Gateway level shadowsocks client/server for passing through firewall and censorship.
## clone repo
git clone https://github.com/weishi258/redfrog-core
## install dependency
dep ensure -v
### build multiple x86 & arm based client & server
./build.sh
-
upload build server binary (e.g redfrog-server) to remote server
-
simple run the server with command
./redfrog-server -c sample-server.yaml -log output.log
- adding to linux systemd service
a. copy server binary to location <path/redfrog-server>
b. adding new service file to location/etc/systemd/system/redfrogserver.service
[Unit]
After=network.target
[Service]
ExecStart=<path>/redfrog-server -c <path>/sample-server.yaml -log <path>/output.log
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
Type=simple
User=root
[Install]
WantedBy=default.target
c. start service: systemctl start redfrogserver
d. enable service for auto start: systemctl enable redfrogserver
-
upload client binary to local gateway server
-
Simple run the client with command
<path>/redfrog-client -c <path>/prod-config.yaml -d <path>/redfrog -log <path>/output.log
3, Adding to linux systemd service
a. adding new service file to location /etc/systemd/system/redfrogserver.service
[Unit]
After=network.target
[Service]
ExecStart=<path>/redfrog-client-arm64 -c<path>/prod-config.yaml -d <path>/redfrog -log<path>/output.log
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
Type=simple
User=root
[Install]
WantedBy=default.target
b. start service: systemctl start redfrog
c. enable service: systemctl enable redfrog
this config start the proxy server to listen on two ports: 8420 and 8421 with kcptun support
servers:
- listen-addr: "0.0.0.0:8420"
tcp-timeout: 120
udp-timeout: 60
crypt: "AEAD_CHACHA20_POLY1305"
Password: "MUST CHANGE THIS"
kcptun:
enable: true
listen-addr: "0.0.0.0:8420"
mode: "fast"
thread: 4
conn: 4
autoexpire: 0
mtu: 1350
sndwnd: 128
rcvwnd: 512
datashard: -1
parityshard: -1
dscp: 0
nocomp: false
keep-alive-interval: 10
keep-alive-timeout: 30
sock-buf : 4194304
- listen-addr: "0.0.0.0:8421"
tcp-timeout: 120
udp-timeout: 60
crypt: "AEAD_CHACHA20_POLY1305"
Password: "MUST CHANGE THIS"
kcptun:
enable: true
listen-addr: "0.0.0.0:8421"
mode: "fast"
thread: 4
conn: 4
autoexpire: 0
mtu: 1350
sndwnd: 128
rcvwnd: 512
datashard: -1
parityshard: -1
dscp: 0
nocomp: false
keep-alive-interval: 10
keep-alive-timeout: 30
sock-buf : 4194304
it start the proxy client with dns filter on
- Add multiple pac lists to the tag
pac-list
- Add multiple proxy connection (it will use round robin) to remote server with kcptun enabled
- Must change the password field for security reason
packet-mask: "0x1/0x1"
routing-table: 100
listen-port: 9090
ipset: true
dns:
listen-addr: "192.168.0.2:53"
proxy-resolver:
- "127.0.0.11"
timeout: 5
cache: false
filter:
enable: true
white-list:
- "white.txt"
black-list:
- "black.txt"
pac-list:
- "gfw-list.txt"
- "custom-list.txt"
shadowsocks:
servers:
- enable: true
remote-server: "192.168.1.2:8420"
crypt: "AEAD_CHACHA20_POLY1305"
Password: "MUST CHANGE THIS"
tcp-timeout: 20
udp-timeout: 10
udp-over-tcp: true
kcptun:
enable: true
server: "192.168.1.2:8420"
mode: "fast"
thread: 1
conn: 1
autoexpire: 0
mtu: 1350
sndwnd: 128
rcvwnd: 512
datashard: -1
parityshard: -1
dscp: 0
nocomp: false
keep-alive-interval: 10
keep-alive-timeout: 30
sock-buf : 4194304
- enable: true
remote-server: "192.168.1.2:8421"
crypt: "AEAD_CHACHA20_POLY1305"
Password: "MUST CHANGE THIS"
tcp-timeout: 20
udp-timeout: 10
udp-over-tcp: true
kcptun:
enable: true
server: "192.168.1.2:8421"
mode: "fast"
thread: 1
conn: 1
autoexpire: 0
mtu: 1350
sndwnd: 128
rcvwnd: 512
datashard: -1
parityshard: -1
dscp: 0
nocomp: false
keep-alive-interval: 10
keep-alive-timeout: 30
sock-buf : 4194304
The client is gateway level rule based proxy all you need to do is:
- config the local router to use the client device ip as the new gateway and DNS server
- config each device to use the client device as gateway and DNS server
- Must change the password field for security reason