overtls 搭配 sing-box 翻墙的方法
overtls 搭配 tun2proxy 可以实现全局翻墙,并且使用简单,缺点是不能国内外分流,也不能对流量进行比较精确的控制。overtls 搭配 sing-box 就基本没有缺点了
sing-box 是超强翻墙利器:
- 支持的翻墙协议多
- 支持的平台多
- 功能多,比如,可国内、国外流量分流
如何下载 sing-box
可到 sing-box 的 github 官网下载:
https://github.com/SagerNet/sing-box
Windows 可用 scoop 下载:
scoop install sing-box
安装后 sing-box 所在目录类似下面:
C:\Users\your_name\scoop\apps\sing-box\current
sing-box overtls 翻墙配置文件
config.json
{
"dns": {
"servers": [
{
"tag": "dns_proxy",
"address": "https://1.1.1.1/dns-query",
"address_resolver": "dns_resolver",
"strategy": "ipv4_only",
"detour": "select"
},
{
"tag": "dns_direct",
"address": "h3://dns.alidns.com/dns-query",
"address_resolver": "dns_resolver",
"strategy": "ipv4_only",
"detour": "direct"
},
{
"tag": "dns_block",
"address": "rcode://refused"
},
{
"tag": "dns_resolver",
"address": "223.5.5.5",
"strategy": "ipv4_only",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "dns_resolver"
},
{
"clash_mode": "direct",
"server": "dns_direct"
},
{
"clash_mode": "global",
"server": "dns_proxy"
},
{
"process_name": [
"TencentMeeting",
"NemoDesktop",
"ToDesk",
"ToDesk_Service",
"WeChat",
"Tailscale",
"wireguard-go",
"Tunnelblick",
"softwareupdated",
"kubectl"
],
"server": "dns_direct"
},
{
"domain_suffix": [
"icloudnative.io",
"fuckcloudnative.io",
"sealos.io",
"cdn.jsdelivr.net"
],
"server": "dns_direct"
},
{
"process_name": [
"DropboxMacUpdate",
"Dropbox"
],
"server": "dns_proxy"
},
{
"package_name": [
"com.google.android.youtube",
"com.android.vending",
"org.telegram.messenger",
"org.telegram.plus"
],
"server": "dns_proxy"
},
{
"rule_set": "geosite-geolocation-!cn",
"server": "dns_proxy"
},
{
"rule_set": "Global",
"server": "dns_proxy"
},
{
"rule_set": [
"YouTube",
"Telegram",
"Netflix",
"geoip-google",
"geoip-telegram",
"geoip-twitter",
"geoip-netflix"
],
"server": "dns_proxy"
}
],
"final": "dns_direct"
},
"ntp": {
"enabled": true,
"server": "time.apple.com",
"server_port": 123,
"interval": "30m0s",
"detour": "direct"
},
"inbounds": [
{
"type": "tun",
"inet4_address": "198.18.0.1/16",
"auto_route": true,
"exclude_package": [
"cmb.pb",
"cn.gov.pbc.dcep",
"com.MobileTicket",
"com.adguard.android",
"com.ainemo.dragoon",
"com.alibaba.android.rimet",
"com.alicloud.databox",
"com.amazing.cloudisk.tv",
"com.autonavi.minimap",
"com.bilibili.app.in",
"com.bishua666.luxxx1",
"com.cainiao.wireless",
"com.chebada",
"com.chinamworld.main",
"com.cmbchina.ccd.pluto.cmbActivity",
"com.coolapk.market",
"com.ctrip.ct",
"com.dianping.v1",
"com.douban.frodo",
"com.eg.android.AlipayGphone",
"com.farplace.qingzhuo",
"com.hanweb.android.zhejiang.activity",
"com.leoao.fitness",
"com.lucinhu.bili_you",
"com.mikrotik.android.tikapp",
"com.moji.mjweather",
"com.motorola.cn.calendar",
"com.motorola.cn.lrhealth",
"com.netease.cloudmusic",
"com.sankuai.meituan",
"com.sina.weibo",
"com.smartisan.notes",
"com.sohu.inputmethod.sogou.moto",
"com.sonelli.juicessh",
"com.ss.android.article.news",
"com.ss.android.lark",
"com.ss.android.ugc.aweme",
"com.tailscale.ipn",
"com.taobao.idlefish",
"com.taobao.taobao",
"com.tencent.mm",
"com.tencent.mp",
"com.tencent.soter.soterserver",
"com.tencent.wemeet.app",
"com.tencent.weread",
"com.tencent.wework",
"com.ttxapps.wifiadb",
"com.unionpay",
"com.unnoo.quan",
"com.wireguard.android",
"com.xingin.xhs",
"com.xunmeng.pinduoduo",
"com.zui.zhealthy",
"ctrip.android.view",
"io.kubenav.kubenav",
"org.geekbang.geekTime",
"tv.danmaku.bili"
],
"stack": "mixed",
"sniff": true
},
{
"type": "socks",
"tag": "socks-in",
"listen": "::",
"listen_port": 5319
}
],
"outbounds": [
{
"type": "selector",
"tag": "select",
"outbounds": [
"overtls"
],
"default": "overtls"
},
{
"type": "selector",
"tag": "openai",
"outbounds": [
"overtls"
],
"default": "overtls"
},
{
"type": "selector",
"tag": "tiktok",
"outbounds": [
"overtls"
],
"default": "overtls"
},
{
"type": "socks",
"tag": "overtls",
"server": "127.0.0.1",
"server_port": 765,
"version": "5",
"network": "tcp",
"udp_over_tcp": {
"enabled": false,
"version": 2
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"clash_mode": "direct",
"outbound": "direct"
},
{
"clash_mode": "global",
"outbound": "select"
},
{
"domain_suffix": [
"icloudnative.io",
"fuckcloudnative.io",
"sealos.io",
"cdn.jsdelivr.net"
],
"outbound": "direct"
},
{
"process_name": [
"TencentMeeting",
"NemoDesktop",
"ToDesk",
"ToDesk_Service",
"WeChat",
"OpenLens",
"Tailscale",
"wireguard-go",
"Tunnelblick",
"softwareupdated",
"kubectl"
],
"outbound": "direct"
},
{
"protocol": "quic",
"outbound": "block"
},
{
"inbound": "socks-in",
"outbound": "select"
},
{
"rule_set": [
"WeChat",
"Bilibili"
],
"outbound": "direct"
},
{
"rule_set": "OpenAI",
"outbound": "openai"
},
{
"domain_suffix": [
"openai.com",
"oaistatic.com",
"oaiusercontent.com"
],
"outbound": "openai"
},
{
"package_name": "com.openai.chatgpt",
"outbound": "openai"
},
{
"rule_set": "TikTok",
"outbound": "tiktok"
},
{
"package_name": "com.zhiliaoapp.musically",
"outbound": "tiktok"
},
{
"domain_suffix": [
"depay.one",
"orbstack.dev"
],
"outbound": "select"
},
{
"process_name": [
"DropboxMacUpdate",
"Dropbox"
],
"outbound": "select"
},
{
"package_name": [
"com.google.android.youtube",
"com.android.vending",
"org.telegram.messenger",
"org.telegram.plus",
"com.google.android.googlequicksearchbox",
"app.rvx.android.youtube",
"com.mudvod.video",
"com.fox2code.mmm",
"com.twitter.android"
],
"outbound": "select"
},
{
"domain": "accounts.google.com",
"domain_suffix": [
"sourceforge.net",
"fhjasokiwq.com"
],
"outbound": "select"
},
{
"domain_suffix": "cloud.sealos.io",
"outbound": "direct"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"rule_set": "geosite-geolocation-!cn"
},
{
"rule_set": "geoip-cn",
"invert": true
}
],
"outbound": "select"
},
{
"rule_set": "Global",
"outbound": "select"
},
{
"rule_set": "geoip-cn",
"outbound": "direct"
},
{
"ip_is_private": true,
"outbound": "direct"
},
{
"rule_set": [
"YouTube",
"Telegram",
"Netflix",
"geoip-google",
"geoip-telegram",
"geoip-twitter",
"geoip-netflix"
],
"outbound": "select"
}
],
"rule_set": [
{
"type": "remote",
"tag": "geosite-geolocation-!cn",
"format": "binary",
"url": "https://ghp.ci/https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "geoip-cn",
"format": "binary",
"url": "https://ghp.ci/https://raw.githubusercontent.com/CHIZI-0618/v2ray-rules-dat/release/singbox_ip_rule_set/geoip-cn.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "geoip-google",
"format": "binary",
"url": "https://ghp.ci/https://raw.githubusercontent.com/CHIZI-0618/v2ray-rules-dat/release/singbox_ip_rule_set/geoip-google.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "geoip-telegram",
"format": "binary",
"url": "https://ghp.ci/https://raw.githubusercontent.com/CHIZI-0618/v2ray-rules-dat/release/singbox_ip_rule_set/geoip-telegram.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "geoip-twitter",
"format": "binary",
"url": "https://ghp.ci/https://raw.githubusercontent.com/CHIZI-0618/v2ray-rules-dat/release/singbox_ip_rule_set/geoip-twitter.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "geoip-netflix",
"format": "binary",
"url": "https://ghp.ci/https://raw.githubusercontent.com/CHIZI-0618/v2ray-rules-dat/release/singbox_ip_rule_set/geoip-netflix.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "Global",
"format": "source",
"url": "https://ghp.ci/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/Global.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "YouTube",
"format": "source",
"url": "https://ghp.ci/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/YouTube.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "OpenAI",
"format": "source",
"url": "https://ghp.ci/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/OpenAI.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "TikTok",
"format": "source",
"url": "https://ghp.ci/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/TikTok.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "Telegram",
"format": "source",
"url": "https://ghp.ci/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/Telegram.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "Netflix",
"format": "source",
"url": "https://ghp.ci/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/Netflix.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "WeChat",
"format": "source",
"url": "https://ghp.ci/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/WeChat.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "Bilibili",
"format": "source",
"url": "https://ghp.ci/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/Bilibili.json",
"download_detour": "direct"
}
],
"final": "direct",
"find_process": true,
"auto_detect_interface": true
},
"experimental": {
"cache_file": {
"enabled": true
},
"clash_api": {
"external_controller": "0.0.0.0:9090",
"external_ui": "metacubexd",
"external_ui_download_url": "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip",
"external_ui_download_detour": "select",
"default_mode": "rule"
}
}
}
上面的配置文件主体来自下面文章:
sing-box 基础教程:sing-box 的配置方法和使用教程
其中关于 overtls 的配置参考:
也就是这段:
{
"type": "socks",
"tag": "overtls",
// overtls 监听的本机地址
"server": "127.0.0.1",
// overtls 监听的端口
"server_port": 765,
"version": "5",
"network": "tcp",
"udp_over_tcp": {
"enabled": false,
"version": 2
}
},
一般情况下,你只要修改 overtls 监听的端口成实际值就行。如果你本机 overtls 监听的端口和上面配置文件中的相同,你可以直接使用这个配置,可谓十分方便
从命令行运行 sing-box 的方法
sudo sing-box run --directory path/to/working-directory --config config.json
# 也可以简写成如下,表示使用默认配置文件名 config.json
sudo sing-box run --directory path/to/working-directory
解释:
-
sudo申请管理员权限。建议用 scoop 安装
sudo:scoop install sudo另一种安装 sudo 的方法。在 windows 10 和以上平台上,可以自行安裝 sudo 程序來模拟 Linux 的类似行为,首先安裝 gsudo
winget install -e --id gerardog.gsudo你也可以不安装 sudo,而是从管理员权限的控制台执行命令
-
--directory path/to/working-directory设定 sing-box 的工作目录,这是可选的
如果用 scoop 安装的 sing-box,设定另外的工作目录以保存相关文件比较好
-
--config config.json设定配置文件路径
如果设定了工作目录,给出配置文件名就行,不用指定绝对路径
因为我们已经指定了配置文件的目录,此项可不用,除非你的配置文件名不是
config.json
关于 DNS 泄露
经测试,本文用的 sing-box 配置文件会有 DNS 泄露
测试方法,运行 sin-box 后,打开浏览器检测网站,如:
如果显示的 “IP Address” 是国外的就没有问题
临时解决办法,把配置文件中的 "final": "dns_direct" 改成 "final": "dns_proxy" ,但是这会导致打开国内网站的速度很慢(2024-10-01)
关于 sing-box Windows 客户端
-
hiddify-next
https://github.com/hiddify/hiddify-next
会在 Windows 系统设置代理,退出软件后导致无法上网
-
GUI.for.SingBox
https://github.com/GUI-for-Cores/GUI.for.SingBox
适合订阅,不适合自己编辑 config.json
sing-box Windows 10 上的 bug
Windows 10 系统,当天第一次运行 sing-box 时,会出错:
FATAL[0016] start service: initialize inbound/tun[tun-in]: configure tun interface: Cannot create a file when that file already exists
再次运行 sing-box 就正常了
据说 Windows 11 上没有问题
临时的解决办法,在运行 sing-box 前,修改 interface_name 成随机字符串:
{
"tag": "tun-in",
"type": "tun",
"interface_name": "singbox",
"inet4_address": "172.19.0.1/30",
"mtu": 9000,
"stack": "mixed",
"auto_route": true,
"strict_route": true,
"sniff": true
}
bash 代码如下:
# Generate a random string (e.g., 10 characters long)
randomString=$(openssl rand -hex 5)
# Use sed to replace the interface_name value with the generated random string
sed -i "s/\"interface_name\": \"[^\"]*\"/\"interface_name\": \"$randomString\"/" config.json
2024-11-08
相关内容
- 简单、高速、稳定的翻墙软件 overtls 安装、使用教程
- overtls + tun2proxy 实现全局翻墙,所有流量走代理
- overtls Android 手机翻墙上网教程
- 把 overtls、tun2proxy 设置成开机自动启动的系统服务
- overtls + sing-box,分享一个比较完美的 sing-box 配置
- sing-box 基础教程:sing-box 的配置方法和使用教程
- https://github.com/ShadowsocksR-Live/overtls
- https://github.com/softwaredownload/openwrt-fanqiang
2024-09-25