- A+
谷歌云现在屏蔽国内试用,准备好美国身份信息(可以用虚拟地址生成器),VISA卡,申请试用Google Cloud Platform。申请获取免费300刀和365天使用权限,到期后不会自动扣分。
防火墙开启白名单
https://console.cloud.google.com/networking/firewalls/list
【网络】 –> 【防火墙规则】 –> 【创建防火墙规则】
VPC获取静态公网IP
https://console.cloud.google.com/networking/addresses/list
【网络】–> 【外部 IP 地址】 –> 【保留静态 IP】
优先选择亚洲节点(台湾彰化asia-east1、日本东京asia-northeast1)
创建虚拟机
https://console.cloud.google.com/compute/instances
【计算引擎】–> 【创建实例】
配置选择最低配置,微型共享,0.6G内存,操作系统默认Ubuntu,网络选择刚刚创建的静态IP
虚拟机创建完毕
关闭SSH密钥
谷歌云为了保证服务器安全性,默认开启SS密钥访问,为了方便关闭SSH密钥,开启ROOT密码访问,使用客户端连接
vi /etc/ssh/sshd_config # Authentication: PermitRootLogin yes //默认为no,需要开启root用户访问改为yes # Change to no to disable tunnelled clear text passwords PasswordAuthentication yes //默认为no,改为yes开启密码登陆 passwd root /etc/init.d/ssh restart
内核开启BBR优化
更新系统和软件
apt update apt upgrade
确定内核版本高于4.9
root@mike01:~# uname -a Linux mike01 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64 GNU/Linux
检查BBR状态
sysctl net.ipv4.tcp_available_congestion_control net.ipv4.tcp_available_congestion_control = cubic reno sysctl net.ipv4.tcp_congestion_control net.ipv4.tcp_congestion_control = cubic sysctl net.core.default_qdisc net.core.default_qdisc = pfifo_fast lsmod | grep bbr
安装BBR
wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh chmod +x bbr.sh ./bbr.sh
检查内核
root@mike01:~/tools# sysctl net.ipv4.tcp_available_congestion_control net.ipv4.tcp_available_congestion_control = bbr cubic reno root@mike01:~/tools# sysctl net.ipv4.tcp_congestion_control net.ipv4.tcp_congestion_control = bbr root@mike01:~/tools# sysctl net.core.default_qdisc net.core.default_qdisc = fq root@mike01:~/tools# lsmod | grep bbr tcp_bbr 20480 4
搭建Shadowsocks
wget --no-check-certificate -O shadowsocks.sh https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks.sh chmod +x shadowsocks.sh ./shadowsocks.sh 2>&1 | tee shadowsocks.log
service shadowsocks stop service shadowsocks start service shadowsocks restart
Shadowsocks客户端
客户端下载地址(GitHub上):
windows https://github.com/shadowsocks/shadowsocks-windows/releases
Android https://github.com/shadowsocks/shadowsocks-android/releases
ios https://itunes.apple.com/cn/app/shadowrocket/id932747118?mt=8
https://itunes.apple.com/us/app/wingy-mian-fei-banvpn-ke-hu/id1148026741
2019.10.08更新
由于墙越来越高,梯子端口和ip经常被封禁,增加obfs混淆加密
参考资料:
https://github.com/shadowsocks/shadowsocks-libev#pre-build-configure-guide
https://www.solarck.com/shadowsocks-libev.html
https://github.com/shadowsocks/shadowsocks-windows/issues/2217
安装插件
sh -c 'printf "deb http://deb.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list' apt -t stretch-backports install shadowsocks-libev simple-obfs
配置如下
启用obfs tls混淆加密
vim /etc/shadowsocks-libev/config.json
{
"server": "0.0.0.0",
"server_port": 223,
"local_port": 1080,
"password": "passwd",
"timeout": 100,
"method": "aes-256-cfb",
"mode": "tcp_and_udp",
"fast_open": true,
"plugin": "obfs-server",
"plugin_opts": "obfs=tls"
}
设置开机自启动
systemctl enable shadowsocks-libev systemctl restart shadowsocks-libev
下载客户端插件
simple-obfs中的 obfs-local.exe 和 msys-2.0.dll 放到 shadowsocks目录中
64位下载:https://github.com/shadowsocks/simple-obfs/releases
32位下载:https://github.com/imgk/simple-obfs-Cygwin/releases/tag/v0.0.5
Windows客户端配置
{
"configs": [
{
"server": "server ip",
"server_port": 223,
"password": "password",
"method": "aes-256-cfb",
"plugin": "obfs-local",
"plugin_opts": "obfs=tls;obfs-host=www",
"remarks": "google",
"timeout": 5
}
IOS客户端配置
使用国外AppStore ID,下载Sockswitch应用,支持obfs插件
