Turn SOCKS into VPN

安装相关软件

  • badvpn
  • shadowsocks-libev
  • pdnsd
  • dnsutils
$ pacman -S badvpn \
            shadowsocks-libev \
            pdnsd \
            dnsutils

配置SOCKS代理

$ cat /etc/shadowsocks/jp.json
{
    "server": "1.2.3.4",
    "server_port": 8388,
    "local_port": 1080,
    "password": "******",
    "timeout": 60,
    "method": "aes-256-cfb"
}

$ systemctl start shadowsocks-libev@jp

$ curl -x socks5h://127.0.0.1:1080 ifconfig.co
45.32.57.113  

配置本地网络

$ cat /etc/systemd/network/eth0.network
[Match]
Name=eth0

[Network]
DHCP=yes  
DNS=127.0.0.1

[DHCP]
UseDNS=false

#[Route]
#Destination=45.32.57.113
#Gateway=192.168.31.1

DHCP暂不支持设置静态路由 (见#1850)

配置虚拟网络

$ cat /etc/systemd/network/tun0.netdev
[NetDev]
Name=tun0  
Kind=tun

[Tunnel]
Remote=10.0.0.2

$ cat /etc/systemd/network/tun0.network
[Match]
Name=tun0

[Network]
Address=10.0.0.1/24

#[Route]
#Destination=0.0.0.0/1
#Gateway=10.0.0.2

#[Route]
#Destination=128.0.0.0/1
#Gateway=10.0.0.2

因为清理路由不方便, 所以转移到tun2socks.service.

配置DNS服务

$ cat /etc/pdnsd.conf
global {  
        perm_cache = 10240;
        cache_dir = /var/cache/pdnsd;
        pid_file = /var/run/pdnsd.pid;
        run_as= pdnsd;
        server_ip = 0.0.0.0;
        status_ctl = on;
        query_method = tcp_only;
        min_ttl = 15m;
        max_ttl = 1w;
        timeout = 10;
        neg_domain_pol = auth;
}

server {  
        label = "opendns";
        ip = 208.67.222.222, 208.67.220.220;
        timeout = 4;
        uptest = if;
        interface = tun0;
        interval = 15m;
        proxy_only = on;
        purge_cache = off;
        preset = off;
}

source {  
        owner=localhost;
        serve_aliases=on;
        file="/etc/hosts";
}

rr {  
        name=localhost;
        reverse=on;
        a=127.0.0.1;
        owner=localhost;
        soa=localhost,root.localhost,42,86400,900,86400,86400;
}

neg {  
        name=baidu.com;
        types=domain;
}

配置VPN服务

$ cat /etc/systemd/system/tun2socks.service
[Unit]
Description=BadVPN Tun2Socks Daemon  
After=network.target

[Service]
ExecStartPre=/usr/bin/ip route add 45.32.57.113 via 192.168.31.1  
ExecStartPre=/usr/bin/ip route add 0.0.0.0/1 via 10.0.0.2  
ExecStartPre=/usr/bin/ip route add 128.0.0.0/1 via 10.0.0.2  
ExecStart=/usr/bin/badvpn-tun2socks \  
                         --tundev tun0 \
                         --netif-ipaddr 10.0.0.2 \
                         --netif-netmask 255.255.255.0 \
                         --socks-server-addr 127.0.0.1:1080
ExecStopPost=/usr/bin/ip route del 128.0.0.0/1 via 10.0.0.2  
ExecStopPost=/usr/bin/ip route del 0.0.0.0/1 via 10.0.0.2  
ExecStopPost=/usr/bin/ip route del 45.32.57.113 via 192.168.31.1  
Restart=always

[Install]
WantedBy=multi-user.target

$ systemctl daemon-reload

大功告成

$ systemctl restart systemd-networkd

$ systemctl start pdnsd

$ systemctl start tun2socks

$ curl ifconfig.co
45.32.57.113