Proxy summary

I built a proxy network allowing me to access various resources across the Internet. As shown in the figure below, servers on different locations are deployed and connected by either direct proxy (solid line) or reverse proxy (dash line). connection mapping are labelled in the format of '(x to y) * z', indicating z groups of x clients each connecting to y servers.

campus
campus
Internet
Internet
China
China
campus
campus
1 to m
1 to m
client
n2n edge
client...
s to n
s to n
server * s
vmess+ws
n2n supernode
server * s...
(n/k to 1) * k
(n/k to 1) * k
CDN server * n
https
CDN server * n...
VPS server * k
vmess+ws+tls
VPS server * k...
server
reverse proxy
server...
1 to n
1 to n
client
client
VPS
server
http
VPS...
1 to k
1 to k
client
client
China campus
outbound
China campus...
Internet VPS
outbound
Internet VPS...
Internet campus
outbound
Internet campus...
server
reverse proxy
server...
server * (m-s)
socks
n2n edge
server * (m-s)...
(m-s) to n
(m-s) to n
Text is not SVG - cannot display

by tools

  • v2fly/v2ray-core: secure proxy, balancer, router
    • Qv2ray/Qv2ray: v2ray gui for pc
    • SagerNet/SagerNet: v2ray gui for android
  • ntop/n2n: virtual LAN adaptor
  • alexkirsz/dispatch-proxy: adaptor combiner
  • nginx/nginx: server side http proxy, http reverse proxy, http port reuse
  • haad/proxychains: proxy chains, socks,http->app, for pc
  • proxifier: proxy chains, socks,http->app, for windows
  • ambrop72/badvpn/tun2socks: socks->adaptor
  • torproject/tor,tpo/applications/tor-browser: anonymous http
  • FelisCatus/SwitchyOmega: socks,http->browser

by application senario

bypass GFW with server port access

  • v2fly/v2ray-core+nginx/nginx: vmess+ws+tls->socks5, balancer, multiple domain cdn servers for acceleration and camouflage

bypass campus Internet outbound speed limit (campus has no LAN speed limit)

has LAN servers with server port access

  • v2fly/v2ray-core+nginx/nginx: vmess+ws->socks5, balancer, multiple in-campus servers for acceleration, speed *= number of servers

without servers

  • alexkirsz/dispatch-proxy: LAN + WLAN + USB LAN + USB hotspot: speed *= 4

reverse proxy without server port access

  • v2fly/v2ray-core: reverse proxy
  • microsoft/vscode: temporary port forwarding

LAN traversal with server root access

  • ntop/n2n

notes

  • campus LAN should be seen as public with even more strict censorship but less decryption ability, never use unencrypted proxy in campus LAN
  • watch out for DNS leak, use firewall rules to block port 53 if necessary
  • if necessary use firewall rules to block all connections except localhost proxy