记一次架设ShadowVPN的经过

其实平时shadowsocks是完全够用的,但是呢,最近在玩外服游戏,所以想搞一个VPN。

商业VPN的话效果都不好,即使是口碑很好的astrill,我测试下来效果也是相当糟糕。

也尝试过架设pptp/l2tp,不过被封锁非常厉害,效果相当差。

之前没有考虑ShadowVPN是因为这是一个很久都没有人维护的项目了。

今天下午突然想起来,就试着用了一下,折腾了很久,总算成功了,效果还行,不算很满意,但还算是一次有益的尝试。

测试环境:

服务器:Debian 7  内核为4.1.0-x86_64-linode59

客户端:Windows 10 64位

0x00:
从github克隆完整的项目到本地,不过由于某些众所周知的原因,原作者已经删除项目了,不过可以去别的一些fork里面去拉。

比如这里:https://github.com/Long-live-shadowsocks/ShadowVPN

~# git clone https://github.com/Long-live-shadowsocks/ShadowVPN.git
~# cd ShadowVPN

0x01:
由于项目中引用到了libsodium作为子项目,所以需要先更新它

~# git submodule init
~# git submodule update

0x02:
编译服务器使用的Linux服务端(实际上服务端客户端无本质区别,此处仅为了便于分辨)

先安装所需相关工具

~# sudo apt-get update
~# sudo apt-get install gcc clang

再运行自动配置脚本完成编译配置

~# ./autogen.sh
~# ./configure

进行编译并安装

~# make
~# sudo make install

0x03:
清理项目,为交叉编译Windows客户端做准备

~# make clean

0x04:
安装编译Windows程序所需的工具

~# sudo apt-get install build-essential mingw-w64

0x05:
配置并开始编译Windows客户端

~# ./configure --host=i686-w64-mingw32 --enable-static
~# make

安装完成后即可在src文件夹中找到shadowvpn.exe,通过任意一种方法下载到本地的Windows机器上备用

0x06:
配置服务端

~# vim /etc/shadowvpn/server.conf

对配置文件作如下改动

# ShadowVPN config example
# Notice: do not put space before or after "="
# Server listen address
server=0.0.0.0          #此处修改为服务器公网IP
# Server listen port
port=1123               #此处修改为自己想要的监听端口

# Users allowed. Each must be HEX of 8 bytes. You can generate on by running:
#     xxd -l 8 -p /dev/random
# See `net` for more information.
# user_token=7e335d67f1dc2c01,ff593b9e6abeb2a5,e3c7b8db40a96105

# Password to encrypt traffic. You can generate one by running:
#     dd if=/dev/urandom bs=64 count=1 | md5sum
password=my_password    #此处改为自己想要的连接密码

# Server or client mode
mode=server             #此处确保为‘server’

# Max source ports. Must be the SAME with client or it won't work properly.
concurrency=1           #此处确保为1

# MTU of VPN tunnel device. Use the following formula to calculate:
#     1492 (Ethernet) - 20 (IPv4, or 40 for IPv6) - 8 (UDP) - 32 (ShadowVPN)
mtu=1432

# Tunnel device name. tunX for Linux or BSD, utunX for Darwin.
intf=tun0

# Local IP and subnet of the VPN tunnel.
# 
# If user_token is specified, NAT mode will be enabled on server side, and
# the client does not need to have the same network with the server.
# In NAT mode, each user will be assigned an IP automatically.
# for example:
#     tun0 is 10.7.0.1
#     client IPs will be 10.7.0.2, 10.7.0.3, 10.7.0.4, etc
# You'll see them in the log when ShadowVPN starts with -v:
#     assigning 10.7.0.2 to user 7e335d67f1dc2c01
#     assigning 10.7.0.3 to user ff593b9e6abeb2a5
#     assigning 10.7.0.4 to user e3c7b8db40a96105
#     VPN started

net=10.7.0.1/16

# Script to run after VPN is created. All key-value pairs (except password) in
# this file will be passed to the script as environment variables. Use this
# script to set up routes, turn on NAT, etc.
up=/etc/shadowvpn/server_up.sh

# Script to run before stopping VPN. All key-value pairs (except password) in
# this file will be passed to the script as environment variables. Use this
# script to restore routes, turn off NAT, etc.
down=/etc/shadowvpn/server_down.sh

# PID file path
pidfile=/var/run/shadowvpn.pid

# Log file path
logfile=/var/log/shadowvpn.log

启动服务端

~# sudo shadowvpn -c /etc/shadowvpn/server.conf -s start

0x07:
在Windows下安装Tap-Windows虚拟设备驱动
下载地址(需翻墙,自行解决):
32位
64位

找到新安装的虚拟网卡,重命名为英文名称,如tun0

0x08:
配置Windows客户端,在shadowvpn.exe同目录下创建client.conf、client_up.bat、client_down.bat三个文件
修改client.conf内容如下

# ShadowVPN config example for windows
# notice: do not put space before or after "="
# server listen address
server=106.187.44.14        #此处修改为服务器的公网IP
# server listen port
port=443                    #此处修改为服务器设置的监听端口

# password to use
password=kaguya             #此处修改为之前设置的连接密码

# server or client
mode=client                 #此处确保为‘client’

# local tunnel ip address (required)
tunip=10.7.0.2              

# Max source ports. Must be the SAME with server or VPN won't work properly.
concurrency=1               #此处确保为1

# the MTU of VPN device
# 1492(Ethernet) - 20(IPv4, or 40 for IPv6) - 8(UDP) - 24(ShadowVPN)
mtu=1440                    #此处确保与服务器对应配置相同

# tun/tap interface name
intf=tun0                   #此处需要修改为TAP-Windows虚拟设备的名称

# the script to run after VPN is created
# use this script to set up routes, NAT, etc
# configuration in this file will be set as environment variables
up=client_up.bat

# the script to run before stopping VPN
# use this script to restore routes, NAT, etc
# configuration in this file will be set as environment variables
down=client_down.bat

修改client_up.bat内容如下

@ECHO off
REM example client up script for windows
REM will be executed when client is up

REM all key value pairs in ShadowVPN config file will be passed to this script
REM as environment variables, except password

REM user-defined variables
SET remote_tun_ip=10.7.0.1      #此处为服务器虚拟网卡的内网IP
SET dns_server=8.8.8.8          #此处设置使用的dns
SET orig_intf="WLAN"            #此处是自己电脑中联到网络的实际网络适配器

REM exclude remote server in routing table
for /F "tokens=3" %%* in ('route print ^| findstr "\<0.0.0.0\>"') do set "orig_gw=%%*"
route add %server% %orig_gw% metric 5 > NUL

REM configure IP address and MTU of VPN interface
netsh interface ip set interface %orig_intf% ignoredefaultroutes=enabled > NUL
netsh interface ip set address name="%intf%" static %tunip% 255.255.255.0 > NUL
netsh interface ipv4 set subinterface "%intf%" mtu=%mtu% > NUL

REM change routing table
ECHO changing default route
REM checking if winxp
ver | find "5.1" > NUL
if %ERRORLEVEL%==0 (
    route add 128.0.0.0 mask 128.0.0.0 %remote_tun_ip% metric 6 > NUL
    route add 0.0.0.0 mask 128.0.0.0 %remote_tun_ip% metric 6 > NUL
) else (
    netsh interface ipv4 add route 128.0.0.0/1 "%intf%" %remote_tun_ip% metric=6 > NUL
    netsh interface ipv4 add route 0.0.0.0/1 "%intf%" %remote_tun_ip% metric=6 > NUL
)
ECHO default route changed to %remote_tun_ip%

REM change dns server
netsh interface ip set dns name="%intf%" static %dns_server% > NUL
netsh interface ip set dns name="%orig_intf%" static %dns_server% > NUL

ECHO %0 done

client_down.bat文件内容如下

@ECHO off
REM example client down script for windows
REM will be executed when client is down

REM all key value pairs in ShadowVPN config file will be passed to this script
REM as environment variables, except password

REM user-defined variables
SET remote_tun_ip=10.7.0.1       #同上
SET orig_intf="WLAN"             #同上

REM revert ip settings
netsh interface ip set interface %orig_intf% ignoredefaultroutes=disabled > NUL
netsh interface ip set address name="%intf%" dhcp > NUL

REM revert routing table
ECHO reverting default route
route delete 0.0.0.0 mask 128.0.0.0 %remote_tun_ip% > NUL
route delete 128.0.0.0 mask 128.0.0.0 %remote_tun_ip% > NUL
route delete %server% > NUL

REM revert dns server
netsh interface ip set dns name="%intf%" source=dhcp > NUL
netsh interface ip set dns name="%orig_intf%" source=dhcp > NUL

ECHO %0 done

0x09:
启动连接
打开一个有管理员权限的cmd,输入以下命令启动客户端

shadowvpn -c /etc/shadowvpn/client.conf -s start

不出意外的话,应该就能连接上了
 

3 thoughts on “记一次架设ShadowVPN的经过

  1. windows下貌似不能运行server模式

    刚好有个外网的服务器,运行的是 windows server 2003 , tap 驱动装好了,

    配置好 server.conf ,没有 server_up.bat 和 server_down.bat 的例子,就没配置 server_up.bat 和 server_down.bat
    命令行下运行

    shadowvpn.exe -c server.conf -v

    输出显示

    Wed Jan 11 11:45:29 2017 warning: concurrency is temporarily disabled on this version, make sure to set concurrency=1 on the other side
    Wed Jan 11 11:45:29 2017 warning: config key net not recognized by shadowvpn, will be passed to shell scripts anyway
    Wed Jan 11 11:45:29 2017 opening device tun0

    Wed Jan 11 11:45:29 2017 enabling interface ‘tun0’
    Wed Jan 11 11:45:29 2017 warning: script not set
    Wed Jan 11 11:45:29 2017 VPN started
    Wed Jan 11 11:45:29 2017 vpn.c:522 sendto: �����������У�������ĵ�ַ��Ч��

    Wed Jan 11 11:45:29 2017 warning: script not set

    然后就退出了

Leave a Comment

电子邮件地址不会被公开。 必填项已用*标注