{"id":255472,"date":"2016-04-13T16:53:02","date_gmt":"2016-04-13T08:53:02","guid":{"rendered":"http:\/\/blog.zhenglei.net\/?p=255472"},"modified":"2016-04-13T16:58:51","modified_gmt":"2016-04-13T08:58:51","slug":"%e8%bd%ac%ef%bc%9a%e9%80%9a%e8%bf%87-stunnel-%e6%90%ad%e5%bb%ba%e5%ae%89%e5%85%a8%e9%ab%98%e6%80%a7%e8%83%bd%e7%9a%84-sockts-%e4%bb%a3%e7%90%86%e6%9c%8d%e5%8a%a1%e5%99%a8","status":"publish","type":"post","link":"https:\/\/blog.zhenglei.net\/?p=255472","title":{"rendered":"\u8f6c\uff1a\u901a\u8fc7 stunnel \u642d\u5efa\u5b89\u5168\u9ad8\u6027\u80fd\u7684 sockts \u4ee3\u7406\u670d\u52a1\u5668"},"content":{"rendered":"

http:\/\/bird1110.blogspot.com\/2011\/01\/using-stunnel-through-proxy.html<\/a><\/p>\n

 <\/p>\n

\u4e00\u822c\u6765\u8bf4\u8981\u642d\u5efa\u4e00\u4e2a\u672c\u5730\u7684 socks \u4ee3\u7406\u53ea\u9700\u8981\u7b80\u5355\u7684 ssh -D, \u5c31\u53ef\u4ee5\u751f\u6210\u4e00\u4e2a\u4ee3\u7406\u4e86. \u8fd9\u6837\u4f5c\u4e3a\u96f6\u65f6\u65b9\u6848\u633a\u4e0d\u9519\u7684, \u5de5\u4f5c\u4e0a\u670d\u52a1\u5668\u4e00\u822c\u4f1a\u88ab\u53cd\u5411\u4ee3\u7406, \u901a\u8fc7 ssh \u5c31\u53ef\u4ee5\u9690\u5c04\u5230\u672c\u5730\u901a\u8fc7\u6d4f\u89c8\u5668\u8fdb\u884c\u8c03\u8bd5\u4e86, \u4f46\u5982\u679c\u9700\u8981\u957f\u671f\u4f7f\u7528\u7684\u8bdd. \u8fd9\u6837\u7684\u65b9\u6848\u4e5f\u6709\u4e0d\u5c11\u7684\u9ebb\u70e6.<\/p>\n

\u901a\u8fc7 ssh -D \u4ed6\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u53ea\u4f1a\u6709\u4e00\u4e2a\u8fde\u63a5, \u8fd9\u6837\u7f51\u7edc\u6027\u80fd\u4e0a\u5e76\u4e0d\u662f\u6700\u597d\u7684.
\n\u5fc5\u987b\u4f7f\u7528 openssh \u624d\u53ef\u4ee5 -D, \u4e00\u822c\u8def\u7531\u5668\u5e38\u7528\u7684 dropbear ssh \u5ba2\u6237\u7aef\u4e0d\u80fd\u4f7f\u7528 -D.
\n\u9700\u8981\u901a\u8fc7 autossh \u81ea\u52a8\u91cd\u8fde, \u4f46\u5982\u679c\u7f51\u7edc\u9891\u7e41\u5207\u6362(\u8bf8\u5982 3G \u548c wifi) \u8fd8\u9700\u8981\u8f85\u52a9\u811a\u672c\u6765\u91cd\u542f autossh.
\n\u4e5f\u4e0d\u80fd\u63d0\u4f9b\u4f8b\u5982\u7528\u6237\u540d\u5bc6\u7801\u4ea4\u9a8c\u8fd9\u6837\u7684\u5b89\u5168\u8ba4\u8bc1\u529f\u80fd.<\/p>\n

\u57fa\u4e8e\u4ee5\u4e0a\u8fd9\u4e48\u591a\u95ee\u9898, \u6709\u6761\u4ef6\u7684\u524d\u63d0\u4e0b\u8fd8\u662f\u81ea\u5df1\u5728\u670d\u52a1\u5668\u7aef\u642d socks \u4ee3\u7406, \u518d\u901a\u8fc7 stunnel \u6216\u8005 ssh -L \u6620\u5c04\u5230\u672c\u5730\u662f\u6bd4\u8f83\u597d\u7684\u89e3\u51b3\u65b9\u6848.<\/p>\n

\u5b89\u88c5 socks \u4ee3\u7406<\/strong><\/p>\n

\u65b9\u6848\u4e0a\u662f\u5728\u670d\u52a1\u5668\u642d\u5efa\u4e00\u4e2a\u53ea\u80fd\u672c\u5730\u4f7f\u7528\u7684\u4ee3\u7406, \u518d\u901a\u8fc7\u5176\u4ed6\u670d\u52a1\u6620\u5c04\u5230\u672c\u5730. (\u8fd9\u91cc\u7528 danted \u6765\u642d socks \u4ee3\u7406. \u670d\u52a1\u5668\u7528\u7684\u662f ubuntu)<\/p>\n

apt-get install -y dante-server<\/p>\n

\u5b89\u88c5\u5b8c\u4ee5\u540e\u5c06 \/etc\/danted.conf \u5f00\u542f\u6216\u52a0\u5165\u5982\u4e0b\u914d\u7f6e<\/p>\n

logoutput: syslog
\ninternal: 127.0.0.1 port = 1080
\nexternal: eth0<\/p>\n

clientmethod: none
\nmethod: none<\/p>\n

user.privileged: proxy
\nuser.notprivileged: nobody
\nuser.libwrap: nobody<\/p>\n

extension: bind
\nconnecttimeout: 30
\niotimeout: 86400<\/p>\n

client pass {
\nfrom: 127.0.0.1\/8 to: 127.0.0.1\/8
\nlog: connect error
\nmethod: none
\n}
\nclient block {
\nfrom: 0.0.0.0\/0 to: 0.0.0.0\/0
\nmethod: none
\n}
\npass {
\nfrom: 127.0.0.1\/8 to: 0.0.0.0\/0
\ncommand: bind connect udpassociate
\nlog: connect error
\nmethod: none
\n}
\npass {
\nfrom: 0.0.0.0\/0 to: 127.0.0.1\/8
\ncommand: bindreply udpreply
\nlog: connect error
\nmethod: none
\n}
\nblock {
\nfrom: 0.0.0.0\/0 to: 0.0.0.0\/0
\nlog: connect error
\n}<\/p>\n

\u6309\u4e0a\u8ff0\u914d\u7f6e\u5c31\u53ef\u4ee5\u642d\u51fa\u4e00\u4e2a\u53ea\u80fd\u672c\u5730\u4f7f\u7528\u7684 socks \u4ee3\u7406, \u63a5\u7740\u7528 service danted start \u542f\u52a8\u4ee3\u7406
\n \u670d\u52a1\u7aef stunnel \u914d\u7f6e<\/strong><\/p>\n

stunnel \u7528\u6765\u548c\u5ba2\u6237\u7aef\u4e4b\u95f4\u5efa\u7acb\u4e00\u6761\u52a0\u5bc6\u7684\u94fe\u63a5, \u8fd9\u91cc\u8fd8\u9700\u8981\u5bf9\u5ba2\u6237\u7aef\u505a\u8ba4\u8bc1, \u786e\u4fdd\u53ea\u6709\u62e5\u6709\u8bc1\u4e66\u7684\u5ba2\u6237\u7aef\u624d\u53ef\u4ee5\u94fe\u63a5. \u7ec8\u7aef\u8f93\u5165:<\/p>\n

apt-get install stunnel<\/p>\n

\u5b89\u88c5\u597d stunnel \u540e\u8fd8\u9700\u8981\u751f\u6210\u4e00\u4e2a\u670d\u52a1\u5668\u7684\u8bc1\u4e66. \u8fd9\u91cc\u7531\u4e8e\u53ea\u7528\u6765\u52a0\u5bc6\u901a\u8baf, \u6240\u4ee5\u8bc1\u4e66\u53ef\u4ee5\u4e0d\u7528\u5f88\u590d\u6742\u548c\u6b63\u89c4.<\/p>\n

cd \/etc\/stunnel
\nmkdir -p \/var\/lib\/stunnel4\/certs
\nln -s \/var\/lib\/stunnel4\/certs \/etc\/stunnel\/certs
\nopenssl req -new -x509 -days 3650 -nodes -config \/usr\/share\/doc\/stunnel4\/examples\/stunnel.cnf -out stunnel.pem -keyout stunnel.pem<\/p>\n

\u7136\u540e\u518d\u7f16\u8f91 \/etc\/stunnel\/stunnel.conf<\/p>\n

chroot = \/var\/lib\/stunnel4\/
\nsetuid = stunnel4
\nsetgid = stunnel4
\npid = \/stunnel4.pid<\/p>\n

cert = \/etc\/stunnel\/stunnel.pem
\n;key = \/etc\/stunnel\/stunnel.pem<\/p>\n

verify = 3
\nCApath = \/certs<\/p>\n

; performance
\nsocket = l:TCP_NODELAY=1<\/p>\n

[danted]
\naccept = 1081
\nconnect = 1080<\/p>\n

\u628a\u672c\u5730\u7684 1080 \u7aef\u53e3\u6620\u5c04\u6210 1081, \u63a5\u7740\u7f16\u8f91 \/etc\/default\/stunnel4 \u5c06\u5176\u4e2d\u7684 ENABLED=0 \u4fee\u6539\u6210 ENABLED=1 \u7136\u540e\u518d\u8f93\u5165 service stunnel4 start \u542f\u52a8\u670d\u52a1.<\/p>\n

 <\/p>\n

 <\/p>\n

\u5ba2\u6237\u7aef stunnel \u914d\u7f6e<\/strong><\/p>\n

\u4e4b\u524d\u5df2\u7ecf\u628a\u670d\u52a1\u5668\u7aef\u914d\u7f6e\u5b8c\u6210\u4e86, \u63a5\u4e0b\u6765\u9700\u8981\u5728\u5ba2\u6237\u7aef\u914d\u7f6e stunnel \u597d\u5c06\u7aef\u53e3\u6620\u5c04\u5230\u672c\u5730. \u8fd8\u662f\u4ee5 ubuntu \u4e3a\u4f8b, \u8f93\u5165:<\/p>\n

apt-get install stunnel<\/p>\n

\u7136\u540e\u751f\u6210\u4e00\u4e2a\u5ba2\u6237\u7aef\u7684\u8bc1\u4e66<\/p>\n

cd \/etc\/stunnel
\nopenssl req -new -x509 -days 3650 -nodes -out client.pem -keyout client.pem<\/p>\n

\u8fd9\u91cc\u9700\u8981\u6ce8\u610f\u7684\u662f\u4e3a\u4e86\u533a\u5206\u8bc1\u4e66, \u6bcf\u4e2a\u8bc1\u4e66\u90fd\u9700\u8981\u8f93\u5165\u5bf9\u5e94\u4e0d\u540c\u7684\u4fe1\u606f, \u7136\u540e\u5c06\u751f\u6210\u7684 client.pem \u590d\u5236\u5230\u670d\u52a1\u5668\u7684 \/etc\/stunnel\/certs \u76ee\u5f55\u4e0b, \u63a5\u7740\u9700\u8981\u5728 \u670d\u52a1\u5668 \u8f93\u5165:<\/p>\n

cd \/etc\/stunnel\/certs
\n$(\/usr\/lib\/ssl\/misc\/c_hash p.wido.me.pem | awk ‘{print “ln -s ” $3 ” ” $1}’)<\/p>\n

stunnel \u9700\u8981\u901a\u8fc7 c_hash \u624d\u80fd\u627e\u5230\u5bf9\u5e94\u7684\u8bc1\u4e66.<\/p>\n

\u7136\u540e\u5728 \u5ba2\u6237\u7aef \u52a0\u5165\u914d\u7f6e\u6587\u4ef6 \/etc\/stunnel\/client.conf<\/p>\n

chroot = \/var\/lib\/stunnel4\/
\nsetuid = stunnel4
\nsetgid = stunnel4
\npid = \/stunnel4-client.pid<\/p>\n

cert = \/etc\/stunnel\/client.pem
\nclient = yes<\/p>\n

; performance
\nsocket = r:TCP_NODELAY=1<\/p>\n

[danted]
\naccept = 127.0.0.1:1080
\nconnect = [HOST]:1081<\/p>\n

\u5176\u4e2d\u7684 [HOST] \u4e3a\u670d\u52a1\u5668\u7684\u57df\u540d\u6216\u8005IP. \u63a5\u7740\u8fd8\u662f\u5c06 \/etc\/default\/stunnel4 \u7684 ENABLED=0 \u8bbe\u7f6e\u6210 1, \u63a5\u7740\u542f\u52a8 service stunnel4 start \u5c31\u53ef\u4ee5\u5728\u5ba2\u6237\u7aef\u5efa\u7acb\u51fa\u4e00\u4e2a\u7aef\u53e3\u4e3a 1080 \u7684 socks \u4ee3\u7406\u4e86.<\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

\u6700\u540e<\/strong><\/p>\n

\u7531\u4e8e\u670d\u52a1\u5668\u914d\u4e86\u5ba2\u6237\u7aef\u8bc1\u4e66\u8ba4\u8bc1, \u6240\u4ee5\u53ea\u6709\u6dfb\u52a0\u8bc1\u4e66\u7684\u7528\u6237\u53ef\u4ee5\u8fde\u4e0a\u8fd9\u53f0\u670d\u52a1\u5668. \u540c\u6837\u7684\u65b9\u6cd5\u4e5f\u53ef\u4ee5\u6620\u5c04\u5176\u4ed6\u7684\u670d\u52a1, \u6bd4\u5982 polipo.<\/p>\n

\u5bf9\u4e8e\u6709\u4e9b\u5bf9 stunnel \u652f\u6301\u4e0d\u597d\u7684\u8bbe\u5907, \u4e5f\u53ef\u4ee5\u7528 ssh -L \u6765\u6620\u5c04\u8fd9\u4e2a 1080 \u7684\u7aef\u53e3\u800c\u4e0d\u7528 -D \u53c2\u6570.
\n\u53c2\u8003\u8d44\u6599<\/p>\n

http:\/\/www.bock.nu\/blog\/secure-firewall-bypass-danted-stunnel<\/p>\n

\u591a\u8fdb\u53e3ip\uff0c\u591a\u51fa\u53e3ip\u7684socks5\u8bbe\u7f6e\uff08\u57fa\u4e8edante\uff09<\/a><\/p><\/blockquote>\n