|
|
|
@ -11,7 +11,7 @@ title: 出站流量重定向
|
|
|
|
|
之前在网络上看到许多代理或者 VPN 会接管全局路由,如果与 Xray 同时安装,会导致 Xray 失效。参考了网络上许多教程,及时分流,也是通过维护一张或者多张 CIDR |
|
|
|
|
路由表来实现的。这种情况下并不优雅,如果我想可以任意替换,实现按需分流,那有没有更好的办法呢?有! |
|
|
|
|
|
|
|
|
|
通过 fwmark 或 Xray 的 sendThrough,再简单配合路由表功能即可实现: |
|
|
|
|
通过 fwmark 或 Xray 的 sendThrough/sockopt.interface,再简单配合路由表功能即可实现: |
|
|
|
|
|
|
|
|
|
1. Xray 可设置指定的 Tag、域名等走指定接口。如果您的接口是双栈的,可以指定 IPV4 或者 IPV6 |
|
|
|
|
2. 其余用户则走原 IPV4 或者 IPV6 |
|
|
|
@ -26,98 +26,55 @@ title: 出站流量重定向
|
|
|
|
|
|
|
|
|
|
原始文件: |
|
|
|
|
|
|
|
|
|
<Tabs title="if-config"> |
|
|
|
|
|
|
|
|
|
<Tab title="fwmark1"> |
|
|
|
|
|
|
|
|
|
```ini |
|
|
|
|
[Interface] |
|
|
|
|
PrivateKey = xxxxxxxxxxxxxxxxxxxx |
|
|
|
|
Address = "your wg0 v4 address" |
|
|
|
|
Address = "your wg0 v6 address" |
|
|
|
|
PrivateKey = <PriKey> |
|
|
|
|
Address = <IPv4> |
|
|
|
|
Address = <IPv6> |
|
|
|
|
DNS = 8.8.8.8 |
|
|
|
|
MTU = 1280 |
|
|
|
|
[Peer] |
|
|
|
|
PublicKey = xxxxxxxxxxxxxxxxxxxxx |
|
|
|
|
PublicKey = <Pubkey> |
|
|
|
|
AllowedIPs = ::/0 |
|
|
|
|
AllowedIPs = 0.0.0.0/0 |
|
|
|
|
Endpoint = "ip:port" |
|
|
|
|
Endpoint = <EndpointIP>:<Port> |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
在 `[Interface]` 下添加如下命令: |
|
|
|
|
|
|
|
|
|
```ini |
|
|
|
|
Table = off |
|
|
|
|
PostUP = ip -4 rule add fwmark <mark> lookup <table> |
|
|
|
|
PostUP = ip -4 route add default dev <接口名称> table <table> |
|
|
|
|
PostUP = ip -4 rule add table main suppress_prefixlength 0 |
|
|
|
|
Table = <table> |
|
|
|
|
### fwmark |
|
|
|
|
PostUP = ip rule add fwmark <mark> lookup <table> |
|
|
|
|
PostDown = ip rule del fwmark <mark> lookup <table> |
|
|
|
|
PostUP = ip -6 rule add fwmark <mark> lookup <table> |
|
|
|
|
PostUP = ip -6 rule add not fwmark <table> table <table> |
|
|
|
|
PostUP = ip -6 route add ::/0 dev <接口名称> table <table> |
|
|
|
|
PostUP = ip -6 rule add table main suppress_prefixlength 0 |
|
|
|
|
PostDown = ip -4 rule delete fwmark <mark> lookup <table> |
|
|
|
|
PostDown = ip -4 rule delete table main suppress_prefixlength 0 |
|
|
|
|
PostDown = ip -6 rule delete fwmark <mark> lookup <table> |
|
|
|
|
PostDown = ip -6 rule delete not fwmark <table> table <table> |
|
|
|
|
PostDown = ip -6 rule delete table main suppress_prefixlength 0 |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
::: tip |
|
|
|
|
|
|
|
|
|
- 此命令表示 IPv4 中 fwmark 为 `<mark>`,IPv6 中 fwmark 为`<mark>`,::/0 全局 v6 走 WireGuard |
|
|
|
|
- 可根据自己需求增删命令,mark 值要与 Xray-core 中设置为相同,table 值自定 |
|
|
|
|
- 如果不支持配置文件,可以在系统中修改路由表 |
|
|
|
|
::: |
|
|
|
|
|
|
|
|
|
</Tab> |
|
|
|
|
|
|
|
|
|
<Tab title="sendThrough1"> |
|
|
|
|
|
|
|
|
|
```ini |
|
|
|
|
[Interface] |
|
|
|
|
PrivateKey = xxxxxxxxxxxxxxxxxxxx |
|
|
|
|
Address = "your wg0 v4 address" |
|
|
|
|
Address = "your wg0 v6 address" |
|
|
|
|
DNS = 8.8.8.8 |
|
|
|
|
MTU = 1280 |
|
|
|
|
[Peer] |
|
|
|
|
PublicKey = xxxxxxxxxxxxxxxxxxxxx |
|
|
|
|
AllowedIPs = ::/0 |
|
|
|
|
AllowedIPs = 0.0.0.0/0 |
|
|
|
|
Endpoint = "ip:port" |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
在 `[Interface]` 下添加如下命令: |
|
|
|
|
|
|
|
|
|
```ini |
|
|
|
|
Table = off |
|
|
|
|
PostUP = ip -4 rule add from "your wg0 v4 address" lookup <table> |
|
|
|
|
PostUP = ip -4 route add default dev wg0 table <table> |
|
|
|
|
PostUP = ip -4 rule add table main suppress_prefixlength 0 |
|
|
|
|
PostUP = ip -6 rule add not fwmark <table> table <table> |
|
|
|
|
PostUP = ip -6 route add ::/0 dev wg0 table <table> |
|
|
|
|
PostUP = ip -6 rule add table main suppress_prefixlength 0 |
|
|
|
|
PostDown = ip -4 rule delete from "your wg0 v4 address" lookup <table> |
|
|
|
|
PostDown = ip -4 rule delete table main suppress_prefixlength 0 |
|
|
|
|
PostDown = ip -6 rule delete not fwmark <table> table <table> |
|
|
|
|
PostDown = ip -6 rule delete table main suppress_prefixlength 0 |
|
|
|
|
PostDown = ip -6 rule del fwmark <mark> lookup <table> |
|
|
|
|
## sendThrough |
|
|
|
|
PreUp = ip rule add from <IPv4> lookup <table> |
|
|
|
|
PostDown = ip rule del from <IPv4> lookup <table> |
|
|
|
|
PreUp = ip -6 rule add from <IPv6> lookup <table> |
|
|
|
|
PostDown = ip -6 rule del from <IPv6> lookup <table> |
|
|
|
|
## sockopt.interface |
|
|
|
|
PreUp = ip rule add oif %i lookup <table> |
|
|
|
|
PostDown = ip rule del oif %i lookup <table> |
|
|
|
|
PreUp = ip -6 rule add oif %i lookup <table> |
|
|
|
|
PostDown = ip -6 rule del oif %i lookup <table> |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
::: tip |
|
|
|
|
- 此配置文件融合了 `fwmark` / `sendThrough` / `sockopt.interface`,表示 |
|
|
|
|
- 送入此设备 `%i` 的连接 / 送入此 `<IPv4/6>` 的连接 / `fwmark` 被标记为 `<mark>` 的连接 |
|
|
|
|
- 将会使用 wireguard 进行转发 |
|
|
|
|
- `%i` 是 wireguard 配置文件中的占位符,表示在启动时替换为这个设备的名称 |
|
|
|
|
::: |
|
|
|
|
|
|
|
|
|
- 此命令表示 IPV4 中来自 `your wg0 v4 address` 地址的走 WireGuard,IPv6 中::/0 全局 v6 走 WireGuard) |
|
|
|
|
- 可根据自己需求增删命令,实现 v6 分流,也可以与 fwmark 融合 |
|
|
|
|
- 如果不支持配置文件,可以在系统中修改路由表 |
|
|
|
|
::: |
|
|
|
|
|
|
|
|
|
</Tab> |
|
|
|
|
|
|
|
|
|
</Tabs> |
|
|
|
|
|
|
|
|
|
保存 |
|
|
|
|
|
|
|
|
|
可顺手安装 |
|
|
|
|
|
|
|
|
|
::: warning |
|
|
|
|
如果使用了 `[Interface]` 中的 `DNS` 字段,这个程序将会是必须的 |
|
|
|
|
::: |
|
|
|
|
|
|
|
|
|
```bash |
|
|
|
|
apt install openresolv |
|
|
|
|
``` |
|
|
|
@ -138,11 +95,7 @@ lsmod | grep wireguard
|
|
|
|
|
|
|
|
|
|
## 4、Xray-core 配置文件修改 |
|
|
|
|
|
|
|
|
|
<Tabs title="xray-config"> |
|
|
|
|
|
|
|
|
|
<Tab title="fwmark2"> |
|
|
|
|
|
|
|
|
|
```json |
|
|
|
|
```jsonc |
|
|
|
|
{ |
|
|
|
|
"api": { |
|
|
|
|
"services": [ |
|
|
|
@ -167,108 +120,48 @@ lsmod | grep wireguard
|
|
|
|
|
{ |
|
|
|
|
"protocol": "freedom", |
|
|
|
|
"settings": { |
|
|
|
|
"domainStrategy": "UseIPv6" |
|
|
|
|
//设置默认用户走指定方式”UseIPv6”或者”UseIPv4” |
|
|
|
|
"domainStrategy": "UseIPv4" |
|
|
|
|
} |
|
|
|
|
//修改此处,可v4或者v6 |
|
|
|
|
}, |
|
|
|
|
// <--请在不同的方案中选择--> 方案1:fwmark |
|
|
|
|
{ |
|
|
|
|
"protocol": "freedom", |
|
|
|
|
"tag": "wg0", |
|
|
|
|
"streamSettings": { |
|
|
|
|
"sockopt": { |
|
|
|
|
"mark": <mark> |
|
|
|
|
"mark": // <mark> |
|
|
|
|
} |
|
|
|
|
}, |
|
|
|
|
"settings": { |
|
|
|
|
"domainStrategy": "UseIPv6" |
|
|
|
|
} |
|
|
|
|
//设置fwmark为<mark>的用户走指定方式”UseIPv6””UseIPv4” |
|
|
|
|
}, |
|
|
|
|
{ |
|
|
|
|
"protocol": "blackhole", |
|
|
|
|
"settings": {}, |
|
|
|
|
"tag": "blocked" |
|
|
|
|
} |
|
|
|
|
], |
|
|
|
|
"policy": { |
|
|
|
|
"system": { |
|
|
|
|
"statsInboundDownlink": true, |
|
|
|
|
"statsInboundUplink": true |
|
|
|
|
} |
|
|
|
|
}, |
|
|
|
|
"routing": { |
|
|
|
|
"rules": [ |
|
|
|
|
{ |
|
|
|
|
"inboundTag": [ |
|
|
|
|
"api" |
|
|
|
|
], |
|
|
|
|
"outboundTag": "api", |
|
|
|
|
"type": "field" |
|
|
|
|
}, |
|
|
|
|
{ |
|
|
|
|
"type": "field", |
|
|
|
|
"outboundTag": "wg0", |
|
|
|
|
"inboundTag": [ |
|
|
|
|
"<inboundTag>" |
|
|
|
|
//需要之前在inbound中指定好Tag,我这里是api生成的,还可以添加域名等等 |
|
|
|
|
] |
|
|
|
|
}, |
|
|
|
|
{ |
|
|
|
|
"outboundTag": "blocked", |
|
|
|
|
"protocol": [ |
|
|
|
|
"bittorrent" |
|
|
|
|
], |
|
|
|
|
"type": "field" |
|
|
|
|
} |
|
|
|
|
] |
|
|
|
|
}, |
|
|
|
|
"stats": {} |
|
|
|
|
} |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
</Tab> |
|
|
|
|
|
|
|
|
|
<Tab title="sendThrough2"> |
|
|
|
|
|
|
|
|
|
```json |
|
|
|
|
{ |
|
|
|
|
"api": { |
|
|
|
|
"services": [ |
|
|
|
|
"HandlerService", |
|
|
|
|
"LoggerService", |
|
|
|
|
"StatsService" |
|
|
|
|
], |
|
|
|
|
"tag": "api" |
|
|
|
|
}, |
|
|
|
|
"inbounds": [ |
|
|
|
|
{ |
|
|
|
|
"listen": "127.0.0.1", |
|
|
|
|
"port": <port>, |
|
|
|
|
"protocol": "dokodemo-door", |
|
|
|
|
"settings": { |
|
|
|
|
"address": "127.0.0.1" |
|
|
|
|
}, |
|
|
|
|
"tag": "api" |
|
|
|
|
} |
|
|
|
|
], |
|
|
|
|
"outbounds": [ |
|
|
|
|
} //设置fwmark为<mark>的用户走指定方式”UseIPv6””UseIPv4” |
|
|
|
|
// <--请在不同的方案中选择--> 方案2:sendThrough |
|
|
|
|
{ |
|
|
|
|
"tag": "wg0", |
|
|
|
|
"protocol": "freedom", |
|
|
|
|
"sendThrough": "your wg0 v4 address", |
|
|
|
|
//修改此处,可v4或者v6 |
|
|
|
|
"settings": { |
|
|
|
|
"domainStrategy": "UseIPv4" |
|
|
|
|
} |
|
|
|
|
//修改此处,可v4或者v6 |
|
|
|
|
}, |
|
|
|
|
// <--请在不同的方案中选择--> 方案3:sockopt.interface |
|
|
|
|
{ |
|
|
|
|
"tag": "wg0", |
|
|
|
|
"protocol": "freedom", |
|
|
|
|
"sendThrough": "your wg0 v4 address", |
|
|
|
|
//修改此处,可v4或者v6 |
|
|
|
|
"settings": { |
|
|
|
|
"domainStrategy": "UseIPv4" |
|
|
|
|
}, |
|
|
|
|
"streamSettings": { |
|
|
|
|
"sockopt": { |
|
|
|
|
"interface": "wg0" |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
//修改此处,可v4或者v6 |
|
|
|
|
}, |
|
|
|
|
// <--请在不同的方案中选择--> 结束 |
|
|
|
|
{ |
|
|
|
|
"protocol": "blackhole", |
|
|
|
|
"settings": {}, |
|
|
|
@ -295,7 +188,7 @@ lsmod | grep wireguard
|
|
|
|
|
"outboundTag": "wg0", |
|
|
|
|
"inboundTag": [ |
|
|
|
|
"<inboundTag>" |
|
|
|
|
//需要之前在 inbound 中指定好 Tag,我这里是 api 生成的,还可以添加域名等等 |
|
|
|
|
//需要之前在 inbound 中指定好 Tag,这里是 api 生成的,还可以添加域名等等 |
|
|
|
|
] |
|
|
|
|
}, |
|
|
|
|
{ |
|
|
|
@ -311,10 +204,6 @@ lsmod | grep wireguard
|
|
|
|
|
} |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
</Tab> |
|
|
|
|
|
|
|
|
|
</Tabs> |
|
|
|
|
|
|
|
|
|
::: tip |
|
|
|
|
可以通过修改 "domainStrategy": "UseIPv6"来控制对应用户的访问方式 实测优先级要高于系统本身的 gai.config |
|
|
|
|
::: |
|
|
|
@ -323,6 +212,8 @@ lsmod | grep wireguard
|
|
|
|
|
|
|
|
|
|
::: tip |
|
|
|
|
需要打开系统的 ip_forward |
|
|
|
|
`sysctl -w net.ipv4.ip_forward=1` |
|
|
|
|
`sysctl -w net.ipv6.conf.all.forwarding=1` |
|
|
|
|
::: |
|
|
|
|
|
|
|
|
|
## 6、完成 WireGuard 相关设置 |
|
|
|
@ -342,7 +233,7 @@ systemctl start wg-quick@wg0
|
|
|
|
|
|
|
|
|
|
验证 IPv4/IPv6 |
|
|
|
|
|
|
|
|
|
> 自行验证 Google 搜索 myip |
|
|
|
|
> 在代理上 运行 `curl ip-api.com -4/-6` / 浏览器访问ip-api.com |
|
|
|
|
|
|
|
|
|
## 后记 |
|
|
|
|
|
|
|
|
@ -350,4 +241,5 @@ systemctl start wg-quick@wg0
|
|
|
|
|
|
|
|
|
|
## 感谢 |
|
|
|
|
|
|
|
|
|
@Xray-core @V2ray-core @WireGuard @p3terx @w @Hiram @Luminous @Ln @JackChou |
|
|
|
|
[XTLS/Xray-core](https://github.com/XTLS/Xray-core); [v2fly/v2ray-core](https://github.com/v2fly/v2ray-core); [WireGuard](https://www.wireguard.com/); [@p3terx](https://p3terx.com/); @w; @Hiram; @Luminous; @Ln; @JackChou; |
|
|
|
|
<!--剩下几位大佬我实在找不到他们的地址或Github空间,请大家帮忙找吧--> |