背景
两个地方,一台公网服务器,实现一端能够无缝访问第一端的内网。
方案一:异地组网,zerotier或者通过校内多个公网ip,然后设置路由。
方案二:代理转发:通过公网服务器,将一台机器内网插入v2ray代理服务器。然后映射到公网。其他地方可以通过路由器上设置代理,然后实现无缝访问另一个内网。体验感上区别不大。
由于第一个异地组网的zerotier配置容易失效(不好弄到多个公网ip)。openwrt上兼容性不好等特点。决定使用基于openclash的代理转发方式。
方法
客户端的clash配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
mixed-port: 7890
# RESTful API for clash
external-controller: 127.0.0.1:9090
Allow-lan: true
mode: rule
log-level: warning
proxies:
- {cipher: aes-128-gcm, name: csuoss_server_room, alterId: 0, port: 52333, server: xxx, type: vmess, uuid: 8FF6627C-C247-44EB-A9AA-A7EAB8385D4A}
proxy-groups:
- name: server_room
type: select
proxies:
- csuoss_server_room
tolerance: 100
url: https://oa.csuoss.cn/api/generate_204
rules:
# 通过域名访问目标网络
- DOMAIN-SUFFIX,csubot.cn,server_room
- DOMAIN-SUFFIX,csuoss.cn,server_room
# 通过ip访问目标网络
- IP-CIDR,10.10.100.0/24,server_room,no-resolve
- IP-CIDR,10.10.101.0/24,server_room,no-resolve
- MATCH,DIRECT
|
待访问端的v2ray配置(让所有的ip和domain都可以走)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
{
"log": {
"loglevel": "info"
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 52333,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "8FF6627C-C247-44EB-A9AA-A7EAB8385D4A",
"alterId": 0,
"security": "auto"
}
]
}
}
],
"outbounds": [
{
"protocol": "blackhole",
"settings": {
"response": {
"type": "none"
}
},
"tag": "block"
},
{
"protocol": "freedom",
"settings": {},
"tag": "proxy"
}
],
"routing": {
"domainStrategy": "AsIs",
"domainMatcher": "mph",
"rules": [
{
"domainMatcher": "mph",
"type": "field",
"outboundTag": "proxy",
"domain": [
"com",
"cn",
"xyz",
"work",
"" // 匹配所有域名
]
},
{
"domainMatcher": "mph",
"type": "field",
"outboundTag": "proxy",
"ip": ["0.0.0.0/0"] // 匹配所有ip
}
]
}
}
|
