Skip to content

aiziyuer/connectME

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

90 Commits

.github/workflows

.github/workflows

 
 

.vscode

.vscode

 
 

cmd

cmd

 
 

dnsclient

dnsclient

 
 

dnsserver

dnsserver

 
 

docs

docs

 
 

scaffold

scaffold

 
 

test

test

 
 

util

util

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

connectME CI Release

connectME is a tool that help you connect the internet freely.

⚙ Installation

# 如果是升级, 最好先把老版本删除
# rm -rf /usr/bin/connectME
CGO_ENABLED=0 \
GOBIN=/usr/bin \
go get -u -v github.com/aiziyuer/connectME

为了避免goproxy的缓存问题, 可以export GOPROXY=direct强制从源站下载

🧼 Serve DNS

# start it
➜  ~ connectME dns --port 53
ednsSubnet: 122.235.189.0/24
proxy: http://127.0.0.1:3128
tcp_server: 0.0.0.0:53
udp_server: 0.0.0.0:53

# test
dig @127.0.0.1 -p53 www.google.com +short

🚪 Serve GW

网关服务安装

# start it~ export proxy=http://127.0.0.1:3128
➜  ~ connectME gw --port 1081
gw_server: 0.0.0.0:1081

由于透明网关需要防火墙上面将流量引入, 所以有如下推荐的防火墙配置:

# install ipset
yum install ipset
# apt-get install ipset

# clean
# ipset flush NO_PROXY && ipset destory NO_PROXY || true

# create, ref: https://zh.wikipedia.org/wiki/%E4%BF%9D%E7%95%99IP%E5%9C%B0%E5%9D%80
ipset create NO_PROXY hash:net comment
ipset -exist add NO_PROXY 0.0.0.0/8 comment "IANA"
ipset -exist add NO_PROXY 10.0.0.0/8 comment "Class C IP address"
ipset -exist add NO_PROXY 172.16.0.0/12 comment "Class C IP address"
ipset -exist add NO_PROXY 192.168.0.0/16 comment "Class C IP address"
ipset -exist add NO_PROXY 127.0.0.0/8 comment "Loopback Address"
ipset -exist add NO_PROXY 169.254.0.0/16 comment "Link local address"
ipset -exist add NO_PROXY 224.0.0.0/16 comment "Multicast Address"
# ipset -exist add NO_PROXY xxxx/32 comment "Your Proxy Server"

# apply chain
iptables -t nat -N PROXY &>/dev/null; iptables -t nat -F PROXY
iptables -t nat -A PROXY -m set --match-set NO_PROXY dst -j RETURN
iptables -t nat -A PROXY -p tcp -j REDIRECT --to-port 1081
iptables -t nat -F OUTPUT && iptables -t nat -A OUTPUT -j PROXY 
iptables -t nat -F PREROUTING && iptables -t nat -A PREROUTING -p tcp -j PROXY

# review chain
iptables -t nat -S

🎂 AutoStart

# ipset auto restore at reboot
cat <<'EOF' >/etc/systemd/system/ipset.service
[Unit]
Description=ipset persistent rule service
Before=iptables.service
ConditionFileNotEmpty=/etc/sysconfig/ipset
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/sbin/ipset -exist -file /etc/sysconfig/ipset restore
ExecStop=/usr/sbin/ipset -file /etc/sysconfig/ipset save
[Install]
WantedBy=multi-user.target
EOF
# apply ipset
systemctl daemon-reload; systemctl enable ipset.service; systemctl start ipset.service

# add systemd service
cat <<'EOF'>/etc/systemd/system/connectME@.service
[Unit]
Description=connectME dns
Documentation=https://github.com/aiziyuer/connectME
After=network.target

[Service]
Type=notify
Environment="HTTP_PROXY=127.0.0.1:3128"
Environment="HTTPS_PROXY=127.0.0.1:3128"
ExecStart=/usr/bin/connectME %i
WatchdogSec=1s
StartLimitBurst=0
StartLimitIntervalSec=0
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

# apply dns
systemctl daemon-reload; systemctl enable connectME@dns.service; systemctl restart connectME@dns.service

# apply gw
systemctl daemon-reload; systemctl enable connectME@gw.service; systemctl restart connectME@gw.service

🙏 FAQ

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

5 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 6

0.6 Latest
Jul 18, 2021
+ 5 releases

Packages

No packages published

Languages