stunnel加密代理在Android和OS/X系统教程

2012年6月19日 | 分类: 手机翻墙 | 标签: , ,

vpn.tv的两个教程,设置stunnel加密代理在Android和OS/X系统上使用,道理都是一样的,有兴趣的看看。

Android

Important: this is an allowed but unsupported hack. Please do not contact support if below does not work for you.

Install stunnel

Unfortunately Android does not come with stunnel. We found a pre-compiled and working version here: http://blog.tempest.com.br/marco-carnut/autenticacao-mutua-https-android-stunnel.html. (If you have a hard time finding the actual binary, try this link: http://blog.tempest.com.br/static/attachments/marco-carnut/autenticacao-mutua-https-android-stunnel/stunnel4-android21.tar.bz2). There may be other sources as well.

To install the binary we used the following adb commands:

adb shell mount -o rw,remount /system
adb push stunnel /system/bin/
adb shell chmod ug+rwx /system/bin/stunnel
adb shell mount -o ro,remount /system
adb shell mkdir /data/data/org.stunnel

If you do not understand what these commands do or where to find the adb utility, you should probably not proceed. The data directory is required for stunnel’s PID file.

Configure stunnel

On the phone create a file /etc/stunnel.conf with the following content:

sslVersion = TLSv1
client = yes
pid = /data/data/org.stunnel/stunnel.pid
[proxy]
accept  = 127.0.0.1:8080
connect = automatic.securechromenetwork.com:443

If you’re experiencing problems you may temporarily add:

debug = 7
foreground = yes

Be careful adding the foreground directive if you have stunnel start automatically on startup. During our tests adding debug would prevent stunnel from being started. Adding foreground may cause issues during boot.

(Automatically) start stunnel

Create a file /etc/init.d/99stunnel with the following contents:

#!/system/bin/sh
STUNNEL=/system/bin/stunnel
STUNNEL_CONF=/etc/stunnel.conf
LOG=/data/stunnel.log

if [ -e $LOG ]; then
	rm $LOG;
fi; 

if [ ! -e $STUNNEL ]; then
	echo stunnel binary not found | tee -a $LOG
	exit 1;
fi;

if [ ! -e $STUNNEL ]; then
	echo stunnel configuration file not found | tee -a $LOG
	exit 1;
fi;

echo "$( date +"%Y.%m.%d %H:%M:%S" ) starting stunnel" | tee -a $LOG
$STUNNEL $STUNNEL_CONF | tee -a $LOG

PID="$( pidof stunnel)"
if [ -z $PID ]; then
	echo stunnel was not started properly | tee -a $LOG
	exit 1;
else
	echo stunnel running with pid $PID | tee -a $LOG;
fi;

exit 0;

Make sure the script has the proper permissions and owner/group. (Check other scripts in /etc/init.d/ to see what they use). Reboot your phone and double-check that this actually works for you, not all Android flavors execute init.d scripts automatically.

Configure Android to use VPN.tv

Now we need to configure Android to use the proxy provided by stunnel. Some Android versions allow you to configure the proxy for WiFi only, not for 3G. Sometimes the proxy option is missing entirely.

We prefer using ProxyDroid by Max Lv (who also provided the stunnel we linked to above) which can be found in the Android Market.

The proxy you need to configure is:

  • host: 127.0.0.1
  • port: 8080
  • type: http
  • authentication: enabled
  • username/password: as provided by VPN.tv
  • global proxy: OFF
  • DNS proxy: OFF
  • individual proxy: use
China

If you’re in China you’ll probably want to enable Global Proxy and DNS Proxy. For this to work you need to do two additional things:

  • In stunnel.conf, replace automatic.securechromenetwork.com with the relevant IP address, e.g. change automatic.securechromenetwork.com:8080 to 1.2.3.4:8080.
  • In ProxyDroid enter this same IP address Intranet Address, e.g. 1.2.3.4/32.

原文:https://vpn.tv/faq/osx-on-vpn-tv/

OS/X

Important: this is an allowed but unsupported hack. Please do not contact support if below does not work for you.

Install Macports

First install Macports. We need Macports to install stunnel in the next step. Macports and its installation instructions can be found here: http://www.macports.org/install.php.

Install stunnel

Install stunnel using the following command:

sudo port install stunnel
Configure stunnel

Create /opt/local/etc/stunnel/stunnel.conf with the following content:

sslVersion = TLSv1
chroot = /opt/local/var/lib/stunnel/
setuid = nobody
setgid = nogroup
pid = /stunnel.pid
client = yes
libwrap = no

[proxy]
accept  = 127.0.0.1:8080
connect = automatic.securechromenetwork.com:443
TIMEOUTclose = 0
(Automatically) start stunnel

You can now start stunnel simply by typing sudo stunnel in a Terminal window. If you want to make sure stunnel gets started automatically every time you start your computer, please enter the following command:

sudo crontab -e

This opens the crontab in VI. Please add the following line to the file:

@reboot * * * * /opt/local/bin/stunnel
Configure OS/X to use VPN.tv

Open System Preferences and select Network. On the Network window click Advanced… On the Advanced window select the Proxies tab. For both  Web Proxy and Secure Web Proxy set server to localhost : 8080 and fill in your username and password. Click Apply and close the window.

Note that not all OS/X applications automatically use these proxy settings. Some applications will need you to configure the proxy in the application itself.

Know problems

You can not use this hack AND use the Chrome extension. Doing so will cause Chrome to complain about invalid proxy certificates.

原文:https://vpn.tv/faq/android-on-vpn-tv-requires-rooted-phone/

  1. macvpn
    2012年8月22日16:44
  2. derfgh
    2012年6月22日02:36

    那些翻墙软件毕竟需要钱租赁服务器来维持

  3. gtyhj
    2012年6月22日02:30

    学习下

  4. GayShyFool
    2012年6月20日09:18

    现在stunnel好找吗?几乎没怎么用过

    • iGFW
      2012年6月20日13:56

      不好找呀,呵呵