`--dns-address` supports multiple dns addresses, load balancing, separated by comma. For example: `--dns-address "1.1.1.1:53,8.8.8.8:53"`
You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
### 1.12 Custom encryption
The proxy's http(s) proxy can encrypt tcp data via tls standard encryption and kcp protocol on top of tcp, in addition to support customization after tls and kcp.
Encryption, that is to say, custom encryption and tls|kcp can be used in combination. The internal use of AES256 encryption, you only need to define a password when you use it.
@ -1282,6 +1297,9 @@ And the analysis result cache time (--dns-ttl) seconds, to avoid system dns inte
You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
### 5.10 Custom Encryption
The proxy's socks proxy can encrypt tcp data through tls standard encryption and kcp protocol on top of tcp. In addition, it supports custom encryption after tls and kcp, which means that custom encryption and tls|kcp can be used together. The internal use of AES256 encryption, you only need to define a password when you use it.
Encryption is divided into two parts, one is whether the local (-z) encryption and decryption, and the other is whether the transmission with the upstream (-Z) is encrypted or decrypted.
@ -1417,25 +1435,48 @@ The default is: parent.
The meaning of each value is as follows:
`--intelligent=direct`, the targets in the blocked are not directly connected.
`--intelligent=parent`, the target that is not in the direct is going to the higher level.
`--intelligent=intelligent`, blocked and direct have no targets, intelligently determine whether to use the upstream access target.
`--intelligent=intelligent`, blocked and direct have no targets, intelligently determine whether to use the upstream
access target.
### 5.18 Fixed UDP PORT
By default, the port number of the UDP function of socks5, the proxy is installed in the `rfc1982 draft` request, which is randomly specified during the protocol handshake process and does not need to be specified in advance.
By default, the port number of the UDP function of socks5, the proxy is installed in the `rfc1982 draft` request, which
is randomly specified during the protocol handshake process and does not need to be specified in advance.
However, in some cases, you need to fix the UDP function port. You can use the parameter `--udp-port port number` to fix the port number of the UDP function. For example:
However, in some cases, you need to fix the UDP function port. You can use the parameter `--udp-port port number` to fix
By default, the UDP functionality of the SOCKS5 proxy in the proxy operates in accordance with the SOCKS5 RFC 1928
specification. However, there are certain SOCKS5 clients that do not adhere to the specified rules. To ensure
compatibility with such clients, the `--udp-compat` parameter can be added to activate the compatibility mode for SOCKS5
UDP functionality.
Additionally, the `-udp-gc` parameter can be utilized to set the maximum idle time for UDP. When this time threshold is
exceeded, UDP connections will be released.
### 5.20 Help
`proxy help socks`
## 6.SPS Protocol Convert
### 6.1 Function introduction
The proxy protocol conversion uses the sps subcommand. The sps itself does not provide the proxy function. It only accepts the proxy request to "convert and forward" to the existing http(s) proxy or the socks5 proxy or ss proxy; the sps can put the existing http(s) proxy or socks5 proxy or ss proxy is converted to a port that supports both http(s) and socks5 and ss proxies, and the http(s) proxy supports forward proxy and reverse proxy (SNI), converted SOCKS5 proxy, UDP function is still supported when the upper level is SOCKS5 or SS; in addition, for the existing http(s) proxy or socks5 proxy, three modes of tls, tcp, and kcp are supported, and chain connection is supported, that is, multiple sps node levels can be supported. The connection builds an encrypted channel.
@ -1715,7 +1756,7 @@ It should be noted that the ss function of sps also has UDP function, and the UD
To specify a port that is different from the tcp port.
### 6.17 iptables 透明代理
### 6.17 Iptables Transparent Proxy
The sps mode supports the iptables transparent forwarding support of the Linux system, which is commonly referred to as the iptables transparent proxy. If a iptables transparent proxy is performed on the gateway device, the device that is connected through the gateway can realize a non-aware proxy.
The proxy's http (s) / socks5 / sps / tcp / udp proxy function supports traffic reporting. You can set an http interface address through the parameter `--traffic-url`.
`--dns-address` supports multiple dns addresses, load balancing, separated by comma. For example: `--dns-address "1.1.1.1:53,8.8.8.8:53"`
You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
### 1.12 Custom encryption
The proxy's http(s) proxy can encrypt tcp data via tls standard encryption and kcp protocol on top of tcp, in addition to support customization after tls and kcp.
Encryption, that is to say, custom encryption and tls|kcp can be used in combination. The internal use of AES256 encryption, you only need to define a password when you use it.
@ -1086,6 +1089,9 @@ And the analysis result cache time (--dns-ttl) seconds, to avoid system dns inte
You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
### 5.10 Custom Encryption
The proxy's socks proxy can encrypt tcp data through tls standard encryption and kcp protocol on top of tcp. In addition, it supports custom encryption after tls and kcp, which means that custom encryption and tls|kcp can be used together. The internal use of AES256 encryption, you only need to define a password when you use it.
Encryption is divided into two parts, one is whether the local (-z) encryption and decryption, and the other is whether the transmission with the upstream (-Z) is encrypted or decrypted.
@ -1221,25 +1227,48 @@ The default is: parent.
The meaning of each value is as follows:
`--intelligent=direct`, the targets in the blocked are not directly connected.
`--intelligent=parent`, the target that is not in the direct is going to the higher level.
`--intelligent=intelligent`, blocked and direct have no targets, intelligently determine whether to use the upstream access target.
`--intelligent=intelligent`, blocked and direct have no targets, intelligently determine whether to use the upstream
access target.
### 5.18 Fixed UDP PORT
By default, the port number of the UDP function of socks5, the proxy is installed in the `rfc1982 draft` request, which is randomly specified during the protocol handshake process and does not need to be specified in advance.
By default, the port number of the UDP function of socks5, the proxy is installed in the `rfc1982 draft` request, which
is randomly specified during the protocol handshake process and does not need to be specified in advance.
However, in some cases, you need to fix the UDP function port. You can use the parameter `--udp-port port number` to fix the port number of the UDP function. For example:
However, in some cases, you need to fix the UDP function port. You can use the parameter `--udp-port port number` to fix
By default, the UDP functionality of the SOCKS5 proxy in the proxy operates in accordance with the SOCKS5 RFC 1928
specification. However, there are certain SOCKS5 clients that do not adhere to the specified rules. To ensure
compatibility with such clients, the `--udp-compat` parameter can be added to activate the compatibility mode for SOCKS5
UDP functionality.
Additionally, the `-udp-gc` parameter can be utilized to set the maximum idle time for UDP. When this time threshold is
exceeded, UDP connections will be released.
### 5.20 Help
`proxy help socks`
## 6.SPS Protocol Convert
### 6.1 Function introduction
The proxy protocol conversion uses the sps subcommand. The sps itself does not provide the proxy function. It only accepts the proxy request to "convert and forward" to the existing http(s) proxy or the socks5 proxy or ss proxy; the sps can put the existing http(s) proxy or socks5 proxy or ss proxy is converted to a port that supports both http(s) and socks5 and ss proxies, and the http(s) proxy supports forward proxy and reverse proxy (SNI), converted SOCKS5 proxy, UDP function is still supported when the upper level is SOCKS5 or SS; in addition, for the existing http(s) proxy or socks5 proxy, three modes of tls, tcp, and kcp are supported, and chain connection is supported, that is, multiple sps node levels can be supported. The connection builds an encrypted channel.
@ -1519,7 +1548,7 @@ It should be noted that the ss function of sps also has UDP function, and the UD
To specify a port that is different from the tcp port.
### 6.17 iptables 透明代理
### 6.17 Iptables Transparent Proxy
The sps mode supports the iptables transparent forwarding support of the Linux system, which is commonly referred to as the iptables transparent proxy. If a iptables transparent proxy is performed on the gateway device, the device that is connected through the gateway can realize a non-aware proxy.
The proxy's http (s) / socks5 / sps / tcp / udp proxy function supports traffic reporting. You can set an http interface address through the parameter `--traffic-url`.
arraykeys
1 month ago