如果访问不了外网,但是有某台设备可以,可以使用代理方案。
    这是个关键字,需要拼接一下。shadow,socks,libev
    1),服务器PS:能出外网的机器,运行ssserver
    2)shadow,socks客户服务器CS:客户端代理服务,运行ss-local
    3)http代理服务HS:把socks协议转成http,可以和CS放一起
    4)浏览器browser,设置http代理。

    安装:
    ubuntu可以用apt安装
    没有的可以上github找源码,shadow,socks,libev,编译安装。具体查看github,但github的说明不详细,centos7安装步骤不足。缺少的开发包需要另外安装,特别源码用到有3个lib库需要分别到github下载,解压后替换原来的3个lib开头的空目录,运行autogen.sh生成configure,然后configure,make,make install。
    成功后提示:

    1. libtool: install: /bin/install -c ss-local /usr/local/bin/ss-local
    2. libtool: install: /bin/install -c ss-tunnel /usr/local/bin/ss-tunnel
    3. libtool: install: /bin/install -c ss-server /usr/local/bin/ss-server
    4. libtool: install: /bin/install -c ss-manager /usr/local/bin/ss-manager
    5. libtool: install: /bin/install -c ss-redir /usr/local/bin/ss-redir

    http代理可以用privoxy,yum可以安装

    1)PS的配置:
    /usr/bin/ss-server -c /etc/ss/config.json -u

    1. # cat /etc/ss/config.json
    2. {
    3.     "server":"0.0.0.0",
    4.     "server_port":3333,
    5.     "local_port":4444,
    6.     "password":"yourpassword",
    7.     "timeout":60,
    8.     "method": "aes-256-gcm"
    9. }

    2)CS的配置:
    /usr/bin/sslocal -c /etc/ss/config.json

    1. /etc/ss/config.json
    2. {
    3.     "server":"your.server.ip.here",
    4.     "server_port":3333,
    5.     "local_address": "127.0.0.1",
    6.     "local_port":4444,
    7.     "password":"yourpassword",
    8.     "timeout":300,
    9.     "method":"aes-256-gcm",
    10.     "fast_open": false,
    11.     "workers": 10
    12. }

    3)HS
    /usr/sbin/privoxy —pidfile /run/privoxy.pid —user privoxy /etc/privoxy/config
    核心配置是forward-socks5t / 127.0.0.1:4444 .指向本地的socks代理端口

    1. # cat /etc/privoxy/config
    2. confdir /etc/privoxy
    3. logdir /var/log/privoxy
    4. actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
    5. actionsfile default.action   # Main actions file
    6. actionsfile user.action      # User customizations
    7. filterfile default.filter
    8. filterfile user.filter      # User customizations
    9. logfile logfile
    10. listen-address  0.0.0.0:18118
    12. toggle  1
    13. enable-remote-toggle  0
    14. enable-remote-http-toggle  0
    15. enable-edit-actions 0
    16. enforce-blocks 0
    17. buffer-limit 4096
    18. enable-proxy-authentication-forwarding 0
    19. forward-socks5t /       127.0.0.1:4444 .
    20. forward         192.168.*.*/     .
    22. forwarded-connect-retries  0
    23. accept-intercepted-requests 0
    24. allow-cgi-request-crunching 0
    25. split-large-forms 0
    26. keep-alive-timeout 5
    27. tolerate-pipelining 1
    28. socket-timeout 300