Linux implements socks terminal agent and global agent

Rokas. Yang 2022-06-24 06:03:50 阅读数:786


One 、 Use scenarios

GFW For specific foreign countries IP The segment will be blocked , As a result, we cannot access the opposite end , And we need to use socks The forward proxy function of the protocol , Be responsible for forwarding requests to foreign available servers for us , Then the server forwards the request to any Internet resource you want to access , The most critical part is the traffic transfer of this foreign server , Here's the picture :

So across GFW The main premise of interception is that you have a socks Server side , About socks The server side setup is not mentioned in this article , Many agent software can realize , Please refer to the relevant information , At the same time, it is only for scientific Internet access. It is more recommended to use a stable Airport , It is not recommended to purchase a single overseas server to build , Low cost performance and low fault tolerance .

The following operations are based on the premise of machine filing compliance .

Two 、socks Supported proxy protocols

socks Run in session layer , Can act for TCP、UDP Itself and the agreements based on them , Such as http/https over tcp,http3 over udp(quic), Can't act for icmp, So you go through socks unable ping Through Google , Don't think it's the agent software or the node , It's your problem !

3、 ... and 、 Client installation

socks Many software can implement protocol proxy , This article describes the well-known ss/ssr agent , take shadowsocksR The project can be cloned locally :

$ cd /usr/share
$ git clone
$ cd ./shadowsocksr

Initialization environment :bash

The client path is ./shadowsocks/

Client configuration file :user-config.json

Four 、 Write sytemd service

Only used to support systemd Service linux Distribution version , For other distributions, please refer to the service management software of the relevant distribution

$ mkdir -p ~/.config/systemd/user # Create for storing systemd Service catalog
$ vim ~/.config/systemd/user/ssr-client.service
Description=Shadowsocks R Client Service
ExecStart=/usr/bin/python /usr/share/shadowsocksr/shadowsocks/ -c /usr/share/shadowsocksr/shadowsocks/user-config.json # Subject to your actual path

adopt systemd management service

$ systemctl --user daemon-reload #reload Daemon , finish writing sth. systemd Execute once after , Follow up does not need to be performed
$ systemctl --user status ssr-client # View running status
$ systemctl --user start ssr-client # restart ssr client
$ systemctl --user restart ssr-client # restart ssr client 

without systemd Service doesn't want to be written as service , You can also use the lazy one line :

$ { nohup /usr/share/shadowsocksr/shadowsocks/ -c /usr/share/shadowsocksr/shadowsocks/user-config.json &> /dev/null; } &
$ alias ssrstart='{ nohup /usr/share/shadowsocksr/shadowsocks/ -c /usr/share/shadowsocksr/shadowsocks/user-config.json &> /dev/null; } &' 

5、 ... and 、ssr-config.json/user-config.json Configuration format


"server": "",
"local_address": "",
"local_port": 1080,
"timeout": 300,
"workers": 1,
"server_port": 3071,
"password": "test",
"method": "rc4-md5",
"obfs": "http_simple",
"obfs_param": "",
"protocol": "origin",
"protocol_param": ""


"server": "",
"local_address": "",
"local_port": 1080,
"timeout": 300,
"workers": 1,
"server_port": 3071,
"password": "test",
"method": "rc4-md5",
"plugin": ""

6、 ... and 、 Agent test

After the service is running normally , Use the following command to temporarily test the connectivity :

$ export http_proxy=
$ export http_proxy= #export Only for your current terminal (pts/tty) It works , Mo panic 

Want to set as a global proxy , Add the above two commands to ~/.bashrc that will do , Other interpreters are placed in their own configuration files ,zsh Then for ~/.zshrc.

Next visit Google :

$ telnet 80
Connected to
Escape character is '^]'.

Can communicate , It indicates that it has been in normal operation , And the node status is normal :

Cancel the current terminal agent , Use unset http_proxy https_proxy that will do

7、 ... and 、Proxychains

Use proxychains coordination ss/ssr client , It will be more convenient and targeted to manage your socks agent

1) install

$ git clone
$ cd proxychains-ng
$ ./configure
$ make && sudo make install
$ sudo cp ./src/proxychains.conf /etc/proxychains.conf

2) Modify the configuration file

$ sudo vim /etc/proxychains.conf
socks5 1080 # Change according to the actual situation , Here we use ssr For example, agency
socks5 1081
http xx.xx.xx.xx 9000 # add to http agent

3) Configuration file parameter description

  • strict_chain( Default on)

Form a chain according to the sequence of proxy servers in the following list , All proxy servers are required to be valid .

  • dynamic_chain( Default off)

Form a chain according to the order of proxy servers appearing in the list , If a proxy server fails , It is automatically excluded , But at least one of them is effective .

  • random_chain ( Default off)

Any of the proxy servers in the list may be selected to use , This method is very suitable for network scanning operation ( Parameters chain_len Only right random_chain It works ).

  • proxy_dns( Default on)

agent dns request .

  • ProxyList

Add proxy list , Such as http、socks4/5、auth user/pass etc. .

4) Usage method

Add... Before the order proxychains that will do , Also cannot act as an agent icmp, because proxychains go socks, Want to represent icmp Wait for the entire agreement , Suggest using vpn Related software

wget Google homepage :

$ proxychains4 -q wget

youtube Video downloading :

$ proxychains4 -q youtube-dl

Speed up git clone:

$ proxychains4 -q
copyright:author[Rokas. Yang],Please bring the original link to reprint, thank you.