OpenVPN For Android实现手机刷Twitter
来源:互联网 发布:淘宝修改价格销量清零 编辑:程序博客网 时间:2024/04/29 13:04
笔者有时候也会刷刷Twitter,或者上Facebook吹吹牛逼,目前的Android对于VPN支持实在是渣渣,用了很多免费的VPN方案都让人欲哭无泪。于是有了自己弄一套VPN的想法,以实现笔者刷刷Twitter,吹吹牛逼的梦想!
基本配置:
1、服务器一台(位于美帝的洛杉矶),CentOS5 64bit,编译安装OpenVPN Server v2.3.4
2、Android手机一部(酷派,android4.2,VPN在Android4.0以上,依赖Google提供的VPNService服务,无需root),安装Ics-OpenVPN(OpenVPN的Android版本)
基本网络拓扑图:
Server配置:
#Set OpenVPN major mode. By default, OpenVPN runs in point-to-point mode ("p2p"). OpenVPN 2.0 introduces a new mode ("server") which impl#ements a multi-client server capability.#mode server# IF YOU HAVE NOT GENERATED INDIVIDUAL# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,# EACH HAVING ITS OWN UNIQUE "COMMON NAME",# UNCOMMENT THIS LINE OUT.duplicate-cn#listen on IPv4local 0.0.0.0#we use a non-default portport 11194#UDP protocol chosen for better protection against DoS attacks and port scanningproto tcp#using routed IP tunneldev tun#relative paths to keys and certificatesca /usr/local/openvpn/easy-rsa/keys/ca.crtcert /usr/local/openvpn/easy-rsa/keys/server.crtkey /usr/local/openvpn/easy-rsa/keys/server.keydh /usr/local/openvpn/easy-rsa/keys/dh1024.pem#set OpenVPN subnetserver 10.6.0.0 255.255.0.0push "redirect-gateway def1"push "dhcp-option DNS 8.8.8.8"push "dhcp-option DNS 8.8.4.4"#for route stunnel from gateway directlypush "route your server IP 255.255.255.255 net_gateway"#maintain a record of client-to-virtual-IP-addressifconfig-pool-persist ipp.txt#ping every 10 seconds, assume that remote peer is down if no ping received during 60keepalive 10 60#cryptographic cipher, must be the same (copied) on the client config file as wellcipher AES-256-CBC#enable compression on VPN linkcomp-lzomax-clients 500#try to preserve some state across restartspersist-keypersist-tun#status log filestatus /usr/local/openvpn/conf/openvpn-status.log#log file#log-append /usr/local/openvpn/conf/openvpn.log#log file verbosityverb 3
Client配置:
clientdev tunproto tcpremote your vpn server IP 11194resolv-retry infinitenobindpersist-keypersist-tunmute-replay-warningsns-cert-type servercipher AES-256-CBCcomp-lzoverb 3#tun-mtu 1500#tun-mtu-extra 32#fragment 1450#mssfix <ca>-----BEGIN CERTIFICATE-----CA-----END CERTIFICATE-----</ca><cert>-----BEGIN CERTIFICATE-----CERTIFICATE-----END CERTIFICATE-----</cert><key>-----BEGIN PRIVATE KEY-----PRIVATE KEY-----END PRIVATE KEY-----</key>
关于Openvpn的安装,以及CA等证书的生成操作可参考网络相关资料,不再赘述。
这里重点说明一点,服务端配置要加上:
push "redirect-gateway def1"push "dhcp-option DNS 8.8.8.8"push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1"将修改Android路由,重定向所有web流量至vpn,默认只定向vpn私网段的流量,这里是10.6.0.0/16。
后面两条配置是修改客户端dns为google public dns,切记!
好了,我们连上vpn后,打开浏览器浏览看看,貌似和我们想的不太一样,还是不能愉快的刷facebook,经常断?经常连不上?于是乎,又开始了漫长的Google之旅,大致找到原因,因为GFW~~~,据说采用了新的DPI牛逼技术,可以探测OpenVPN的连接握手过程,并采用终极大招,将连接重置,于是乎就悲剧了,还是不能愉快的玩耍!
好吧,继续下一招,采用stunnel来封装openvpn tunnel,说白了就是再加上一层保险,让Openvpn的流量看起来更像普通的SSL连接,以不那么容易被识别。
笔者采用的stunnel客户端版本为stunnel 5.06 on arm-unknown-linux-androideabi platform。
Stunnel服务端配置:
sslVersion = alloptions = -NO_SSLv2options = -NO_SSLv3cert = /etc/stunnel/server.pempid = /var/run/stunnel.pidoutput = /var/log/stunnel;debug = 7;foreground = yes[openvpn]client = noaccept=993connect=11194
Stunnel客户端配置:
debug = 7foreground = yes[openvpn]client = yesaccept = 127.0.0.1:1194connect = your vpn server IP:993
好了,大功告成,终于可以愉快的玩耍了!另外,针对OpenVPN对于Http URL级别的过滤机制不完善(也很正常,毕竟VPN是个IP层面的东西,都是IP,没有什么URL),笔者也做了测试,可以通过Squid透明代理来在服务端实现基于URL的过滤机制,毕竟咱捣鼓这玩意只是自己玩玩,被用来上那些什么非法网站就不好了。
另外,服务端的iptables需要做NAT,附上:
-A PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j DNAT --to-destination your server IP:8080 -A POSTROUTING -s 10.6.0.0/255.255.0.0 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.6.0.0/255.255.0.0 -j SNAT --to-source your server IP
好了,开始愉快的玩耍了
申明:本文仅限于技术研究之目的,请勿用于其他目的,转载请注明来源!
- OpenVPN For Android实现手机刷Twitter
- OpenVpn for Android编译
- OpenVPN for Android
- OpenVPN for Android
- Openvpn搭建免流服务器实现手机免流
- Openvpn搭建免流服务器实现手机免流
- Openvpn搭建免流服务器实现手机免流
- : android 手机如何访问facebook,twitter等国外知名网站
- Android 中模仿 Twitter 实现 Toolbar Indicator
- android实现推特Twitter分享
- android实现推特Twitter分享
- OpenVPN 客户端For OSX
- OpenVPN for CentOS搭建
- 手机音乐下载 for android
- python for android : 手机摇一摇
- 深度定制 OpenVPN for Windows
- 深度定制 OpenVPN for Windows
- 深度定制 OpenVPN for Windows
- ArcGIS教程:地统计模拟的示例
- 解决android中使用shape文件画虚线不显示
- java.lang.reflect.Proxy 类实例
- C#json数组生成静态HTML
- 精选30道Java笔试题解答
- OpenVPN For Android实现手机刷Twitter
- 怎样使用Android SDK 帮助文档
- 安卓全屏及退出全屏设置
- MySQL MHA+Keepalived
- eclipse svn 分支 开发
- for in loop 循环语句
- BSOD及代码详解
- 自定义浏览器滚动条的样式,打造属于你的滚动条风格
- 使用DisUnity解包unity资源文件