海天无影Blog

V2ray安装记录

/ 17749阅 / 3评 / 12

V2Ray用于实际的网络交互、路由等针对网络数据的处理,V2ray原生支持HTTP、Socks、Shadowsocks、VMess这4种协议,并且均可使用 TLS、TCP、mKCP、WebSocket 等传输方式进行传输

安装V2ray

使用V2Ray官方提供的一键脚本,支持CentOS7/Debian全系列(含Ubuntu)

bash <(curl -L -s https://install.direct/go.sh)

安装过程很快,记录下蓝色的 PORT 和 UUID

V2ray安装成功

安装完成后,先运行命令来启动V2ray,

 service v2ray start

之后可以通过命令来控制 V2ray 的运行

 service v2ray start|stop|status|reload|restart|force-reload

/usr/bin/v2ray/v2ray:V2Ray 程序
/etc/v2ray/config.json:配置文件

V2ray核心文件

至此,最基本的V2ray代理功能已经搭建完成了,可以利用相关的程序进行代理。但是基本的代理功能没有任何的伪装或加密,往来的数据全部是透明形式的,这肯定是不够的。

V2ray加密方式

一、TCP+TLS

V2ray使用TCP来传输,使用 HTTP/TLS 混淆来模拟 HTTP 网站流量,但也只是模拟,并不是真实的 HTTP 流量。之前介绍过https和SSL:

SSL(Secure Sockets Layer 安全套接层),是为网络通信提供安全及数据完整性的一种安全协议。SSL 在传输层对网络连接进行加密,以确保数据在网络传输过程中不被截取及窃听。目前 SSL已被广泛地用于Web浏览器与服务器之间的身份认证和加密数据传输。

简单介绍https、SSL

所以经过TLS加密后,在服务端和客户端之间的数据是安全的。这个方法需要用到一个域名、ssl证书。ssl证书的免费申请和安装等可以点击《SSL》参考。

服务端设置:修改V2ray的配置文件/etc/v2ray/config.json

{
    "dns": null,
    "inbound": {
        "listen": null,
        "port": 443,
        "protocol": "vmess",
        "settings": {
            "auth": null,
            "clients": [
                {
                    "alterId": 64,
//此处的uuid不用修改,直接服务器生成的,服务端和客户端一样即可
                    "id": "使用服务器生成的即可",
                    "security": "none"
                }
            ],
            "ip": null,
            "udp": true
        },
        "streamSettings": {
            "kcpSettings": null,
            "network": "tcp",
            "security": "tls",
            "tcpSettings": null,
            "tlsSettings": {
                "certificates": [
                    {
//以下两处修改成自己申请的ssl证书
                        "certificateFile": "/path/to/example.domain/fullchain.cer",
                        "keyFile": "/path/to/example.domain.key"
                    }
                ]
            },
            "wsSettings": null
        }
    },
    "inboundDetour": null,
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "info"
    },
    "outbound": {
        "mux": null,
        "protocol": "freedom",
        "settings": null,
        "streamSettings": null,
        "tag": null
    },
    "outboundDetour": [
        {
            "protocol": "blackhole",
            "settings": null,
            "tag": "blocked"
        }
    ],
    "routing": {
        "settings": {
            "domainStrategy": null,
            "rules": [
                {
                    "domain": null,
                    "ip": [
                        "0.0.0.0/8",
                        "10.0.0.0/8",
                        "100.64.0.0/10",
                        "127.0.0.0/8",
                        "169.254.0.0/16",
                        "172.16.0.0/12",
                        "192.0.0.0/24",
                        "192.0.2.0/24",
                        "192.168.0.0/16",
                        "198.18.0.0/15",
                        "198.51.100.0/24",
                        "203.0.113.0/24",
                        "::1/128",
                        "fc00::/7",
                        "fe80::/10"
                    ],
                    "outboundTag": "blocked",
                    "port": null,
                    "type": "field"
                }
            ]
        },
        "strategy": "rules"
    }
}

客户端设置:文章最后会简单讲一下客户端软件的设置

{
    "dns": {
        "servers": [
            "8.8.8.8",
            "8.8.4.4",
            "localhost"
        ]
    },
    "inbound": {
        "listen": "0.0.0.0",
        "port": 1080,
        "protocol": "socks",
        "settings": {
            "auth": "noauth",
            "clients": null,
            "ip": "127.0.0.1",
            "udp": true
        },
        "streamSettings": null
    },
    "inboundDetour": null,
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "info"
    },
    "outbound": {
        "mux": {
            "enabled": true
        },
        "protocol": "vmess",
        "settings": {
            "vnext": [
                {
                    "address": "example.domain",
                    "port": 443,
                    "users": [
                        {
                            "alterId": 64,
//此处uuid和服务端设置一致
                            "id": "和服务端设置一致",
                            "security": "none"
                        }
                    ]
                }
            ]
        },
        "streamSettings": {
            "kcpSettings": null,
            "network": "tcp",
            "security": "tls",
            "tcpSettings": null,
            "tlsSettings": {},
            "wsSettings": null
        },
        "tag": "agentout"
    },
    "outboundDetour": [
        {
            "protocol": "freedom",
            "settings": {
                "response": null
            },
            "tag": "direct"
        },
        {
            "protocol": "blackhole",
            "settings": {
                "response": {
                    "type": "http"
                }
            },
            "tag": "blockout"
        }
    ],
    "routing": {
        "settings": {
            "domainStrategy": "IPIfNonMatch",
            "rules": [
                {
                    "domain": null,
                    "ip": [
                        "0.0.0.0/8",
                        "10.0.0.0/8",
                        "100.64.0.0/10",
                        "127.0.0.0/8",
                        "169.254.0.0/16",
                        "172.16.0.0/12",
                        "192.0.0.0/24",
                        "192.0.2.0/24",
                        "192.168.0.0/16",
                        "198.18.0.0/15",
                        "198.51.100.0/24",
                        "203.0.113.0/24",
                        "::1/128",
                        "fc00::/7",
                        "fe80::/10"
                    ],
                    "outboundTag": "direct",
                    "port": null,
                    "type": "field"
                }
            ]
        },
        "strategy": "rules"
    }
}

二、mKCP 模式

mKCP是一个基于UDP的传输协议,由KCP改进而来,是以流量换速度,降低了网络延迟。简单来说就是为了防止丢包重传,同一份数据发多份,所以同一条件下使用mKCP会比其他方式耗费更多流量。

我们常用的BT、网络游戏、视频聊天等,都是使用 UDP 传输,所以V2raym使用KCP 模式可以伪装成 BT下载、FaceTime、微信视频等运用的数据。

关于速度方面,由于之前说过的 BBR加速 是 TCP 加速技术,所以使用 mKCP 并不能享受 BBR 的加速,但其实 mKCP 本身就已经是一种加速技术了。

服务端设置:修改V2ray的配置文件/etc/v2ray/config.json

注意需要统一服务端和客户端的uuid以及streamSettings参数。

{
  "outbound": {
    "streamSettings": null,
    "tag": null,
    "protocol": "freedom",
    "mux": null,
    "settings": null
  },
  "log": {
    "access": "/var/log/v2ray/access.log",
    "loglevel": "info",
    "error": "/var/log/v2ray/error.log"
  },
  "outboundDetour": [
    {
      "tag": "blocked",
      "protocol": "blackhole",
      "settings": null
    }
  ],
  "inbound": {
//streamSettings参数设置请参考下文
    "streamSettings": {
      "network": "kcp",
      "kcpSettings": {
        "uplinkCapacity": 15,
        "downlinkCapacity": 100,
        "readBufferSize": 2,
        "mtu": 1350,
        "header": {
          "request": null,
          "type": "wechat-video",
          "response": null
        },
        "tti": 50,
        "congestion": false,
        "writeBufferSize": 2
      },
      "wsSettings": null,
      "tcpSettings": null,
      "tlsSettings": {},
      "security": ""
    },
    "settings": {
      "ip": null,
      "udp": true,
      "clients": [
        {
          "alterId": 100,
          "security": "aes-128-gcm",
//注意和客户端统一uuid
          "id": "uuid可使用服务器生成的"
        }
      ],
      "auth": null
    },
    "protocol": "vmess",
    "port": 1234,
    "listen": null
  },
  "inboundDetour": null,
  "routing": {
    "settings": {
      "rules": [
        {
          "ip": [
            "0.0.0.0/8",
            "10.0.0.0/8",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "172.16.0.0/12",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "192.168.0.0/16",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "::1/128",
            "fc00::/7",
            "fe80::/10"
          ],
          "domain": null,
          "type": "field",
          "port": null,
          "outboundTag": "blocked"
        }
      ],
      "domainStrategy": null
    },
    "strategy": "rules"
  },
  "dns": null
}

客户端设置:注意需要统一服务端和客户端的uuid以及streamSettings参数。

{
  "outbound": {
    "streamSettings": {
      "network": "kcp",
      "kcpSettings": {
        "uplinkCapacity": 15,
        "downlinkCapacity": 100,
        "readBufferSize": 2,
        "mtu": 1350,
        "header": {
          "type": "none",
          "request": null,
          "response": null
        },
        "tti": 50,
        "congestion": false,
        "writeBufferSize": 2
      },
      "wsSettings": null,
      "tcpSettings": null,
      "tlsSettings": {},
      "security": ""
    },
    "tag": "agentout",
    "protocol": "vmess",
    "mux": {
      "enabled": true
    },
    "settings": {
      "vnext": [{
        "users": [{
          "alterId": 100,
          "security": "aes-128-gcm",
          "id": "和服务端一致的uuid"
        }],
        "port": 1234,
        "address": "Your_IP_Address"
      }]
    }
  },
  "log": {
    "access": "",
    "loglevel": "info",
    "error": ""
  },
  "outboundDetour": [{
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "response": null
      }
    },
    {
      "tag": "blockout",
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      }
    }
  ],
  "inbound": {
    "streamSettings": null,
    "settings": {
      "ip": "127.0.0.1",
      "udp": true,
      "clients": null,
      "auth": "noauth"
    },
    "protocol": "socks",
    "port": 1080,
    "listen": "0.0.0.0"
  },
  "inboundDetour": null,
  "routing": {
    "settings": {
      "rules": [{
        "ip": [
          "0.0.0.0/8",
          "10.0.0.0/8",
          "100.64.0.0/10",
          "127.0.0.0/8",
          "169.254.0.0/16",
          "172.16.0.0/12",
          "192.0.0.0/24",
          "192.0.2.0/24",
          "192.168.0.0/16",
          "198.18.0.0/15",
          "198.51.100.0/24",
          "203.0.113.0/24",
          "::1/128",
          "fc00::/7",
          "fe80::/10"
        ],
        "domain": null,
        "type": "field",
        "port": null,
        "outboundTag": "direct"
      }],
      "domainStrategy": "IPIfNonMatch"
    },
    "strategy": "rules"
  },
  "dns": {
    "servers": [
      "8.8.8.8",
      "8.8.4.4",
      "localhost"
    ]
  }
}

streamSettings参数详解:

客户端的上行对于服务器来说是下行,同样地客户端的下行是服务器的上行,mKCP 设置当中服务器和客户端都有 uplinkCapacity 和 downlinkCapacity,所以客户端的上传速率由服务器的 downlinkCapacity 和客户端的 uplinkCapacity 中的最小值决定,客户端的下载速率也是同样的道理。

因此,建议将服务器和客户端的 downlinkCapacity 设成一个很大的值,然后分别修改两端的 uplinkCapacity 为你实际的下载速度,以调整上下行速率。

修改 header 的 type 可以把流量包进行伪装,这是 mKCP 的最主要的优势。

三、WS+TLS+Web

将 V2Ray 隐藏在网站后面,就可以让 Web Server(Nginx/Apache等)把流量分流给V2Ray处理,然后再由Web发给客户端,传输再使用SSL加密,可以说这是隐秘性最稳妥的方法了。

这里通过path进行分流,比如说通过设置设置Web,将所有对https://www.example.com/daili/ 的连接内容传给后端的V2Ray, 而所有不是/daili/ 的请求,Web则正常应答访问页面。

首先,设置Web进行path分流,还是以nginx进行说明,并且要架设好网站以及ssl连接,然后在443端口的ssl的server里加入:

#daili可自行设置自己想要的路径
location /daili/ {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:1234; #1234可自行设置,但下面的v2ray要修改一致
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        }

接着修改V2ray服务端设置

{
  "log": {
    "loglevel": "debug"
  }, 
  "inbounds": [
    {
//端口和上面设置的一致
      "port": 1234, 
      "listen": "127.0.0.1", 
      "tag": "vmess-in", 
      "protocol": "vmess", 
      "settings": {
        "clients": [
          {
//和客户端一致的UUID
            "id": "可用服务器生成UUID", 
            "alterId": 64
          }
        ]
      }, 
      "streamSettings": {
        "network": "ws", 
        "wsSettings": {
//ws路径,和上面设置的web分流路径一致
          "path": "/daili/", 
          "headers": { }
        }
      }
    }
  ], 
  "outbounds": [
    {
      "protocol": "freedom", 
      "settings": { }, 
      "tag": "direct"
    }, 
    {
      "protocol": "blackhole", 
      "settings": { }, 
      "tag": "blocked"
    }
  ], 
  "routing": {
    "domainStrategy": "AsIs", 
    "rules": [
      {
        "type": "field", 
        "inboundTag": [
          "vmess-in"
        ], 
        "outboundTag": "direct"
      }
    ]
  }
}

V2ray客户端设置

{
  "log": {
    "loglevel": "debug"
  },
  "inbounds": [
    {
      "port": 10086,
      "listen": "127.0.0.1",
      "tag": "socks-in",
      "protocol": "socks",
      "settings": {
        "auth": "noauth",
        "udp": false
      }
    }
  ],
  "outbounds": [
    {
      "mux": {
        "concurrency": 32,
        "enabled": true
      },
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "users": [
              {
//和服务端一致的uuid
                "id": "UUID",
                "alterId": 64,
                "security": "auto"
              }
            ],
//填写网站的域名以及端口
            "address": "www.example.com",
            "port": 443
          }
        ]
      },
      "streamSettings": {
        "tlsSettings": {
          "allowInsecure": false
        },
        "wsSettings": {
          "headers": {
            "User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.4489.62 Safari/537.36",
            //注:填写对应头部
            "Host": "www.example.com",
            "Accept-Encoding": "gzip",
            "Pragma": "no-cache"
          },
//填写服务端设置的path分流路径
          "path": "/daili/"
        },
        "network": "ws",
        "security": "tls"
      },
      "tag": "wmess-out"
    },
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    },
    {
      "protocol": "freedom",
      "settings": {},
      "tag": "dicert"
    }
  ],
  "routing": {
    //注:全域名规则匹配
    "domainStrategy": "AsIs",
    "rules": [
      {
        "type": "field",
//填写网站域名
        "domain": [
          "domain:www.example.com"
        ],
        "outboundTag": "dicert"
      },
      {
        "type": "field",
        "inboundTag": [
          "socks-in",
          "http-in"
        ],
        "outboundTag": "vmess-out"
      }
    ]
  },
  "other": {}
}

V2ray客户端设置

V2ray的客户端很多,不管是windows、Mac的电脑客户端,也有iOS、Android的手机客户端,大家可以自行选择。并且都可以直接将上面的的客户端设置复制粘贴进去。

但需要注意的是有的客户端是json格式导入,但由于json不支持注释,所以大家在复制上面客户端的代码时,按要求修改后,将注释文字删除掉,在复制到客户端里。

卸载V2ray

脚本里没直接卸载的选项,只能手动卸载。

首先删除服务,systemd 和 sysv 二选一,取决于你的系统。

#停用并卸载服务(systemd):
systemctl stop v2ray
systemctl disable v2ray

#停用并卸载服务(sysv):
service v2ray stop
update-rc.d -f v2ray remove

删除v2ray的相关文件

rm -rf /etc/v2ray/*  #(配置文件)
rm -rf /usr/bin/v2ray/*  #(程序)
rm -rf /var/log/v2ray/*  #(日志)
rm -rf /lib/systemd/system/v2ray.service  #(systemd 启动项)
rm -rf /etc/init.d/v2ray  #(sysv 启动项)

《 “V2ray安装记录” 》 有 3 条评论

  1. […] 其实现在ssr虽说是加密的,但是在墙的眼里已经是透明的了,在国内使用还好,并不会怎么样,但是国外使用的话,大概率会被封IP,推荐加密形式和方式都更好的V2ray。 […]

  2. […] Mac平台使用ClashX 搭配 ssr 支持 SSR 协议及分流策略的使用,为什么使用ClashX,因为现在ssr用于科学上网被封的几率实在太大了,主要还是用v2ray这类比较小众的,ssr还是用在国内的代理流量。 […]

  3. […] 主要有海天将科学上网的工具从ssr换成了使用v2ray之后,备份了秋水逸冰的ssr一键安装脚本的配置。以及在后来使用Mac电脑时,又需要使用ssr,但发现mac下ssr无法使用及解决办法,后来通过clashX搭配ssr完成了v2ray+ssr的同时使用。 […]

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注