介绍
最近注册了S14赛季的Serv00,想搭个代理玩玩。但由于Serv00原生IP很脏,所以套warp是必须的。在VPS上低权限的情况下搭建warp一般是用wireproxy这个userspace的wireguard实现工具。wireproxy需要监听一个TCP端口作为socks5入站,并同时开启一个随机的UDP端口作为和Cloudflare服务器交互。然而由于Serv00的端口限制,不能自由选择开启的端口,因此在Serv00上基本上总是出现端口绑定失败的情况:
DEBUG: 2024/12/16 08:19:45 UAPI: Updating private key
DEBUG: 2024/12/16 08:19:45 peer(bmXO…fgyo) - UAPI: Created
DEBUG: 2024/12/16 08:19:45 peer(bmXO…fgyo) - UAPI: Updating persistent keepalive interval
DEBUG: 2024/12/16 08:19:45 peer(bmXO…fgyo) - UAPI: Updating preshared key
DEBUG: 2024/12/16 08:19:45 peer(bmXO…fgyo) - UAPI: Updating endpoint
DEBUG: 2024/12/16 08:19:45 peer(bmXO…fgyo) - UAPI: Adding allowedip
DEBUG: 2024/12/16 08:19:45 peer(bmXO…fgyo) - UAPI: Adding allowedip
ERROR: 2024/12/16 08:19:45 Unable to update bind: listen udp6 :14977: bind: operation not permitted
DEBUG: 2024/12/16 08:19:45 Interface state was Down, requested Up, now Down
2024/12/16 08:19:45 listen udp6 :14977: bind: operation not permitted
现有的解决方法(链接)通常是使用本地代理软件,如Clash来添加warp端点,作为第二跳代理,然后将Serv00作为第一跳代理,在本地形成代理链。但由于代理链运行在墙内,中间的通信可能存在网络性能问题,并且增加了配置的复杂性。
本文介绍了一种解决在Serv00上启动wireproxy遇到的UDP端口限制的方法,在服务器上运行warp客户端,并配置Xray服务端将流量转入同一台服务器上的warp,达到提升性能和简化配置复杂性的目的。同时墙内客户端和服务端的连接使用Xray最新开发的XHTTP协议,搭配Cloudflare,解决了墙内无法直连Serv00的问题。
Serv00配置
首先需要在Serv00的Web界面进行操作。
端口配置
Port reservation处开启3个端口:
- 26646/tcp:Xray的入站监听端口;
- 11542/tcp:wireproxy的socks5监听端口;
- 9956/udp:wireproxy的udp端口。
程序执行权限
Additional services → Run your own applications 开启权限。
下面运行wireproxy和Xray的时候,可以用screen或者nohup这些工具让他们在后台运行。screen具体用法可以谷歌。
wireproxy配置
首先需要下载wireproxy。serv00的服务器采用的是freebsd,而wireproxy官方只提供了linux的版本,因此需要自己编译。可以参考Go通过设置GOOS=freebsd环境变量来交叉编译。这里直接提供编译好的版本:下载。如果不放心可以自己下载源码编译。
然后下载wgcf,用于创建warp账号。注意架构要选freebsd amd64的。
在Serv00上运行:
# 授予执行权限,请将相应的执行文件名字修改为你自己下载的
chmod +x wgcf_2.2.23_freebsd_amd64
chmod +x wireproxy-freebsd
# 使用wgcf创建warp账号
./wgcf_2.2.23_freebsd_amd64 register
./wgcf_2.2.23_freebsd_amd64 generate
修改生成的wgcf-profile.conf文件:
[Interface]
PrivateKey = MPSl4DWdB6xxxxxxxxxhEFx5TIAvzdqiSHc=
Address = 172.16.0.2/32, 2606:4700:110:8278:582c:43db:5af3:96fd/128
DNS = 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001
MTU = 1280
ListenPort = 9956
[Peer]
PublicKey = bmXOC+F1FxxxxxxxxuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = engage.cloudflareclient.com:2408
[Socks5]
BindAddress = 0.0.0.0:11542
改动如下:
ListenPort = 9956
,指定监听的UDP端口,请改成刚刚在Serv00面板创建的。如果不加这一行就会产生文章开头的那种报错;- 增加
[Socks5]
区域,其中BindAddress = 0.0.0.0:11542
的端口号请改成刚刚在Serv00面板创建的。
启动wireproxy:
[xxxxx@s14]:<~/warp>$ ./wireproxy-freebsd -c wgcf-profile.conf
DEBUG: 2024/12/16 08:37:48 UAPI: Updating private key
DEBUG: 2024/12/16 08:37:48 UAPI: Updating listen port
DEBUG: 2024/12/16 08:37:48 peer(bmXO…fgyo) - UAPI: Created
DEBUG: 2024/12/16 08:37:48 peer(bmXO…fgyo) - UAPI: Updating persistent keepalive interval
DEBUG: 2024/12/16 08:37:48 peer(bmXO…fgyo) - UAPI: Updating preshared key
DEBUG: 2024/12/16 08:37:48 peer(bmXO…fgyo) - UAPI: Updating endpoint
DEBUG: 2024/12/16 08:37:48 peer(bmXO…fgyo) - UAPI: Adding allowedip
DEBUG: 2024/12/16 08:37:48 peer(bmXO…fgyo) - UAPI: Adding allowedip
DEBUG: 2024/12/16 08:37:48 UDP bind has been updated
DEBUG: 2024/12/16 08:37:48 peer(bmXO…fgyo) - Starting
DEBUG: 2024/12/16 08:37:48 Interface state was Down, requested Up, now Up
DEBUG: 2024/12/16 08:37:48 Routine: encryption worker 1 - started
DEBUG: 2024/12/16 08:37:48 Routine: decryption worker 1 - started
DEBUG: 2024/12/16 08:37:48 Routine: handshake worker 1 - started
DEBUG: 2024/12/16 08:37:48 Routine: encryption worker 2 - started
DEBUG: 2024/12/16 08:37:48 Routine: decryption worker 2 - started
DEBUG: 2024/12/16 08:37:48 Routine: handshake worker 2 - started
DEBUG: 2024/12/16 08:37:48 Routine: encryption worker 3 - started
DEBUG: 2024/12/16 08:37:48 Routine: decryption worker 3 - started
DEBUG: 2024/12/16 08:37:48 Routine: handshake worker 3 - started
DEBUG: 2024/12/16 08:37:48 Routine: encryption worker 4 - started
DEBUG: 2024/12/16 08:37:48 Routine: decryption worker 4 - started
DEBUG: 2024/12/16 08:37:48 Routine: handshake worker 4 - started
DEBUG: 2024/12/16 08:37:48 Routine: encryption worker 5 - started
DEBUG: 2024/12/16 08:37:48 Routine: decryption worker 5 - started
DEBUG: 2024/12/16 08:37:48 Routine: handshake worker 5 - started
DEBUG: 2024/12/16 08:37:48 Routine: TUN reader - started
DEBUG: 2024/12/16 08:37:48 Routine: event worker - started
DEBUG: 2024/12/16 08:37:48 Interface up requested
DEBUG: 2024/12/16 08:37:48 Routine: receive incoming v4 - started
DEBUG: 2024/12/16 08:37:48 Routine: receive incoming v6 - started
DEBUG: 2024/12/16 08:37:48 peer(bmXO…fgyo) - Routine: sequential sender - started
DEBUG: 2024/12/16 08:37:48 peer(bmXO…fgyo) - Routine: sequential receiver - started
没有报错说明启动成功。使用curl进行测试:
[xxxx@s14]:<~/warp>$ curl -x socks5h://127.0.0.1:11542 ipv4.ip.sb # 注意改成你自己的代理端口
104.28.193.182
可以看到成功连接到warp了。
Xray服务端配置
下载Xray(注意要下载freebsd-64的),解压。新建文件config.json,如下:
{
"log": {
"access": "access.log",
"error": "error.log",
"loglevel": "info"
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 26646,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "c331c125-c959-4fe9-9343-3818643b61f8"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "xhttp",
"security": "tls",
"tlsSettings": {
"serverName": "serv00.example.in",
"certificates": [
{
"certificate": [
"-----BEGIN CERTIFICATE-----",
"MIIDIjCCAsigAwIBAgIURZN70v8bQs7TRB+b1QAQpRrpYOMwCgYIKoZIzj0EAwIw",
"gY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T",
"YW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYDVQQL",
"Ey9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhvcml0",
"eTAeFw0yNDEyMTYwNjI2MDBaFw0zOTEyMTMwNjI2MDBaMGIxGTAXBgNVBAoTEENs",
"b3VkRmxhcmUsIEluYy4xHTAbBgNVBAsTFENsb3VkRmxhcmUgT3JpZ2luIENBMSYw",
"JAYDVQQDEx1DbG91ZEZsYXJlIE9yaWdpbiBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49",
"AgEGCCqGSM49AwEHA0IABF+r4fFgLoo6bnmxgUpx1mEj/axYzm0y2ZRsk2romnlp",
"2UzLmJGLSWxavTeRhR99UeTw6zruIrXRxQvKKhwTYOWjggEsMIIBKDAOBgNVHQ8B",
"Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB",
"/wQCMAAwHQYDVR0OBBYEFD5S0OmNAkFl6hquyRwpPiPN+cn+MB8GA1UdIwQYMBaA",
"FIUwXTsqcNTt1ZJnB/3rObQaDjinMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcw",
"AYYoaHR0cDovL29jc3AuY2xvdWRmbGFyZS5jb20vb3JpZ2luX2VjY19jYTAlBgNV",
"HREEHjAcgg0qLmxpdHRsZXJhLmluggtsaXR0bGVyYS5pbjA8BgNVHR8ENTAzMDGg",
"L6AthitodHRwOi8vY3JsLmNsb3VkZmxhcmUuY29tL29yaWdpbl9lY2NfY2EuY3Js",
"MAoGCCqGSM49BAMCA0gAMEUCIG69OC3XMk0KjQuHoMX/WCtvGrD+d6Gry/z37imD",
"HJp8AiEAmcDSr/pLjsu5zZOp2wbhVe+J1l7c6ex4X+as393PdWg=",
"-----END CERTIFICATE-----"
],
"key": [
"-----BEGIN PRIVATE KEY-----",
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgaF+HT09FgVaOhHs8",
"lb1arvPbM5gVlAUG/5gvehXodHihRANCAARfq+HxYC6KOm55sYFKcdZhI/2sWM5t",
"MtmUbJNq6Jp5adlMy5iRi0lsWr03kYUffVHk8Os67iK10cULyiocE2Dl",
"-----END PRIVATE KEY-----"
]
}
]
},
"xhttpSettings": {
"host": "serv00.example.in",
"path": "/serv00",
"mode": "auto"
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "socks",
"settings":{
"servers": [
{
"address": "127.0.0.1",
"port": 11542
}
]
}
}
],
"routing": {}
}
要点如下:
- 26646改成刚刚Serv00面板创建的Xray端口;
- 11542改成wireproxy监听的socks5端口;
- UUID请自己生成;
- serv00.example.in请改成你自己的域名(有两个地方);
- certificates这里使用的是Cloudflare 15年的回源证书,你可以在Cloudflare后台SSL/TLS → Origin Server生成你自己的。
XHTTP自定义配置请参考:https://github.com/XTLS/Xray-core/discussions/4113
Xray其他配置请参考:https://xtls.github.io/
运行:
./xray -c config.json
Cloudflare配置
- 增加你自己的域名serv00.example.in,A记录解析到Serv00的IP。比如S14的就是188.68.234.53。要开启橙色小云;
- 确认SSL/TLS → Overview中的Current encryption mode为full;
- Rules → Origin Rules增加一个Change Port规则,端口改成Xray的监听端口;
Xray客户端配置
如下config.json:
{
"log": {
"access": "access-client.log",
"error": "error-client.log",
"loglevel": "info"
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 10808,
"protocol": "socks",
"settings": {}
},
{
"listen": "0.0.0.0",
"port": 10801,
"protocol": "http",
"settings": {}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "serv00.example.in",
"port": 443,
"users": [
{
"id": "c331c125-c959-4fe9-9343-3818643b61f8",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"security": "tls",
"tlsSettings": {
"serverName": "serv00.example.in",
"allowInsecure": true,
"fingerprint":"chrome"
},
"xhttpSettings": {
"host": "serv00.example.in",
"path": "/serv00",
"mode": "auto"
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
}
],
"routing": {}
}
要点如下:
- serv00.example.in请改成你自己的域名(有3个地方);
- UUID改成你刚刚自己生成的;
在Windows平台上启动Xray客户端的示例命令如下:
xray.exe -c config.json
测试:
λ curl -x socks5h://127.0.0.1:10808 ipv4.ip.sb -v
* Trying 127.0.0.1:10808...
* SOCKS5 connect to ipv4.ip.sb:80 (remotely resolved)
* SOCKS5 request granted.
* Connected to 127.0.0.1 () port 10808
* using HTTP/1.x
* Connected to 127.0.0.1 (127.0.0.1) port 10808
* using HTTP/1.x
> GET / HTTP/1.1
> Host: ipv4.ip.sb
> User-Agent: curl/8.10.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 200 OK
< Date: Mon, 16 Dec 2024 07:54:59 GMT
< Content-Type: text/plain
< Content-Length: 15
< Connection: keep-alive
< Cache-Control: no-cache
< CF-Cache-Status: DYNAMIC
< Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oIrBvJt%2FH6L1i9hvmzl6A8lz726S11xQt%2FG%2FRMYSPtLHaYsYqmrQSxzzHchoDUFsR4NK19i%2BMNyjCbhzaF4Dg4rQoxMw%2BC3WtbnFh5lwVunAOBoe5Vs9ugzdZoE%3D"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 8f2d1bc67981b194-WAW
< alt-svc: h3=":443"; ma=86400
< server-timing: cfL4;desc="?proto=TCP&rtt=0&min_rtt=0&rtt_var=0&sent=0&recv=0&lost=0&retrans=0&sent_bytes=0&recv_bytes=0&delivery_rate=0&cwnd=0&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
<
104.28.193.182
* Connection #0 to host 127.0.0.1 left intact
λ lip 104.28.193.182
Offline lookup result of 104.28.193.182:
+-----------+----------------+----------------+------+-----+------------+
| SOURCE | COUNTRY | REGION | CITY | ISP | ADDITIONAL |
+-----------+----------------+----------------+------+-----+------------+
| ip2region | 美国 | | | | |
+-----------+----------------+----------------+------+-----+------------+
| qqwry | 美国 CZ88.NET | | | | |
+-----------+----------------+----------------+------+-----+------------+
| ipip | CLOUDFLARE.COM | CLOUDFLARE.COM | | | |
+-----------+----------------+----------------+------+-----+------------+
Fetching results from online sources...
Online lookup result of 104.28.193.182:
+--------+---------+---------+--------+--------------------------------+------------+
| SOURCE | COUNTRY | REGION | CITY | ISP | ADDITIONAL |
+--------+---------+---------+--------+--------------------------------+------------+
| ip-api | Poland | Mazovia | Warsaw | Cloudflare, Inc., Cloudflare | |
| | | | | WARP, AS13335 Cloudflare, Inc. | |
+--------+---------+ + +--------------------------------+------------+
| ipinfo | PL | | | AS13335 Cloudflare, Inc. | |
| | | | | cloudflare.com, Cloudflare, | |
| | | | | Inc. | |
+--------+---------+---------+--------+--------------------------------+------------+
可以看到已经是warp的IP了。
网络拓扑如下:
本机 -> (墙) -> Cloudflare -> (Serv00)Xray -> (Serv00)wireproxy -> Cloudflare Warp