Merge branch 'master' into scaleway

README.md

@@ -40,7 +40,7 @@ Some Streisand services include add-ons for further censorship and throttling re
 * [OpenVPN](https://openvpn.net/index.php/open-source.html)
  * [Stunnel](https://www.stunnel.org/index.html) add-on available.
 * [Shadowsocks](https://shadowsocks.org/en/index.html), 
- * [simple-obfs](https://github.com/shadowsocks/simple-obfs) add-on available.
+ * The [V2ray-plugin](https://github.com/shadowsocks/v2ray-plugin) is installed to provide robust traffic evasion on hostile networks (especially those implementing quality of service (QOS) throttling).
 * A private [Tor](https://www.torproject.org/) bridge relay
  * [Obfsproxy](https://www.torproject.org/projects/obfsproxy.html.en) with obfs4 available as an add-on.
 * [WireGuard](https://www.wireguard.com/), a modern high-performance protocol.

playbooks/roles/common/vars/main.yml

@@ -33,6 +33,8 @@ streisand_common_packages:
  # A UUID generator with an explicit random function.
  # Used for generating UUIDs for mobileconfig files
  - uuid
+ # Install git for source code retrieval and use with "go get" command
+ - git
 
 # Services that are running by default but not needed by Streisand
 streisand_unneeded_packages:

playbooks/roles/shadowsocks/defaults/main.yml

@@ -4,9 +4,7 @@ shadowsocks_local_port: "1080"
 shadowsocks_timeout: "600"
 shadowsocks_encryption_method: "chacha20-ietf-poly1305"
 shadowsocks_tcp_fast_open: "true"
-shadowsocks_obfs_plugin: "obfs-server"
-shadowsocks_client_obfs_plugin: "obfs-local"
-shadowsocks_obfs_cover_protocol: "http"
-shadowsocks_obfs_cover_domain: "www.github.com"
-shadowsocks_obfs_plugin_opts: "obfs={{ shadowsocks_obfs_cover_protocol }}"
-shadowsocks_obfs_client_plugin_opts: "obfs={{ shadowsocks_obfs_cover_protocol }};obfs-host={{ shadowsocks_obfs_cover_domain }}"
+shadowsocks_v2ray_plugin: "v2ray-plugin"
+shadowsocks_v2ray_cover_domain: "github.com"
+shadowsocks_v2ray_plugin_options: "host={{ shadowsocks_v2ray_cover_domain }}"
+shadowsocks_v2ray_plugin_protocol: "http"

playbooks/roles/shadowsocks/tasks/main.yml

@@ -18,11 +18,6 @@
  apt:
  package: "shadowsocks-libev"
 
-- name: Install the simple-obfs dependencies
- apt:
- package: "{{ shadowsocks_dependencies }}"
- install_recommends: no
-
 - name: Create the shadowsocks-libev config directory
  file:
  path: "{{ shadowsocks_location }}"
@@ -57,8 +52,8 @@
  register: shadowsocks_password
  changed_when: False
 
-# Add simple-obfs task file
-- import_tasks: simple-obfs.yml
+# Add V2ray support
+- import_tasks: v2ray.yml
 
 - name: Generate Shadowsocks config file
  template:

playbooks/roles/shadowsocks/tasks/v2ray.yml

@@ -0,0 +1,22 @@
+---
+- name: Add the repo for getting the latest version of Go
+ apt_repository:
+ repo: 'ppa:longsleep/golang-backports'
+ register: golang_add_apt_repository
+ until: not golang_add_apt_repository.failed
+ retries: "{{ apt_repository_retries }}"
+ delay: "{{ apt_repository_delay }}"
+
+- name: Install golang-go
+ apt:
+ package: "golang-go"
+
+- name: Set GOPATH
+ shell: "export {{ go_path }}"
+
+- name: Get V2Ray-plugin
+ shell: "go get {{ v2ray_github }}"
+
+- name: Copying v2ray-plugin to shadowsocks-libev directory
+ shell: "cp {{ v2ray_location }}/v2ray-plugin {{ shadowsocks_location }}"
+...

playbooks/roles/shadowsocks/templates/config.json.j2

@@ -6,6 +6,6 @@
  "timeout":{{ shadowsocks_timeout }},
  "method":"{{ shadowsocks_encryption_method }}",
  "fast_open":{{ shadowsocks_tcp_fast_open }},
- "plugin":"{{ shadowsocks_obfs_plugin }}",
- "plugin_opts":"{{ shadowsocks_obfs_plugin_opts }}"
+ "plugin":"{{ shadowsocks_location }}/v2ray-plugin",
+ "plugin_opts":"{{ v2ray_options }}"
 }

playbooks/roles/shadowsocks/templates/instructions-fr.md.j2

@@ -11,7 +11,7 @@ Shadowsocks
  * [Android](#android)
  * [iOS](#ios)
 * Plugins
- * [simple-obfs](#simple-obfs)
+ * [v2ray-plugin](#V2ray-plugin)
 
 <a name="windows"></a>
 ### Windows ###
@@ -116,14 +116,14 @@ Une fois que vous avez Shadowsocks fonctionnant localement, vous devrez transfé
  * Si c'est la première fois que vous utilisez Shadowrocket, iOS vous demandera de vérifier que l'application devrait avoir la permission d'ajouter des configurations VPN. Tapez *Permettre* et suivez les instructions.
 1. Vous pouvez vérifier que votre trafic est correctement routé par [recherche de votre adresse IP sur DuckDuckGo]({{ streisand_my_ip_url }}). Il devrait dire *Votre adresse IP publique est {{streisand_ipv4_address}}*.
 
-<a name="simple-obfs"></a>
-### simple-obfs pour les réseaux peu fiables/hostiles ###
-Pour les utilisateurs sur des réseaux peu fiables ou hostiles (en particulier la limitation de la qualité de service (QOS)), l'utilisation du plugin simple-obfs peut vous aider à atténuer ces problèmes. La configuration supplémentaire du client Shadowsocks pour utiliser le plugin simple-obfs peut être effectuée via la configuration suivante:
+<a name="V2ray-plugin"></a>
+### v2ray-plugin pour les réseaux peu fiables/hostiles ###
+Pour les utilisateurs sur des réseaux peu fiables ou hostiles (en particulier la limitation de la qualité de service (QOS)), l'utilisation du plugin simple-obfs peut vous aider à atténuer ces problèmes. La configuration supplémentaire du client Shadowsocks pour utiliser le plugin v2ray-plugin peut être effectuée via la configuration suivante:
 
  Server: {{ streisand_ipv4_address }}
  Port: {{ shadowsocks_server_port }}
  Password: {{ shadowsocks_password.stdout }}
  Encryption Method: {{ shadowsocks_encryption_method }}
- Plugin: {{ shadowsocks_client_obfs_plugin }}
- Plugin_Options: {{ shadowsocks_obfs_client_plugin_opts }}
-Les utilisateurs d'Android devront d'abord télécharger l'application [Simple obfuscation] (https://play.google.com/store/apps/details?id=com.github.shadowsocks.plugin.obfs_local&hl=fr), puis modifier le profil existant de Streisand sur votre client pour utiliser ce plugin. Vous pouvez le faire en appuyant sur le bouton d'édition (edit) à côté du profil, en tapant l'option Plugin en bas du profil et en sélectionnant le plugin "Simple obfuscation" dans le menu. Votre trafic Shadowsocks sera maintenant obscurci en tant que {{shadowsocks_obfs_cover_protocol}} trafic vers {{shadowsocks_obfs_cover_domain}}.
+ Plugin: {{ shadowsocks_v2ray_plugin }}
+ Plugin_Options: {{  shadowsocks_v2ray_plugin_options }}
+Les utilisateurs d'Android devront d'abord télécharger l'application [V2ray-plugin](https://play.google.com/store/apps/details?id=com.github.shadowsocks.plugin.v2ray), puis modifier le profil existant de Streisand sur votre client pour utiliser ce plugin. Vous pouvez le faire en appuyant sur le bouton d'édition (edit) à côté du profil, en tapant l'option Plugin en bas du profil et en sélectionnant le plugin "V2ray-plugin" dans le menu. Votre trafic Shadowsocks sera maintenant obscurci en tant que {{ shadowsocks_v2ray_plugin_protocol }} trafic vers `{{ shadowsocks_v2ray_cover_domain }}`.

playbooks/roles/shadowsocks/templates/instructions.md.j2

@@ -11,7 +11,7 @@ Shadowsocks
  * [Android](#android)
  * [iOS](#ios)
 * Plugins
- * [simple-obfs](#simple-obfs)
+ * [v2ray-plugin](#V2ray-plugin)
 
 <a name="windows"></a>
 ### Windows ###
@@ -117,15 +117,15 @@ This should return a 301 Found response **not** a connection refused error.
  * If this is your first time running Shadowrocket, iOS will ask you to verify that the application should have permission to add VPN configurations. Tap *Allow* and follow the instructions.
 1. You can verify that your traffic is being routed properly by [looking up your IP address on DuckDuckGo]({{ streisand_my_ip_url }}). It should say *Your public IP address is {{ streisand_ipv4_address }}*.
 
-<a name="simple-obfs"></a>
-### simple-obfs for unreliable/hostile networks ###
-For users on unreliable or hostile networks (esp. experiencing quality-of-service (QOS) throttling) using the simple-obfs plugin may help alleviate these issues. Further configuration of the Shadowsocks client to use the simple-obfs plugin can be carried out via the following configuration:
+<a name="V2ray-plugin"></a>
+### v2ray-plugin for unreliable/hostile networks ###
+For users on unreliable or hostile networks (esp. experiencing quality-of-service (QOS) throttling) using the [v2ray-plugin](https://github.com/shadowsocks/v2ray-plugin) may help alleviate these issues. Further configuration of the Shadowsocks client to use the v2ray-plugin can be carried out via the following configuration:
 
  Server: {{ streisand_ipv4_address }}
  Port: {{ shadowsocks_server_port }}
  Password: {{ shadowsocks_password.stdout }}
  Encryption Method: {{ shadowsocks_encryption_method }}
- Plugin: {{ shadowsocks_client_obfs_plugin }}
- Plugin_Options: {{ shadowsocks_obfs_client_plugin_opts }}
+ Plugin: {{ shadowsocks_v2ray_plugin }}
+ Plugin_Options: {{ shadowsocks_v2ray_plugin_options }}
 
-Android users will first need to download the [Simple Obfuscation](https://play.google.com/store/apps/details?id=com.github.shadowsocks.plugin.obfs_local&hl=en) plugin app, and then modify the existing Streisand profile on your client to use this plugin. You can do this by hitting the edit button next to the profile, tapping the `Plugin` option at the bottom of the profile and selecting the "Simple obsfucation" plugin from the menu. Your Shadowsocks traffic will now be obfuscated as `{{ shadowsocks_obfs_cover_protocol }}` traffic to `{{ shadowsocks_obfs_cover_domain }}`.
+Android users will first need to download the [V2ray-plugin](https://play.google.com/store/apps/details?id=com.github.shadowsocks.plugin.v2ray) plugin app, and then modify the existing Streisand profile on your client to use this plugin. You can do this by hitting the edit button next to the profile, tapping the `Plugin` option at the bottom of the profile and selecting the "V2ray-plugin" plugin from the menu. Your Shadowsocks traffic will now be obfuscated as `{{ shadowsocks_v2ray_plugin_protocol }}` traffic to `{{ shadowsocks_v2ray_cover_domain }}`.

playbooks/roles/shadowsocks/vars/main.yml

@@ -1,35 +1,12 @@
 ---
-# Note: these dependencies are only sufficient to build from source with the
-# --disable-documentation flag to configure. It is *not* sufficient to
-# build a .deb
-shadowsocks_dependencies:
- - git
- - gcc
- - make
- - autoconf
- - automake
- - shtool
- - libtool
- - libev-dev
- - libmbedtls-dev
- - libpcre3-dev
- - libsodium-dev
- - libc-ares-dev
- # Shadowsocks may complain about lack of entropy without rng-tools installed
- - rng-tools
- - libssl-dev
-
-# Configuring the build without documentation means we save close to 900mb of deps
-# with the tradeoff of not creating man pages
-shadowsocks_configure_flags: "--disable-documentation --prefix=/usr"
-
 shadowsocks_location: "/etc/shadowsocks-libev"
 shadowsocks_password_file: "{{ shadowsocks_location }}/shadowsocks-password.txt"
 
-# simple-obfs vars
-simple_obfs_version: "0.0.5"
-simple_obfs_compilation_directory: "/usr/local/src/shadowsocks-simple-obfs-{{ simple_obfs_version }}"
-simple_obfs_configure_flags: "--disable-documentation"
+# V2ray-plugin
+go_path: "GOPATH=$HOME/go"
+v2ray_github: "github.com/shadowsocks/v2ray-plugin"
+v2ray_location: "/root/go/bin"
+v2ray_options: "server;host={{ shadowsocks_v2ray_cover_domain }}"
 
 # Add -v for verbose mode to help with debugging
 shadowsocks_daemon_args: "-u"

playbooks/roles/tor-bridge/tasks/main.yml

@@ -1,8 +1,8 @@
 ---
 - name: "Add the Tor APT key"
  apt_key:
- id: A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
- keyserver: keyserver.ubuntu.com
+ url: "https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc"
+ state: present
 
 - name: Add the Tor repository
  apt_repository:

playbooks/roles/tor-bridge/tasks/mirror-common.yml

@@ -14,7 +14,7 @@
  # formats though.
  #
  # https://trac.torproject.org/projects/tor/ticket/8940#comment:28
- shell: curl -s 'https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions' | python -c 'import json; import re; import sys; j = json.load(sys.stdin); print [re.sub(r"-.*$", "", tbb) for tbb in j if "a" not in tbb and "b" not in tbb][-1];'
+ shell: curl -s 'https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions/' | python -c 'import json; import re; import sys; j = json.load(sys.stdin); print [re.sub(r"-.*$", "", tbb) for tbb in j if "a" not in tbb and "b" not in tbb][-1];'
  args:
  warn: no
  register: tor_latest_recommended_check