Redirecting Resilio Sync's tracker and relay connection through a SOCKS server, without using global proxy settings.
通过SOCKS代理连接Resilio Sync的tracker和relay服务器,保持peer连接仍然直连。
Support Resilio Sync 2.5.7+.
支持Resilio Sync 2.5.7以上版本。
Resilio Sync's tracker and relay servers are block by The Wall. Without trackers, Sync can not discover peers on the Internet.
Resilio Sync的服务器被和谐了,没有tracker服务器,就没有办法找到P2P的邻居节点。
Sync does provide a global proxy function, which will redirect both peer connections and server connections through the proxy. It will slow down peer connection speed and it's conflicting to the P2P nature of Sync.
Sync软件可以设置全局代理,但这样和邻居的连接也经过代理,速度慢、流量大,而且和P2P的**相违背。
The tools are written in Python. Make sure you have the right environment to run these scripts.
这个工程是Python写的,因此你需要合适的Python 2.7运行环境来运行这些代码。
Download the source code. Install PySocks package (type the following command in a Terminal window):
Mac自带了Python环境,只需要安装PySocks库即可。在命令行用下面的指令安装:
pip install PySocks
I have created an executable package with py2exe. You can download it here: https://github.com/the729/sync-over-the-wall/raw/master/bin/sync-over-the-wall-x64bin.zip
我用py2exe创建了一个可以直接运行的exe文件,可以在上面那个链接中下载。
There are 2 ways to use sync-over-the-wall. You should choose one.
共有两种方式来使用这个工具,而且你得选择一种。
For Method 1, you need a SOCKS4/SOCKS5 proxy server that can go through The Wall. The downside of this method is that you have to keep a script running on your computer all the time when you use Sync.
第一种方法,需要一个可以翻墙的SOCKS4/5代理服务器即可。用这个方法,你需要在使用Sync的时候,一直保持一个后台脚本的运行。
For Method 2, you need a server that can go through The Wall, and you can configure iptables port forwarding on it. Normally, you can use a cloud VPS such as AWS. This way, you don't have to keep any script running while you use Sync.
第二种方法,需要一个可以翻墙的服务器,而且你可以在服务器上配置iptables转发规则。你可以用诸如AWS或者阿里云香港的云服务器。这样就不需要在使用中在后台跑任何脚本了。
Method 2 is recommended if you have the resources.
如果有能力搞定云服务器,推荐使用方法2。
Following are the detailed explaination and instructions. The original Sync system works like this:
接着看下面的具体原理和配置方法。下图是Sync本身的链接关系图。
First, rename sync.method1.conf to sync.conf. Normally, you don't have to edit it.
首先,把sync.method1.conf文件重命名为sync.conf。这个文件通常不再需要修改了。
Run config_server.py (or config_server.exe) with Admin previledge. It uses hosts file to redirect Sync software to our fake config server. That's why we need Admin.
以管理员权限运行config_server.py(或exe)。之所以需要管理员权限,是因为我们要修改hosts文件。
On Windows, right-click config_server.exe and choose "Run as Administrator".
用Windows,可以右键点击config_server.exe,选择“以管理员运行”。
On Mac, from a terminal, type the command:
用Mac,在终端窗口敲下面的指令即可。
sudo python config_server.py
After the fake server is properly running, you have to restart Sync software according to the prompt.
当我们冒充的config服务器启动后,你需要根据窗口中的提示,重启Sync。
After Sync has downloaded the config file, the fake server will shutdown automatically, and the hosts file will be restored. Since the real config.resilio.com is blocked, Sync can not download the real tracker list. So it will keep using our fake version, which is cached.
重启Sync后,它会从我们的冒充服务器下载sync.conf文件,并保存在缓存中。此后,我们的冒充服务器就会自动关闭,然后自动恢复hosts文件的设置。因为真的config.resilio.com被和谐了,所以此后Sync无法获得真的sync.conf文件,就会一直使用缓存中的数据。
If the program blocks at "Restart Sync" message and does not finish after Sync restarted, it is probably because the (fake) certificate we use does not pass the validation. It is wierd that some of the machines I test does not require a valid certificate while some others do. You can manually trust the CA certificate "do_not_trust.crt" (by double click open the cert and add it to the Trusted CA list), and retry this whole step again. Remember to untrust the cert after this step.
如果重启了Sync之后,程序卡住了而没有自动执行完成,那多半是因为Sync不能验证我们的假证书。奇怪的是,一些机器上,Sync并不验证证书的有效性,但在有些机器上,却要求证书有效。这时,你可以把"do_not_trust.crt"这个文件证书添加到系统的信任列表中(通常双击打开,再选择添加到信任的CA列表),之后重新尝试整个步骤。不要忘了在这一步完成之后,停止信任这个证书。
Rename proxy.method1.conf to proxy.conf, and edit it with your own SOCKS4/5 proxy server address and port. Be careful that this file must be a valid JSON.
把proxy.method1.conf重命名为proxy.conf,并修改这个文件,写入你的SOCKS4/5服务器的地址和端口。注意这个文件是JSON格式的。
Run tracker_proxy.py (or tracker_proxy.exe). It does not need special previledge. It will transparently redirect Sync tracker connection to the SOCKS server configured in proxy.conf. This script should be kept running.
启动tracker_proxy.py(或exe),它不需要管理员权限。它会利用刚刚在proxy.conf中定义的SOCKS代理,在本机建立透明的TCP转发服务。这个脚本需要一直在后台运行。
This step is very similar to the same step in Method 1. Rename sync.method2.conf to sync.conf, and edit it to point it directly towards your port-forwarding server.
第一步和方法一的第一步非常相似。同样需要重命名sync.method2.conf,注意这时需要修改这个文件,写入你的服务器的地址和端口。
Then, follow the same steps as Method 1 to let Sync cache the tracker list.
接着按照方法一中这一步骤的方法,让Sync从冒充服务器上获取并缓存sync.conf文件。
Assuming your server's public IP address is 111.111.111.111, and 173.244.217.42 and 107.182.230.198 are Sync's primary tracker and relay server:
假设你的服务器IP地址是111.111.111.111。Sync的真是Tracker和Relay服务器地址是173.244.217.42和107.182.230.198。在服务器上用下面指令配置TCP端口转发。
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 4000 -j DNAT --to-destination 173.244.217.42:4000
iptables -t nat -A POSTROUTING -d 173.244.217.42 -p tcp -m tcp --dport 4000 -j SNAT --to-source 111.111.111.111
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3000 -j DNAT --to-destination 107.182.230.198:3000
iptables -t nat -A POSTROUTING -d 107.182.230.198 -p tcp -m tcp --dport 3000 -j SNAT --to-source 111.111.111.111
TCP tee proxy code is based on https://gist.github.com/jwustrack/0c7cb063a28ce14766d421e8d8a12fcc
TCP三通代理代码是基于上面链接中的gist.
The core idea of Method 2 is based on https://forum.resilio.com/topic/43469-volunteers-required/?do=findComment&comment=121618
方法二的核心**是基于上述论坛帖子。