GO Simple Tunnel - a simple tunnel written in golang

GO Simple Tunnel

GO语言实现的安全隧道

GoDoc Go Report Card codecov GitHub release Docker gost

English README

!!!V3版本已经可用,欢迎抢先体验!!!

特性

Wiki站点: v2.gost.run

Telegram讨论群: https://t.me/gogost

Google讨论组: https://groups.google.com/d/forum/go-gost

安装

二进制文件

https://github.com/ginuerzh/gost/releases

源码编译

git clone https://github.com/ginuerzh/gost.git
cd gost/cmd/gost
go build

Docker

docker pull ginuerzh/gost

Homebrew

brew install gost

Ubuntu商店

sudo snap install core
sudo snap install gost

快速上手

不设置转发代理

  • 作为标准HTTP/SOCKS5代理
gost -L=:8080
  • 设置代理认证信息
gost -L=admin:123456@localhost:8080
  • 多端口监听
gost -L=http2://:443 -L=socks5://:1080 -L=ss://aes-128-cfb:123456@:8338

设置转发代理

gost -L=:8080 -F=192.168.1.1:8081
  • 转发代理认证
gost -L=:8080 -F=http://admin:[email protected]:8081

设置多级转发代理(代理链)

gost -L=:8080 -F=quic://192.168.1.1:6121 -F=socks5+wss://192.168.1.2:1080 -F=http2://192.168.1.3:443 ... -F=a.b.c.d:NNNN

gost按照-F设置的顺序通过代理链将请求最终转发给a.b.c.d:NNNN处理,每一个转发代理可以是任意HTTP/HTTPS/HTTP2/SOCKS4/SOCKS5/Shadowsocks类型代理。

本地端口转发(TCP)

gost -L=tcp://:2222/192.168.1.1:22 [-F=...]

将本地TCP端口2222上的数据(通过代理链)转发到192.168.1.1:22上。当代理链末端(最后一个-F参数)为SSH转发通道类型时,gost会直接使用SSH的本地端口转发功能:

gost -L=tcp://:2222/192.168.1.1:22 -F forward+ssh://:2222

本地端口转发(UDP)

gost -L=udp://:5353/192.168.1.1:53?ttl=60 [-F=...]

将本地UDP端口5353上的数据(通过代理链)转发到192.168.1.1:53上。 每条转发通道都有超时时间,当超过此时间,且在此时间段内无任何数据交互,则此通道将关闭。可以通过ttl参数来设置超时时间,默认值为60秒。

注: 转发UDP数据时,如果有代理链,则代理链的末端(最后一个-F参数)必须是gost SOCKS5类型代理,gost会使用UDP over TCP方式进行转发。

远程端口转发(TCP)

gost -L=rtcp://:2222/192.168.1.1:22 [-F=... -F=socks5://172.24.10.1:1080]

将172.24.10.1:2222上的数据(通过代理链)转发到192.168.1.1:22上。当代理链末端(最后一个-F参数)为SSH转发通道类型时,gost会直接使用SSH的远程端口转发功能:

gost -L=rtcp://:2222/192.168.1.1:22 -F forward+ssh://:2222

远程端口转发(UDP)

gost -L=rudp://:5353/192.168.1.1:53?ttl=60 [-F=... -F=socks5://172.24.10.1:1080]

将172.24.10.1:5353上的数据(通过代理链)转发到192.168.1.1:53上。 每条转发通道都有超时时间,当超过此时间,且在此时间段内无任何数据交互,则此通道将关闭。可以通过ttl参数来设置超时时间,默认值为60秒。

注: 转发UDP数据时,如果有代理链,则代理链的末端(最后一个-F参数)必须是GOST SOCKS5类型代理,gost会使用UDP-over-TCP方式进行转发。

HTTP2

gost的HTTP2支持两种模式:

  • 作为标准的HTTP2代理,并向下兼容HTTPS代理。
  • 作为通道传输其他协议。
代理模式

服务端:

gost -L=http2://:443

客户端:

gost -L=:8080 -F=http2://server_ip:443
通道模式

服务端:

gost -L=h2://:443

客户端:

gost -L=:8080 -F=h2://server_ip:443

QUIC

gost对QUIC的支持是基于quic-go库。

服务端:

gost -L=quic://:6121

客户端:

gost -L=:8080 -F=quic://server_ip:6121

注: QUIC模式只能作为代理链的第一个节点。

KCP

gost对KCP的支持是基于kcp-gokcptun库。

服务端:

gost -L=kcp://:8388

客户端:

gost -L=:8080 -F=kcp://server_ip:8388

gost会自动加载当前工作目录中的kcp.json(如果存在)配置文件,或者可以手动通过参数指定配置文件路径:

gost -L=kcp://:8388?c=/path/to/conf/file

注: KCP模式只能作为代理链的第一个节点。

SSH

gost的SSH支持两种模式:

  • 作为转发通道,配合本地/远程TCP端口转发使用。
  • 作为通道传输其他协议。
转发模式

服务端:

gost -L=forward+ssh://:2222

客户端:

gost -L=rtcp://:1222/:22 -F=forward+ssh://server_ip:2222
通道模式

服务端:

gost -L=ssh://:2222

客户端:

gost -L=:8080 -F=ssh://server_ip:2222?ping=60

可以通过ping参数设置心跳包发送周期,单位为秒。默认不发送心跳包。

透明代理

基于iptables的透明代理。

gost -L=redirect://:12345 -F=http2://server_ip:443

obfs4

此功能由@isofew贡献。

服务端:

gost -L=obfs4://:443

当服务端运行后会在控制台打印出连接地址供客户端使用:

obfs4://:443/?cert=4UbQjIfjJEQHPOs8vs5sagrSXx1gfrDCGdVh2hpIPSKH0nklv1e4f29r7jb91VIrq4q5Jw&iat-mode=0

客户端:

gost -L=:8888 -F='obfs4://server_ip:443?cert=4UbQjIfjJEQHPOs8vs5sagrSXx1gfrDCGdVh2hpIPSKH0nklv1e4f29r7jb91VIrq4q5Jw&iat-mode=0'

加密机制

HTTP

对于HTTP可以使用TLS加密整个通讯过程,即HTTPS代理:

服务端:

gost -L=https://:443

客户端:

gost -L=:8080 -F=http+tls://server_ip:443

HTTP2

gost的HTTP2代理模式仅支持使用TLS加密的HTTP2协议,不支持明文HTTP2传输。

gost的HTTP2通道模式支持加密(h2)和明文(h2c)两种模式。

SOCKS5

gost支持标准SOCKS5协议的no-auth(0x00)和user/pass(0x02)方法,并在此基础上扩展了两个:tls(0x80)和tls-auth(0x82),用于数据加密。

服务端:

gost -L=socks5://:1080

客户端:

gost -L=:8080 -F=socks5://server_ip:1080

如果两端都是gost(如上)则数据传输会被加密(协商使用tls或tls-auth方法),否则使用标准SOCKS5进行通讯(no-auth或user/pass方法)。

Shadowsocks

gost对shadowsocks的支持是基于shadowsocks-go库。

服务端:

gost -L=ss://chacha20:123456@:8338

客户端:

gost -L=:8080 -F=ss://chacha20:123456@server_ip:8338
Shadowsocks UDP relay

目前仅服务端支持UDP Relay。

服务端:

gost -L=ssu://chacha20:123456@:8338

TLS

gost内置了TLS证书,如果需要使用其他TLS证书,有两种方法:

  • 在gost运行目录放置cert.pem(公钥)和key.pem(私钥)两个文件即可,gost会自动加载运行目录下的cert.pem和key.pem文件。
  • 使用参数指定证书文件路径:
gost -L="http2://:443?cert=/path/to/my/cert/file&key=/path/to/my/key/file"

对于客户端可以通过secure参数开启服务器证书和域名校验:

gost -L=:8080 -F="http2://server_domain_name:443?secure=true"

对于客户端可以指定CA证书进行证书锁定(Certificate Pinning):

gost -L=:8080 -F="http2://:443?ca=ca.pem"

证书锁定功能由@sheerun贡献

Owner
ginuerzh
To be conscious that you are ignorant is a great step to knowledge.
ginuerzh
https://github.com/ginuerzh/gost
Comments
  • 如何在服务端和客户端设置密码?

    如何在服务端和客户端设置密码?

    用-p参数貌似没有作用,例如: 我在服务端用 ./gost -p="abc" 客户端用 gost -p="xyz" 两个密码设置为不同,但是依然可以连接

    连接到是很正常,看网页和视频都没问题,但是密码怎么设置呢?不设置密码也可以直接连接,这样的话不管是谁,只要知道我的服务端地址就都可以连接啊

  • wss 协议的证书锁定无效

    wss 协议的证书锁定无效

    版本: gost 2.11.1 (go1.14.2 linux/amd64)

    重现步骤:

    • 随意生成一个证书 server.crt
    • 使用 ./gost -L 'wss://127.0.0.1:10040' 在本地启动一个服务端
    • 使用 ./gost -L 127.0.0.1:10030 -F 'wss://127.0.0.1:10040?ca=server.crt' 启动客户端
    • 设置浏览器 socks5 代理为 127.0.0.1:10030 这时是可以正常访问的.

    在服务端没有使用 server.crt 作为证书的情况下应该校验失败才对. 而如果将 wss 协议改成 https, 就能看到 certificate signed by unknown authority 的错误日志了.

  • Connection issues for remote port forwarding

    Connection issues for remote port forwarding

    Hey,

    I use remote port forwarding with tls and auth. It seems that not all connections are successful if hitting port repedately. Here's how to reproduce:

    server (with cert.pem and key.pem)

    ./gost -logtostderr -v=5 -L=socks://admin:[email protected]:8080

    client

    python -m SimpleHTTPServer 8000
./gost -logtostderr -v=5 -L=rtcp://:2222/0.0.0.0:8000 -F=socks://admin:[email protected]:8080

    then:

    while ~; do curl $SERVER_IP:2222; done

    here's the output:

    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html>
<title>Directory listing for /</title>
<body>
<h2>Directory listing for /</h2>
<hr>
<ul>
<li><a href="ca-key.pem">ca-key.pem</a>
<li><a href="ca.csr">ca.csr</a>
<li><a href="ca.pem">ca.pem</a>
<li><a href="csr.json">csr.json</a>
<li><a href="gost">gost</a>
</ul>
<hr>
</body>
</html>
curl: (7) Failed to connect to 51.15.46.248 port 2222: Connection refused
curl: (7) Failed to connect to 51.15.46.248 port 2222: Connection refused
curl: (7) Failed to connect to 51.15.46.248 port 2222: Connection refused
curl: (7) Failed to connect to 51.15.46.248 port 2222: Connection refused
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html>
<title>Directory listing for /</title>
<body>
<h2>Directory listing for /</h2>
<hr>
<ul>
<li><a href="ca-key.pem">ca-key.pem</a>
<li><a href="ca.csr">ca.csr</a>
<li><a href="ca.pem">ca.pem</a>
<li><a href="csr.json">csr.json</a>
<li><a href="gost">gost</a>
</ul>
<hr>
</body>
</html>
curl: (7) Failed to connect to 51.15.46.248 port 2222: Connection refused
curl: (7) Failed to connect to 51.15.46.248 port 2222: Connection refused
curl: (7) Failed to connect to 51.15.46.248 port 2222: Connection refused
curl: (7) Failed to connect to 51.15.46.248 port 2222: Connection refused

    Here are server logs: http://pastebin.com/ecVBtJ7n Here are client logs: http://pastebin.com/E56gr9FH

    Any idea what is wrong? Why is socks5 connection closing and opening? Why gost doesn't keep the connection alive?

  • bad version error

    bad version error

    Hello, 打算利用gost的quic协议做ss的wrap,配置如下。

    sslocal指向local gost的L:socks5+tcp://1080 local gost F利用quic指向remote server的gost L:quic://server ip:port remote gost F指向remote ssserver:socks5+tcp://127.0.0.1:1081

    感觉没什么问题,但是log显示如下: 2019/01/24 11:53:03 socks.go:801: [socks5] 127.0.0.1:4616 -> 127.0.0.1:1080: Bad version 2019/01/24 11:53:03 socks.go:801: [socks5] 127.0.0.1:4618 -> 127.0.0.1:1080: Bad version

    server gost没什么log提示。

    希望指点,谢谢。

  • 不同版本是否可以混用?

    不同版本是否可以混用?

    使用客户端连接不同版本的服务端会导致客户端panic

    客户端版本:gost 2.6 (go1.11.2) 服务端版本:gost 2.5-rc1 (go1.10)

    panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x4 pc=0x12000]

goroutine 35 [running]:
github.com/ginuerzh/gost.(*Node).Clone(0x286a764, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
        /Users/zhengrui/src/go/src/github.com/ginuerzh/gost/node.go:142 +0x48
github.com/ginuerzh/gost.(*FailFilter).Filter(0x2c586e0, 0x286a700, 0x6, 0x8, 0x2b, 0x4, 0x3fffffff)
        /Users/zhengrui/src/go/src/github.com/ginuerzh/gost/selector.go:158 +0xd0
github.com/ginuerzh/gost.(*defaultSelector).Select(0x82ff50, 0x286a700, 0x6, 0x8, 0x2908460, 0x2, 0x2, 0x0, 0x0, 0x0, ...)
        /Users/zhengrui/src/go/src/github.com/ginuerzh/gost/selector.go:33 +0x104
github.com/ginuerzh/gost.(*NodeGroup).Next(0x29062d0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
        /Users/zhengrui/src/go/src/github.com/ginuerzh/gost/node.go:216 +0x78
github.com/ginuerzh/gost.(*Chain).selectRouteFor(0x2815ae0, 0x2c588d0, 0xa, 0x0, 0x42b70, 0x8d)
        /Users/zhengrui/src/go/src/github.com/ginuerzh/gost/chain.go:298 +0x12c
github.com/ginuerzh/gost.(*Chain).dialWithOptions(0x2815ae0, 0x2c588d0, 0xa, 0x2bc8540, 0x35892c, 0x10, 0x407358, 0x1)
        /Users/zhengrui/src/go/src/github.com/ginuerzh/gost/chain.go:130 +0x4c
github.com/ginuerzh/gost.(*Chain).Dial(0x2815ae0, 0x2c588d0, 0xa, 0x282b798, 0x4, 0x4, 0x1, 0x1add08, 0x2892214, 0x0)
        /Users/zhengrui/src/go/src/github.com/ginuerzh/gost/chain.go:118 +0xec
github.com/ginuerzh/gost.(*socks5Handler).handleConnect(0x2908558, 0x4f4cb0, 0x2906420, 0x29085f0)
        /Users/zhengrui/src/go/src/github.com/ginuerzh/gost/socks.go:438 +0x3a0
github.com/ginuerzh/gost.(*socks5Handler).Handle(0x2908558, 0x4f4e60, 0x280c2c0)
        /Users/zhengrui/src/go/src/github.com/ginuerzh/gost/socks.go:398 +0x290
created by github.com/ginuerzh/gost.(*Server).Serve
        /Users/zhengrui/src/go/src/github.com/ginuerzh/gost/server.go:81 +0x3e4
  • 2.5版本新架构2个已知bug

    2.5版本新架构2个已知bug

    2.5版本新架构2个已知bug 1:使用标准的ssh模式(forward+ssh),无法作为中间层使用, 2:mws/mwss模式如果中断之后,客户端必须发起2次请求才可以连接,第一次请求会失败. 3:mws/mwss模式,如果服务端挂了一会,然后客户端就连不上了,必须重新启动客户端,这个模式问题多.

  • server.go 当中 从sync.Pool中取出来的[]byte 是否更应该用 *[]byte

    server.go 当中 从sync.Pool中取出来的[]byte 是否更应该用 *[]byte

    具体原因参照: https://staticcheck.io/docs/checks#SA6002

    server.go中 对应片段, 改成: func copyBuffer(dst io.Writer, src io.Reader) error { buf := lPool.Get().(*[]byte) defer lPool.Put(buf)

    _, err := io.CopyBuffer(dst, src, *buf)
return err

    }

  • 希望增加功能 DNS over Proxy

    希望增加功能 DNS over Proxy

    类似:gost -L='dns://:53?dns=1.1.1.1:53/tcp' -F='socks5://127.0.0.1:1080' 这样查询 DNS 的流量就会通过 socks5 代理去远端查询,而不是在本机直接查询

    因为有些程序设置了 socks5 代理后,DNS 查询还是用本机的,得多单独代理一次 DNS

    希望能够实现,谢谢

  • gost kcp模式断流问题

    gost kcp模式断流问题

    花了不少时间挨个版本测试的 v2.3-2.6.1版本的kcp均正常不断流。 v2.7.0-2.11.1版本全部断流。

    测试方法是:ssh配置代理,连本地gost,本地gost连到国外的gost服务端,ssh连上国外的服务器后1-10分钟就断了。

    本地配置: { "key": "it's a secrect", "crypt": "aes", "mode": "fast2", "mtu" : 1200, "sndwnd": 1024, "rcvwnd": 2048, "datashard": 10, "parityshard": 3, "dscp": 0, "nocomp": false, "acknodelay": false, "nodelay": 0, "interval": 40, "resend": 0, "nc": 0, "sockbuf": 4194304, "keepalive": 30, "scavengettl":3600, "snmplog": "", "snmpperiod": 60 } 本地启动命令: gost -L=redirect://:1090 -F=kcp://**:***@*:4000?c=gost.conf

    服务器端配置: { "key": "it's a secrect", "crypt": "aes", "mode": "fast2", "mtu" : 1200, "sndwnd": 2048, "rcvwnd": 1024, "datashard": 10, "parityshard": 3, "dscp": 0, "nocomp": false, "acknodelay": false, "nodelay": 0, "interval": 40, "resend": 0, "nc": 0, "sockbuf": 4194304, "keepalive": 30, "scavengettl":3600, "snmplog": "", "snmpperiod": 60 } 服务器端启动命令: gost -L=kcp://****:*****@:4000?c=gost.conf

  • 服务器端多ip的时候能否加个参数,指定用绑定ip做出口IP来请求资源?

    服务器端多ip的时候能否加个参数,指定用绑定ip做出口IP来请求资源?

    比如服务器A有3.3.3.3 和 4.4.4.4两个ip,当服务器端如下设置的时候: gost -L=socks5://4.4.4.4:1080 客户端B连接服务器A gost -L=:8080 -F=socks5://4.4.4.4:1080 用8080端口代理访问互联网,其实服务器A使用的是3.3.3.3这个ip发起请求,在多ip代理服务器上非常不方便(因为其中的一些ip可能会被一些中间网络设备block掉)

    我记得socket在请求互联网资源的时候,无论是listen动作,还是connect动作,都可以用bind方法来指定监听IP或者出口ip。

    如果能加一个参数,当设置这个参数的时候, 就会在代理服务器请求资源的时候,先bind代理服务器设置的ip就更好了,就如上面的服务器A,如果加一个参数(比如b) gost -L=socks5://4.4.4.4:1080?b=1 这样设置就能让服务器A在请求资源的时候,都会先bind 4.4.4.4 这个ip。

    不知道这个feature能否添加进来?

  • HTTP 抢先发送数据

    HTTP 抢先发送数据

    常规的 HTTP 代理实现会等到代理服务器返回 200 OK 之后才开始发送数据。如果提前到连接完成后,直接开始发送数据,则可以减少一个RTT的时间。 default

    通常情况下,这些预发送数据会被放到服务器的 TCP 缓存池中,不会造成问题。 唯一的问题是错误处理,如果代理无法连接目标服务器,或者代理密码错误,则后面发送的数据会被当做 HTTP 请求处理,自然就会出错了。出现这种情况的时候,直接关闭链接即可。

  • socks5: BIND is disabled

    socks5: BIND is disabled

    按照这个文档里面跑rtcp远程端口映射的时候https://groups.google.com/g/go-gost/c/_-akAbTe3ho proxy_host会报错{"cmd":"mbind","dst":":5788/tcp","handler":"socks","kind":"handler","level":"error","listener":"tcp","local":"10.10.30.5:1080","msg":"socks5: BIND is disabled","remote":"10.10.30.127:46498","service":"service-0","time":"2022-12-26T22:18:59.614+08:00"}

  • problems with obfs4 when compiling

    problems with obfs4 when compiling

    i get the following error when compiling gost

    steps

    • installation
    go install github.com/ginuerzh/gost/cmd/gost@latest
    • output:
    go: github.com/ginuerzh/gost/cmd/gost imports
	github.com/ginuerzh/gost imports
	git.torproject.org/pluggable-transports/obfs4.git/transports/base: git.torproject.org/pluggable-transports/[email protected]: parsing go.mod:
	module declares its path as: gitlab.com/yawning/obfs4.git
	        but was required as: git.torproject.org/pluggable-transports/obfs4.git

    image

  • why use GOST over iptables rules?

    why use GOST over iptables rules?

    Hello. I'm just confused. GOST can do forwardings for example incoming port 443 to another_host:8080 It can be done just by a simple iptables rule. So what's the benefit of using GOST? Thanks.

  • gost2 可以正常代理 grpc 但是 gost3 不行

    gost2 可以正常代理 grpc 但是 gost3 不行

    使用方式:./gost -L http+grpc://:8118 -F socks5://user:pass@host:8080 -D

    此时用 grpc 客户端设置 http 代理为 localhost:8118 并且开启 tls (服务端为自签名证书)尝试调用服务端接口,gost2 可以成功,但是 gost3 不行

    grpc 报错:

    Channel Pipeline: [HttpProxyHandler$HttpClientCodecWrapper#0, HttpProxyHandler#0, ProtocolNegotiators$ProxyProtocolNegotiationHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]

io.grpc.StatusException: UNAVAILABLE: io exception
Channel Pipeline: [HttpProxyHandler$HttpClientCodecWrapper#0, HttpProxyHandler#0, ProtocolNegotiators$ProxyProtocolNegotiationHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]
	at io.grpc.Status.asException(Status.java:550) ~[grpc-api-1.47.0.jar:1.47.0]
	at io.grpc.kotlin.ClientCalls$rpcImpl$1$1$1.onClose(ClientCalls.kt:295) ~[grpc-kotlin-stub-1.2.1.jar:na]
	at io.grpc.internal.DelayedClientCall$DelayedListener$3.run(DelayedClientCall.java:468) ~[grpc-core-1.47.0.jar:1.47.0]
	at io.grpc.internal.DelayedClientCall$DelayedListener.delayOrExecute(DelayedClientCall.java:432) ~[grpc-core-1.47.0.jar:1.47.0]
	at io.grpc.internal.DelayedClientCall$DelayedListener.onClose(DelayedClientCall.java:465) ~[grpc-core-1.47.0.jar:1.47.0]
	at io.grpc.internal.ClientCallImpl.closeObserver(ClientCallImpl.java:562) ~[grpc-core-1.47.0.jar:1.47.0]
	at io.grpc.internal.ClientCallImpl.access$300(ClientCallImpl.java:70) ~[grpc-core-1.47.0.jar:1.47.0]
	at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInternal(ClientCallImpl.java:743) ~[grpc-core-1.47.0.jar:1.47.0]
	at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInContext(ClientCallImpl.java:722) ~[grpc-core-1.47.0.jar:1.47.0]
	at io.grpc.internal.ContextRunnable.run(ContextRunnable.java:37) ~[grpc-core-1.47.0.jar:1.47.0]
	at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:133) ~[grpc-core-1.47.0.jar:1.47.0]
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
	at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
Caused by: io.netty.handler.proxy.ProxyConnectException: http, none, /127.0.0.1:8118 => 10.71.0.67:8088, disconnected
	at io.netty.handler.proxy.ProxyHandler.channelInactive(ProxyHandler.java:233) ~[netty-handler-proxy-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:241) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelInactive(CombinedChannelDuplexHandler.java:418) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed(ByteToMessageDecoder.java:392) ~[netty-codec-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.channelInactive(ByteToMessageDecoder.java:357) ~[netty-codec-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.handler.codec.http.HttpClientCodec$Decoder.channelInactive(HttpClientCodec.java:326) ~[netty-codec-http-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.CombinedChannelDuplexHandler.channelInactive(CombinedChannelDuplexHandler.java:221) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.handler.proxy.HttpProxyHandler$HttpClientCodecWrapper.channelInactive(HttpProxyHandler.java:267) ~[netty-handler-proxy-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:241) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelInactive(DefaultChannelPipeline.java:1405) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.DefaultChannelPipeline.fireChannelInactive(DefaultChannelPipeline.java:901) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.AbstractChannel$AbstractUnsafe$7.run(AbstractChannel.java:813) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute$$$capture(AbstractEventExecutor.java:164) ~[netty-common-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java) ~[netty-common-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:469) ~[netty-common-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:500) ~[netty-transport-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986) ~[netty-common-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.76.Final.jar:4.1.76.Final]
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.76.Final.jar:4.1.76.Final]

    curl 也无法连通,报错 curl: (52) Empty reply from server

    gost3 日志如下

    {"caller":"parsing/tls.go:41","level":"debug","msg":"load global TLS certificate files failed, use random generated certificate","time":"2022-12-07T11:07:56.366+08:00"}
{"caller":"parsing/service.go:233","handler":"http","kind":"service","level":"info","listener":"grpc","msg":"listening on [::]:8118/tcp","service":"service-0","time":"2022-12-07T11:07:56.367+08:00"}

    版本信息 gost 2.11.4 (go1.19 darwin/arm64) gost 3.0.0-rc.1 (go1.19.2 darwin/arm64) grpc java 1.45.1

Related tags
Network go dns tls tunnel ssh golang udp http2 socks5 shadowsocks kcp quic tuntap sni obfs4
A deployable proxy server and tunnel written in go

Tunnelify Tunnelify is a deployable proxy server and tunnel written in go Installing | Quickstart | Configuration Installing Direct download You can i

Dec 11, 2022
Simple HTTP tunnel using SSH remote port forwarding

Simple HTTP tunnel using SSH remote port forwarding

Nov 18, 2022
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH.
 Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH.

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.

Jan 1, 2023
A Stable & Secure Tunnel based on KCP with N:M multiplexing and FEC. Available for ARM, MIPS, 386 and AMD64。KCPプロトコルに基づく安全なトンネル。KCP 프로토콜을 기반으로 하는 보안 터널입니다。
 A Stable & Secure Tunnel based on KCP with N:M multiplexing and FEC. Available for ARM, MIPS, 386 and AMD64。KCPプロトコルに基づく安全なトンネル。KCP 프로토콜을 기반으로 하는 보안 터널입니다。

Disclaimer: kcptun maintains a single website — github.com/xtaci/kcptun. Any websites other than github.com/xtaci/kcptun are not endorsed by xtaci. Re

Jan 9, 2023
Toy gRPC Tunnel over CloudFlare (Proof of Concept)
 Toy gRPC Tunnel over CloudFlare (Proof of Concept)

gun You know what it means. Guide Server Go to your domain in CloudFlare. In "Network" tab, turn on gRPC.

Jan 6, 2023
Cloud Native Tunnel
 Cloud Native Tunnel

inlets is a Cloud Native Tunnel written in Go Expose your local endpoints to the Internet or within a remote network, without touching firewalls. Foll

Jan 4, 2022
Clash - A rule-based tunnel in Go.
 Clash - A rule-based tunnel in Go.

Clash A rule-based tunnel in Go. Features Local HTTP/HTTPS/SOCKS server with authentication support VMess, Shadowsocks, Trojan, Snell protocol support

Jan 5, 2023
A rule-based tunnel in Go with experimental features
 A rule-based tunnel in Go with experimental features

Experimental-Clash A rule-based tunnel in Go with experimental features. Features Local HTTP/HTTPS/SOCKS server with authentication support VMess, Sha

Dec 25, 2022
An anonymous, encrypted Point-to-Point (Layer 3) tunnel between two peers.

NKN-Link An anonymous, encrypted Point-to-Point (Layer 3) tunnel between two peers. NKN-Link Table of Contents Preface Description Install Setup Run P

Dec 20, 2022
Gogrok is a self hosted, easy to use alternative to ngrok. It uses SSH as a base protocol, using channels and existing functionality to tunnel requests to an endpoint.

gogrok A simple, easy to use ngrok alternative (self hosted!) The server and client can also be easily embedded into your applications, see the 'serve

Dec 3, 2022
HTTP tunnel over Websocket
 HTTP tunnel over Websocket

WS PROXY This is a reverse HTTP proxy over websockets. The aim is to securely make call to internal APIs from outside. How does it works a WSP client

Nov 12, 2022
Simple wget - Simple wget written as test for Scorum

simple_wget simple wget written as test for Scorum Task: Implement in Go (http:/

Jan 24, 2022
A Minecraft scanner written in Golang (first Golang project)

__ __/ \__ Gothyc A Minecraft port scanner written in Go. ?? / \__/ \__ \__/ \__/ \ Version 0.3.0 \__/ \__/ Author @toas

Nov 6, 2022
A simple TUN/TAP library written in native Go.

water water is a native Go library for TUN/TAP interfaces. water is designed to be simple and efficient. It wraps almost only syscalls and uses only G

Jan 7, 2023
A simple low bandwidth simulator written in go

NETSNAIL 0.8 ABOUT Netsnail is a simple network proxy that simulates low bandwidth. RUNNING Usage of netsnail: -d=0: the delay on data transfe

May 19, 2021
A simple port scanner written in go

Scan27 A simple port scanner written in go Features: V1 it Scans the given Ip or Host name for open ports Usage ./scan27 Enter IP address or Host name

Jul 23, 2022
sonarbyte is a simple and fast subdomain scanner written in go to extract subdomain from Rapid7's DNS Database using omnisint's api.
 sonarbyte is a simple and fast subdomain scanner written in go to extract subdomain from Rapid7's DNS Database using omnisint's api.

sonarbyte Description Sonarbyte is a simple and fast subdomain scanner written in go to extract subdomains from Rapid7's DNS Database using omnisint's

Jul 27, 2022
Simple script fro DNS upload testing. Written in Go.

BENCH DNS Simple script fro DNS upload testing. Written in Go. Features Using local domain list file with -file argument Download from URL and then us

Dec 6, 2021
A simple proxy server written in GO

proxy-server A simple HTTP proxy server with support to domain filter. TODO Supp

Jan 6, 2022