banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

Preventing telecommunication operators from monitoring user access.

#渗透1112
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This text provides instructions on how to enable tun mode in v2rayN, a software for internet proxying. It also explains how to configure the settings in Chrome and Edge browsers to enable encrypted client hello and secure DNS. The text also mentions the use of gvisor, a tool for network isolation and security, in v2ray's tun mode. Additionally, it discusses the domain resolution strategy and matching algorithm in v2rayN's routing settings.

image

  1. Enable tun mode for v2rayN: Open in administrator mode.

V2rayN open source project address: Click here

  1. v2rayN settings

Settings - Parameter settings - tun mode settings - Stack mode: gvisor
Settings - Routing settings - Enable advanced features - Domain resolution strategy: IPOnDemand - Domain matching algorithm: mph (select this option if it doesn't work after enabling the previous step)

  1. How to enable in Chrome browser

Enter chrome://flags/#encrypted-client-hello in the address bar, set the Encrypted ClientHello option to Enable, and restart the browser;
Enter chrome://flags/#use-dns-https-svcb-alpn in the address bar, set the Use DNS https alpn option to Enable, and restart the browser;
Settings - Privacy and security - Security - Use secure DNS - Select Cloudflare (1.1.1.1)

  1. How to enable in Edge browser

Settings - Privacy, search, and services - Security - Enable the use of secure DNS to specify how to find the network address of the website - Enter the service provider: https://1.1.1.1/dns-query
Find the browser shortcut - Right-click and select "Properties" - Add the parameter --enable-features=EncryptedClientHello after the space after "Target"

  1. Check if ECH is enabled in the browser

https://www.cloudflare.com/zh-cn/ssl/encrypted-sni/#results

  1. In v2ray's tun mode

System refers to the system proxy settings. When you use v2ray tun mode, you can choose to set the system proxy to v2ray, so that all network traffic will be proxied through v2ray.
gvisor is a tool for providing advanced network isolation and security. It is an open-source sandbox tool that can containerize at the operating system level to protect applications from malicious code attacks. Using gvisor can increase the security of network applications and prevent malicious code from attacking and abusing the system.

  1. v2rayN's routing settings

Domain resolution strategy
"AsIs": Only use domain for routing selection. Fast resolution, not precise routing. Default value.
"IPIfNonMatch": When a domain does not match any rules, resolve the domain to an IP (A record or AAAA record) and match again;
When a domain has multiple A records, it will try to match all A records until one matches a rule;
The resolved IP only takes effect in routing selection, the forwarded packets still use the original domain;
In theory, resolving is slightly slower than "AsIs", but it is usually not noticeable in use.
"IPOnDemand": When matching encounters any IP-based rules, immediately resolve the domain to an IP for matching. Most accurate but slowest.
Domain matching algorithm
"linear": Use linear matching algorithm, default value;
"mph": Use minimal perfect hash algorithm (v4.36.1+). Testing data is about 170,000 records, matching speed is improved by about 30%, and memory usage is reduced by about 15%.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.