kone
kone copied to clipboard
xjdrew
kone是个vpn程序吗?
看了https://github.com/xjdrew/kone/blob/master/example.ini ,感觉你这是个vpn程序? 可以单独用kone翻墙吗
@yinheli 我看到这里http://java.ctolib.com/article/comments/18250 说:“ kone是一款把路由请求转发到http/sock5 proxy的软件(route2proxy),你可以把它应用到很多需要路由的场合,它同时实现了dns欺骗功能,并隐藏其中的代理服务器细节,实现透明穿越。“-意思是它可以用来翻#墙? 你可以写一个详细的教程吗? 非常感谢!
@luckypoem 请参考 README 的说明
例如: https://github.com/xjdrew/kone/blob/master/misc/docs/kone-in-ent-network.md
其工作原理是,DNS 劫持
概括来说:kone 有两个功能: DNS 服务,NAT 网关
具体方法是: 用 kone 来接管内网的 DNS 服务,这样,查询需要处理的域名时,它返回一个虚拟的内网地址,例如 dig google.com 的时候返回的是 10.192.25.210 配合路由器上的静态路由表,上述 IP 会多一跳网关,走 kone,kone 实现了一个虚拟的 nat 服务,收到这种请求后,利用 socks5 来处理,从而实现fq
@yinheli 我在 linux vps和mac上都用go get github.com/xjdrew/kone 安装了kone,不过配置文件example.ini需要修改一下吗?还是可以直接拿来用: kone -config example.ini
thank u
@luckypoem 那个是里范例,需要改一下,特别留意配置 proxy 部分
proxy 你需要另行搭建,比如选用 ss 或者 v2ray, 简单的测试你甚至可以使用 ssh -D ,选择比较多。
@yinheli
yudeMacBook-Air:~ brite$ sudo kone -config kone.ini Password: 18-04-27 17:41:00.376 INFO @main.go:37 using config file: kone.ini 18-04-27 17:41:00.380 INFO @config.go:131 [check pattern "proxy-website"] scheme: DOMAIN-SUFFIX 18-04-27 17:41:00.380 INFO @config.go:131 [check pattern "proxy-website-keyword"] scheme: DOMAIN-KEYWORD 18-04-27 17:41:00.380 INFO @config.go:131 [check pattern "direct-website"] scheme: DOMAIN-SUFFIX 18-04-27 17:41:00.380 INFO @config.go:131 [check pattern "direct-website-keyword"] scheme: DOMAIN-KEYWORD 18-04-27 17:41:00.380 INFO @config.go:131 [check pattern "internal-ip"] scheme: IP-CIDR 18-04-27 17:41:00.380 INFO @config.go:131 [check pattern "proxy-country"] scheme: IP-COUNTRY 18-04-27 17:41:00.380 INFO @config.go:153 [check rule] pattern: proxy-website 18-04-27 17:41:00.380 INFO @config.go:153 [check rule] pattern: proxy-website-keyword 18-04-27 17:41:00.380 INFO @config.go:153 [check rule] pattern: direct-website 18-04-27 17:41:00.380 INFO @config.go:153 [check rule] pattern: direct-website-keyword 18-04-27 17:41:00.380 INFO @config.go:153 [check rule] pattern: internal-ip 18-04-27 17:41:00.380 INFO @config.go:153 [check rule] pattern: proxy-country 18-04-27 17:41:00.380 INFO @config.go:162 [check rule] final proxy: "" 18-04-27 17:41:00.380 INFO @config.go:175 [check dns] nameserver: 114.114.114.114 18-04-27 17:41:00.381 INFO @config.go:175 [check dns] nameserver: 223.5.5.5 18-04-27 17:41:00.381 INFO @one.go:59 [tun] ip:10.192.0.1, subnet: 10.192.0.0/16 18-04-27 17:41:00.382 INFO @proxies.go:68 [proxies] default proxy: "B" 18-04-27 17:41:00.382 INFO @nat.go:152 nat port range [10000, 60000) 18-04-27 17:41:00.382 INFO @nat.go:152 nat port range [10000, 60000) 18-04-27 17:41:00.383 INFO @syscalls_darwin.go:50 create utun2 18-04-27 17:41:00.383 INFO @syscalls_darwin.go:20 exec command: ifconfig utun2 10.192.0.1 10.192.0.1 mtu 1500 netmask 255.255.0.0 up 18-04-27 17:41:00.401 INFO @syscalls_darwin.go:20 exec command: route -n add -net 10.192.0.1 -netmask 255.255.0.0 -interface utun2 18-04-27 17:41:00.432 INFO @syscalls_darwin.go:20 exec command: route -n add -net 91.108.4.0 -netmask 255.255.252.0 -interface utun2 18-04-27 17:41:00.444 INFO @tun.go:55 add route 91.108.4.0/22 by utun2 18-04-27 17:41:00.444 INFO @syscalls_darwin.go:20 exec command: route -n add -net 91.108.56.0 -netmask 255.255.252.0 -interface utun2 18-04-27 17:41:00.456 INFO @tun.go:55 add route 91.108.56.0/22 by utun2 18-04-27 17:41:00.457 INFO @syscalls_darwin.go:20 exec command: route -n add -net 109.239.140.0 -netmask 255.255.255.0 -interface utun2 18-04-27 17:41:00.467 INFO @tun.go:55 add route 109.239.140.0/24 by utun2 18-04-27 17:41:00.467 INFO @syscalls_darwin.go:20 exec command: route -n add -net 149.154.160.0 -netmask 255.255.240.0 -interface utun2 18-04-27 17:41:00.478 INFO @tun.go:55 add route 149.154.160.0/20 by utun2 18-04-27 17:41:00.479 INFO @syscalls_darwin.go:20 exec command: route -n add -net 149.154.167.0 -netmask 255.255.255.0 -interface utun2 18-04-27 17:41:00.489 INFO @tun.go:55 add route 149.154.167.0/24 by utun2 18-04-27 17:41:00.494 INFO @dns.go:192 [dns] listen on 0.0.0.0:53 18-04-27 17:41:00.494 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-04-27 17:41:00.495 INFO @manager.go:399 [manager] listen on: 0.0.0.0:9200 18-04-27 17:41:00.496 ERRO @main.go:50 one quit: listen udp 0.0.0.0:53: bind: address already in use yudeMacBook-Air:~ brite$
出现2个ERRO,怎么解决?
我运行sudo lsof -i:53 找出是named在占用53端口,我运行killall named 杀死了它。但是遇到其他错误,怎么解决?linux vps上不需要运行kone吧?
yudeMacBook-Air:~ brite$ sudo kone -config kone.ini 18-04-27 19:30:16.826 INFO @main.go:37 using config file: kone.ini 18-04-27 19:30:16.827 INFO @config.go:131 [check pattern "proxy-website"] scheme: DOMAIN-SUFFIX 18-04-27 19:30:16.828 INFO @config.go:131 [check pattern "proxy-website-keyword"] scheme: DOMAIN-KEYWORD 18-04-27 19:30:16.828 INFO @config.go:131 [check pattern "direct-website"] scheme: DOMAIN-SUFFIX 18-04-27 19:30:16.828 INFO @config.go:131 [check pattern "direct-website-keyword"] scheme: DOMAIN-KEYWORD 18-04-27 19:30:16.828 INFO @config.go:131 [check pattern "internal-ip"] scheme: IP-CIDR 18-04-27 19:30:16.828 INFO @config.go:131 [check pattern "proxy-country"] scheme: IP-COUNTRY 18-04-27 19:30:16.828 INFO @config.go:153 [check rule] pattern: proxy-website 18-04-27 19:30:16.828 INFO @config.go:153 [check rule] pattern: proxy-website-keyword 18-04-27 19:30:16.828 INFO @config.go:153 [check rule] pattern: direct-website 18-04-27 19:30:16.828 INFO @config.go:153 [check rule] pattern: direct-website-keyword 18-04-27 19:30:16.828 INFO @config.go:153 [check rule] pattern: internal-ip 18-04-27 19:30:16.828 INFO @config.go:153 [check rule] pattern: proxy-country 18-04-27 19:30:16.828 INFO @config.go:162 [check rule] final proxy: "" 18-04-27 19:30:16.828 INFO @config.go:175 [check dns] nameserver: 114.114.114.114 18-04-27 19:30:16.828 INFO @config.go:175 [check dns] nameserver: 223.5.5.5 18-04-27 19:30:16.828 INFO @one.go:59 [tun] ip:10.192.0.1, subnet: 10.192.0.0/16 18-04-27 19:30:16.828 INFO @proxies.go:68 [proxies] default proxy: "B" 18-04-27 19:30:16.828 INFO @nat.go:152 nat port range [10000, 60000) 18-04-27 19:30:16.828 INFO @nat.go:152 nat port range [10000, 60000) 18-04-27 19:30:16.829 INFO @syscalls_darwin.go:50 create utun2 18-04-27 19:30:16.829 INFO @syscalls_darwin.go:20 exec command: ifconfig utun2 10.192.0.1 10.192.0.1 mtu 1500 netmask 255.255.0.0 up 18-04-27 19:30:16.844 INFO @syscalls_darwin.go:20 exec command: route -n add -net 10.192.0.1 -netmask 255.255.0.0 -interface utun2 18-04-27 19:30:16.857 INFO @syscalls_darwin.go:20 exec command: route -n add -net 91.108.4.0 -netmask 255.255.252.0 -interface utun2 18-04-27 19:30:16.870 INFO @tun.go:55 add route 91.108.4.0/22 by utun2 18-04-27 19:30:16.871 INFO @syscalls_darwin.go:20 exec command: route -n add -net 91.108.56.0 -netmask 255.255.252.0 -interface utun2 18-04-27 19:30:16.889 INFO @tun.go:55 add route 91.108.56.0/22 by utun2 18-04-27 19:30:16.890 INFO @syscalls_darwin.go:20 exec command: route -n add -net 109.239.140.0 -netmask 255.255.255.0 -interface utun2 18-04-27 19:30:16.901 INFO @tun.go:55 add route 109.239.140.0/24 by utun2 18-04-27 19:30:16.901 INFO @syscalls_darwin.go:20 exec command: route -n add -net 149.154.160.0 -netmask 255.255.240.0 -interface utun2 18-04-27 19:30:16.912 INFO @tun.go:55 add route 149.154.160.0/20 by utun2 18-04-27 19:30:16.912 INFO @syscalls_darwin.go:20 exec command: route -n add -net 149.154.167.0 -netmask 255.255.255.0 -interface utun2 18-04-27 19:30:16.922 INFO @tun.go:55 add route 149.154.167.0/24 by utun2 18-04-27 19:30:16.925 INFO @dns.go:192 [dns] listen on 0.0.0.0:53 18-04-27 19:30:16.926 INFO @manager.go:399 [manager] listen on: 0.0.0.0:9200 18-04-27 19:30:16.926 INFO @tcp_relay.go:119 [tcp] listen on 10.192.0.1:82 18-04-27 19:30:17.853 NOTI @tun.go:40 10.192.0.1 > 224.0.0.22 protocol 2 unsupport 18-04-27 19:30:18.416 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-04-27 19:30:18.416 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-04-27 19:30:19.927 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-04-27 19:30:20.856 NOTI @tun.go:40 10.192.0.1 > 224.0.0.22 protocol 2 unsupport 18-04-27 19:30:20.931 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-04-27 19:30:21.938 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-04-27 19:30:22.945 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-04-27 19:30:23.950 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-04-27 19:30:24.953 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-04-27 19:30:25.958 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-04-27 19:30:27.462 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet
@luckypoem 可否贴一下配置 ?
另外尝试 ping google.com curl -v google.com
是否正常 TCP 和 ICMP 协议是否是 好的?
kone.ini文件,我就只修改了proxy "B"的url的值为socks5://127.0.0.1:1080 ,其他内容未改。并且在我mac机器上开着“纸飞机”,“纸飞机”里的ss账号是正常的。 ping google.com失败, 如何验证“TCP和ICMP 协议是否是好的?”
如果 ping 返回正常,表示 ICMP 协议是好的, 这个 proxy 配置无关,只要 DNS 和 tun 设备起来了,就应该正常工作。
例如:
curl -v google.com 则可以验证是否 NAT 和代理是否正常工作。
@yinheli 你好,几个月前,我咨询你以来,我并未用kone翻墙成功。
你的文字“用 kone 来接管内网的 DNS 服务,这样,查询需要处理的域名时,它返回一个虚拟的内网地址,例如 dig google.com 的时候返回的是 10.192.25.210 配合路由器上的静态路由表,上述 IP 会多一跳网关,走 kone,kone 实现了一个虚拟的 nat 服务,收到这种请求后,利用 socks5 来处理,从而实现fq。”,我没能理解透,你可以写一个详细的教程吗??
另外,linux vps上需要运行kone吗?
非常感谢你的答复!
@luckypoem 这个工具的工作原理,已经在多处解释过了,简单来说就是 DNS 劫持。
你可以参考下作者的搭建说明: https://github.com/xjdrew/kone/blob/master/misc/docs/kone-in-ent-network.md
另外,linux vps上需要运行kone吗?
不需要,这个疑惑是因为你还没理解工作原理。 在搭建过程中如果有什么疑问,我建议你问下你身边负责网络的同事。修改静态路由表/在3层交换上改点配置,他们一看就了解了。
@yinheli 我看了作者的搭建说明: https://github.com/xjdrew/kone/blob/master/misc/docs/kone-in-ent-network.md ,里面说“[PC/手机] ----> [网关192.168.1.1] -----> [Internet]”,“在网关上启动kone”,意思是要把kone安装在无线路由器上?不能安装在本地机器(比如mac机器)上?
可以在本地用,但是这个设计的初衷希望局域网内有一个设备负责劫持部分流量,从而达到无感知的fq。 (目前不支持 windows) mac linux 路由器等都是支持的,部分路由器你可能需要费劲折腾下编译
@yinheli 我重新搞了个配置文件kone2.ini,
bogon:~ brite$ sudo kone -config kone2.ini Password: 18-10-01 15:14:38.801 INFO @main.go:37 using config file: kone2.ini 18-10-01 15:14:38.802 INFO @config.go:131 [check pattern "proxy-website-keyword"] scheme: DOMAIN-KEYWORD 18-10-01 15:14:38.802 INFO @config.go:153 [check rule] pattern: proxy-website-keyword 18-10-01 15:14:38.802 INFO @config.go:162 [check rule] final proxy: "" 18-10-01 15:14:38.802 INFO @config.go:175 [check dns] nameserver: 208.67.222.222 18-10-01 15:14:38.802 INFO @config.go:175 [check dns] nameserver: 208.67.220.220 18-10-01 15:14:38.802 INFO @one.go:59 [tun] ip:10.192.0.1, subnet: 10.192.0.0/16 18-10-01 15:14:38.802 INFO @proxies.go:68 [proxies] default proxy: "B" 18-10-01 15:14:38.802 INFO @nat.go:152 nat port range [10000, 60000) 18-10-01 15:14:38.803 INFO @nat.go:152 nat port range [10000, 60000) 18-10-01 15:14:38.803 INFO @syscalls_darwin.go:50 create utun1 18-10-01 15:14:38.803 INFO @syscalls_darwin.go:20 exec command: ifconfig utun1 10.192.0.1 10.192.0.1 mtu 1500 netmask 255.255.0.0 up 18-10-01 15:14:38.814 INFO @syscalls_darwin.go:20 exec command: route -n add -net 10.192.0.1 -netmask 255.255.0.0 -interface utun1 18-10-01 15:14:38.828 INFO @dns.go:192 [dns] listen on 0.0.0.0:53 18-10-01 15:14:38.829 INFO @manager.go:399 [manager] listen on: 127.0.0.1:9200 18-10-01 15:14:38.829 INFO @tcp_relay.go:119 [tcp] listen on 10.192.0.1:82 18-10-01 15:14:38.851 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-10-01 15:14:38.878 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-10-01 15:14:40.383 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-10-01 15:14:41.387 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-10-01 15:14:42.391 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-10-01 15:14:43.392 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-10-01 15:14:44.395 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-10-01 15:14:45.902 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-10-01 15:14:45.903 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet 18-10-01 15:14:46.905 ERRO @udp_relay.go:177 [udp] 10.192.0.1:3838 > 239.192.0.0:3838: invalid packet
问题出在哪里?难道是下面的kone2.ini写错了吗?
bogon:~ brite$ cat kone2.ini [general] network = 10.192.0.1/16
[dns] nameserver = 208.67.222.222 nameserver = 208.67.220.220
[proxy "B"] url = socks5://127.0.0.1:1080
[pattern "proxy-website-keyword"] proxy = B scheme = DOMAIN-KEYWORD v = google
[rule] pattern = proxy-website-keyword final = B
[manager] listen = "127.0.0.1:9200" bogon:~ brite$
谢谢您
@yinheli hello. 终于搞定,原来它就是一个全局代理程序。不过我访问youtube,比如https://www.youtube.com/watch?v=wHPWYct5ufs ,90%的页面不能显示,是空白,只有顶部,约10%的面积有内容显示,这是为什么? 你那里可以用kone正常的看youtube视频吗
