go-gost / gost Goto Github PK
View Code? Open in Web Editor NEWGO Simple Tunnel - a simple tunnel written in golang
Home Page: https://gost.run
License: MIT License
GO Simple Tunnel - a simple tunnel written in golang
Home Page: https://gost.run
License: MIT License
请求使用utls增加指纹模拟功能
I downloaded https://github.com/ginuerzh/gost/releases/download/v2.11.2/gost-windows-386-2.11.2.zip and Windows Defender warns it contains "Program:Win32/Uwamson.A!ml", they don't really give any info: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Program%3aWin32%2fUwamson.A!ml&threatid=250070
it might be related to this malware: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Uwamson&ThreatID=2147734168
or maybe a false positive?
服务端和客户端都指定ca后,使用rtcp会显示未提供有效证书。而其他情况,双向证书检验可以正常运行
@ginuerzh 看下是不是?
故障配置:
services:
- name: service-0
handler:
type: ss
chain: chain-0
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
addr: AAAA:8118
connector:
type: ss
auth:
username: aes-128-gcm
password: "xxxx"
- name: hop-1
nodes:
- name: node-0
addr: BBBB:8119
connector:
type: ss
auth:
username: aes-128-gcm
password: "xxxx"
此时,该service-0 报错:msg="cipher: message authentication failed"
将Hop1 的SS服务器换成 Socks5服务器,
故障消失。
./gost -L socks5://username:password@:8080?interface=eh0
我是用上面命令启动 socks5 的,但是使用软件测试后 发现无法进行UDP转发 请问要怎么配置
websocket添加ping pongs,实现双向心跳,
http2同理,
不然在nat层,没有数据传输,常常会被断开连接,
还有添加限流,针对单连接限制最大上行,下行速率,
我想咨询一下,如果使用了secrets=secrets.txt来进行账户密码认证,要修改哪些文件,可以使得把用户使用流量的情况写入日志中。
类似下面这样的配置可以在服务器端转发数据吗?还是必须"socks5+icmp"或承载其它协议?
服务端:./gost -L=icmp://:0?keepAlive=1
客户端:./gost -L=:1111 -F=icmp://22.22.22.22:0?keepAlive=1
谢谢!
v3版本尚未正式发布,所以我用的docker v3版本,版本号是gost 3.0.0-alpha (go1.17.6 linux/amd64)
我定义了resolver-0,期望chains—hops—nodes—node—addr中的域名,能到我定义的resolver-0中去解析
实际运行结果是,gost并没有去resolver-0进行域名解析,反而是直接调用操作系统dns地址去解析
我的配置文件如下:
resolvers:
- name: **my-resolver**
nameservers:
- addr: udp://114.114.114.114:53
prefer: ipv4
timeout: 3s
services:
- name: service-0
addr: ":1080"
handler:
type: socks5
**resolver: my-resolver**
chain: chain-0
listener:
type: tcp
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
**resolver: my-resolver**
addr: **gost.myserver.com**:443
connector:
type: relay
dialer:
type: wss
我希望域名gost.myserver.com去my-resolver解析,实际上并不生效
VPS单个网卡同时包含多个IPV4和一个IPV6
GOST指定出口IPV4后IPV6网站无法访问,当不指定interface时IPV6网站可以访问
IP已用本地IP代替,VPS环境上都是公网IP
GOST配置如下
services:
- name: service-0
addr: "127.0.0.1:80"
interface: 127.0.0.1
handler:
type: http
auther: auther-0
listener:
type: tcp
- name: service-1
addr: "127.0.0.2:80"
interface: 127.0.0.2
handler:
type: http
auther: auther-0
listener:
type: tcp
- name: service-2
addr: "127.0.0.3:80"
interface: 127.0.0.3
handler:
type: http
auther: auther-0
listener:
type: tcp
authers:
- name: auther-0
auths:
- username: admin
password: admin
v3, tun客户端,Windows平台。
服务起来后,无法直接连通其他客户端。
在本地ping一下远程服务器端网关即可解决这个问题。
是否能够增加服务启动后自动和远端网关心跳通讯一下。
想把B机器6688端口转发到A机器2222端口,命令如下
A机器 docker run -d --net=host gogost/gost -L socks5://:1080
B机器 docker run -d --net=host gogost/gost -L rtcp://:2222/:6688 -F socks5://A机器IP:1080
A机器日志如下:
{"cmd":"mbind","dst":":2222/tcp","handler":"socks5","kind":"handler","level":"info","listener":"tcp","local":"10.0.0.4:1080","msg":"B机器IP:42326 >> :2222","remote":"B机器IP:42326","service":"service-0","time":"2022-04-01T05:39:06Z"}
{"cmd":"mbind","dst":":2222/tcp","handler":"socks5","kind":"handler","level":"error","listener":"tcp","local":"10.0.0.4:1080","msg":"socks5: BIND is disabled","remote":"B机器IP:42326","service":"service-0","time":"2022-04-01T05:39:06Z"}
{"duration":142945638,"handler":"socks5","kind":"handler","level":"info","listener":"tcp","local":"10.0.0.4:1080","msg":"B机器IP:42326 >< 10.0.0.4:1080","remote":"B机器IP:42326","service":"service-0","time":"2022-04-01T05:39:06Z"}
{"handler":"socks5","kind":"handler","level":"info","listener":"tcp","local":"10.0.0.4:1080","msg":"B机器IP:42328 <> 10.0.0.4:1080","remote":"B机器IP:42328","service":"service-0","time":"2022-04-01T05:39:07Z"}
使用相同的命令 在v2版本的gost可以正常运行
A机器 docker run -d --net=host ginuerzh/gost -L socks5://:1080
B机器 docker run -d --net=host ginuerzh/gost -L rtcp://:2222/:6688 -F socks5://A机器IP:1080
请问v3版本配置是否需要额外参数?有哪里配置不正确?
谢谢耐心阅读解答
服务端用grpc的话,是否支持自定义tls证书?
比如:gost -L "grpc://:2333?certFile=/root/XXX.pem&keyFile=/root/XXX.key"
大大gost v2 v3中 能否增加限制用户的“并发连接数和连接请求数” 支持热更新
版本:3.0.0beta2
客户端(windows):-L :1089 -F "socks5+icmp://xxx:yyy@zzz:0"
服务端(linux):-L socks5+icmp://xxx:yyy@:0?keepAlive=1
服务端运行正常
客户端可以正常输出info的监听成功提示
但是一旦有任何包传上去就会报错退出
客户端日志:
``{"level":"warning","msg":"load TLS certificate files failed, use random generated certificate","time":"2022-04-08T20:32:25+08:00"}
{"handler":"auto","kind":"service","level":"info","listener":"tcp","msg":"listening on [::]:1089/tcp","service":"service-0","time":"2022-04-08T20:32:25+08:00"}
{"handler":"auto","kind":"handler","level":"info","listener":"tcp","local":"127.0.0.1:1089","msg":"127.0.0.1:49254 <> 127.0.0.1:1089","remote":"127.0.0.1:49254","service":"service-0","time":"2022-04-08T20:32:26+08:00"}
{"handler":"auto","kind":"handler","level":"info","listener":"tcp","local":"127.0.0.1:1089","msg":"127.0.0.1:49254 <> 127.0.0.1:1089","remote":"127.0.0.1:49254","service":"service-0","time":"2022-04-08T20:32:26+08:00","type":"socks5"}
{"cmd":"connect","dst":"bgp.he.net:443/tcp","handler":"auto","kind":"handler","level":"info","listener":"tcp","local":"127.0.0.1:1089","msg":"127.0.0.1:49254 >> bgp.he.net:443","remote":"127.0.0.1:49254","service":"service-0","time":"2022-04-08T20:32:26+08:00","type":"socks5"}
2022/04/08 20:32:26 connection doesn't allow setting of receive buffer size. Not a *net.UDPConn?. See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
{"handler":"auto","kind":"handler","level":"info","listener":"tcp","local":"127.0.0.1:1089","msg":"127.0.0.1:49255 <> 127.0.0.1:1089","remote":"127.0.0.1:49255","service":"service-0","time":"2022-04-08T20:32:26+08:00"}
{"handler":"auto","kind":"handler","level":"info","listener":"tcp","local":"127.0.0.1:1089","msg":"127.0.0.1:49255 <> 127.0.0.1:1089","remote":"127.0.0.1:49255","service":"service-0","time":"2022-04-08T20:32:26+08:00","type":"socks5"}
{"cmd":"connect","dst":"bgp.he.net:443/tcp","handler":"auto","kind":"handler","level":"info","listener":"tcp","local":"127.0.0.1:1089","msg":"127.0.0.1:49255 >> bgp.he.net:443","remote":"127.0.0.1:49255","service":"service-0","time":"2022-04-08T20:32:26+08:00","type":"socks5"}
{"duration":590762400,"handler":"auto","kind":"handler","level":"info","listener":"tcp","local":"127.0.0.1:1089","msg":"127.0.0.1:49254 >< 127.0.0.1:1089","remote":"127.0.0.1:49254","service":"service-0","time":"2022-04-08T20:32:27+08:00","type":"socks5"}
{"duration":591278000,"handler":"auto","kind":"handler","level":"info","listener":"tcp","local":"127.0.0.1:1089","msg":"127.0.0.1:49254 >< 127.0.0.1:1089","remote":"127.0.0.1:49254","service":"service-0","time":"2022-04-08T20:32:27+08:00"}
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0x9d40cd]
goroutine 10 [running]:
github.com/go-gost/core/chain.(*Route).connect(0xc000589140, {0x1325ab8, 0xc00003c110})
C:/Users/10330/go/pkg/mod/github.com/go-gost/[email protected]/chain/route.go:123 +0x26d
github.com/go-gost/core/chain.(*Route).Dial(0xc000589140, {0x1325ab8, 0xc00003c110}, {0x1188799, 0x3}, {0xc00040a240, 0xe}, {0xc00052f938, 0x2, 0x2})
C:/Users/10330/go/pkg/mod/github.com/go-gost/[email protected]/chain/route.go:52 +0x237
github.com/go-gost/core/chain.(*Router).dial(0xc00042c770, {0x1325ab8, 0xc00003c110}, {0x1188799, 0x3}, {0xc00040a240, 0xe})
C:/Users/10330/go/pkg/mod/github.com/go-gost/[email protected]/chain/router.go:123 +0x46c
github.com/go-gost/core/chain.(*Router).Dial(0xc00040a240?, {0x1325ab8?, 0xc00003c110?}, {0x1188799, 0x3}, {0xc00040a240?, 0x3?})
C:/Users/10330/go/pkg/mod/github.com/go-gost/[email protected]/chain/router.go:79 +0x3f
github.com/go-gost/x/handler/socks/v5.(*socks5Handler).handleConnect(0xc00037a600, {0x1325ab8, 0xc00003c110}, {0x132ac30, 0xc000480180}, {0x1188799, 0x3}, {0xc00040a240, 0xe}, {0x132eea0, ...})
C:/Users/10330/go/pkg/mod/github.com/go-gost/[email protected]/handler/socks/v5/connect.go:28 +0x4bb
github.com/go-gost/x/handler/socks/v5.(*socks5Handler).Handle(0xc00037a600, {0x1325ab8, 0xc00003c110}, {0x132ac30, 0xc000480180}, {0xb?, 0xc00013dd78?, 0x23e4042c413?})
C:/Users/10330/go/pkg/mod/github.com/go-gost/[email protected]/handler/socks/v5/handler.go:98 +0x7b4
github.com/go-gost/x/handler/auto.(*autoHandler).Handle(0xc00037a580, {0x1325ab8, 0xc00003c110}, {0x132b260, 0xc00010a060}, {0x0?, 0x0?, 0x0?})
C:/Users/10330/go/pkg/mod/github.com/go-gost/[email protected]/handler/auto/handler.go:107 +0x754
github.com/go-gost/core/service.(*service).Serve.func1()
C:/Users/10330/go/pkg/mod/github.com/go-gost/[email protected]/service/service.go:124 +0x394
created by github.com/go-gost/core/service.(*service).Serve
C:/Users/10330/go/pkg/mod/github.com/go-gost/[email protected]/service/service.go:104 +0x20a``
能整合下clash那种通过不同IP端口不同域名什么的走不同节点或者直连的功能不..现有的那个白名单黑名单做不到类似的功能呀..
自从上次说开发3.0版本, 现在一个多月都没更新了
配置片段如下:
hosts:
chains:
日志一直刷这个错误:
{"handler":"socks5","kind":"handler","level":"error","listener":"tcp","msg":"route(retry=0) Get "https://104.16.77.107:443/authorize\": CRYPTO_ERROR (0x128): tls: handshake failure","service":"service-0","time":"2022-02-18T23:29:27+08:00"}
怀疑是dialer在请求http3之前,直接先把域名替换成了ip,然后才发起http3请求
是有这个可能吗?
我手头没有可以测试http3的工具,所以只能忙猜了,如有理解错误,还望海涵
【这样配置,不通】
- name: service-1
addr: ":10053"
handler:
type: dns
chain: chain-0
listener:
type: dns
metadata:
mode: tls
dns: 1.1.1.1:853
【这样配置,还是不通】
- name: service-1
addr: ":10053"
handler:
type: dns
listener:
type: dns
chain: chain-0
metadata:
mode: tls
dns: 1.1.1.1:853
【目前只能这么用着】
- name: service-1
addr: :10053
handler:
type: udp
chain: chain-0
listener:
type: udp
forwarder:
targets:
- 1.1.1.1:53
gost-v3 -L=redirect://:1090 -F=relay+quic://aaa:[email protected]:5555
iptable -t nat -A OUTPUT -d 8.8.8.8/32 -p tcp -j REDIRECT --to-ports 1090
启动可以,但只要一执行下面的命令就报错退出
dig youtube.com @8.8.8.8 +tcp
报错信息:
{"handler":"redirect","kind":"handler","level":"info","listener":"tcp","local":"127.0.0.1:1090","msg":"192.168.2.1:55699 <> 127.0.0.1:1090","remote":"192.168.2.1:55699","service":"service-0","time":"2022-03-19T14:05:28+08:00"}
{"handler":"redirect","kind":"handler","level":"error","listener":"tcp","local":"127.0.0.1:1090","msg":"wrong connection type, must be TCP","remote":"192.168.2.1:55699","service":"service-0","time":"2022-03-19T14:05:28+08:00"}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0xdfbaeb]
如果没有计划,过几天我推个pr?
其实在2020年就反馈过:
ginuerzh/gost#627
只是一直没解决,看大佬在开发3.0,希望大佬顺便解决了。
简单说就是断流问题,v2.3-2.6.1版本不断流,后面到2.11.1全部断流
具体重现方法:
环境:amd64或arm64都可以,都试过
服务端:kcp模式
客户端:redirect+kcp模式
kcp参数默认就可以
测试方法:iptables将vps的ssh端口redirect到gost的端口,然后ssh连接vps(此时就是走的gost通道连到vps服务器上了),连接成功后,保持不动就可以了,大概1-10分钟不等这个ssh连接就被断开了
另外我测试过:
ss+kcptun+udp2raw,不会断
gost(<=2.6.1) redirect+kcp+udp2raw,不会断
gost(>2.6.1) redirect+kcp+udp2raw,会断
gost redirect+relay+kcp+udp2raw,会断
yaml配置
services:
- name: socks5
addr: ":21080"
# bypass: bypass01
handler:
type: socks5
# chain: chain-ss
metadata:
auths:
- gost:gost
readTimeout: 5s
notls: true
bind: true
udp: true
# udpBufferSize: 4096 # range [512, 66560]
listener:
type: tcp
metadata:
keepAlive: 15s
yaml命令行转json后的配置
{
"services": [
{
"name": "socks5",
"addr": ":21080",
"handler": {
"type": "socks",
"metadata": {
"auths": [
"gost:gost"
],
"bind": true,
"notls": true,
"readTimeout": "5s",
"udp": true
}
},
"listener": {
"type": "tcp",
"metadata": {
"keepAlive": "15s"
}
}
}
]
}
无法连接,等我回家给log
作者你好,我想请问一下项目里的api接口的swagger是用go-swagger生成的吗?初接触go,能否大致讲一下写了注释后如何生成swagger.yaml
十分感谢
问题1,通过API交互进行的配置变更在进程结束后均全部失效,如果保存变更后的配置?
问题2,当前文档显示API已添加身份认证,这个认证信息如何提交?是在header里还是在url里或者其它地方?
./gost -L=:2301/远程目标主机IP:远程目标主机端口
目前我是用上面命令启动的中转,本机通过SOCKS5客户端连接到中转机,TCP转发测试没有问题,但是UDP转发测试就一直失败,请问是否还需要添加什么参数?
环境
本机:SOCKS5客户端,只能连接到中转机
中转机:通过 ./gost -L=:2301/远程目标主机IP:远程目标主机端口 命令启动,可以连接到远程目标主机
远程目标主机:通过 ./gost -L socks5 命令启动了socks5代理
你好,客户端ip白名单列表支持热更新吗?
https://latest.gost.run/concepts/admission/
如题,如果条件允许,希望gost能够自定义header,
作者大大评估一下看看
主要是为了改host,因为在内网用gost,流量需要过nginx(nginx指定了server_name)
我测试的过程中,拦截百度的访问:
./gost -api :9000 -L http://:1080 -F http://用户名:密码@168.158.199.186:12323?bypass=*.baidu.com
以这样的方式运行命令,但是无法拦截百度的访问
分流或者其他跟区域ip有关的,更加方便。
ipv4 only单栈主机有两个interface,eth0 ipv4,wgcf (cloudflare warp) ipv4+ipv6
请问gost能否支持dns解析优先级和interface优先级?
比如:dns解析返回ipv4+ipv6,配置ipv6优先时,走wgcf的ipv6,dns解析返回ipv4,走eth0的ipv4
而对于ipv6 only单栈主机,dns解析返回ipv4+ipv6,配置ipv6优先时,走eth0的ipv6,dns解析返回ipv4,走wgcf的ipv4
例如:服务器有多个公网ip(ipv4或ipv6),能够设定走指定ip出去,实现多ip利用
gost -L=ws://:80?out=500k&in=500k
gost -L=:1080 -F=ws://:80?out=500k&in=500k
针对单连接进行最大带宽限制,使用iperf3进行测速,如果限制不超过某个值,传输非常平稳,
如果超过某个值之后,会被Qos惩戒,然后当前连接速率就为0,只能断开,重新发起连接,才有速率。
客户端限制或者服务端限制,同时有效。
希望大大能增加这个功能,例如把ip存入redis并设置有效期,gost定时读取redis里的ip
能够对每个来源ip进行限速
最新版gost tun在Android上用不了(无法ping通)。
服务端命令:
gost -L tun://:8888?net=192.168.10.1/24
客户端命令(在Android上):
gost -L tun://:8888/服务端ip:8888?net=192.168.10.2/24
在客户端ping 192.168.10.1失败。
https://latest.gost.run/reference/connectors/sni/
名称: ssu
应该为
名称: sni
希望增加故障转移功能
ssserver -k "" -m "none" -s "127.0.0.1:9000"
https://github.com/shadowsocks/shadowsocks-rust
不支持此模式。
抓包后发现,gost ws path有/path?ffff=yyy&y=r时,?被错误的编成像%2F这样的内容。 @ginuerzh
请问icmp可以加tls吗
类似于
客户端:./gost -L :1111/66.66.66.66:2141 -F icmp+tls://66.77.77.77:0
服务端:./gost -L icmp+tls://:0?keepAlive=1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.