diff --git a/README.md b/README.md index bf703cb..e1eb327 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,50 @@ -gost 3.0 -====== +# GO Simple Tunnel -WORK IN PROGRESS... \ No newline at end of file +## GO语言实现的安全隧道 + +## 功能特性 + +- [x] 多端口监听 +- [x] 支持转发链,并支持多级转发 +- [x] 支持多种协议(HTTP,HTTPS,HTTP2,SOCKS5,Websocket,QUIC...) +- [x] 本地/远程TCP/UDP端口转发 +- [x] DNS解析和代理 +- [x] TUN/TAP设备 +- [x] 负载均衡 +- [x] 路由控制 +- [x] 动态配置 +- [x] Prometheus Metrics +- [x] Web API +- [ ] Web UI + +## 下载安装 + +### 二进制文件 + +[https://github.com/go-gost/gost/releases](https://github.com/go-gost/gost/releases) + +### 源码编译 + +``` +git clone https://github.com/go-gost/gost.git +cd gost/cmd/gost +go build +``` + +### Docker + +``` +docker pull gogost/gost +``` + +### Shadowsocks Android插件 + +[xausky/ShadowsocksGostPlugin](https://github.com/xausky/ShadowsocksGostPlugin) + +## 问题建议 + +提交Issue: [https://github.com/go-gost/gost/issues](https://github.com/go-gost/gost/issues) + +Telegram讨论群: [https://t.me/gogost](https://t.me/gogost) + +Google讨论组: [https://groups.google.com/d/forum/go-gost](https://groups.google.com/d/forum/go-gost) \ No newline at end of file diff --git a/go.mod b/go.mod index 235bfc5..7317fe7 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.18 replace github.com/templexxx/cpu v0.0.7 => github.com/templexxx/cpu v0.0.10-0.20211111114238-98168dcec14a require ( - github.com/go-gost/core v0.0.0-20220317144108-bab2906aeb73 - github.com/go-gost/x v0.0.0-20220317145457-0f1f7790c52a + github.com/go-gost/core v0.0.0-20220318131726-78089d88873f + github.com/go-gost/x v0.0.0-20220318131912-6a6367b8d12f ) require ( diff --git a/go.sum b/go.sum index 60a5dff..d248348 100644 --- a/go.sum +++ b/go.sum @@ -121,8 +121,8 @@ github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gost/core v0.0.0-20220317144108-bab2906aeb73 h1:N9iL7Jf+ahGBieyKu2iUqPVQFQzUjqGKl/lZM+YiSEo= -github.com/go-gost/core v0.0.0-20220317144108-bab2906aeb73/go.mod h1:+Eqgm24sZ61yY9uPhRIPM79Ig+r2Rk5QIOcZWLL+5q0= +github.com/go-gost/core v0.0.0-20220318131726-78089d88873f h1:xg+nZO1V+82TJzsZOeHH1lYoAlZpdYdU+Aiz4BGgaVs= +github.com/go-gost/core v0.0.0-20220318131726-78089d88873f/go.mod h1:oga1T7DJPJM+DpiQaZvTES9P9jvybRSgR/V5j+sEDpg= github.com/go-gost/gosocks4 v0.0.1 h1:+k1sec8HlELuQV7rWftIkmy8UijzUt2I6t+iMPlGB2s= github.com/go-gost/gosocks4 v0.0.1/go.mod h1:3B6L47HbU/qugDg4JnoFPHgJXE43Inz8Bah1QaN9qCc= github.com/go-gost/gosocks5 v0.3.1-0.20211109033403-d894d75b7f09 h1:A95M6UWcfZgOuJkQ7QLfG0Hs5peWIUSysCDNz4pfe04= @@ -131,8 +131,8 @@ github.com/go-gost/relay v0.1.1-0.20211123134818-8ef7fd81ffd7 h1:itaaJhQJ19kUXEB github.com/go-gost/relay v0.1.1-0.20211123134818-8ef7fd81ffd7/go.mod h1:lcX+23LCQ3khIeASBo+tJ/WbwXFO32/N5YN6ucuYTG8= github.com/go-gost/tls-dissector v0.0.2-0.20211125135007-2b5d5bd9c07e h1:73NGqAs22ey3wJkIYVD/ACEoovuIuOlEzQTEoqrO5+U= github.com/go-gost/tls-dissector v0.0.2-0.20211125135007-2b5d5bd9c07e/go.mod h1:/9QfdewqmHdaE362Hv5nDaSWLx3pCmtD870d6GaquXs= -github.com/go-gost/x v0.0.0-20220317145457-0f1f7790c52a h1:i2PGFgLyiFsOJICgYYAjeV+n9ce2yqOqfkuK0V3A5I8= -github.com/go-gost/x v0.0.0-20220317145457-0f1f7790c52a/go.mod h1:iJgHCWLZB5zA/0NNZWbRxzpUwk5YS1elHTGmACI84C0= +github.com/go-gost/x v0.0.0-20220318131912-6a6367b8d12f h1:D3a6VqprxZwuzEF1/xVhzz76IWKrX2oHx3KDALyiKx4= +github.com/go-gost/x v0.0.0-20220318131912-6a6367b8d12f/go.mod h1:0eqpLtDleyR05dUACjy3dkhMxVvknt0gPjsH15PXnys= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= diff --git a/gost.yml b/gost.yml index 71a3989..0957057 100644 --- a/gost.yml +++ b/gost.yml @@ -1,283 +1,110 @@ -log: - output: stderr # none, stderr, stdout, /path/to/file - level: debug # debug, info, warn, error, fatal - format: json # text, json - services: -- name: http+tcp - addr: ":28000" - # bypass: bypass01 +- name: service-0 + addr: ":8080" + interface: eth0 + admission: admission-0 + bypass: bypass-0 + resolver: resolver-0 + hosts: hosts-0 handler: type: http - chain: chain01 - metadata: - proxyAgent: "gost/3.0" - auths: - - user1:pass1 - - user2:pass2 - # probeResist: code:404 # code, web, host, file - # knock: example.com + auth: + username: user + password: pass + auther: auther-0 + chain: chain-0 + retries: 1 + metadata: + foo: bar + bar: baz listener: type: tcp + auth: + username: user + password: pass + auther: auther-0 + chain: chain-0 + tls: + certFile: cert.pem + keyFile: key.pem + caFile: ca.pem metadata: - keepAlive: 15s -- name: ss - addr: ":28338" - # bypass: bypass01 - handler: - type: ss - # chain: chain01 - metadata: - method: chacha20-ietf - password: gost - readTimeout: 5s - udp: true - bufferSize: 4096 - listener: - type: tcp - metadata: - keepAlive: 15s -- name: socks5 - addr: ":21080" - # bypass: bypass01 - handler: - type: socks5 - # chain: chain-ss - metadata: - auths: - - gost:gost - readTimeout: 5s - notls: true - bind: true - udp: true - # udpBufferSize: 4096 # range [512, 66560] - listener: - type: tcp - metadata: - keepAlive: 15s -- name: socks5+tcp - addr: ":21081" - handler: - type: socks5 - metadata: - auths: - - gost:gost - readTimeout: 5s - notls: true - # udpBufferSize: 1024 - listener: - type: tcp - metadata: - keepAlive: 15s -- name: forward - addr: ":10053" + abc: xyz + def: 456 forwarder: targets: - - 192.168.8.8:53 - - 192.168.8.1:53 - - 1.1.1.1:53 + - 192.168.1.1:1234 + - 192.168.1.2:2345 selector: - strategy: fifo + strategy: rand maxFails: 1 failTimeout: 30s - handler: - type: forward - chain: chain-ss - metadata: - readTimeout: 5s - listener: - type: udp - metadata: - keepAlive: 15s - -- name: kcp-forward-tunnel - addr: ":8388" - forwarder: - targets: - - 127.0.0.1:28338 - handler: - type: forward - metadata: - readTimeout: 5s - listener: - type: kcp - metadata: - keepAlive: 15s - -- name: rtcp - addr: ":28100" - forwarder: - targets: - - 192.168.8.8:80 - handler: - type: forward - metadata: - readTimeout: 5s - listener: - type: rtcp - # chain: chain-socks5 - metadata: - keepAlive: 15s - mux: true -- name: rudp - addr: ":1053" - forwarder: - targets: - - 192.168.8.8:53 - - 192.168.8.1:53 - selector: - strategy: round - maxFails: 1 - failTimeout: 30s - handler: - type: forward - metadata: - readTimeout: 5s - listener: - type: rudp - chain: chain-socks5 - metadata: - keepAlive: 15s chains: -- name: chain01 - # chain level selector +- name: chain-0 selector: strategy: round maxFails: 1 failTimeout: 30s hops: - - name: hop01 - # hop level selector + - name: hop-0 + interface: 192.168.1.2 selector: - strategy: round - maxFails: 1 - failTimeout: 30s + strategy: rand + maxFails: 3 + failTimeout: 60s + bypass: bypass-0 nodes: - - name: node01 - addr: ":8081" - # bypass: bypass01 - connector: - type: http - metadata: - userAgent: "gost/3.0" - auth: user1:pass1 - dialer: - type: tcp - metadata: {} - - name: node02 - addr: ":8082" - # bypass: bypass01 - connector: - type: http - metadata: - userAgent: "gost/3.0" - auth: user2:pass2 - dialer: - type: tcp - metadata: {} - - name: hop02 - # hop level selector - selector: - strategy: round - maxFails: 1 - failTimeout: 30s - nodes: - - name: node03 - addr: ":8083" - # bypass: bypass01 - connector: - type: http - metadata: - userAgent: "gost/3.0" - auth: user3:pass3 - dialer: - type: tcp - metadata: {} -- name: chain-socks4 - hops: - - name: hop01 - nodes: - - name: node01 - addr: ":8081" - url: "http://gost:gost@:8081" - # bypass: bypass01 - connector: - type: socks4 - metadata: {} - dialer: - type: tcp - metadata: {} -- name: chain-socks5 - hops: - - name: hop01 - nodes: - - name: node01 - addr: ":21080" - # bypass: bypass01 + - name: node-0 + addr: ":1080" + interface: eth1 + bypass: bypass-0 connector: type: socks5 + auth: + username: user + password: pass metadata: - notls: true - auth: gost:gost + foo: bar dialer: type: tcp - metadata: {} -- name: chain-ss - hops: - - name: hop01 - nodes: - - name: node01 - addr: ":28338" - url: "http://gost:gost@:8081" - # bypass: bypass01 - connector: - type: ss - metadata: - method: chacha20-ietf - password: gost - readTimeout: 5s - nodelay: true - udp: true - bufferSize: 4096 - dialer: - type: tcp - metadata: {} + auth: + username: user + password: pass + tls: + caFile: "ca.pem" + secure: true + serverName: "example.com" + metadata: + bar: baz + +tls: + certFile: "cert.pem" + keyFile: "key.pem" + caFile: "ca.pem" + +authers: +- name: auther-0 + auths: + - username: user1 + password: pass1 + - username: user2 + password: pass2 + +admissions: +- name: admission-0 + reverse: false + matchers: + - 127.0.0.1 + - 192.168.0.0/16 bypasses: - name: bypass-0 reverse: false matchers: - - .baidu.com - - "*.example.com" # domain wildcard - - .example.org # will match example.org and *.example.org - - # From IANA IPv4 Special-Purpose Address Registry - # http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml - - 0.0.0.0/8 # RFC1122: "This host on this network" - - 10.0.0.0/8 # RFC1918: Private-Use - - 100.64.0.0/10 # RFC6598: Shared Address Space - - 127.0.0.0/8 # RFC1122: Loopback - - 169.254.0.0/16 # RFC3927: Link Local - - 172.16.0.0/12 # RFC1918: Private-Use - - 192.0.0.0/24 # RFC6890: IETF Protocol Assignments - - 192.0.2.0/24 # RFC5737: Documentation (TEST-NET-1) - - 192.88.99.0/24 # RFC3068: 6to4 Relay Anycast - - 192.168.0.0/16 # RFC1918: Private-Use - - 198.18.0.0/15 # RFC2544: Benchmarking - - 198.51.100.0/24 # RFC5737: Documentation (TEST-NET-2) - - 203.0.113.0/24 # RFC5737: Documentation (TEST-NET-3) - - 240.0.0.0/4 # RFC1112: Reserved - - 255.255.255.255/32 # RFC0919: Limited Broadcast - - # From IANA Multicast Address Space Registry - # http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml - - 224.0.0.0/4 # RFC5771: Multicast/Reserved - -tls: - cert: "cert.pem" - key: "key.pem" -# ca: "root.ca" + - "*.example.com" + - .example.org + - 0.0.0.0/8 resolvers: - name: resolver-0 @@ -308,6 +135,23 @@ hosts: - bar - baz +log: + output: stderr + level: debug + format: json + profiling: addr: ":6060" - enabled: true + +api: + addr: ":18080" + pathPrefix: /api + accesslog: true + auth: + username: user + password: pass + auther: auther-0 + +metrics: + addr: :9000 + path: /metrics