路由器透明代理 用v2ray做VPN说实话v2ray并不合格(图)

一直不喜欢V2ray的配置文件（现在还是不喜欢）。我觉得它太乱了，一点也不清楚。不同的入站和出站混合在一起，无法清楚地区分每个服务。其实这也是v2ray灵活性的体现。

简单的说，v2ray没有服务端和客户端的区别，或者说v2ray的客户端和服务端是在一起的； inbounds作为服务端，接受客户端的请求，对应客户端的outbounds； outbounds 作为客户端，向服务端发起请求，对应服务端的入站。同一个v2ray的入站和出站是通过路由连接的。路由用于定义当我的一个入站接收流量时应将哪个出站发送到。所以v2ray可以做到：inbounds接收流量，然后检查路由，根据路由设置转发到指定的outbounds。

透明代理的配置来自v2的白话教程：

{
  "inbounds": [
    {
      "tag": "home",
      "port": YOUR PORT,
      "protocol": "vmess",
      "settings": {
    "clients": [{ "id": YOUR ID }]
      }
    },
    {
      "tag":"transparent",
      "port": 12345,
      "protocol": "dokodemo-door",
      "settings": {
        "network": "tcp,udp",
        "followRedirect": true
      },
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "tproxy" 
        }
      }
    },
    {
      "port": 1080, 
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      },
      "settings": {
        "auth": "noauth"
      }
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vmess", 
      "settings": {
        "vnext": [
          {
            "address": "144.202.94.28", 
            "port": YOUR VPS PORT, 
            "users": [{ "id":  YOUR VPS ID }]
          }
        ]
      },
      "streamSettings": {
        "sockopt": {
          "mark": 255
        }
      },
      "mux": {
        "enabled": true
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "UseIP"
      },
      "streamSettings": {
        "sockopt": {
          "mark": 255
        }
      }      
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      }
    },
    {
      "tag": "dns-out",
      "protocol": "dns",
      "streamSettings": {
        "sockopt": {
          "mark": 255
        }
      }  
    }
  ],
  "dns": {
    "servers": [
      "8.8.8.8", 
      "1.1.1.1",
      "114.114.114.114",
      {
        "address": "223.5.5.5", 
        "port": 53,
        "domains": [
          "geosite:cn",
          "ntp.org",   
          "144.202.94.28" 
        ]
      }
    ]
  },
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {
    "type": "field",
    "inboundTag": ["home"],
    "outboundTag": "direct"
      },
      { 
        "type": "field",
        "inboundTag": [
          "transparent"
        ],
        "port": 53,
        "network": "udp",
        "outboundTag": "dns-out" 
      },    
      { 
        "type": "field",
        "inboundTag": [
          "transparent"
        ],
        "port": 123,
        "network": "udp",
        "outboundTag": "direct" 
      },    
      {
        "type": "field", 
        "ip": [ 
          "223.5.5.5",
          "114.114.114.114"
        ],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "ip": [ 
          "8.8.8.8",
          "1.1.1.1"
        ],
        "outboundTag": "proxy" 
      },
      { 
        "type": "field", 
        "domain": [
          "geosite:category-ads-all"
        ],
        "outboundTag": "block"
      },
      { 
        "type": "field",
        "protocol":["bittorrent"], 
        "outboundTag": "direct"
      },
      { 
        "type": "field", 
        "ip": [
          "geoip:private"
        ],
        "outboundTag": "direct"
      }
    ]
  }
}

CPU可能满载的情况参考：v2ray tproxy透明代理导致CPU占用100%

后面需要配置iptables规则，请参考链接：。 （设置iptables规则时，如果执行了代理网关的本地部分，会导致交叉NAT连接失败，即端口映射后路由器无法从外网连接到bypass，参见：v2ray作为内网网关，公网访问局域网服务器出错，此时不要作为本地网关的代理）

关于使用v2ray作为VPN，说实话，v2ray不合格，v2ray只支持TCP/UDP。我用它作为Wireguard的补充，防止UDP干扰，但现在我只是在准备。

本文来自本站，转载请注明本文网址：
http://www.pc-fly.com/a/tongxingongju/article-380308-1.html

……