v2ray
是 Project V 下的一个工具。Project V 是一个包含一系列构建特定网络环境工具的项目,而 V2Ray 属于最核心的一个
苹果系客户端
ios:
Spectre
Potatso
Cyberoket
Quantumult X
Shadowrocket
surge
macos:
clashx pro
安卓模拟器
https://doc.miyun.app/android-emulator-proxy/
MuMu模拟器设置代理
夜神模拟器
3.5. 其他方法
内网穿透:比较典型的是ZeroTier,
4. vps
国内: 阿里云, 腾讯云 , 华为云/京东云/七牛云/ucloud
香港: GigsGigsCloud,枫叶vps. Raksmart/HostKVM/搬瓦工/阿里云香港
国外: Vultr, 搬瓦工 , HostDare/CloudCone/VirMach/Raksmart/BudgetVM/Linode/DigitalOcean/Godaddy
域名注册: Namesilo, Godaddy(老牌/中文) Name.com/NameCheap
宝塔面板 百度云加速:CDN/安全加速 ThemeForest 全球最大网站主题库
SeaFile、ownCloud、BTSync 云网盘
5. 内网穿透
https://github.com/qiweiview/jndc java 方案
https://www.v2ex.com/t/850426#reply43
https://github.com/rapiz1/rathole
FRP https://github.com/fatedier/frp
https://github.com/ehang-io/nps nps
https://blog.k8s.li/ffmepg-rtsp.html https://www.cnblogs.com/liusingbon/p/12623774.html https://www.zhihu.com/question/20671869 摄像头视频流
https://segmentfault.com/a/1190000022390255 常用的内网穿透工具
reference: 1 https://www.youtube.com/watch?v=VKSKZ0-3oT8 https://www.youtube.com/watch?v=LUg8cEBjYYM (web css 设计) GitHub: frp
https://imququ.com/post/self-hosted-ngrokd.html https://ngrok.com https://www.skysilk.com/cloud/pricing/#classId=Basic§ion=1 https://www.vultr.com/
还有商用方案 ngrok, ZeroTier(个人免费, tailscale 和 zerotier,搭 moon 节点)