Skip to content

Instantly share code, notes, and snippets.

@SaeedDev94

SaeedDev94/#xray2vpn.sh

Created August 5, 2024 16:18
Show Gist options
  • Save SaeedDev94/61a188f0496976c9b42368a7e1b07fde to your computer and use it in GitHub Desktop.
Save SaeedDev94/61a188f0496976c9b42368a7e1b07fde to your computer and use it in GitHub Desktop.
Download ZIP
Raw
#xray2vpn.sh
#!/bin/bash
if [ "$EUID" -ne 0 ]; then echo "Please run as root"; exit; fi
REMOTE_SERVER="x.x.x.x"
INBOUND_ADDR="127.0.0.1"
INBOUND_PORT="10808"
TPROXY_CHAIN="XRAY_TPROXY"
GATEWAY_CHAIN="XRAY_GATEWAY"
EXCLUDE_MARK="5"
TPROXY_MARK="1"
TPROXY_TABLE="99"
XRAY_EXE="/opt/xray/xray"
XRAY_CONFIG="/path/to/config.json"
apply() {
local MAIN="$1"
local CHAIN="$2"
local CHECK=$(iptables -t mangle --list $MAIN | grep $CHAIN)
if [ -n "$CHECK" ]; then
echo "$CHAIN exits in $MAIN !!"
exit 0
fi
iptables -t mangle -N $CHAIN
iptables -t mangle -A $CHAIN -d 127.0.0.1/8 -j RETURN
iptables -t mangle -A $CHAIN -d 255.255.255.255 -j RETURN
iptables -t mangle -A $CHAIN -d 192.168.0.0/16 -p tcp -j RETURN
iptables -t mangle -A $CHAIN -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A $CHAIN -p udp --dport 123 -j RETURN
iptables -t mangle -A $CHAIN -p udp --dport 323 -j RETURN
iptables -t mangle -A $CHAIN -d $REMOTE_SERVER -j RETURN
iptables -t mangle -A $CHAIN -j RETURN -m mark --mark $EXCLUDE_MARK
if [[ "$CHAIN" == "$TPROXY_CHAIN" ]]; then
iptables -t mangle -A $CHAIN -p tcp -j TPROXY --on-ip $INBOUND_ADDR --on-port $INBOUND_PORT --tproxy-mark $TPROXY_MARK
iptables -t mangle -A $CHAIN -p udp -j TPROXY --on-ip $INBOUND_ADDR --on-port $INBOUND_PORT --tproxy-mark $TPROXY_MARK
fi
if [[ "$CHAIN" == "$GATEWAY_CHAIN" ]]; then
iptables -t mangle -A $CHAIN -p tcp -j MARK --set-mark $TPROXY_MARK
iptables -t mangle -A $CHAIN -p udp -j MARK --set-mark $TPROXY_MARK
fi
echo "++ $CHAIN => $MAIN"
iptables -t mangle -A $MAIN -j $CHAIN
}
flush() {
local MAIN="$1"
local CHAIN="$2"
echo "-- $CHAIN => $MAIN"
iptables -t mangle -D $MAIN -j $CHAIN
iptables -t mangle -F $CHAIN
iptables -t mangle -X $CHAIN
}
start() {
echo "Starting ..."
apply "PREROUTING" "$TPROXY_CHAIN"
apply "OUTPUT" "$GATEWAY_CHAIN"
ip rule add fwmark $TPROXY_MARK table $TPROXY_TABLE
ip route add local default dev lo table $TPROXY_TABLE
}
stop() {
echo "Stoping ..."
flush "PREROUTING" "$TPROXY_CHAIN"
flush "OUTPUT" "$GATEWAY_CHAIN"
ip route del default table $TPROXY_TABLE
ip rule del fwmark $TPROXY_MARK
}
trap stop EXIT
start
$XRAY_EXE run -c "$XRAY_CONFIG"
Raw
client.json
// dns
{
"servers": [
"1.1.1.1",
"1.0.0.1"
]
}
// inbounds
{
"protocol": "dokodemo-door",
"port": 10808,
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls", "quic"]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"tag": "transparent"
}
// outbounds
{
"protocol": "vless",
"settings": {
"domainStrategy": "UseIP"
},
"streamSettings": {
"sockopt": {
"mark": 5
}
},
"tag": "proxy"
}
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
},
"streamSettings": {
"sockopt": {
"mark": 5
}
},
"tag": "direct"
}
{
"protocol": "dns",
"proxySettings": {
"tag": "proxy"
},
"tag": "dns-out"
}
// routing
{
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"network": "udp",
"port": 53,
"inboundTag": ["transparent"],
"outboundTag": "dns-out"
},
{
"ip": [
"geoip:ir",
"geoip:private"
],
"outboundTag": "direct"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment