使用V2R做反向代理內網穿透

本文轉載自查看原文 2020-07-20 15:59 1201 System/Network

環境

內網服務器Prob1位於內網LAN1,
內網服務器Prob2位於內網LAN2,
外網服務器Serv1位於IP 123.123.123.123

內網節點配置

內網節點沒有inbound，只需要配置一個bridge，一個outbound（以及默認的direct），一對路由規則

Prob1

{
  "log": {
    "loglevel": "debug",
    "access": "/var/log/v2r_tunnel_access.log",
    "error": "/var/log/v2r_tunnel_error.log"
  },
  "reverse":{
    "bridges":[
      {
        "tag":"bridge",
        "domain":"probe1.nowhere.com"
      }
    ]
  },
  "outbounds": [
    {
      "tag":"tunnel",
      "protocol":"vmess",
      "settings":{
        "vnext":[
          {
            "address":"123.123.123.123",
            "port":10103,
            "users":[
              {
                "id":"3301381f-6324-4d53-ad4f-1cda48b3012f",
                "alterId":64
              }
            ]
          }
        ]
      }
    },
    {
      "tag":"direct",
      "protocol":"freedom",
      "settings":{}
    }
  ],
  "routing":{
    "rules":[
      {
        "type":"field",
        "inboundTag":["bridge"],
        "domain":["full:probe1.nowhere.com"],
        "outboundTag":"tunnel"
      },
      {
        "type":"field",
        "inboundTag":["bridge"],
        "outboundTag":"direct"
      }
    ]
  }
}

配置說明

bridge中的domain，必須要存在於服務器的portal中，否則會報failed to process reverse connection的錯誤

2020/07/20 17:43:41 [Info] [4068778249] v2r.com/core/proxy/vmess/inbound: received request for tcp:aaa.nowhere.com:0
2020/07/20 17:43:41 [Info] [4068778249] v2r.com/core/app/dispatcher: taking detour [portal_bridge02] for [tcp:aaa.nowhere.com:0]
2020/07/20 17:43:41 [Info] [4068778249] v2r.com/core/app/reverse: failed to process reverse connection > v2r.com/core/app/reverse: empty worker list
2020/07/20 17:43:41 [Info] [4068778249] v2r.com/core/app/proxyman/inbound: connection ends > v2r.com/core/proxy/vmess/inbound: connection ends > io: read/write on closed pipe

公網服務節點配置

外網服務器沒有outbound，對應每個內網節點，要配置一個portal，一對inbound(分別對應bridge和client)和一對路由規則。規則中不需要再設置domain。
在這種規則配置下，對應每一個protal，會有一個專門的inbound連接，方便用戶端選擇使用不同的內網。

{
  "log": {
    "loglevel": "debug",
    "access": "/var/log/v2r_access.log",
    "error": "/var/log/v2r_error.log"
  },
  "reverse":{
    "portals":[
      {
        "tag":"portal_probe2",
        "domain":"probe2.nowhere.com"
      },
      {
        "tag":"portal_probe1",
        "domain":"probe1.nowhere.com"
      }
    ]
  },
  "inbounds":[
    {
      "tag":"to_probe2",
      "port":10100,
      "protocol":"vmess",
      "settings":{
        "clients":[
          {
            "id":"234ffdb8-ef14-4278-a4e6-2af32cc312cf",
            "alterId":64
          }
        ]
      }
    },
    {
      "tag": "tunnel_probe2",
      "port":10101,
      "protocol":"vmess",
      "settings":{
        "clients":[
          {
            "id":"3301381f-6324-4d53-ad4f-1cda48b3012f",
            "alterId":64
          }
        ]
      }
    },
 
    {
      "tag":"to_probe1",
      "port":10102,
      "protocol":"vmess",
      "settings":{
        "clients":[
          {
            "id":"a11efdb8-ef34-4278-a4e6-2af32cc010fc",
            "alterId":64
          }
        ]
      }
    },
    {
      "tag": "tunnel_probe1",
      "port":10103,
      "protocol":"vmess",
      "settings":{
        "clients":[
          {
            "id":"3301381f-6324-4d53-ad4f-1cda48b3012f",
            "alterId":64
          }
        ]
      }
    }
 
  ],
  "routing":{
    "rules":[
      {
        "type":"field",
        "inboundTag":["to_probe2"],
        "outboundTag":"portal_probe2"
      },
      {
        "type":"field",
        "inboundTag":["tunnel_probe2"],
        "outboundTag":"portal_probe2"
      },
 
      {
        "type":"field",
        "inboundTag":["to_probe1"],
        "outboundTag":"portal_probe1"
      },
      {
        "type":"field",
        "inboundTag":["tunnel_probe1"],
        "outboundTag":"portal_probe1"
      }
    ]
  }
}

如果想在當前節點也創建socks5代理, 可以在inbounds里添加一個socks, 然后再添加到routing.rules, 例如

...
    {
      "tag":"client_bridge02",
      "port":10102,
      "protocol":"vmess",
      "settings":{
        ...
      }
    },
# 添加的socks入口
    {
       "tag": "socks_bridge02",
       "port": 10200,
       "listen": "192.168.10.20",
       "protocol": "socks",
       "settings": {
         "udp": true
       }
    },
#
    {
      "tag": "tunnel_bridge02",
      "port":10103,
      "protocol":"vmess",
      "settings":{
        ...
      }
    },
...
 
  "routing":{
    "rules":[
      ...
      {
        "type":"field",
        "inboundTag":["client_bridge02","socks_bridge02"], # 將socks_bridge02添加到inboundTag
        "outboundTag":"portal_bridge02"
      },
      ...

創建服務

對於已經運行了v2r的機器，可以再創建一個新的服務，例如

$ more /etc/systemd/system/v2r-tunnel.service
[Unit]
Description=V2R Tunnel Service
Documentation=https://www.v2r.com/
After=network.target nss-lookup.target
 
[Service]
Type=simple
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/bin/v2r/v2r -config /etc/v2r/config_tunnel.json
Restart=on-failure
 
[Install]
WantedBy=multi-user.target

通過systemctl enable 命令加入開機自啟動

附安裝記錄(arm64)

apt install lrzsz
rz
chmod u+x go.sh
./go.sh --version v4.26.0 --local v2r-linux-arm64.4.26.0.zip
systemctl is-enabled v2r.service
cd /etc/v2r/
rz
vi config-lan.json
rm config.json
mv config-lan.json config.json
systemctl start v2r.service
ps aux|grep v2r
tail -f /var/log/v2r_tunnel_error.log

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 [筆記] 使用v2r訪問外網借助FRP反向代理實現內網穿透 frp內網穿透、反向代理詳細配置 v2r～y配置 frp反向代理+內網穿透+ Metasploit滲透windows FRP內網穿透中，Apache和Nginx反向代理的差異使用花生殼5做內網穿透使用nginx做反向代理內網穿透-流量代理使用 ssh -R 穿透局域網訪問內部服務器主機，反向代理無人值守化