登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 23

haigege204 / shadowtunnel

forked from 狂奔的蜗牛. / shadowtunnel 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
分支 2
标签 7
贡献代码
同步代码
创建 Pull Request
了解更多
对比差异 通过 Pull Request 同步
同步更新到分支
通过 Pull Request 同步
将会在向当前分支创建一个 Pull
Request,合入后将完成同步
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
redir
.gitattributes
.gitignore
CHANGELOG
LICENSE
README.md
README_ZH.md
main.go
release.sh
Loading...
README
LGPL-3.0

shadowtunnel

介绍

shadowtunnel 是一款可以在你本地机器和远程服务之间建立安全的加密隧道,保护你的 tcp 流量,

能高效压缩传输,流量无特征.

local machine <----> shadowtunnel <----> service on remote.

使用

Usage of ./shadowtunnel:
  -E    outbound connection is encrypted
  -U    outbound connection is udp
  -c    compress traffic
  -cache string
        dns query cache file path (default "cache.dat")
  -daemon
        daemon mode
  -debug
        show debug info
  -dns string
        local dns server listen on address
  -dns-hosts string
        path of dns hosts file
  -dns-proxy
        is dns endpoint or not
  -dns-server string
        remote dns server to resolve domain (default "8.8.8.8:53")
  -e    inbound connection is encrypted
  -f weight
        forward address,such as : 127.0.0.1:8080 or with @weight: 127.0.0.1:8080@1
  -forever
        forever mode
  -l string
        local listen address, such as : 0.0.0.0:33000 (default ":50000")
  -lb-activeafter int
        host going actived after this success count (default 1)
  -lb-hashtarget hash
        use target address to choose parent for LB, only worked for LB's hash
        method and using `-redir` (default true)
  -lb-inactiveafter int
        host going inactived after this fail count (default 2)
  -lb-method string
        load balance method when use multiple parent,can be
        <roundrobin|leastconn|leasttime|hash|weight> (default "leasttime")
  -lb-onlyha high availability mode
        use only high availability mode to choose parent for LB
  -lb-retrytime int
        sleep time milliseconds after checking (default 2000)
  -lb-timeout int
        tcp milliseconds timeout of connecting to parent (default 3000)
  -log string
        logging output to file
  -m string
        method of encrypt/decrypt, these below are supported :
        aes-128-cfb,aes-192-cfb,des-cfb,cast5-cfb,rc4-md5,chacha20,aes-256-cfb,
        aes-128-ctr,aes-192-ctr,aes-256-ctr,bf-cfb,rc4-md5-6,chacha20-ietf
        (default "aes-192-cfb")
  -nolog
        turn off logging
  -p string
        password of encrypt/decrypt (default "shadowtunnel")
  -profiling
        profiling mode, in this mode, you should stopping process
        by : Ctrl+C or 'kill -s SIGHUP $PID_OF_shadowtunnel'
  -redir
        read target from socket's redirect opts of iptables
  -t int
        connection timeout seconds (default 3)
  -ttl int
        cache seconds of dns query , if zero , default ttl used. (default 300)
  -u    inbound connection is udp
  -v    show version

示例

1.http 代理

假设有一个 vps,它的 IP 是 2.2.2.2

首先在 2.2.2.2 启动一个 http 代理 然后下载 http 代理程序,使用 root 权限在 vps 上执行下面的命令:

wget https://github.com/snail007/goproxy/releases/download/v4.9/proxy-linux-amd64.tar.gz && tar zxfv proxy-linux-amd64.tar.gz && rm proxy-linux-amd64.tar.gz && mv proxy /usr/bin/ && proxy http -p 127.0.0.1:38080 &

2.在 vps 启动一个隧道

下载 shadowtunnel 程序,使用 root 权限在 vps 上执行下面的命令:

wget https://github.com/snail007/shadowtunnel/releases/download/v1.1/shadowtunnel-linux-amd64.tar.gz && tar zxfv shadowtunnel-linux-amd64.tar.gz && rm shadowtunnel-linux-amd64.tar.gz && mv shadowtunnel /usr/bin/

在 vps 上监听 :50000 并转发到 127.0.0.1:38080 :

shadowtunnel -e -f 127.0.0.1:38080 -l :50000

3.在本地机器上启动一个隧道

在本地机器上监听 :50000 并转发到 2.2.2.2:50000 :

shadowtunnel -E -f 2.2.2.2:50000 -l :50000

4.在 chrome 中设置 http 代理配置

设置本地 chrome 的http代理配置如下:

ip: 127.0.0.1 port: 50000

5.完成

TCP over UDP

1.http 代理

假设有一个 vps,它的 IP 是 2.2.2.2

首先在 2.2.2.2 启动一个 http 代理 然后下载 http 代理程序,使用 root 权限在 vps 上执行下面的命令:

wget https://github.com/snail007/goproxy/releases/download/v4.9/proxy-linux-amd64.tar.gz && tar zxfv proxy-linux-amd64.tar.gz && rm proxy-linux-amd64.tar.gz && mv proxy /usr/bin/ && proxy http -p 127.0.0.1:38080 &

2.在 vps 启动一个隧道

下载 shadowtunnel 程序,使用 root 权限在 vps 上执行下面的命令:

wget https://github.com/snail007/shadowtunnel/releases/download/v1.1/shadowtunnel-linux-amd64.tar.gz && tar zxfv shadowtunnel-linux-amd64.tar.gz && rm shadowtunnel-linux-amd64.tar.gz && mv shadowtunnel /usr/bin/

在 vps 上监听UDP :50000 并转发到TCP 127.0.0.1:38080 :

shadowtunnel -u -e -f 127.0.0.1:38080 -l :50000 -p your-password

3.在本地机器上启动一个隧道

在本地机器上监听TCP :50000 并转发到UDP 2.2.2.2:50000 :

shadowtunnel -U -E -f 2.2.2.2:50000 -l :50000 -p your-password

4.在 chrome 中设置 http 代理配置

设置本地 chrome 的http代理配置如下:

ip: 127.0.0.1 port: 50000

5.完成

Deamon & Forever & Log

-daemon:

使用参数-daemon可以让shadowtunnel脱离当前命令行,后台运行.

-forever:

使用参数-forever可以让shadowtunnel以创建并监控子进程的方式运行,

如果发生异常退出,会重启子进程,保证服务永远在线.

-log

使用参数-log可以设置日志输出到文件,而不是在命令行输出.

-nolog

使用参数-nolog可以从彻底关闭日志输出,节省CPU占用.

一般是-daemon -forever -log /tmp/st.log 三个参数联合使用,这样出问题时,也可以通过看日志发现问题原因.

实例:

shadowtunnel -u -e -f 127.0.0.1:38080 -l :50000 -p your-password -daemon -forever -log /tmp/st.log

DNS服务

shadowtunnel可以在提供本地DNS查询服务,同时具有缓存功能,可以提高解析速度.

在本地启动端口转发的同时启动一个DNS服务,需要有上级配合.

-dns 参数可以设置本地DNS服务监听的IP和端口,比如:0.0.0.0:5353

-dns-server 参数可以设置最终用来解析域名的DNS服务器,要求是服务器必须支持TCP方式的DNS查询,默认是:8.8.8.8:53.

本地实例:

shadowtunnel -E -f 2.2.2.2:50000 -l :50000 -p your-password -dns :5353 -dns-server 8.8.8.8:53

上级实例:

如果上级是链式,那么链条中需要执行DNS代理的上级需要加上-dns-proxy参数.

shadowtunnel -e -f 127.0.0.1:38080 -l :50000 -p your-password -dns-proxy

DNS缓存

-ttl 参数可以设置DNS查询结果缓存时间,单位秒,如果是0,使用查询结果的ttl.

-cache 参数设置DNS缓存文件位置,防止程序重启缓存消失,降低性能.

负载均衡

支持上级负载均衡,多个上级重复-f参数即可.

shadowtunnel -E -f 2.2.2.2:50000 -f 3.3.3.3:50000 -l :50000

设置重试间隔和超时时间

shadowtunnel -E -f 2.2.2.2:50000 -f 3.3.3.3:50000 -l :50000 -lb-method leastconn -lb-retrytime 300 -lb-timeout 300

设置权重

shadowtunnel -E -f 2.2.2.2:50000@2 -f 3.3.3.3:50000@1 -l :50000 -lb-method weight -lb-retrytime 300 -lb-timeout 300

使用目标地址选择上级

shadowtunnel -E -f 2.2.2.2:50000@2 -f 3.3.3.3:50000@1 -l :50000 -lb-method hash -lb-hashtarget -lb-retrytime 300 -lb-timeout 300

DNS HOSTS文件

-dns-hosts参数可以设置DNS解析的时候使用的hosts文件,内容和系统的hosts文件内容格式相同.

shadowtunnel -f 2.2.2.2:50000 -dns :5353 -dns-hosts /etc/hosts

GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 0. Additional Definitions. As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU General Public License. "The Library" refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. An "Application" is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". The "Minimal Corresponding Source" for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. 1. Exception to Section 3 of the GNU GPL. You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. 2. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the object code with a copy of the GNU GPL and this license document. 4. Combined Works. You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the Combined Work with a copy of the GNU GPL and this license document. c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. d) Do one of the following: 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) 5. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 6. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library.
Starred
0
Star
0
Fork
23

简介

shadowtunnel 是一款可以在你本地机器和远程服务直接建立安全的加密隧道,保护你的 tcp 流量,能高效压缩传输,流量无特征。 展开 收起
暂无标签
Go
LGPL-3.0
使用 LGPL-3.0 开源许可协议
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
Go
1
https://gitee.com/ahaisong/shadowtunnel.git
git@gitee.com:ahaisong/shadowtunnel.git
ahaisong
shadowtunnel
shadowtunnel
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部