|
|
@@ -621,6 +621,9 @@ For example:
|
|
|
|
|
|
`--dns-address` supports multiple dns addresses, load balancing, separated by comma. For example: `--dns-address "1.1.1.1:53,8.8.8.8:53"`
|
|
|
|
|
|
+You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
|
|
|
+for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
|
|
|
+
|
|
|
### 1.12 Custom encryption
|
|
|
The proxy's http(s) proxy can encrypt tcp data via tls standard encryption and kcp protocol on top of tcp, in addition to support customization after tls and kcp.
|
|
|
Encryption, that is to say, custom encryption and tls|kcp can be used in combination. The internal use of AES256 encryption, you only need to define a password when you use it.
|
|
|
@@ -1282,6 +1285,9 @@ And the analysis result cache time (--dns-ttl) seconds, to avoid system dns inte
|
|
|
For example:
|
|
|
`proxy socks -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
|
|
|
|
|
|
+You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
|
|
|
+for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
|
|
|
+
|
|
|
### 5.10 Custom Encryption
|
|
|
The proxy's socks proxy can encrypt tcp data through tls standard encryption and kcp protocol on top of tcp. In addition, it supports custom encryption after tls and kcp, which means that custom encryption and tls|kcp can be used together. The internal use of AES256 encryption, you only need to define a password when you use it.
|
|
|
Encryption is divided into two parts, one is whether the local (-z) encryption and decryption, and the other is whether the transmission with the upstream (-Z) is encrypted or decrypted.
|
|
|
@@ -1417,25 +1423,48 @@ The default is: parent.
|
|
|
The meaning of each value is as follows:
|
|
|
`--intelligent=direct`, the targets in the blocked are not directly connected.
|
|
|
`--intelligent=parent`, the target that is not in the direct is going to the higher level.
|
|
|
-`--intelligent=intelligent`, blocked and direct have no targets, intelligently determine whether to use the upstream access target.
|
|
|
+`--intelligent=intelligent`, blocked and direct have no targets, intelligently determine whether to use the upstream
|
|
|
+access target.
|
|
|
|
|
|
### 5.18 Fixed UDP PORT
|
|
|
|
|
|
-By default, the port number of the UDP function of socks5, the proxy is installed in the `rfc1982 draft` request, which is randomly specified during the protocol handshake process and does not need to be specified in advance.
|
|
|
+By default, the port number of the UDP function of socks5, the proxy is installed in the `rfc1982 draft` request, which
|
|
|
+is randomly specified during the protocol handshake process and does not need to be specified in advance.
|
|
|
|
|
|
-However, in some cases, you need to fix the UDP function port. You can use the parameter `--udp-port port number` to fix the port number of the UDP function. For example:
|
|
|
+However, in some cases, you need to fix the UDP function port. You can use the parameter `--udp-port port number` to fix
|
|
|
+the port number of the UDP function. For example:
|
|
|
|
|
|
`proxy socks -t tcp -p "0.0.0.0:38080" --udp-port 38080`
|
|
|
|
|
|
-### 5.19 Help
|
|
|
+### 5.19 UDP Compatibility Mode
|
|
|
+
|
|
|
+By default, the UDP functionality of the SOCKS5 proxy in the proxy operates in accordance with the SOCKS5 RFC 1928
|
|
|
+specification. However, there are certain SOCKS5 clients that do not adhere to the specified rules. To ensure
|
|
|
+compatibility with such clients, the `--udp-compat` parameter can be added to activate the compatibility mode for SOCKS5
|
|
|
+UDP functionality.
|
|
|
+
|
|
|
+Additionally, the `-udp-gc` parameter can be utilized to set the maximum idle time for UDP. When this time threshold is
|
|
|
+exceeded, UDP connections will be released.
|
|
|
+
|
|
|
+### 5.20 Help
|
|
|
+
|
|
|
`proxy help socks`
|
|
|
|
|
|
## 6.SPS Protocol Convert
|
|
|
|
|
|
### 6.1 Function introduction
|
|
|
-The proxy protocol conversion uses the sps subcommand. The sps itself does not provide the proxy function. It only accepts the proxy request to "convert and forward" to the existing http(s) proxy or the socks5 proxy or ss proxy; the sps can put the existing http(s) proxy or socks5 proxy or ss proxy is converted to a port that supports both http(s) and socks5 and ss proxies, and the http(s) proxy supports forward proxy and reverse proxy (SNI), converted SOCKS5 proxy, UDP function is still supported when the upper level is SOCKS5 or SS; in addition, for the existing http(s) proxy or socks5 proxy, three modes of tls, tcp, and kcp are supported, and chain connection is supported, that is, multiple sps node levels can be supported. The connection builds an encrypted channel.
|
|
|
|
|
|
-The encryption methods supported by the `ss` function are: aes-128-cfb, aes-128-ctr, aes-128-gcm, aes-192-cfb, aes-192-ctr, aes-192-gcm, aes-256- Cfb , aes-256-ctr , aes-256-gcm , bf-cfb , cast5-cfb , chacha20 , chacha20-ietf , chacha20-ietf-poly1305 , des-cfb , rc4-md5 , rc4-md5-6 , salsa20 , Xchacha20
|
|
|
+The proxy protocol conversion uses the sps subcommand. The sps itself does not provide the proxy function. It only
|
|
|
+accepts the proxy request to "convert and forward" to the existing http(s) proxy or the socks5 proxy or ss proxy; the
|
|
|
+sps can put the existing http(s) proxy or socks5 proxy or ss proxy is converted to a port that supports both http(s) and
|
|
|
+socks5 and ss proxies, and the http(s) proxy supports forward proxy and reverse proxy (SNI), converted SOCKS5 proxy, UDP
|
|
|
+function is still supported when the upper level is SOCKS5 or SS; in addition, for the existing http(s) proxy or socks5
|
|
|
+proxy, three modes of tls, tcp, and kcp are supported, and chain connection is supported, that is, multiple sps node
|
|
|
+levels can be supported. The connection builds an encrypted channel.
|
|
|
+
|
|
|
+The encryption methods supported by the `ss` function are: aes-128-cfb, aes-128-ctr, aes-128-gcm, aes-192-cfb,
|
|
|
+aes-192-ctr, aes-192-gcm, aes-256- Cfb , aes-256-ctr , aes-256-gcm , bf-cfb , cast5-cfb , chacha20 , chacha20-ietf ,
|
|
|
+chacha20-ietf-poly1305 , des-cfb , rc4-md5 , rc4-md5-6 , salsa20 , Xchacha20
|
|
|
|
|
|
Listen port argument `-p` can be:
|
|
|
|
|
|
@@ -1715,7 +1744,7 @@ It should be noted that the ss function of sps also has UDP function, and the UD
|
|
|
|
|
|
To specify a port that is different from the tcp port.
|
|
|
|
|
|
-### 6.17 iptables 透明代理
|
|
|
+### 6.17 Iptables Transparent Proxy
|
|
|
The sps mode supports the iptables transparent forwarding support of the Linux system, which is commonly referred to as the iptables transparent proxy. If a iptables transparent proxy is performed on the gateway device, the device that is connected through the gateway can realize a non-aware proxy.
|
|
|
|
|
|
Example start command:
|
|
|
@@ -1762,16 +1791,40 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY
|
|
|
|
|
|
- Clear the entire chain iptables -F chain name such as iptables -t nat -F PROXY
|
|
|
- Delete the specified user-defined chain iptables -X chain name e.g. iptables -t nat -X PROXY
|
|
|
-- Delete rule from selected chain iptables -D chain name rule details e.g. iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN
|
|
|
+- Delete rule from selected chain iptables -D chain name rule details e.g. iptables -t nat -D PROXY -d
|
|
|
+ 223.223.192.0/255.255.240.0 -j RETURN
|
|
|
|
|
|
-### 6.18 Help
|
|
|
+### 6.19 UDP Compatibility Mode
|
|
|
+
|
|
|
+By default, the UDP functionality of the SOCKS5 proxy in the proxy operates in accordance with the SOCKS5 RFC 1928
|
|
|
+specification. However, there are certain SOCKS5 clients that do not adhere to the specified rules. To ensure
|
|
|
+compatibility with such clients, the `--udp-compat` parameter can be added to activate the compatibility mode for SOCKS5
|
|
|
+UDP functionality.
|
|
|
+
|
|
|
+Additionally, the `-udp-gc` parameter can be utilized to set the maximum idle time for UDP. When this time threshold is
|
|
|
+exceeded, UDP connections will be released.
|
|
|
+
|
|
|
+### 6.20 Custom DNS
|
|
|
+
|
|
|
+The `--dns-address` and `--dns-ttl` parameters are used to specify the dns used by the proxy to access the domain name (`--dns-address`)
|
|
|
+As well as the number of seconds for caching the parsing results (--dns-ttl) to avoid the interference of the system dns on the proxy.
|
|
|
+The additional caching function can also reduce the dns parsing time and improve the access speed.
|
|
|
+Translation:
|
|
|
+`Agent sps -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
|
|
|
+
|
|
|
+You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
|
|
|
+for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
|
|
|
+
|
|
|
+### 6.21 Help
|
|
|
|
|
|
`proxy help sps`
|
|
|
|
|
|
## 7.KCP Configuration
|
|
|
|
|
|
### 7.1 Configuration Introduction
|
|
|
-Many functions of the proxy support the kcp protocol. Any function that uses the kcp protocol supports the configuration parameters described here.
|
|
|
+
|
|
|
+Many functions of the proxy support the kcp protocol. Any function that uses the kcp protocol supports the configuration
|
|
|
+parameters described here.
|
|
|
Therefore, the KCP configuration parameters are introduced here.
|
|
|
|
|
|
### 7.2 Detailed configuration
|
snail007