README
¶
connectME
connectME is a tool that help you connect the internet freely.
⚙ Installation
# 如果是升级, 最好先把老版本删除
# rm -rf /usr/bin/connectME
CGO_ENABLED=0 \
GOBIN=/usr/bin \
go get -u -v github.com/aiziyuer/connectME
为了避免goproxy的缓存问题, 可以
export GOPROXY=direct强制从源站下载
🧼 Serve DNS
# start it
➜ ~ connectME dns --port 53
ednsSubnet: 122.235.189.0/24
proxy: http://127.0.0.1:3128
tcp_server: 0.0.0.0:53
udp_server: 0.0.0.0:53
# test
dig @127.0.0.1 -p53 www.google.com +short
🚪 Serve GW
网关服务安装
# start it
➜ ~ export proxy=http://127.0.0.1:3128
➜ ~ connectME gw --port 1081
gw_server: 0.0.0.0:1081
由于透明网关需要防火墙上面将流量引入, 所以有如下推荐的防火墙配置:
# install ipset
yum install ipset
# apt-get install ipset
# clean
# ipset flush NO_PROXY && ipset destory NO_PROXY || true
# create, ref: https://zh.wikipedia.org/wiki/%E4%BF%9D%E7%95%99IP%E5%9C%B0%E5%9D%80
ipset create NO_PROXY hash:net comment
ipset -exist add NO_PROXY 0.0.0.0/8 comment "IANA"
ipset -exist add NO_PROXY 10.0.0.0/8 comment "Class C IP address"
ipset -exist add NO_PROXY 172.16.0.0/12 comment "Class C IP address"
ipset -exist add NO_PROXY 192.168.0.0/16 comment "Class C IP address"
ipset -exist add NO_PROXY 127.0.0.0/8 comment "Loopback Address"
ipset -exist add NO_PROXY 169.254.0.0/16 comment "Link local address"
ipset -exist add NO_PROXY 224.0.0.0/16 comment "Multicast Address"
# ipset -exist add NO_PROXY xxxx/32 comment "Your Proxy Server"
# apply chain
iptables -t nat -N PROXY &>/dev/null; iptables -t nat -F PROXY
iptables -t nat -A PROXY -m set --match-set NO_PROXY dst -j RETURN
iptables -t nat -A PROXY -p tcp -j REDIRECT --to-port 1081
iptables -t nat -F OUTPUT && iptables -t nat -A OUTPUT -j PROXY
iptables -t nat -F PREROUTING && iptables -t nat -A PREROUTING -p tcp -j PROXY
# review chain
iptables -t nat -S
🎂 AutoStart
# ipset auto restore at reboot
cat <<'EOF' >/etc/systemd/system/ipset.service
[Unit]
Description=ipset persistent rule service
Before=iptables.service
ConditionFileNotEmpty=/etc/sysconfig/ipset
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/sbin/ipset -exist -file /etc/sysconfig/ipset restore
ExecStop=/usr/sbin/ipset -file /etc/sysconfig/ipset save
[Install]
WantedBy=multi-user.target
EOF
# apply ipset
systemctl daemon-reload; systemctl enable ipset.service; systemctl start ipset.service
# add systemd service
cat <<'EOF'>/etc/systemd/system/connectME@.service
[Unit]
Description=connectME dns
Documentation=https://github.com/aiziyuer/connectME
After=network.target
[Service]
Type=notify
Environment="HTTP_PROXY=127.0.0.1:3128"
Environment="HTTPS_PROXY=127.0.0.1:3128"
ExecStart=/usr/bin/connectME %i
WatchdogSec=1s
StartLimitBurst=0
StartLimitIntervalSec=0
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
# apply dns
systemctl daemon-reload; systemctl enable connectME@dns.service; systemctl restart connectME@dns.service
# apply gw
systemctl daemon-reload; systemctl enable connectME@gw.service; systemctl restart connectME@gw.service
🙏 FAQ
Documentation
¶
Overview ¶
Copyright © 2020 NAME HERE <EMAIL ADDRESS>
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.