basil00 / reqrypt Goto Github PK

Some people on Russian forums complain that there's no 32 bit build of ReQrypt. They probably use laptops with low amount of soldered (non-replaceable) RAM.
Please make 32 bit build if it's not too hard.

1)after about two minutes, the speed drops
2) is it possible to bypass the game server lock, the server is on Amazon

Hello, I want to use Reqrypt on adapter which i choose, please add this option in setting.

And if i can choose, then how to edit, i editted by notepad.exe, but it doesnt working

Local subnets should not be handled by ReQrypt.

10.0.0.0/8
192.168.0.0/16
172.16.0.0/19
169.254.0.0/16

Reqrypt works only in auto-started browser.
If i start browser manually - it doesn't working. May be i do something wrong?

ReQrypt does not work! Probably a problem in the server.
Will this problem be solved?

Problems started to appear on newer versions of Windows. Random hangs, unsuccessful program terminations, problems that do not go away without restarting the operating system and so on..
So if you find some free time, can you release the new version?

I've done a few Divert build tests with the self-signed certificate. It hasn't been a problem so far. But it feels inappropriate to use it this way.

My development environment:

*Windows 10 2004 OS Build 19041.572
--bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS
--bcdedit.exe -set TESTSIGNING ON
*WDK for Windows 10, version 2004
*Visual Studio 2019 version 16.7.6
*gcc version 10.2.0

And thank you very much for your efforts @basil00 .

I want to configure this at my parents PC. Is auto-start function planned in this tool?

The MacOSX version of ReQrypt depends on ipfw which has been deprecated. See #2.

Hi
How to add other port number ,e.g TCP PORT 22
and can i tunnle icmp?
i use own reqryptd server for test.
i try to add iptables rule,but it's not work.

thank you very much

forum.miranda-ng.org is not blocked by my ISP.

When ReQrypt is enabled, a PR_CONNECT_RESET_ERROR error occurs when trying to leave a comment on the forum.

I have access to web server configuration, what should I look for?

If reqrypt could force all trafic use ssl, like stunnel does, it will do the trick.
We will expect your "Eureka" moment.
:)

Many users don't use only a windows PC, now days Phone, TV and... has internet connection. so its vital to access the uncensored connection
So Does it possible release a package for openWrt please?!
Thank you!

Hello,

Up until today everthing was working flawlessly. However today reqrypt wasnt working.
Eventhough, in the configuration page starts with localhost servers look green.
Like in this picture;

https://prntscr.com/oosji3

Also, while using reqrypt no website open up and i get this message for blocked sites.

https://prntscr.com/oosjet

For non bloked sites i get a message like this

https://prnt.sc/ooy8n6

I use google's dns but to be make sure about it i also used dnscrypt and used cloudflare's dns wıth DoH bu the result was the same. Also checked firewall and reqrypt isn't blocked.

My question is does my isp bloked the default servers or is there a problem with the default servers?

Please make Reqrypt work as a proxy, socks, http(s) proxy, or something like that.
I do not like windivert because I want Reqrypt work on applications which I choose, not redirect all traffic. Thank you.

Currently reqrypt can be used on local computer.
Can it be cross compiled for some other linux system like LEDE and work there?

Freebsd build fails if i dont redefine CLOCK_MONOTONIC_RAW to CLOCK_MONOTONIC

(cd src; gmake clean; gmake -j 4 client) gmake[1]: Entering directory '/root/reqrypt3/src' rm -f base64.o client.o checksum.o cktp_client.o cktp_common.o cktp_encoding.o cktp_url.o config.o encodings/aes.o encodings/aes_hardware.o encodings/crypt.o encodings/pad.o encodings/natural.o http_server.o install.o log.o options.o packet.o packet_dispatch.o packet_filter.o packet_protocol.o packet_track.o random.o tunnel.o freebsd/capture.o freebsd/misc.o base64.o checksum.o config.o cktp_common.o cktp_encoding.o cktp_server.o cktp_url.o encodings/aes.o encodings/aes_hardware.o encodings/crypt.o encodings/pad.o linux/misc.o quota.o random.o server.o server_table.o http_data.c install_data.c tools/file2c gmake[1]: Leaving directory '/root/reqrypt3/src' gmake[1]: Entering directory '/root/reqrypt3/src' gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o base64.o base64.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o client.o client.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o checksum.o checksum.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o cktp_client.o cktp_client.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o cktp_common.o cktp_common.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o cktp_encoding.o cktp_encoding.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o cktp_url.o cktp_url.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o config.o config.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o encodings/aes.o encodings/aes.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -maes -mssse3 -flax-vector-conversions -c -o encodings/aes_hardware.o encodings/aes_hardware.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o encodings/crypt.o encodings/crypt.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o encodings/pad.o encodings/pad.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -O3 -c -o encodings/natural.o encodings/natural.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ tools/file2c.c -o tools/file2c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o log.o log.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o options.o options.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o packet.o packet.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o packet_dispatch.o packet_dispatch.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o packet_filter.o packet_filter.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o packet_protocol.o packet_protocol.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o packet_track.o packet_track.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o random.o random.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o tunnel.o tunnel.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o freebsd/capture.o freebsd/capture.c gcc -DCLIENT -DFREEBSD -maes -Wall -O2 -I /root/reqrypt3/src/ -c -o freebsd/misc.o freebsd/misc.c freebsd/misc.c: In function 'gettime': freebsd/misc.c:146:19: error: 'CLOCK_MONOTONIC_RAW' undeclared (first use in this function) clock_gettime(CLOCK_MONOTONIC_RAW, &ts); ^~~~~~~~~~~~~~~~~~~ freebsd/misc.c:146:19: note: each undeclared identifier is reported only once for each function it appears in <builtin>: recipe for target 'freebsd/misc.o' failed gmake[1]: *** [freebsd/misc.o] Error 1 gmake[1]: *** Waiting for unfinished jobs.... gmake[1]: Leaving directory '/root/reqrypt3/src' *** Error code 2

I added

#ifndef CLOCK_MONOTONIC_RAW #define CLOCK_MONOTONIC_RAW CLOCK_MONOTONIC #endif

in freebsd/misc.c to get around this issue.

The server does not work more than two days, and now it does not work either.
http://funkyimg.com/i/2C4Xg.jpg

Hello sir how can please give me how to use example

I notice that the reqrypt server side must work in a ip-spoofing-server
Actually I am looking for this kind of servers.
I am writing an project for proxy internet access, which works as what you do.
https://github.com/ptpt52/natcap

Could you tell me where I can get this kind of servers( or vps)?

Доброго, можно как либо создать свой сервер на Windows? Я уже почитал вашу инструкцию в #38 но я так и не понял как это на Windows развернуть..
Потому что когда я устанавливаю ReQrypt он не работает с вашим доменом по умолчанию - возможно провайдер блокирует..

Хотя если не ошибаюсь 2 года назад он работал стабильно у меня на том же провайдере..

I ran reqrypt with --no-iptables --no-ui options.
iptables

iptables -I FORWARD -p tcp -m tcp -m mark ! --mark 40402 -j NFQUEUE --dport 443 --queue-num 40403
iptables -I FORWARD -p tcp -m tcp -m mark ! --mark 40402 -j NFQUEUE --dport 80 --queue-num 40403

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
  997 87186 NFQUEUE    tcp  --  any    any     anywhere             anywhere             tcp dpt:www mark match ! 0x9dd2 NFQUEUE num 40403
 5706 1029K NFQUEUE    tcp  --  any    any     anywhere             anywhere             tcp dpt:https mark match ! 0x9dd2 NFQUEUE num 40403

Normally it worked but some sites did not respond.
Browser showed ERR_EMPTY_RESPONSE or ERR_SPDY_PROTOCOL_ERROR page.
Their sites worked on windows version.

I tried various options in reqrypt.config.
Is https fragment feature implement badly on linux ?
Any idea?

RUS: Спасибо огромное за ReQrypt, это просто идеальное оружие против РКН. Сделайте пожалуйста там больше функционала для гибридного трафика с мешаниной DNS Ipv4 и по больше про ipv6 поддержку перекрёстного трафика.

ENG: Thank you so much for ReQrypt, this is just the perfect weapon against RKN. Please do more functionality for hybrid traffic with Ipv4 DNS hash and more on ipv6 support for cross traffic.

It will allow it to show up in this list to gain visibility:
https://github.com/topics/censorship-circumvention

Currently, running a ReQrypt server requires support for IP spoofing, which is disallowed by most networks due to the potential for abuse. This makes it difficult to set up new ReQrypt servers to help support the network. As such, ReQrypt is vulnerable to ISPs simply blocking traffic to the (currently single) server (#13).

One solution might be to support "tunnel forwarding", where a server acts as a front for another server, as illustrated below:

                     +-----------+
     +---------------|    WEB    |-------------+
     |               |  SERVER   |             |
     |               +-----------+             |
     |                                         |
     V                                         |
+-----------+        +-----------+        +----------+
|    PC     |------->|  SERVER'  |------->|  SERVER  |
|  a.b.c.d  |<-------|  p.q.r.s  |<-------|  x.y.z.w |
+-----------+        +-----------+        +----------+

Under this idea, the user connects to the main ReQrypt server (SERVER) by tunneling through another server (SERVER'). Control messages (from SERVER to PC) are also sent via SERVER', meaning that there is no direct communication with the main server (SERVER).

This has some big advantages:

• To the end user, SERVER' behaves just like a regular ReQrypt server, so no change to the user experience.
• SERVER' does not need to support IP spoofing, making it easier to set up "new" servers. Thus if an ISP blocks SERVER' then it is easy to set up SERVER'', etc., making it much easier to support a larger network and play cat-and-mouse games.
• The ISP does not see any traffic to the main server (SERVER), so cannot block it.

The main disadvantage is a performance reduction due to extra hops. But this should be minimal if both SERVER and SERVER' are geographically close together.

Implementing this would also require a bit of work.

If you turn off and turn on the router, when reqrypt works, Internet access is lost.
It is necessary to restart reqrypt manually - then all is well.
The same problem if there was a breakage of communication through the fault of the provider.
You must restart reqrypt manually.

These settings are used: http://funkyimg.com/i/2BzXb.jpg

Just log (MacOS, but errors related just to C):

➜  separated git clone https://github.com/akzhan/reqrypt.git
Cloning into 'reqrypt'...
remote: Counting objects: 687, done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 687 (delta 2), reused 5 (delta 2), pack-reused 677
Receiving objects: 100% (687/687), 296.92 KiB | 0 bytes/s, done.
Resolving deltas: 100% (460/460), done.
➜  separated cd reqrypt
➜  reqrypt git:(master) autoconf -o configure configure-freebsd.ac
➜  reqrypt git:(master) ✗ ./configure
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for gcc option to accept ISO C99... none needed
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking pthread.h usability... yes
checking pthread.h presence... yes
checking for pthread.h... yes
configure: creating ./config.status
config.status: creating cfg.mk
config.status: creating src/cfg.h
➜  reqrypt git:(master) ✗ make client_install_macosx
(cd src; \
	 make clean; \
	 make -j 4 client)
rm -f base64.o client.o checksum.o cktp_client.o cktp_common.o cktp_encoding.o cktp_url.o config.o encodings/aes.o encodings/aes_hardware.o encodings/crypt.o encodings/pad.o encodings/natural.o http_server.o install.o log.o options.o packet.o packet_dispatch.o packet_filter.o packet_protocol.o packet_track.o random.o tunnel.o macosx/capture.o macosx/misc.o base64.o checksum.o cktp_common.o cktp_encoding.o cktp_server.o cktp_url.o encodings/aes.o encodings/aes_hardware.o encodings/crypt.o encodings/pad.o linux/misc.o quota.o random.o server.o server_table.o http_data.c install_data.c tools/file2c
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o base64.o base64.c
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o client.o client.c
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o checksum.o checksum.c
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o cktp_client.o cktp_client.c
client.c:223:24: warning: incompatible pointer types passing 'struct iphdr *' to
      parameter of type 'const uint8_t *' (aka 'const unsigned char *')
      [-Wincompatible-pointer-types]
            log_packet(ip_header);
                       ^~~~~~~~~
/Users/akzhanabdulin/Projects/separated/reqrypt/src/log.h:49:32: note: passing
      argument to parameter 'packet' here
void log_packet(const uint8_t *packet);
                               ^
cktp_client.c:811:31: warning: taking address of packed member 'checksum' of
      class or structure 'cktp_msg_hdr_rep_s' may result in an unaligned pointer
      value [-Waddress-of-packed-member]
    uint16_t reply_checksum = cktp_checksum(reply1, reply_size);
                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Users/akzhanabdulin/Projects/separated/reqrypt/src/cktp_common.h:31:43: note:
      expanded from macro 'cktp_checksum'
    cktp_calculate_checksum((uint8_t *)(&((message)->checksum) + 1),          \
                                          ^~~~~~~~~~~~~~~~~~~
cktp_client.c:811:31: warning: taking address of packed member 'checksum' of
      class or structure 'cktp_msg_hdr_rep_s' may result in an unaligned pointer
      value [-Waddress-of-packed-member]
    uint16_t reply_checksum = cktp_checksum(reply1, reply_size);
                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Users/akzhanabdulin/Projects/separated/reqrypt/src/cktp_common.h:32:35: note:
      expanded from macro 'cktp_checksum'
        (length) - ((uint8_t *)(&((message)->checksum) + 1) -                 \
                                  ^~~~~~~~~~~~~~~~~~~
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o cktp_common.o cktp_common.c
1 warning generated.
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o cktp_encoding.o cktp_encoding.c
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o cktp_url.o cktp_url.c
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o config.o config.c
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o encodings/aes.o encodings/aes.c
2 warnings generated.
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/ -maes -mssse3 -flax-vector-conversions   -c -o encodings/aes_hardware.o encodings/aes_hardware.c
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o encodings/crypt.o encodings/crypt.c
gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Users/akzhanabdulin/Projects/separated/reqrypt/src/   -c -o encodings/pad.o encodings/pad.c
encodings/crypt.c:957:25: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
                uint8_t iv[state->iv_size];
                        ^
encodings/crypt.c:958:25: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
                uint8_t id[state->id_size];
                        ^
encodings/crypt.c:980:25: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
                uint8_t iv[state->iv_size];
                        ^
encodings/crypt.c:981:25: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
                uint8_t id[state->id_size];
                        ^
encodings/crypt.c:1004:25: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
                uint8_t iv[state->iv_size];
                        ^
encodings/crypt.c:1005:25: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
                uint8_t id[encodings/aes_hardware.c:66:9: error: use of unknown builtin
      '__builtin_ia32_pshufd' [-Wimplicit-function-declaration]
    b = bshuffle(b, 0xFF);
        ^
encodings/aes_hardware.c:38:37: note: expanded from macro 'bshuffle'
#define bshuffle                    __builtin_ia32_pshufd
                                    ^
state->id_size];
                        ^
encodings/crypt.c:1056:25: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
                uint8_t iv[state->iv_size];
                        ^
encodings/crypt.c:1087:25: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
                uint8_t iv[state->iv_size];
                        ^
encodings/crypt.c:1126:25: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
                uint8_t iv[state->iv_size];
                        ^
encodings/crypt.c:1257:17: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
        uint8_t iv[state->iv_size];
                ^
encodings/aes_hardware.c:66:7: error: assigning to 'int128_t' (vector of 2
      'long long' values) from incompatible type 'int'
    b = bshuffle(b, 0xFF);
      ^ ~~~~~~~~~~~~~~~~~
encodings/aes_hardware.c:67:18: error: use of unknown builtin
      '__builtin_ia32_pslldqi128' [-Wimplicit-function-declaration]
    int128_t c = lshift4(a, 4);
                 ^
encodings/aes_hardware.c:40:5: note: expanded from macro 'lshift4'
    __builtin_ia32_pslldqi128((a), (b) * 8)
    ^
encodings/crypt.c:1259:17: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
        uint8_t mac[state->mac_size];
                ^
encodings/crypt.c:1300:17: error: fields must encodings/aes_hardware.c:67:14: error: initializing 'int128_t' (vector of 2
      'long long' values)have with an expression of incompatible type 'int'
    int128_t c = lshift4(a, 4);
             ^   ~~~~~~~~~~~~~
 a constant size: 'variable
      length array in structure' extension will never be supported
        uint8_t iv[state->iv_size];
                ^
encodings/crypt.c:1301:17: error: fields4 errors generated.
 must have a constant size: 'variable
      length arraymake[1]: *** [encodings/aes_hardware.o] Error 1
make[1]: *** Waiting for unfinished jobs....
 in structure' extension will never be supported
        uint8_t id[state->id_size];
                ^
encodings/crypt.c:1303:17: error: fields must have a constant size: 'variable
      length array in structure' extension will never be supported
        uint8_t mac[state->mac_size];
                ^
14 errors generated.
make[1]: *** [encodings/crypt.o] Error 1
make: *** [client] Error 2

➜  reqrypt git:(master) ✗ gcc --version
Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1
Apple LLVM version 8.1.0 (clang-802.0.42)
Target: x86_64-apple-darwin16.7.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin

ReQrypt is mostly used for only certain (blocked) websites, but current version does not support blacklists or whitelists. Implementing black/whitelists feature would reduce server's bandwidth usage and would not affect non-blocked websites' speed.

HTTP websites should be detected by parsing host header. HTTPS SNI detection code could be grabbed from sniproxy project: https://github.com/dlundquist/sniproxy/blob/master/src/tls.c

ReQrypt tries to proxify even local and loopback addresses (it skips only 127.0.0.1, but there's whole 127.0.0.0/8), which is not convenient.

Can you add guide for server usage? I can't start daemon, it kills self.

I am not profi, so i can't give you wide description. So there is the listing of the last command:

`MacBookPro81:reqrypt-master DenimTornado$ make client_install_macosx
(cd src;
make clean;
make -j 4 client)
rm -f base64.o client.o checksum.o cktp_client.o cktp_common.o cktp_encoding.o cktp_url.o config.o encodings/aes.o encodings/aes_hardware.o encodings/crypt.o encodings/pad.o encodings/natural.o http_server.o install.o log.o options.o packet.o packet_dispatch.o packet_filter.o packet_protocol.o packet_track.o random.o tunnel.o macosx/capture.o macosx/misc.o base64.o checksum.o cktp_common.o cktp_encoding.o cktp_server.o cktp_url.o encodings/aes.o encodings/aes_hardware.o encodings/crypt.o encodings/pad.o linux/misc.o quota.o random.o server.o server_table.o http_data.c install_data.c tools/file2c

gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Volumes/data/Dev/ReQrypt/reqrypt-master/src/ -c -o base64.o base64.c

gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Volumes/data/Dev/ReQrypt/reqrypt-master/src/ -c -o client.o client.c

gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Volumes/data/Dev/ReQrypt/reqrypt-master/src/ -c -o checksum.o checksum.c

gcc -DCLIENT -DMACOSX -maes -Wall -O2 -I /Volumes/data/Dev/ReQrypt/reqrypt-master/src/ -c -o cktp_client.o cktp_client.c

cktp_client.c:811:31: warning: taking address of packed member 'checksum' of class or structure 'cktp_msg_hdr_rep_s' may result in an unaligned pointer value [-Waddress-of-packed-member]
uint16_t reply_checksum = cktp_checksum(reply1, reply_size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

/Volumes/data/Dev/ReQrypt/reqrypt-master/src/cktp_common.h:31:43: note: expanded from macro 'cktp_checksum'
cktp_calculate_checksum((uint8_t *)(&((message)->checksum) + 1),
^~~~~~~~~~~~~~~~~~~

cktp_client.c:811:31: warning: taking address of packed member 'checksum' of class or structure 'cktp_msg_hdr_rep_s' may result in an unaligned pointer value [-Waddress-of-packed-member]
uint16_t reply_checksum = cktp_checksum(reply1, reply_size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

/Volumes/data/Dev/ReQrypt/reqrypt-master/src/cktp_common.h:32:35: note: expanded from macro 'cktp_checksum'
(length) - ((uint8_t *)(&((message)->checksum) + 1) -
^~~~~~~~~~~~~~~~~~~

client.c:224:24: warning: incompatible pointer types passing 'struct iphdr *' to parameter of type 'const uint8_t *' (aka 'const unsigned char *') [-Wincompatible-pointer-types]
cktp_client.c:934:9: warning: implicit declaration of function 'log_packet' is invalid in C99 [-Wimplicit-function-declaration]
log_packet(packet);
^
log_packet(ip_header);
^~~~~~~~~

client.c:51:32: note: passing argument to parameter 'packet' here
void log_packet(const uint8_t *packet);
^
cktp_client.c:949:6: error: conflicting types for 'log_packet'
void log_packet(const uint8_t *packet)
^
cktp_client.c:934:9: note: previous implicit declaration is here
log_packet(packet);
^
3 warnings and 1 error generated.
make[1]: *** [cktp_client.o] Error 1
make[1]: *** Waiting for unfinished jobs....
1 warning generated.
make: *** [client] Error 2
`

I run recrypt as a regular user in VBox (vm ubuntu 18.04, host win 10)

When I open any https in firefox I have SSL_ERROR_RX_RECORD_TOO_LONG message.

I have double NAT (ISP, VBox).
I don't have a router.
I have disable ipv6.
I have played with "Hiding mode" too.
I have disabled firewall in my Windows 10.
I have opened tunnel to recrypt - with no problem.
There is no strange messages in log of recrypt.

Can you help me please?

I will run my PC from liveCD and test it again. But may be there is any other help to me?

I was using ReQrypt since a year without any problems but it doesn't work for me anymore. This started yesterday and I can't load anything with ReQrypt anymore. I haven't done anything related with my PC settings. It started from nowhere and when I open ReQrypt as normal, I am getting this error on Vivaldi when I try to load any normal page like Twitter: ERR_CONNECTION_RESET

When I close program back, I can load every page(not blocked ones) without any problem.

I am new linux user so i cannot install as a service can you help me?

gcc -DTOOL -DLINUX -Wall -maes -O2 -I "/home/src/reqrypt-1.4.0/src/" -Wno-unused-function   -c -o encodings/crypt.o encodings/crypt.c
encodings/crypt.c: In function ‘main’:
encodings/crypt.c:2072:9: warning: ‘RSA_generate_key’ is deprecated [-Wdeprecated-declarations]
         RSA *rsa = RSA_generate_key(1024, CRYPT_RSA_EXPONENT, NULL, NULL);
         ^~~
In file included from /usr/include/openssl/bn.h:31,
                 from /usr/include/openssl/asn1.h:24,
                 from /usr/include/openssl/rsa.h:16,
                 from encodings/crypt.c:1969:
/usr/include/openssl/rsa.h:193:1: note: declared here
 DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
 ^~~~~~~~~~~~~~~~~~
encodings/crypt.c:2082:26: error: dereferencing pointer to incomplete type ‘RSA’ {aka ‘struct rsa_st’}
             BN_bn2bin(rsa->n, certificate) == 0 ||
                          ^~
make[1]: *** [<builtin>: encodings/crypt.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/home/src/reqrypt-1.4.0/src'
make: *** [Makefile:40: ctool] Error 2

Manjaro KDE Edition (17.1.11)
Packages version:
openssl 1.1.0.h-1
openssl-1.0 1.0.2.o-1

ReQrypt won't work out of the box behind several NATs or Carrier-Grade NAT, as default ghost packet hops number is set to 2. I propose to increase default value up to 4. In my opinion, this is sane number to punch NAT but not to route packet to DPI or similar filtering system.

Hi
i want create a own reqrypt server.
but i only find the client.

thank you very much

in armv8 aarch64. gcc (OpenWrt GCC 6.3.0) 6.3.0

1st error. (maes)
https://pastebin.com/XsUwQ3Xp

2nd error. (after removing maes flag in cfg.mk)
https://pastebin.com/pkm72eGn

3rd error. (afte removing encodings/aes_hardware.o \ line in src/Makefile)
https://pastebin.com/VkwuTJRu
http_data.c and install_data.c files size increased infinitely (xGbyte) and compilation never end.

google.ru, google.kz, etc. still work.

Hello,

For two days i can't connect to default servers.
This is the error that i get.

https://prntscr.com/okq7ed

Is this a error on your servers or my ISP blocked default Reqrypt servers?

I am trying to build this package for Arch linux.
But I am getting build error.

collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:74: client] Error 1
make[1]: Leaving directory '/run/media/pulsar/LocalDisk/developments/git-clones/reqrypt/src'
make: *** [Makefile:20: client] Error 2

this is the full build log.
build-log.txt

The Multi-route and Partial-splitting modes of ReQrypt no longer seem to work for many websites. I suspect this is linked to the rise of Content Delivery Networks, some of which appear to be using AnyCast network addressing. This breaks the multi-route and partial modes, since packets using different tunnels will end up two different physical servers.

There is currently no fix other than to use "full" tunneling mode---at least for websites that use anycast CDNs.

Hi and sorry for my poor English.

I have a problem when buid for MacOS. When I run command "make client_install_macosx", I have an error with PFCONF_FILENAME:

macosx/capture.c:59:37: error: expected ',' or ';' before 'PFCONF_FILENAME'
"/sbin/pactl -a " ANCHOR " -f " PFCONF_FILENAME;

Please guide me for fix this bug.
Thanks!

Here's full log of ReQrypt:

$ ~/bin/reqrypt-1.3-linux64.sh
[sudo] password for root: 
ReQrypt 1.3 [linux] Copyright (C) 2017 basil
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

log: creating program directory .reqrypt
log: installing "reqrypt.config"
log: installing "reqrypt.cache"
log: installing "reqrypt.crypt.cache"
log: installing "reqrypt.browser.sh"
log: starting reqrypt user interface http://localhost:40404/
  which: no x-www-browser in (/usr/lib/lightdm/lightdm:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/home/dotty/bin/node-v8.2.1-linux-x64/bin:/home/dotty/.fzf/bin)
reqrypt.browser.sh: error: browser 'x-www-browser' not found
log: [linux] executing iptables command "/sbin/iptables -I OUTPUT -p tcp -m tcp -m owner --uid-owner 1000 -m mark ! --mark 40402 -j NFQUEUE --dport 443 --queue-num 40403"
error: unable to execute iptables command: No such file or directory
error: iptables command returned non-zero exit status 256

Possible solutions for the problems:

1. Use xdg-open http://localhost:40404/ instead of x-www-browser (xdg-open opens file or url in default application and afaik is default to most Linux systems).
2. iptables can be located anywhere as long as it in $PATH. In OpenSuse, for example, it's located in /usr/sbin/iptables judging from the which iptables output. Use which to determine iptables location.

Hi, and sorry for my poor english and lack of knowledge - i'm no coder, but an engineer. I live in Ukraine, and reqrypt 1.3. was a perfect solution against blocking measures that use our ISP-s, but when i downloaded and installed new version (1.4) it just stopped doing whatever magick it did. When i launch it, a tray icon appears for a few seconds, then disappears, taking down UI. Tried to install previous version - same thing. Only v.1.1 remains in tray, but urls are blocked whatever settings i change. I've even tried to reinstall OS (Win7 x64) and install v.1.3 - still nothing. Really looking forward for an advice or kinda..

i want to use with rpi. can you write for arm version? thanks

Getting the following error:

cktp_client.c: In function ‘cktp_fragmentation_required’:
cktp_client.c:1077:33: error: ‘struct <anonymous>’ has no member named ‘__unused’
             icmp_header->un.frag.unused = 0x0;

linux headers 4.9

I have installed the server side package, when i try running reqryptd, it shows:

reqryptd 1.4.1 Copyright (C) 2017 basil
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

I try adding --help to see the usage, but i don't know what should i do.
Then i trying starting reqryptd by systemd, it stop immediately.

I think ReQrypt is lack of the document of configurations.