Halaman utama Jelajahi Bantuan
Masuk
limour
/
limour-blog.github.io
cermin dari https://dl.limour.top/cf/https://github.com/limour-blog/limour-blog.github.io.git
1
0
Fork 0
Berkas Masalah 0
Pohon: 3ed4967515
Ranting Tag
limour-blog.git...
/
source
/
_posts
/
2023-10-27-【探索】基于QUIC的内网穿透协议.md

2023-10-27-【探索】基于QUIC的内网穿透协议.md 5.5 KB
Riwayat Mentahan

title: 【探索】基于QUIC的内网穿透协议 urlname: Protocol-for-intranet-penetration-based-on-QUIC date: 2023-10-27 20:46:07 index_img: https://api.limour.top/randomImg?d=2023-10-27 20:46:07

tags: ['docker', 'ngpm', "内网穿透", '探索']

环境和依赖

  • 内网穿透服务

  • 证书自动申请服务

    mkdir -p ~/base/NPS && cd ~/base/NPS && mkdir conf
nano docker-compose.yml
nano conf/nps.conf
touch conf/{clients,hosts,tasks}.json
sudo docker-compose up -d
# 反代 dashboard 8080

    version: '3.3'
services:
nps:
container_name: nps
restart: unless-stopped
ports:
  - '8024:8024'
  - '6000-6002:6000-6002/udp'
volumes:
  - './conf:/conf'
  - '/etc/localtime:/etc/localtime:ro'
image: yisier1/nps
 
networks:
default:
external: true
name: ngpm

    appname = nps
#Boot mode(dev|pro)
runmode = pro
 
#HTTP(S) proxy port, no startup if empty
http_proxy_ip=0.0.0.0
http_proxy_port=18081
 
##bridge
bridge_type=tcp
bridge_port=8024
bridge_ip=0.0.0.0
 
#Traffic data persistence interval(minute)
#Ignorance means no persistence
#flow_store_interval=1
 
# log level LevelEmergency->0  LevelAlert->1 LevelCritical->2 LevelError->3 LevelWarning->4 LevelNotice->5 LevelInformational->6 LevelDebug->7
log_level=7
#log_path=nps.log
 
#Whether to restrict IP access, true or false or ignore
#ip_limit=true
 
#allow_ports=9001-9009,10001,11000-12000
 
#Web management multi-user login
allow_user_login=false
allow_user_register=false
allow_user_change_username=false
 
#extension
allow_flow_limit=false
allow_rate_limit=false
allow_tunnel_num_limit=false
allow_local_proxy=false
allow_connection_num_limit=false
allow_multi_ip=false
system_info_display=true
 
#cache
http_cache=false
http_cache_length=100
 
#get origin ip
http_add_origin_header=false
 
#pprof debug options
#pprof_ip=0.0.0.0
#pprof_port=9999
 
#client disconnect timeout
disconnect_timeout=60
 
# 以下的需要进行配置
# Public password, which clients can use to connect to the server
# After the connection, the server will be able to open relevant ports and parse related domain names according to its own configuration file.
public_vkey=<16个字符>
 
#Web API unauthenticated IP address(the len of auth_crypt_key must be 16)
#Remove comments if needed
auth_key=<24个字符>
auth_crypt_key=<16个字符>
 
#web
web_host=limour.top
web_username=Limour
web_password=<16个字符>
web_port = 8080
web_ip=0.0.0.0
web_open_ssl=false
web_base_url=
open_captcha=true
# if web under proxy use sub path. like http://host/nps need this.
#web_base_url=/nps
 
#p2p
p2p_ip=<写服务器的ip>
p2p_port=6000
# 设置为6000,请在控制台防火墙开放6000~6002(额外添加2个端口)udp端口

配置端口映射

nano Port-Hopping.sh && chmod +x Port-Hopping.sh
nano /etc/systemd/system/Port-Hopping.service
systemctl enable Port-Hopping && systemctl start Port-Hopping && systemctl status Port-Hopping && iptables -t nat -L

#!/bin/bash
# IPv4
/usr/sbin/iptables  -t nat -A PREROUTING -i eth0 -p udp --dport 32768:61000 -j DNAT --to-destination :3234
# IPv6
/usr/sbin/ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 32768:61000 -j DNAT --to-destination :3234

[Unit]
Description=Port-Hopping
After=network.target docker.service
[Service]
ExecStart=/root/Port-Hopping.sh
Restart=on-failure
[Install]
WantedBy=multi-user.target

配置quic

sudo docker network create sswitch
mkdir -p ~/app/quic && cd ~/app/quic && nano docker-compose.yml
nano hysteria.yaml
sudo docker-compose up -d && sudo docker-compose logs

version: '3.9'
services:
  hysteria:
    image: tobyxdd/hysteria
    restart: always
    extra_hosts:
      - 'host.docker.internal:host-gateway'
    ports:
      - '3234:3234/udp'
    volumes:
      - ./hysteria.yaml:/etc/hysteria.yaml
      - /root/base/NGPM/letsencrypt:/home/ubuntu/letsencrypt
    command: ["server", "-c", "/etc/hysteria.yaml"]
 
networks:
  default:
    external: true
    name: sswitch

listen: :3234 
 
tls:
  cert: /home/ubuntu/letsencrypt/live/npm-1/fullchain.pem
  key: /home/ubuntu/letsencrypt/live/npm-1/privkey.pem
 
auth:
  type: password
  password: Se7RAuFZ8Lzg 
 
bandwidth:
  up: 3 mbps
  down: 3 mbps
 
masquerade: 
  type: proxy
  proxy:
    url: https://hexo.limour.top/ 
    rewriteHost: true

测试转发

  • 在客户端新建config.yaml, 写入以下内容

    server: hexo.limour.top:32768-61000
 
auth: Se7RAuFZ8Lzg 
 
bandwidth: 
up: 3 mbps
down: 3 mbps
 
#socks5:
#  listen: 127.0.0.1:1580 
 
#http:
#  listen: 127.0.0.1:8580 
 
tcpForwarding:
- listen: 127.0.0.1:8024 
remote: host.docker.internal:8024

测试穿透

.\npc.exe --server=127.0.0.1:8024 -vkey=<vkey> -type=tcp

客户端示例

mkdir -p ~/app/quic-npc && cd ~/app/quic-npc && nano docker-compose.yml
nano config.yaml
sudo docker-compose up -d && sudo docker-compose logs

version: '3.3'
services:
  quic_nps:
    image: tobyxdd/hysteria
    network_mode: host
    restart: always
    volumes:
      - ./config.yaml:/etc/config.yaml
    command: ["--config", "/etc/config.yaml"]
 
  npc_lk:
    depends_on:
      - quic_nps
    network_mode: host
    image: yisier1/npc
    restart: unless-stopped
    command: -server=127.0.0.1:8024 -vkey=<vkey> -type=tcp

server: hexo.limour.top:32768-61000
 
auth: Se7RAuFZ8Lzg 
 
bandwidth: 
  up: 3 mbps
  down: 3 mbps
 
tcpForwarding:
  - listen: 127.0.0.1:8024 
    remote: host.docker.internal:8024