gost: GO Simple Tunnel

by ddos ·

gost – GO Simple Tunnel

Features

  • Listening on multiple ports
  • Multi-level forward proxies – proxy chain
  • Standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support
  • Probing resistance support for web proxy
  • TLS encryption via negotiation support for SOCKS5 proxy
  • Support multiple tunnel types
  • Tunnel UDP over TCP
  • Local/remote TCP/UDP port forwarding
  • TCP/UDP Transparent proxy
  • Shadowsocks Protocol (TCP/UDP)
  • SNI Proxy
  • Permission control
  • Load balancing
  • Route control
  • DNS resolver and proxy
  • TUN/TAP Device

Getting started

No forward proxy

  • Standard HTTP/SOCKS5 proxy
gost -L=:8080
  • Proxy authentication
gost -L=admin:123456@localhost:8080
  • Multiple sets of authentication information
gost -L=localhost:8080?secrets=secrets.txt

The secrets parameter allows you to set multiple authentication information for HTTP/SOCKS5 proxies, the format is:

# username password 
test001 123456 
test002 12345678
  • Listen on multiple ports
gost -L=http2://:443 -L=socks5://:1080 -L=ss://aes-128-cfb:123456@:8338

Forward proxy

gost -L=:8080 -F=192.168.1.1:8081
  • Forward proxy authentication
gost -L=:8080 -F=http://admin:123456@192.168.1.1:8081

Multi-level forward proxy

 

gost -L=:8080 -F=quic://192.168.1.1:6121 -F=socks5+wss://192.168.1.2:1080 -F=http2://192.168.1.3:443 … -F=a.b.c.d:NNNN

Gost forwards the request to a.b.c.d:NNNN through the proxy chain in the order set by -F, each forward proxy can be any HTTP/HTTPS/HTTP2/SOCKS4/SOCKS5/Shadowsocks type.

Local TCP port forwarding

gost -L=tcp://:2222/192.168.1.1:22 [-F=...]

The data on the local TCP port 2222 is forwarded to 192.168.1.1:22 (through the proxy chain). If the last node of the chain (the last -F parameter) is an SSH forward tunnel, then gost will use the local port forwarding function of SSH directly:

gost -L=tcp://:2222/192.168.1.1:22 -F forward+ssh://:2222

Local UDP port forwarding

gost -L=udp://:5353/192.168.1.1:53?ttl=60 [-F=...]

The data on the local UDP port 5353 is forwarded to 192.168.1.1:53 (through the proxy chain). Each forwarding channel has a timeout period. When this time is exceeded and there is no data interaction during this time period, the channel will be closed. The timeout value can be set by the ttl parameter. The default value is 60 seconds.

NOTE: When forwarding UDP data, if there is a proxy chain, the end of the chain (the last -F parameter) must be gost SOCKS5 proxy, gost will use UDP-over-TCP to forward data.

Remote TCP port forwarding

gost -L=rtcp://:2222/192.168.1.1:22 [-F=... -F=socks5://172.24.10.1:1080]

The data on 172.24.10.1:2222 is forwarded to 192.168.1.1:22 (through the proxy chain). If the last node of the chain (the last -F parameter) is an SSH tunnel, then gost will use the remote port forwarding function of SSH directly:

gost -L=rtcp://:2222/192.168.1.1:22 -F forward+ssh://:2222

Remote UDP port forwarding

gost -L=rudp://:5353/192.168.1.1:53?ttl=60 [-F=... -F=socks5://172.24.10.1:1080]

The data on 172.24.10.1:5353 is forwarded to 192.168.1.1:53 (through the proxy chain). Each forwarding channel has a timeout period. When this time is exceeded and there is no data interaction during this time period, the channel will be closed. The timeout value can be set by the ttl parameter. The default value is 60 seconds.

NOTE: When forwarding UDP data, if there is a proxy chain, the end of the chain (the last -F parameter) must be gost SOCKS5 proxy, gost will use UDP-over-TCP to forward data.

HTTP2

Gost HTTP2 supports two modes:

  • As a standard HTTP2 proxy, and backward compatible with the HTTPS proxy.
  • As a transport tunnel.

Install & Use

Copyright (c) 2016 ginuerzh

Tags: golang tunnel