全局内网穿透

注意:三端均需配置v2ray服务端/客户端

本场景需要三个主机,分别为:

  1. bridge(待访问的内网服务器)
  2. portal(具有公网IP的主机)
  3. client(需要访问内网的外部用户)

v2ray配置方法:

Windows下配置:

  1. https://github.com/v2fly/v2ray-core/releases 下载Windows版压缩包并解压。
  2. 修改config.json文件。
  3. 双击v2ray.exe运行即可。

Linux下配置:

  1. https://github.com/v2fly/v2ray-core/releases 下载Linux版压缩包并解压。
  2. 进入v2ray文件夹并授予权限:
1
chmod +x v2ray v2ctl
  1. 修改config.json文件
  2. 添加启动服务:
1
vim /usr/lib/systemd/system/v2ray.service
1
2
3
4
5
6
7
8
9
10
11
12
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target

[Service]
ExecStart=/bin/v2ray -config 文件夹/config.json
Restart=on-failure
RestartPreventExitStatus=23

[Install]
WantedBy=multi-user.target
  1. 创建软连接:
1
2
ln -s 文件夹路径/v2ray /bin/v2ray
ln -s 文件夹路径/v2ctl /bin/v2ctl
  1. 启动服务:
1
2
systemctl daemon-reload
systemctl start v2ray

配置文件config.json:

bridge:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
{
    "log": { //日志配置
      "access": "",
      "error": "",
      "loglevel": "info"
    },
    "reverse": {//反向代理配置
      "bridges": [
        {
          "tag": "bridge",
          "domain": "test.czh.com"//反向代理域名,可自定义,但需与portal中一致
        }
      ]
    },
    "outbounds": [
      {//用于连接自身网络
        "tag": "bridgeout",
        "protocol": "freedom"
      },
      {//用于连接portal
        "protocol": "vmess",
        "settings": {
          "vnext": [
            {
              "address": "portal的IP地址",
              "port": 端口号,//与portal中设置一致
              "users": [
                {
                  "id": "134b53ca-b0cc-44a7-a28f-4214842c2fd6",//uuid,与portal中设置一致
                  "alterId": 0
                }
              ]
            }
          ]
        },
        "tag": "interconn"
      }
    ],
    "routing": {
      "rules": [
        {//连接portal的路由规则
          "type": "field",
          "inboundTag": [
            "bridge"
          ],
          "domain": [
            "full:test.czh.com"//反向代理域名,注意前置的'full:'
          ],
          "outboundTag": "interconn"
        },
        {//连接自身网络的路由规则
          "type": "field",
          "inboundTag": [
            "bridge"
          ],
          "outboundTag": "bridgeout"
        }
      ]
    }
  }

portal:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
{
    "log": {//日志配置
      "access": "",
      "error": "",
      "loglevel": "info"
    },
    "reverse": {//反向代理配置
      "portals": [
        {
          "tag": "portal",
          "domain": "test.czh.com"//反向代理域名,可自定义
        }
      ]
    },
    "inbounds": [
      {//用于接受client的连接
        "tag": "portalin",
        "port": 端口号,//与client中设置一致
        "protocol": "vmess",
        "settings": {
          "clients": [
            {
              "id": "89682891-3d57-4cef-abbb-fbac5937ba29",//uuid,与client中设置一致
              "alterId": 0
            }
          ]
        }
      },
      {//用于接受bridge的连接
        "port": 端口号,//与bridge中设置一致
        "tag": "interconn",
        "protocol": "vmess",
        "settings": {
          "clients": [
            {
              "id": "134b53ca-b0cc-44a7-a28f-4214842c2fd6",//uuid,与bridge中设置一致
              "alterId": 0
            }
          ]
        }
      }
    ],
    "routing": {
      "rules": [
        {//接受client连接的路由规则
          "type": "field",
          "inboundTag": [
            "portalin"
          ],
          "outboundTag": "portal"
        },
        {//接受bridge连接的路由规则
          "type": "field",
          "inboundTag": [
            "interconn"
          ],
          "outboundTag": "portal"
        }
      ]
    }
  }

client:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
    "log": {//日志配置
      "access": "",
      "error": "",
      "loglevel": "info"
    },
    "inbounds": [
      {//代理配置
        "port": 端口号,//监听的端口号
        "listen": "127.0.0.1",//监听的IP地址
        "protocol": "http"
      }
    ],
    "outbounds": [
      {//用于连接portal
        "protocol": "vmess", 
        "settings": {
          "vnext": [
            {
              "address": "portal的IP",
              "port": 端口号,//与portal中设置一致
              "users": [
                {
                  "id": "89682891-3d57-4cef-abbb-fbac5937ba29",//uuid,与portal中设置一致
                  "alterId": 0
                }
              ]
            }
          ]
        }
      }
    ]
  }

启动服务:

bridgeportal直接启动服务即可。
client启动服务后,需设置代理:

Windows10/11:

设置 > 网络和Internet > 代理 > 手动设置代理

注意!!!在下列条目中删除自己需要访问的内网服务器IP段!
pic

v2ray内网穿透网络拓扑图

Linux:

1
export http_proxy=http://127.0.0.1:1080

注意:portal需开放config.json中inbounds设置的两个端口!