没仔细审题,单纯的 socks 是过不了墙的。所以早些年都是用 stunnel 进行加密,直到后来 stunnel 也自带 socks5 并使用 TLS 加密。
; **************************************************************************
; * Global options *
; **************************************************************************
debug = 6
;output = r:\stunnel.log
;compression = zlib
RNDbytes = 1024
;RNDfile = d:\stunnelrnd.txt
RNDoverwrite = yes
; **************************************************************************
; * Service defaults may also be specified in individual service sections *
; **************************************************************************
;sslVersion = all
;sslVersion = TLSv1.2
sslVersionMax = TLSv1.3
sslVersionMin = TLSv1.2
;options = NO_TLSv1.3
;options = NO_TLSv1.2
;options = NO_TLSv1.1
options = NO_TLSv1
options = NO_SSLv3
options = NO_SSLv2
socket = r:TCP_NODELAY=1
socket = l:SO_LINGER=1:60
socket = r:SO_OOBINLINE=yes
;socket = a:SO_REUSEADDR=yes
TIMEOUTconnect = 120
options = SINGLE_ECDH_USE
options = SINGLE_DH_USE
;ciphers = ECDHE-RSA-AES128-GCM-SHA256
;ciphers = ECDHE-RSA-AES256-GCM-SHA384
;ciphers = ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384
cert = 1.pem
;failover = rr
; **************************************************************************
; * Service definitions (at least one service has to be defined) *
; **************************************************************************
[server4]
CAfile = stunnel.pem
verifyChain = yes
;verify= 2
;verifyPeer = yes
;verify= 3
client = yes
accept = 0.0.0.0:1085
connect = vpsip:80
connect = vpsip:8443
checkHost =
www.apple.comcheckHost =
www.microsoft.comcheckHost =
www.symantec.com;stunnel 的中继实现
[TLS_proxy_listener]
accept = 1992
connect = 1085
CAfile = stunnel.pem