原理分析
这种方式本质上是通过 shadow-tls 传输 ss 。 客户端先与服务端之间建立 shadow-tls 连接,在通过shadow-tls 传输 ss 。
- 客户端先生成
ss数据包,在与服务端之间建立shadow-tls连接,通过shadow-tls传输ss数据包。 - 服务端与客户端建立
shadow-tls连接后,会先解密收到的shadow-tls数据包。然后将解密的数据包交给到 服务端的ss入站处理。
安装 sing-box (仅限 debian)
debian/unbuntu
bash <(curl -fsSL https://sing-box.app/deb-install.sh)centos
bash <(curl -fsSL https://sing-box.app/rpm-install.sh)服务端配置文件
{
"log": {
"disabled": false,
"level": "error",
"timestamp": true
},
"inbounds": [
{
"type": "shadowtls",
"tag": "st-in",
"version": 3,
"listen": "xx.xx.xx.xx",
"listen_port": 5xxxx,
"detour": "ss-in",
"users": [
{
"name": "sekai",
"password": "111111"
}
],
"handshake": {
"server": "www.tesla.com",
"server_port": 443
},
"handshake_for_server_name": {
"example.com": {
"server": "www.tesla.com",
"server_port": 443
}
},
"strict_mode": false
},
{
"type": "shadowsocks",
"tag": "ss-in",
"listen": "127.0.0.1",
"listen_port": 50051,
"method": "aes-128-gcm",
"password": "111111",
"multiplex": {}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}surge 配置
 |  |
|---|
评论已关闭