simple-obfs

老大哥 升级了,暂且用 simple-obfs 苟延残喘 一下吧 ...

可惜 simple-obfs 已停更:https://github.com/shadowsocks/simple-obfs

作者去搞 v2ray-plugin 轮子了:https://github.com/shadowsocks/v2ray-plugin

有条件 一步到位 V2ray nginx TLS websocket 吧 ...

v2rayv2ray-plugin 这种 golang 搞的,对 弱鸡 的 ARM openwrt 支持 不友好 ...

+-----------------------------------------+       +-------------------------------------------+
|                                         |       |                                           |
|                client                   |       |                   server                  |
|                                         |       |                                           |
|   +------------+     +--------------+   |       |   +---------------+     +-------------+   |
|   |  ss-local  |---->|  obfs-local  |   |<----->|   |  obfs-server  |<----|  ss-server  |   |
|   +------------+     +--------------+   |       |   +---------------+     +-------------+   |
|                                         |       |                                           |
+-----------------------------------------+       +-------------------------------------------+

server

配置文件 /etc/shadowsocks-libev/obfs.json

{
    "server": "45.67.89.10",
    "server_port": 12345,
    "local_port": 9090,
    "password": "V_V1_fuck_GFW",
    "method": "chacha20-ietf-poly1305",
    "timeout": 60,
    "fast_open": true,
    "reuse_port": false,
    "plugin":"obfs-server",
    "plugin_opts":"obfs=tls;fast-open"
}

# systemctl start  shadowsocks-libev-server@obfs.service

# systemctl status shadowsocks-libev-server@obfs.service
● shadowsocks-libev-server@obfs.service - Shadowsocks-Libev Custom Server Service for obfs
   Loaded: loaded (/usr/lib/systemd/system/shadowsocks-libev-server@.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-11-29 15:55:45 CST; 2s ago
     Docs: man:ss-server(1)
 Main PID: 22876 (ss-server)
    Tasks: 2 (limit: 6205)
   Memory: 1.3M
   CGroup: /system.slice/system-shadowsocks\x2dlibev\x2dserver.slice/shadowsocks-libev-server@obfs.service
           ├─22876 /usr/bin/ss-server -c /etc/shadowsocks-libev/obfs.json       <-- ss-server 进程
           └─22881 obfs-server --fast-open                                      <-- obfs-server 进程

Nov 29 15:55:45 badman systemd[1]: Started Shadowsocks-Libev Custom Server Service for obfs.
Nov 29 15:55:45 badman ss-server[22876]:  2019-11-29 15:55:45 INFO: using tcp fast open
Nov 29 15:55:45 badman ss-server[22876]:  2019-11-29 15:55:45 INFO: plugin "obfs-server" enabled
Nov 29 15:55:45 badman ss-server[22876]:  2019-11-29 15:55:45 INFO: initializing ciphers... chacha20-ietf-poly1305
Nov 29 15:55:45 badman ss-server[22876]:  2019-11-29 15:55:45 INFO: tcp server listening at 127.0.0.1:27879
Nov 29 15:55:45 badman ss-server[22876]:  2019-11-29 15:55:45 [simple-obfs] INFO: using tcp fast open
Nov 29 15:55:45 badman ss-server[22876]:  2019-11-29 15:55:45 [simple-obfs] INFO: obfuscating enabled
Nov 29 15:55:45 badman ss-server[22876]:  2019-11-29 15:55:45 [simple-obfs] INFO: tcp port reuse enabled
Nov 29 15:55:45 badman ss-server[22876]:  2019-11-29 15:55:45 [simple-obfs] INFO: listening at 45.67.89.10:12345

PID 对应的端口:

# netstat -lntpu|egrep '22876|22881'
tcp       0      0 127.0.0.1:27879      0.0.0.0:*     LISTEN     22876/ss-server
tcp       0      0 45.67.89.10:12345    0.0.0.0:*     LISTEN     22881/obfs-server

服务端口obfs-server 提供,而非 ss-server

client

openwrt

uci set shadowsocks.@servers[0].plugin='obfs-local'
uci set shadowsocks.@servers[0].plugin_opts='obfs=tls;obfs-host=updates.cdn-apple.com;fast-open'
uci commit
/etc/init.d/shadowsocks restart

通过 lsof 查看 obfs-local 连接远程的 obfs-server 端口:

# pgrep -af 'obfs|ss-'
5629 ss-redir -c /var/etc/shadowsocks.cfg054a8f.json --fast-open -l 1234 --mtu 1492 -f /var/run/ss-redir-cfg054a8f.pid
5631 obfs-local --fast-open

# netstat -lntp|egrep '5631|5629'
tcp       0      0 127.0.0.1:54063      0.0.0.0:*     LISTEN     5631/obfs-local
tcp       0      0 0.0.0.0:1234         0.0.0.0:*     LISTEN     5629/ss-redir

# lsof -p 5631
COMMAND    PID USER   FD      TYPE DEVICE SIZE/OFF  NODE NAME
obfs-loca 5631 root  cwd       DIR   0,15      608   256 /
obfs-loca 5631 root  rtd       DIR   0,15      608   256 /
obfs-loca 5631 root  txt       REG   0,14   201935  1181 /usr/bin/obfs-local
obfs-loca 5631 root  mem       REG   0,13        6   989 /tmp/TZ
obfs-loca 5631 root    0r     FIFO    0,8      0t0 45116 pipe
obfs-loca 5631 root    1w      CHR    1,3      0t0   344 /dev/null
obfs-loca 5631 root    2w      CHR    1,3      0t0   344 /dev/null
obfs-loca 5631 root    3w      CHR    1,3      0t0   344 /dev/null
obfs-loca 5631 root    4u  a_inode    0,9        0    12 [eventpoll]
obfs-loca 5631 root    5u  a_inode    0,9        0    12 [eventfd]
obfs-loca 5631 root    6u     IPv4  45118      0t0   TCP localhost:54063 (LISTEN)
obfs-loca 5631 root    7u     IPv4  46517      0t0   TCP localhost:54063->localhost:47834 (ESTABLISHED)
obfs-loca 5631 root    8u     IPv4  46518      0t0   TCP 10.60.83.21:46470->45.67.89.10:12345 (ESTABLISHED) <-- obfs-server
obfs-loca 5631 root    9u     IPv4  50568      0t0   TCP localhost:54063->localhost:51840 (ESTABLISHED)
obfs-loca 5631 root   10u     IPv4  50569      0t0   TCP 10.60.83.21:50476->45.67.89.10:12345 (ESTABLISHED) <-- obfs-server
obfs-loca 5631 root   11u     IPv4  52591      0t0   TCP localhost:54063->localhost:53446 (ESTABLISHED)
obfs-loca 5631 root   12u     IPv4  52592      0t0   TCP 10.60.83.21:52082->45.67.89.10:12345 (ESTABLISHED) <-- obfs-server
...

# lsof -p 5629
COMMAND   PID USER   FD      TYPE     DEVICE SIZE/OFF  NODE NAME
ss-redir 5629 root  cwd       DIR       0,15      608   256 /
ss-redir 5629 root  rtd       DIR       0,15      608   256 /
ss-redir 5629 root  txt       REG       0,14   509876  1150 /usr/bin/ss-redir
ss-redir 5629 root  mem       REG       0,13        6   989 /tmp/TZ
ss-redir 5629 root    0u  a_inode        0,9        0    12 [eventpoll]
ss-redir 5629 root    1w      CHR        1,3      0t0   344 /dev/null
ss-redir 5629 root    2w      CHR        1,3      0t0   344 /dev/null
ss-redir 5629 root    3w      CHR        1,3      0t0   344 /dev/null
ss-redir 5629 root    4w     FIFO        0,8      0t0 45116 pipe
ss-redir 5629 root    5u  a_inode        0,9        0    12 [eventfd]
ss-redir 5629 root    6u     unix 0x86c54900      0t0 45117 type=DGRAM
ss-redir 5629 root    7u     IPv4      45119      0t0   TCP *:1234 (LISTEN)
ss-redir 5629 root    8u     IPv4      46515      0t0   TCP 192.168.4.1:1234->192.168.4.199:49267 (ESTABLISHED)
ss-redir 5629 root    9u     IPv4      46516      0t0   TCP localhost:47834->localhost:54063 (ESTABLISHED)
ss-redir 5629 root   10u     IPv4      50566      0t0   TCP 192.168.4.1:1234->192.168.4.202:60270 (ESTABLISHED)
ss-redir 5629 root   11u     IPv4      50567      0t0   TCP localhost:51840->localhost:54063 (ESTABLISHED)
ss-redir 5629 root   12u     IPv4      52405      0t0   TCP 192.168.4.1:1234->192.168.4.199:50370 (ESTABLISHED)
ss-redir 5629 root   13u     IPv4      52406      0t0   TCP localhost:53404->localhost:54063 (ESTABLISHED)
...

MacOS

客户端 obfs 配置:

img

% lsof -iTCP -sTCP:LISTEN -n -P|egrep 'ss|obfs'
ss-local  4114    i    7u  IPv4 0x4b16cdf3e150d5f1      0t0  TCP 127.0.0.1:1080 (LISTEN)
obfs-loca 4115    i    6u  IPv4 0x4b16cdf3e5248b71      0t0  TCP 127.0.0.1:52982 (LISTEN)

% pgrep -lf 'ss-local|obfs'
4114 /Users/.../ShadowsocksX-NG/ss-local-latest/ss-local -c ss-local-config.json --fast-open --reuse-port
4115 plugins/simple-obfs --fast-open

% cat ~/Library/Application\ Support/ShadowsocksX-NG/ss-local-config.json
{
  "server" : "45.67.89.10",
  "server_port" : 12345,
  "method" : "chacha20-ietf-poly1305",
  "password" : "V_V1_fuck_GFW",
  "plugin" : "plugins/simple-obfs",
  "plugin_opts" : "obfs=tls;obfs-host=updates.cdn-apple.com;fast-open",
  "local_port" : 9090,
  "local_address" : "127.0.0.1",
  "timeout" : 60
}

% curl --socks5 127.0.0.1:1080 http://cip.cc
IP        : 45.67.89.10
地址    : 美国  亚利桑那州  凤凰城
运营商    : it7.net
数据二    : 美国 | 加利福尼亚州洛杉矶IT7网络
数据三    : 美国加利福尼亚

Windows

img