需求
ROS软路由不支持直拨SCOKS5,曲线救国
ROS拨CENTOS8架设得PPTP服务器,PPTP流量(CENTOS8电脑)转成SCOKS5流量再发送出去
gsot需要2.12版本。太高太低都有问题
wget https://github.com/ginuerzh/gost/releases/download/v2.12.0/gost_2.12.0_linux_amd64.tar.gz
tar -zxvf gost_2.12.0_linux_amd64.tar.gz
sudo find / -name gost
编辑PPP认证文件/etc/ppp/chap-secrets,添加用户名和密码
# Secrets for authentication using CHAP
# client server secret IP addresses
user1 pptpd 123456 *
user2 pptpd 123456 192.168.2.243
sudo systemctl restart pptpd
sudo systemctl enable pptpd
sudo systemctl status pptpd
wget -N –no-check-certificate https://raw.githubusercontent.com/pouyaam/iptables-pf/refs/heads/main/iptables-pf.sh && chmod +x iptables-pf.sh && bash iptables-pf.sh
https://www.cnblogs.com/yun-xx/p/17432150.html
sudo vim /etc/sysctl.conf
sudo sysctl -p
*nat :PREROUTING ACCEPT :INPUT ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT # 忽略本地网络和特殊网络段的流量 -A PREROUTING -d 0.0.0.0/8 -j RETURN -A PREROUTING -d 10.0.0.0/8 -j RETURN -A PREROUTING -d 127.0.0.0/8 -j RETURN -A PREROUTING -d 169.254.0.0/16 -j RETURN -A PREROUTING -d 192.168.0.0/16 -j RETURN -A PREROUTING -d 224.0.0.0/4 -j RETURN -A PREROUTING -d 240.0.0.0/4 -j RETURN # 将源IP为192.168.2.234的TCP流量重定向到端口31338 -A PREROUTING -s 192.168.2.234 -p tcp -j REDIRECT --to-ports 31338 # 将从ppp接口进入的TCP流量重定向到端口31338 -A PREROUTING -i ppp+ -p tcp -j REDIRECT --to-ports 31338 # 对源IP为192.168.2.0/24的流量,在通过ens33接口输出时进行源地址伪装
sudo iptables -t nat -L sudo iptables-restore < ipt.conf sudo iptables-save peer.txt
GOST v2.12
{
"Debug": true,
"Retries": 0,
"ServeNodes": [
"red://:36000"
],
"ChainNodes": [
"socks5://admin:admin@xxxxx:46000"
]
}
c.josn
{
"Debug": true,
"Retries": 0,
"ServeNodes": [
"red://:31338"
],
"ChainNodes": [
":1080?peer=peer.txt"
]
}
gost -C c.json
总结
这样整个流程就通了。软路由ROS(PPTP拨号)–DEBIAN(拦截PPTP流量定向到GOST监听端口 通过代理(SOCKS5)流量出口上网
类似的L2TP,PPP一样可以