Posted in Network

利用v2ray内置的规则屏蔽广告

不管是v2rayN还是v2rayNG,都默认包含两个dat文件,这两个dat文件中包含了大量规则,其中就有广告域名的收集。

https://github.com/v2ray/domain-list-community/blob/master/data/category-ads

https://github.com/v2ray/domain-list-community/blob/master/data/category-ads-all

列表中每行规则开头的include的作用是包含(内嵌)其他文件,可以看到每个网站、广告供应商都有一个专有合集,总数量十分庞大。而category-ads-all则include了category-ads,因此前者是后者的一个增强集合,不过扩展的内容并不多。

有了这个概念后,只需要启用这个规则即可。启用的方法是:

首先,打开流量探测功能(想要实现屏蔽效果就必须开启)。

然后,找到软件设置项的自定义规则,在blocked选项中填入geosite:category-ads-all。其含义是启用属性为geosite的category-ads-all规则,而对匹配到这些规则的流量进行block(屏蔽)处理。

但是这个方法的缺点是只适用于域名变化不大的广告供应商,现在很多供应商会经常更改域名,或者使用其他手段进行广告投放,所以实际效果并不理想。而且在v2ray的层面阻断广告流量的进入后,常常会导致某些内容无法继续加载。

目前最常用的屏蔽广告的方法还是首推浏览器插件,比如Ublock Origin。其次是系统级的广告屏蔽软件,比如Adbyby。相比较而言我更推荐前者,因为后者在安全和隐私上存在隐患(不是指Adbyby这款软件,而是指所有系统级的广告屏蔽软件)。

Posted in Network

让v2ray、Shadowsocks等软件搭配AdGuard DNS实现广告屏蔽效果

可能很多人第一时间想到的是在服务器端搭建AdGuard Home之类的程序,其实这是毫无必要的,因为事实上AdGuard Home不过是一款开源的本地广告拦截程序,而AdGuard官方早就提供了一个免费的DNS解决方案,只要把服务器的DNS改成AdGuard DNS即可。

那么是否有必要把整个服务器的DNS改为AdGuard DNS呢?其实也没必要,因为你的流量全部都是通过v2ray、Shadowsocks转发的,你只要把v2ray、Shadowsocks的DNS设置更改即可。

修改v2ray、Shadowsocks的config文件,添加一行:

 "nameserver":"94.140.14.14"

这行代码将会指定服务器端的v2ray、Shadowsocks程序通过AdGuard DNS访问网址,然后转发被过滤后的信息,自然也就达到了屏蔽广告的效果。修改配置文件后,需要重启一下v2ray、Shadowsocks的进程(或者重启服务器),以重新加载配置文件。

但是,如果你自己并没有修改服务器配置文件的权限,或者不知道怎么修改配置文件,有没有其他方法呢?当然有,那就是直接在v2ray、Shadowsocks客户端内手动指定DNS地址为 94.140.14.14。找到软件客户端内带有DNS设置的选项,自己尝试配置。

配置完成后,我们可以访问一些测试网站来查看屏蔽效果,比如https://d3ward.github.io/toolz/src/adblock.html。经过本人实测,AdGuard DNS的有效率高达87%,已经算是非常厉害了,日常使用完全足够。

使用AdGuard DNS的缺点在于会增加一定的网络延迟,尤其是访问国内网站时,会感受到明显的卡顿。境外DNS服务器对国内网站的优化都不算太好,即便是最常用的8.8.8.8,有时也会掉包、暂时无法访问,或者把网站解析到其他地方去。但目前来说,AdGuard DNS在国内的访问还算稳定,延迟也不算太高,为了过滤广告,这点忍耐不算什么。

知道上面这点后,你就应该了解到,如果偶尔发生无法联网的问题,并非是节点故障,很有可能是DNS服务器解析失败了,这时候需要你重新指定一下DNS服务器,比如国内的阿里云DNS 223.5.5.5

利用v2ray内置的规则实现广告屏蔽可以看下面这篇:

https://jaylinwu.wordpress.com/2021/10/21/v2ray-block-ads-with-built-in-rules/

Posted in Linux, Network, Visual Studio Code, Windows

VS Code SSH remote connect to Linux Server (Real Solution)

First of all, forget the one who told you using Putty to generate the key, it’s outdated now.

Why? Because in the past, only Linux supports SSH so that Windows should use third party tool to realize SSH remote connection. But now Windows 10 supports native SSH Client, so you must get used to this one and avoid strange errors or wrongs.

Then, let’s see how to generate SSH key by native SSH Client. It’s easy. Open your local terminal (Linux or Windows) and execute:

ssh-keygen

In fact, though there is many options can be added, I only recommend one:

ssh-keygen -C username

Must be uppercase C and you can change the username to be any name you want to use, but that should be used to log in your Linux Server as its username later. It should be the same as your Linux username.

After you execute the command, you just follow the instructions on the screen. If you want not to overwrite the existing key files, change the default directory. If it suggests you to input Phrase, that can be empty, just enter directly.

When done, remember the default directory in the instruction just now? For Windows, you can cd into C:\Users\your_username\.ssh\; for Linux, you can cd into home/username/.ssh/.

Now you can see two files: id_rsa and id_rsa.pub.

pub means public, so its a public key. For the other with no extension, it’s a private key.

Here is the annoying question: where should I put them?

Well, if you look up on the internet and you will find too much information about that but you will be more confused.

Exactly, ssh-keygen is just a tool to generate keys, that’s all. It’s not about how to connect. So whatever you generate on Windows or Linux, Client or Server, that’s fine, don’t care about it. You just use a tool to generate two files.

But then the following question again is: So where should I put them indeed?

Well, maybe there is many theories behind the scene, but let me tell you the simple truth: client stores the private key and server stores the public key.

For example, you have PC A and PC B, you want to use PC A connect to PC B, so you should store the private key on PC A and store the public key on PC B.

But you should always make sure they are in a pair because you may have generated many key pairs before or later.

Why the server should store the public key? In fact, it’s easy to understand. The server will show the public key to anyone, but only allow connecting with who holds the private key. Due to the key stored on the server is public, so we called it public key.

Now let’s move on.

Now that we have known we should upload our public key on the server, let’s do it. If your client is Linux, thats easy, using:

 $ ssh-copy-id user@host

But if you are using Windows, ssh-copy-id should not work. So we need to understand what ssh-copy-id does.

Okay, we find a new file called authorized_keys. Go to your Linux server (use shell, SFTP or GUI), create that authorized_keys file under home/user/.ssh/ and copy the pub file contents (you can open it by VS Code) and paste into the new empty file. Save it.

In fact, id_rsa and id_rsa.pub is not necessary here

In case, reboot your Linux server now.

And now we should care about our path to store the private key. If you generate the keys on Windows directly, you should store it under C:\Users\username\.ssh\. If you generate it on Linux but you want to let it be stored on your Windows, you should download it from the Linux first. How to download it? I think SFTP is the best way. Use your SFTP tool to download it from Linux path home/username/.ssh and then store it under the same path on Windows.

Now we should check what we have done before we go on:

  1. we generate SSH Keys in a pair using ssh-keygen
  2. we store the private key on our client Windows PC (under C:\Users\your_username\.ssh\)
  3. we store the public key on our server Linux PC (under home/username/.ssh/authorized_keys)

Now let’s move on.

Open your VS Code, install SSH extensions in Extension Store. After installation, you will find a new icon on the side bar. Click it.

You can add new connection by “+” button. Follow the instruction on the top popped out dialog. After done, click ⚙ button. It will let you choose the path where SSH key files store. Then you will open a config file.

You can edit something here:

Host will change the UI display on the panel.

Hostname: the IP address or URL of your server.

User: should be the same as ssh-keygen -C username.

Port: the SSH port. Default is 22.

If you are using Virtual Machine like VirtualBox, you need to forward your Virtual Machine port (like 22) to the Host Machine port (like 12345).

IdentityFile: if you don’t add this option, VS Code will use the default ssh path (C:\Users\username\.ssh). But if you have many SSH key files to store in different paths, you should tell VS Code where is that file. On Windows, the “\” should be changed to “\\”.

Edit this file as your condition and save it.

Sometimes, there’s a problem on connecting a server by a forwarded port. You need to use the server real IP directly. You need use “ifconfig” command on your server shell screen. If it doesn’t work, just use apt install net-tools to get it. Type ifconfig, you will see server IP on the shell screen. Use this IP in your vscode config file, and set Port as 22(or delete Port line because the default port is 22).

Before we go, a small thing we need to deal with: go to C:\Users\username\.ssh, you will find a file called known_hosts. Delete it, it will be regenerated itself.

Return your VS Code panel, move your cursor on the server you want to connect, an icon will be shown on the right. Click it and you will begin connection in the new window. Follow the instruction on the top pop out dialog, then everything should be done.

Enjoy it!

If you want to connect to the server by tools like Putty or Shell…

Remember, you must use the same username as your keys generated, or the server will deny connection. (Error message: Permission denied (publickey))

For example, if we generated the key with username jaylin, and you want to connect to the server by Shell, you must use the command below:

ssh jaylin@ipaddress

After log in as jaylin, if you want to get root permission, you can use

sudo su

If your private keys stored in some specific path, you should use command below:

ssh -i /path/id_rsa jaylin@ipaddress

If you still meet strange problems, try to delete the known_hosts file under C:\Users\username\.ssh.

Posted in Network

使用Fiddler解决UWP软件无法通过v2rayN、Shadowsocks代理

一直使用v2rayN、Shadowsocks的朋友一定会发现一个问题:开启全局代理的情况下,UWP软件无法代理,最典型的就是微软商店打开是一片空白,Windows开始菜单的必应网络搜索功能也无法正常使用。

为什么会这样呢?因为微软为UWP软件预设了沙箱,而这个沙箱默认阻断与本地网络(localhost,或者127.0.0.1)的连接,因此,UWP软件的流量无法通过代理软件(VPN也许有效,因为工作方式有所不同)。

那么如何解决这个问题呢?

既然我们知道了问题的根本,那当然是直接从根本入手:去除UWP的网络保护。

首先,我们需要下载安装一个软件,这款软件的名字叫做Fiddler (https://www.telerik.com/download/fiddler-everywhere)。

打开Fiddler,点击左上角的WinConfig按钮(需要UAC授权)。成功打开程序后,如果弹出警告,点击No按钮。

软件会列出全部UWP应用,我们可以发现,很多Windows系统组件也是UWP应用,这就难怪我们开启全局代理时,会出现部分Windows功能联网失败的情况。

在显示出来的列表中勾选你想要解除网络限制的UWP软件,勾选完毕后,注意点击上方的保存按钮以启用更改。

注意:一定要找到一个含有乱码的选项,microsoft.windows.authhost.*******************(一串乱码),此选项必须勾选,否则UWP软件在涉及账户授权的时候仍然无法通过系统代理,会出现非常尴尬的情况。

  • 典型场景:UWP版本的Outlook无法添加Gmail账号,原因就是没有让microsoft.windows.authhost.*******************(一串乱码)通过代理。

如果你不在乎安全性,或者不知道勾选哪些程序能够保证正常使用,可以选择全部勾选。在软件的最上方有个Exempt All按钮,点击这个按钮即可全部勾选,然后点击保存按钮。其实微软搞这项措施也只针对UWP,然而UWP应用基本都来自微软的应用商店,所以安全性基本是有保证的,解锁全部程序的联网限制没什么大问题。

Clash客户端自带的Loopback插件就是截取自Fiddler的,如果你下载安装了Clash,就不用再另外安装Fiddler了。

v2rayN最新版客户端也自带该程序,可以在文件夹根目录内找到,文件名为EnableLoopback.exe。

整个流程比较简单,而且实测有效。