2012年6月19日 | 分类: 手机翻墙 | 标签: , ,



Important: this is an allowed but unsupported hack. Please do not contact support if below does not work for you.

Install stunnel

Unfortunately Android does not come with stunnel. We found a pre-compiled and working version here: (If you have a hard time finding the actual binary, try this link: There may be other sources as well.

To install the binary we used the following adb commands:

adb shell mount -o rw,remount /system
adb push stunnel /system/bin/
adb shell chmod ug+rwx /system/bin/stunnel
adb shell mount -o ro,remount /system
adb shell mkdir /data/data/org.stunnel

If you do not understand what these commands do or where to find the adb utility, you should probably not proceed. The data directory is required for stunnel’s PID file.

Configure stunnel

On the phone create a file /etc/stunnel.conf with the following content:

sslVersion = TLSv1
client = yes
pid = /data/data/org.stunnel/
accept  =
connect =

If you’re experiencing problems you may temporarily add:

debug = 7
foreground = yes

Be careful adding the foreground directive if you have stunnel start automatically on startup. During our tests adding debug would prevent stunnel from being started. Adding foreground may cause issues during boot.

(Automatically) start stunnel

Create a file /etc/init.d/99stunnel with the following contents:


if [ -e $LOG ]; then
	rm $LOG;

if [ ! -e $STUNNEL ]; then
	echo stunnel binary not found | tee -a $LOG
	exit 1;

if [ ! -e $STUNNEL ]; then
	echo stunnel configuration file not found | tee -a $LOG
	exit 1;

echo "$( date +"%Y.%m.%d %H:%M:%S" ) starting stunnel" | tee -a $LOG

PID="$( pidof stunnel)"
if [ -z $PID ]; then
	echo stunnel was not started properly | tee -a $LOG
	exit 1;
	echo stunnel running with pid $PID | tee -a $LOG;

exit 0;

Make sure the script has the proper permissions and owner/group. (Check other scripts in /etc/init.d/ to see what they use). Reboot your phone and double-check that this actually works for you, not all Android flavors execute init.d scripts automatically.

Configure Android to use

Now we need to configure Android to use the proxy provided by stunnel. Some Android versions allow you to configure the proxy for WiFi only, not for 3G. Sometimes the proxy option is missing entirely.

We prefer using ProxyDroid by Max Lv (who also provided the stunnel we linked to above) which can be found in the Android Market.

The proxy you need to configure is:

  • host:
  • port: 8080
  • type: http
  • authentication: enabled
  • username/password: as provided by
  • global proxy: OFF
  • DNS proxy: OFF
  • individual proxy: use

If you’re in China you’ll probably want to enable Global Proxy and DNS Proxy. For this to work you need to do two additional things:

  • In stunnel.conf, replace with the relevant IP address, e.g. change to
  • In ProxyDroid enter this same IP address Intranet Address, e.g.



Important: this is an allowed but unsupported hack. Please do not contact support if below does not work for you.

Install Macports

First install Macports. We need Macports to install stunnel in the next step. Macports and its installation instructions can be found here:

Install stunnel

Install stunnel using the following command:

sudo port install stunnel
Configure stunnel

Create /opt/local/etc/stunnel/stunnel.conf with the following content:

sslVersion = TLSv1
chroot = /opt/local/var/lib/stunnel/
setuid = nobody
setgid = nogroup
pid = /
client = yes
libwrap = no

accept  =
connect =
TIMEOUTclose = 0
(Automatically) start stunnel

You can now start stunnel simply by typing sudo stunnel in a Terminal window. If you want to make sure stunnel gets started automatically every time you start your computer, please enter the following command:

sudo crontab -e

This opens the crontab in VI. Please add the following line to the file:

@reboot * * * * /opt/local/bin/stunnel
Configure OS/X to use

Open System Preferences and select Network. On the Network window click Advanced… On the Advanced window select the Proxies tab. For both  Web Proxy and Secure Web Proxy set server to localhost : 8080 and fill in your username and password. Click Apply and close the window.

Note that not all OS/X applications automatically use these proxy settings. Some applications will need you to configure the proxy in the application itself.

Know problems

You can not use this hack AND use the Chrome extension. Doing so will cause Chrome to complain about invalid proxy certificates.


  1. macvpn
  2. derfgh


  3. gtyhj


  4. GayShyFool


    • iGFW