From aaa7fe05a97c71e18b149713c7b370b95365a4df Mon Sep 17 00:00:00 2001
From: JimhHan <50871214+JimhHan@users.noreply.github.com>
Date: Fri, 26 Mar 2021 11:19:19 +0800
Subject: [PATCH] Add: [document/level-2] redirect traffic
https: //github.com/XTLS/XTLS.github.io/pull/79
Co-Authored-By: Zzz <28607089+Zzz3m@users.noreply.github.com>
---
docs/.vuepress/config.js | 305 +++++++++++++-------------
docs/document/level-2/README.md | 5 +
docs/document/level-2/redirect.md | 350 ++++++++++++++++++++++++++++++
3 files changed, 506 insertions(+), 154 deletions(-)
create mode 100644 docs/document/level-2/redirect.md
diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js
index 5bc1e9b0e..de67e16ad 100644
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@@ -1,156 +1,153 @@
module.exports = {
- plugins: [
- '@vuepress/back-to-top',
- 'vuepress-plugin-mermaidjs'
- ],
- base: '/Xray-docs-next/',
- locales: {
- '/': {
- lang: 'zh-CN',
- title: 'Project X',
- description: 'Xray 官方文档'
- }
- },
- themeConfig: {
- smoothScroll: true,
- repo: 'xtls/xray-core',
- repoLabel: '查看源码',
- docsRepo: 'xtls/Xray-docs-next',
- docsDir: 'docs',
- docsBranch: 'main',
- editLinks: true,
- editLinkText: '帮助我们改善此页面!',
- nav: [
- { text: '首页', link: '/' },
- { text: '大史记', link: '/about/news' },
- { text: '配置指南', link: '/config/' },
- { text: '开发指南', link: '/development/' },
- { text: '使用指南', link: '/document/' },
- {
- text: '多语言',
- ariaLabel: 'Language Menu',
- items: [
- { text: '简体中文', link: '/' },
- { text: 'English', link: '/en' }
- ]
- },
-
- ],
- sidebar: {
- '/config/': [
- {
- title: '特性详解',
- children: [
- 'features/vless',
- 'features/xtls',
- 'features/fallback',
- 'features/env',
- 'features/multiple'
- ]
- },
- {
- title: '基础配置',
- collapsable: false,
- path: '/config/',
- children: [
- 'api',
- 'dns',
- 'fakedns',
- 'inbound',
- 'outbound',
- 'policy',
- 'reverse',
- 'routing',
- 'stats',
- 'transport'
- ]
- },
- {
- title: '入站代理',
- collapsable: false,
- path: '/config/inbounds/',
- children: [
- 'inbounds/dokodemo',
- 'inbounds/http',
- 'inbounds/shadowsocks',
- 'inbounds/socks',
- 'inbounds/trojan',
- 'inbounds/vless',
- 'inbounds/vmess'
- ]
- },
- {
- title: '出站代理',
- collapsable: false,
- path: '/config/outbounds/',
- children: [
- 'outbounds/blackhole',
- 'outbounds/dns',
- 'outbounds/freedom',
- 'outbounds/http',
- 'outbounds/shadowsocks',
- 'outbounds/socks',
- 'outbounds/trojan',
- 'outbounds/vless',
- 'outbounds/vmess'
- ]
- },
- {
- title: '底层传输',
- collapsable: false,
- path: '/config/transports/',
- children: [
- 'transports/grpc',
- 'transports/h2',
- 'transports/mkcp',
- 'transports/quic',
- 'transports/tcp',
- 'transports/websocket'
- ]
- },
- ],
- '/document/level-0/': [
- 'ch01-preface',
- 'ch02-preparation',
- 'ch03-ssh',
- 'ch04-security',
- 'ch05-webpage',
- 'ch06-certificates',
- 'ch07-xray-server',
- 'ch08-xray-clients',
- 'ch09-appendix',
- ],
- '/document/level-1/': [
- 'fallbacks-lv1',
- 'routing-lv1-part1',
- 'routing-lv1-part2',
- 'work',
- 'fallbacks-with-sni',
- ],
- '/document/level-2/': [
- 'transparent_proxy/transparent_proxy',
- 'tproxy',
- 'iptables_gid',
- ],
- '/': 'auto',
- }
- },
- markdown: {
- toc: {
- includeLevel: [2]
- },
- extendMarkdown: md => {
- md.use(require('markdown-it-footnote'))
- }
- },
- chainWebpack: (config) => {
- config.module
- .rule('webp')
- .test(/\.(webp)(\?.*)?$/)
- .use('file-loader')
- .loader('file-loader')
- .options({
- name: `assets/img/[name].[hash:8].[ext]`
- })
+ plugins: ["@vuepress/back-to-top", "vuepress-plugin-mermaidjs"],
+ base: "/Xray-docs-next/",
+ locales: {
+ "/": {
+ lang: "zh-CN",
+ title: "Project X",
+ description: "Xray 官方文档"
}
-}
+ },
+ themeConfig: {
+ smoothScroll: true,
+ repo: "xtls/xray-core",
+ repoLabel: "查看源码",
+ docsRepo: "xtls/Xray-docs-next",
+ docsDir: "docs",
+ docsBranch: "main",
+ editLinks: true,
+ editLinkText: "帮助我们改善此页面!",
+ nav: [
+ { text: "首页", link: "/" },
+ { text: "大史记", link: "/about/news" },
+ { text: "配置指南", link: "/config/" },
+ { text: "开发指南", link: "/development/" },
+ { text: "使用指南", link: "/document/" },
+ {
+ text: "多语言",
+ ariaLabel: "Language Menu",
+ items: [
+ { text: "简体中文", link: "/" },
+ { text: "English", link: "/en" }
+ ]
+ }
+ ],
+ sidebar: {
+ "/config/": [
+ {
+ title: "特性详解",
+ children: [
+ "features/vless",
+ "features/xtls",
+ "features/fallback",
+ "features/env",
+ "features/multiple"
+ ]
+ },
+ {
+ title: "基础配置",
+ collapsable: false,
+ path: "/config/",
+ children: [
+ "api",
+ "dns",
+ "fakedns",
+ "inbound",
+ "outbound",
+ "policy",
+ "reverse",
+ "routing",
+ "stats",
+ "transport"
+ ]
+ },
+ {
+ title: "入站代理",
+ collapsable: false,
+ path: "/config/inbounds/",
+ children: [
+ "inbounds/dokodemo",
+ "inbounds/http",
+ "inbounds/shadowsocks",
+ "inbounds/socks",
+ "inbounds/trojan",
+ "inbounds/vless",
+ "inbounds/vmess"
+ ]
+ },
+ {
+ title: "出站代理",
+ collapsable: false,
+ path: "/config/outbounds/",
+ children: [
+ "outbounds/blackhole",
+ "outbounds/dns",
+ "outbounds/freedom",
+ "outbounds/http",
+ "outbounds/shadowsocks",
+ "outbounds/socks",
+ "outbounds/trojan",
+ "outbounds/vless",
+ "outbounds/vmess"
+ ]
+ },
+ {
+ title: "底层传输",
+ collapsable: false,
+ path: "/config/transports/",
+ children: [
+ "transports/grpc",
+ "transports/h2",
+ "transports/mkcp",
+ "transports/quic",
+ "transports/tcp",
+ "transports/websocket"
+ ]
+ }
+ ],
+ "/document/level-0/": [
+ "ch01-preface",
+ "ch02-preparation",
+ "ch03-ssh",
+ "ch04-security",
+ "ch05-webpage",
+ "ch06-certificates",
+ "ch07-xray-server",
+ "ch08-xray-clients",
+ "ch09-appendix"
+ ],
+ "/document/level-1/": [
+ "fallbacks-lv1",
+ "routing-lv1-part1",
+ "routing-lv1-part2",
+ "work",
+ "fallbacks-with-sni"
+ ],
+ "/document/level-2/": [
+ "transparent_proxy/transparent_proxy",
+ "tproxy",
+ "iptables_gid",
+ "redirect"
+ ],
+ "/": "auto"
+ }
+ },
+ markdown: {
+ toc: {
+ includeLevel: [2]
+ },
+ extendMarkdown: md => {
+ md.use(require("markdown-it-footnote"));
+ }
+ },
+ chainWebpack: config => {
+ config.module
+ .rule("webp")
+ .test(/\.(webp)(\?.*)?$/)
+ .use("file-loader")
+ .loader("file-loader")
+ .options({
+ name: `assets/img/[name].[hash:8].[ext]`
+ });
+ }
+};
diff --git a/docs/document/level-2/README.md b/docs/document/level-2/README.md
index a370a23c3..ce202f0af 100644
--- a/docs/document/level-2/README.md
+++ b/docs/document/level-2/README.md
@@ -16,3 +16,8 @@
[[透明代理]通过gid规避Xray流量](./iptables_gid.md) by 
[@kirin](https://github.com/kirin10000)
在iptables/nftables实现的透明代理中,一种新的规避Xray流量的方式。
+
+
+[通过Xray将特定的流量指向特定出口,实现全局路由“分流”](./redirect.md) by 
[@Zzz3m](https://github.com/Zzz3m)
+
+将Xray玩出花:基于 fwmark 或 sendThrough 方式实现“分流”。
diff --git a/docs/document/level-2/redirect.md b/docs/document/level-2/redirect.md
new file mode 100644
index 000000000..50757e4ca
--- /dev/null
+++ b/docs/document/level-2/redirect.md
@@ -0,0 +1,350 @@
+# 将特定流量指向特定出口
+
+通过 Xray 将特定的流量指向特定出口,实现全局路由“分流”
+
+## 前言
+
+之前在网络上看到许多代理或者 VPN 会接管全局路由,如果与 Xray 同时安装,会导致 Xray 失效。参考了网络上许多教程,及时分流,也是通过维护一张或者多张 CIDR
+路由表来实现的。这种情况下并不优雅,如果我想可以任意替换,实现按需分流,那有没有更好的办法呢?有!
+
+通过 fwmark 或 Xray 的 sendThrough,再简单配合路由表功能即可实现:
+
+1. Xray 可设置指定的 Tag、域名等走指定接口。如果您的接口是双栈的,可以指定 IPV4 或者 IPV6
+2. 其余用户则走原 IPV4 或者 IPV6
+
+具体设置如下(以 Debian10 为例):
+
+## 1、安装代理或者 VPN 软件(例如 Wireguard、IPsec 等)
+
+根据不同系统和不同软件,请参考官方安装方法
+
+## 2、编辑 VPN 配置文件(以 WireGuard 为例)
+
+原始文件:
+
+
+
+
+
+```ini
+[Interface]
+PrivateKey = xxxxxxxxxxxxxxxxxxxx
+Address = "your wg0 v4 address"
+Address = "your wg0 v6 address"
+DNS = 8.8.8.8
+MTU = 1280
+[Peer]
+PublicKey = xxxxxxxxxxxxxxxxxxxxx
+AllowedIPs = ::/0
+AllowedIPs = 0.0.0.0/0
+Endpoint = "ip:port"
+```
+
+在 `[Interface]` 下添加如下命令:
+
+```ini
+Table = off
+PostUP = ip -4 rule add fwmark lookup
+PostUP = ip -4 route add default dev <接口名称> table
+PostUP = ip -4 rule add table main suppress_prefixlength 0
+PostUP = ip -6 rule add fwmark lookup
+PostUP = ip -6 rule add not fwmark table
+PostUP = ip -6 route add ::/0 dev <接口名称> table
+PostUP = ip -6 rule add table main suppress_prefixlength 0
+PostDown = ip -4 rule delete fwmark lookup
+PostDown = ip -4 rule delete table main suppress_prefixlength 0
+PostDown = ip -6 rule delete fwmark lookup
+PostDown = ip -6 rule delete not fwmark table
+PostDown = ip -6 rule delete table main suppress_prefixlength 0
+```
+
+::: tip
+
+- 此命令表示 IPv4 中 fwmark 为 ``,IPv6 中 fwmark 为``,::/0 全局 v6 走 WireGuard
+- 可根据自己需求增删命令,mark 值要与 Xray-core 中设置为相同,table 值自定
+- 如果不支持配置文件,可以在系统中修改路由表
+ :::
+
+
+
+
+
+```ini
+[Interface]
+PrivateKey = xxxxxxxxxxxxxxxxxxxx
+Address = "your wg0 v4 address"
+Address = "your wg0 v6 address"
+DNS = 8.8.8.8
+MTU = 1280
+[Peer]
+PublicKey = xxxxxxxxxxxxxxxxxxxxx
+AllowedIPs = ::/0
+AllowedIPs = 0.0.0.0/0
+Endpoint = "ip:port"
+```
+
+在 `[Interface]` 下添加如下命令:
+
+```ini
+Table = off
+PostUP = ip -4 rule add from "your wg0 v4 address" lookup
+PostUP = ip -4 route add default dev wg0 table
+PostUP = ip -4 rule add table main suppress_prefixlength 0
+PostUP = ip -6 rule add not fwmark table
+PostUP = ip -6 route add ::/0 dev wg0 table
+PostUP = ip -6 rule add table main suppress_prefixlength 0
+PostDown = ip -4 rule delete from "your wg0 v4 address" lookup
+PostDown = ip -4 rule delete table main suppress_prefixlength 0
+PostDown = ip -6 rule delete not fwmark table
+PostDown = ip -6 rule delete table main suppress_prefixlength 0
+```
+
+::: tip
+
+- 此命令表示 IPV4 中来自 `your wg0 v4 address` 地址的走 WireGuard,IPv6 中::/0 全局 v6 走 WireGuard)
+- 可根据自己需求增删命令,实现 v6 分流,也可以与 fwmark 融合
+- 如果不支持配置文件,可以在系统中修改路由表
+ :::
+
+
+
+
+
+保存
+
+可顺手安装
+
+```bash
+apt install openresolv
+```
+
+## 3、启用 WireGuard 网络接口
+
+加载内核模块
+
+```bash
+modprobe wireguard
+```
+
+检查 WG 模块加载是否正常
+
+```bash
+lsmod | grep wireguard
+```
+
+## 4、Xray-core 配置文件修改
+
+
+
+
+
+```json
+{
+ "api": {
+ "services": [
+ "HandlerService",
+ "LoggerService",
+ "StatsService"
+ ],
+ "tag": "api"
+ },
+ "inbounds": [
+ {
+ "listen": "127.0.0.1",
+ "port": ,
+ "protocol": "dokodemo-door",
+ "settings": {
+ "address": "127.0.0.1"
+ },
+ "tag": "api"
+ }
+ ],
+ "outbounds": [
+ {
+ "protocol": "freedom",
+ "settings": {
+ "domainStrategy": "UseIPv6"
+ //设置默认用户走指定方式”UseIPv6”或者”UseIPv4”
+ }
+ },
+ {
+ "protocol": "freedom",
+ "tag": "wg0",
+ "streamSettings": {
+ "sockopt": {
+ "mark":
+ }
+ },
+ "settings": {
+ "domainStrategy": "UseIPv6"
+ }
+ //设置fwmark为的用户走指定方式”UseIPv6””UseIPv4”
+ },
+ {
+ "protocol": "blackhole",
+ "settings": {},
+ "tag": "blocked"
+ }
+ ],
+ "policy": {
+ "system": {
+ "statsInboundDownlink": true,
+ "statsInboundUplink": true
+ }
+ },
+ "routing": {
+ "rules": [
+ {
+ "inboundTag": [
+ "api"
+ ],
+ "outboundTag": "api",
+ "type": "field"
+ },
+ {
+ "type": "field",
+ "outboundTag": "wg0",
+ "inboundTag": [
+ ""
+ //需要之前在inbound中指定好Tag,我这里是api生成的,还可以添加域名等等
+ ]
+ },
+ {
+ "outboundTag": "blocked",
+ "protocol": [
+ "bittorrent"
+ ],
+ "type": "field"
+ }
+ ]
+ },
+ "stats": {}
+}
+```
+
+
+
+
+
+```json
+{
+ "api": {
+ "services": [
+ "HandlerService",
+ "LoggerService",
+ "StatsService"
+ ],
+ "tag": "api"
+ },
+ "inbounds": [
+ {
+ "listen": "127.0.0.1",
+ "port": ,
+ "protocol": "dokodemo-door",
+ "settings": {
+ "address": "127.0.0.1"
+ },
+ "tag": "api"
+ }
+ ],
+ "outbounds": [
+ {
+ "protocol": "freedom",
+ "settings": {
+ "domainStrategy": "UseIPv4"
+ }
+ //修改此处,可v4或者v6
+ },
+ {
+ "tag": "wg0",
+ "protocol": "freedom",
+ "sendThrough": "your wg0 v4 address",
+ //修改此处,可v4或者v6
+ "settings": {
+ "domainStrategy": "UseIPv4"
+ }
+ //修改此处,可v4或者v6
+ },
+ {
+ "protocol": "blackhole",
+ "settings": {},
+ "tag": "blocked"
+ }
+ ],
+ "policy": {
+ "system": {
+ "statsInboundDownlink": true,
+ "statsInboundUplink": true
+ }
+ },
+ "routing": {
+ "rules": [
+ {
+ "inboundTag": [
+ "api"
+ ],
+ "outboundTag": "api",
+ "type": "field"
+ },
+ {
+ "type": "field",
+ "outboundTag": "wg0",
+ "inboundTag": [
+ ""
+ //需要之前在 inbound 中指定好 Tag,我这里是 api 生成的,还可以添加域名等等
+ ]
+ },
+ {
+ "outboundTag": "blocked",
+ "protocol": [
+ "bittorrent"
+ ],
+ "type": "field"
+ }
+ ]
+ },
+ "stats": {}
+}
+```
+
+
+
+
+
+::: tip
+可以通过修改 "domainStrategy": "UseIPv6"来控制对应用户的访问方式 实测优先级要高于系统本身的 gai.config
+:::
+
+## 5、系统设置配置
+
+::: tip
+需要打开系统的 ip_forward
+:::
+
+## 6、完成 WireGuard 相关设置
+
+开启隧道
+
+```bash
+wg-quick up wg0
+
+```
+
+开机自启
+
+```bash
+systemctl enable wg-quick@wg0
+systemctl start wg-quick@wg0
+```
+
+验证 IPv4/IPv6
+
+> 自行验证 Google 搜索 myip
+
+## 后记
+
+本文本意是可以避免的多余的流量浪费,将路由和分流的功能交给 Xray 处理。避免了维护路由表的繁琐工作。顺便技术提升 UP。
+
+## 感谢
+
+@Xray-core @V2ray-core @WireGuard @p3terx @w @Hiram @Luminous @Ln @JackChou