From ae0509d7d22322ddb324a33f200f566469f527bb Mon Sep 17 00:00:00 2001 From: wangyu- Date: Fri, 11 Aug 2017 21:44:52 -0700 Subject: [PATCH 1/9] Update README.md --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b90f11c..7492be5 100755 --- a/README.md +++ b/README.md @@ -162,17 +162,18 @@ read [build_guide](/doc/build_guide.md) # Related work ### kcptun-raw -this project was inspired by kcptun-raw,which modified kcptun to support tcp mode. +udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode. https://github.com/Chion82/kcptun-raw +### relayRawSocket +kcptun-raw was inspired by relayRawSocket. A simple udp to raw tunnel,wrote in python + +https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket ### kcpraw another project of kcptun with tcp mode https://github.com/ccsexyz/kcpraw -### relayRawSocket -a simple udp to raw tunnel without simluated 3-way handshake ,wrote in python -https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket ### icmptunnel Transparently tunnel your IP traffic through ICMP echo and reply packets. From 6205aa6b8f4ae10db4a266e8a9817d0bacbba3c7 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Fri, 11 Aug 2017 21:46:38 -0700 Subject: [PATCH 2/9] Update README.zh-cn.md --- doc/README.zh-cn.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/README.zh-cn.md b/doc/README.zh-cn.md index b688390..83c229c 100644 --- a/doc/README.zh-cn.md +++ b/doc/README.zh-cn.md @@ -157,17 +157,17 @@ raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5 [编译教程](build_guide.zh-cn.md) # 相关repo ### kcptun-raw -this project was inspired by kcptun-raw,which modified kcptun to support tcp mode. +udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode. https://github.com/Chion82/kcptun-raw +### relayRawSocket +kcptun-raw was inspired by relayRawSocket. A simple udp to raw tunnel,wrote in python + +https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket ### kcpraw another project of kcptun with tcp mode https://github.com/ccsexyz/kcpraw -### relayRawSocket -a simple udp to raw tunnel without simluated 3-way handshake ,wrote in python - -https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket ### icmptunnel Transparently tunnel your IP traffic through ICMP echo and reply packets. From f8715a1d1dcd8b5701b06537d805903a27fcde58 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Fri, 11 Aug 2017 22:48:04 -0700 Subject: [PATCH 3/9] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7492be5..6e47e0b 100755 --- a/README.md +++ b/README.md @@ -1,7 +1,9 @@ # Udp2raw-tunnel ![image0](images/image0.PNG) -An encrpyted, anti-replay, multiplexing UDP tunnel which tunnels UDP traffic with fake TCP or ICMP header using raw socket. Also acts as a connection stablizer. +An encrpyted, anti-replay, multiplexing UDP tunnel which tunnels UDP traffic with fake TCP or ICMP header using raw socket.It can help you bypass UDP firewalls. + +It also acts as a connection stablizer. [简体中文](/doc/README.zh-cn.md) # Features From b0636445e32e4ddcc3d46590339bcc7e0a78446c Mon Sep 17 00:00:00 2001 From: wangyu- Date: Fri, 11 Aug 2017 22:55:41 -0700 Subject: [PATCH 4/9] Update README.md --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 6e47e0b..1865181 100755 --- a/README.md +++ b/README.md @@ -1,9 +1,7 @@ # Udp2raw-tunnel ![image0](images/image0.PNG) -An encrpyted, anti-replay, multiplexing UDP tunnel which tunnels UDP traffic with fake TCP or ICMP header using raw socket.It can help you bypass UDP firewalls. - -It also acts as a connection stablizer. +An Encrpyted,Anti-Replay,Multiplexed UDP Tunnel which can help you Bypass UDP Block or QoS by tunneling UDP traffic through Fake-TCP or ICMP by using raw socket.It aslo acts as a Connection Stablizer. [简体中文](/doc/README.zh-cn.md) # Features From aede2a8680fcc62d8e825e8075696179ed1dac06 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Fri, 11 Aug 2017 23:15:54 -0700 Subject: [PATCH 5/9] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 1865181..dcea3c6 100755 --- a/README.md +++ b/README.md @@ -5,8 +5,8 @@ An Encrpyted,Anti-Replay,Multiplexed UDP Tunnel which can help you Bypass UDP Bl [简体中文](/doc/README.zh-cn.md) # Features -### Send / Receive UDP Packet with fake headers -Fake headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. Raw packets with UDP headers are also supported, in this mode you can just use the encrpyting,anti-replay and connection-stablize feature. +### Send / Receive UDP Packet with fake-tcp/icmp headers +Fake-tcp/icmp headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. Raw packets with UDP headers are also supported.In UDP header mode,it behaves just like a normal UDP tunnel,and you can just make use of the other features. ### Simulate TCP Handshake Simulates the 3-way handshake, along with seq and ack_seq. TCP options MSS, sackOk, TS, TS_ack, wscale are also simulated. Real-time delivery guaranteed, no TCP over TCP problem when using OpenVPN. @@ -18,7 +18,7 @@ Simulates the 3-way handshake, along with seq and ack_seq. TCP options MSS, sack * Authenticate mutually, no more MITM attacks. ### Failure Dectection & Stablization (Connection Recovery) -Conection failures are detected by heartbeats. If timed-out, the client will automatically change the port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild. +Conection failures are detected by heartbeats. If timed-out,client will automatically change port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild. For example, if you use UDP2RAW + OpenVPN, OpenVPN won't lose connection after any reconnect, **even if the network cable is re-plugged or the WiFi access point is changed**. @@ -27,7 +27,7 @@ For example, if you use UDP2RAW + OpenVPN, OpenVPN won't lose connection after a * **Multiple Clients** One server can have multiple clients. -* **NAT Support** All of the 3 modes work in NAT-ed environments. +* **NAT Support** All of the 3 modes work in NAT environments. * **OpenVZ Support** Tested on BandwagonHost. From 8c833776da55920073d1fea77880784ac4069d65 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Fri, 11 Aug 2017 23:36:48 -0700 Subject: [PATCH 6/9] Update README.md --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index dcea3c6..ce718ff 100755 --- a/README.md +++ b/README.md @@ -104,13 +104,13 @@ other options: ``` ### IPTABLES rule -This program sends packets via raw socket. In FakeTCP mode, Linux kernel TCP packet processing has to be blocked by a iptables rule on both sides, otherwise the kernel will automatically send RST for an unrecongized TCP packet and you will sustain from stability / peformance problems. You can use `-a` option to let the program automatically add / delete iptables rule on start / exit. You can also use the -g option to generate iptables rule and add it manually. +This program sends packets via raw socket. In FakeTCP mode, Linux kernel TCP packet processing has to be blocked by a iptables rule on both sides, otherwise the kernel will automatically send RST for an unrecongized TCP packet and you will sustain from stability / peformance problems. You can use `-a` option to let the program automatically add / delete iptables rule on start / exit. You can also use the `-g` option to generate iptables rule and add it manually. ### `cipher-mode` and `auth-mode` -It is suggested to use AES-128-CBC + MD5 to obtain maximum security. If you want to run the program on a router, you can try XOR + simple, which can fool packet inspection by firewalls the most of time, but it cannot protect you from serious attacks. Mode none is only for debugging purpose. It is not recommended to set the cipher-mode or auth-mode to none. +It is suggested to use `aes128cbc` + `md5` to obtain maximum security. If you want to run the program on a router, you can try `xor` + `simple`, which can fool packet inspection by firewalls the most of time, but it cannot protect you from serious attacks. Mode none is only for debugging purpose. It is not recommended to set the cipher-mode or auth-mode to none. ### seq-mode -The FakeTCP mode does not behave 100% like a real tcp connection. ISPs may be able to distinguish the simulated tcp traffic from the real TCP traffic (though it's costly). seq-mode can help you change the seq increase behavior slightly. If you experience any problems, try to change the value. +The FakeTCP mode does not behave 100% like a real tcp connection. ISPs may be able to distinguish the simulated tcp traffic from the real TCP traffic (though it's costly). seq-mode can help you change the seq increase behavior slightly. If you experience connection problems, try to change the value. # Peformance Test #### Test method: @@ -131,14 +131,14 @@ raw_mode: faketcp cipher_mode: xor  auth_mode: simple ![image4](images/image4.PNG) -(reverse speed is simliar and not uploaded) +(reverse speed was simliar and not uploaded) ### Test2 raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5 ![image5](images/image5.PNG) -(reverse speed is simliar and not uploaded) +(reverse speed was simliar and not uploaded) # Application ### tunneling any traffic via raw traffic by using udp2raw +openvpn From 81209ba25ef3a659df378ed09850e46c47f92f74 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Sat, 12 Aug 2017 03:07:22 -0700 Subject: [PATCH 7/9] Update README.md --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index ce718ff..5bac2ba 100755 --- a/README.md +++ b/README.md @@ -160,6 +160,13 @@ finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up # How to build read [build_guide](/doc/build_guide.md) +# Other +### Easier installation on ArchLinux +``` +yaourt -S udp2raw-tunnel # or +pacaur -S udp2raw-tunnel +``` + # Related work ### kcptun-raw udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode. From facf7e4049c392326e4d8f1cbe09e9045ef2e28e Mon Sep 17 00:00:00 2001 From: wangyu- Date: Sat, 12 Aug 2017 03:54:20 -0700 Subject: [PATCH 8/9] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5bac2ba..44eb086 100755 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ For example, if you use UDP2RAW + OpenVPN, OpenVPN won't lose connection after a ### Prerequisites A Linux host (including desktop Linux, OpenWRT router, or Raspberry PI) with root access. -If you want to use it on MICRO$OFT Windows, you can use VMware or Hyper-V (both bridged mode and NAT mode are supported). +If you want to use it on MICRO$OFT Windows, you can use VMware or Hyper-V (both bridged mode and NAT mode are supported). ### Installing Download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases From df55271c08052495d89e0288609dd0921d3fd31e Mon Sep 17 00:00:00 2001 From: wangyu- Date: Sat, 12 Aug 2017 03:56:39 -0700 Subject: [PATCH 9/9] Update README.zh-cn.md --- doc/README.zh-cn.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/README.zh-cn.md b/doc/README.zh-cn.md index 83c229c..3cfd5b1 100644 --- a/doc/README.zh-cn.md +++ b/doc/README.zh-cn.md @@ -49,7 +49,7 @@ epoll纯异步,高并发,除了回收过期连接外,所有操作的时间 # 简明操作说明 ### 环境要求 -Linux主机,有root权限。主机上最好安装了iptables命令(apt/yum很容易安装)。在windows和mac上可以开虚拟机(桥接模式和NAT模式经测试都可用)。 +Linux主机,有root权限。主机上最好安装了iptables命令(apt/yum很容易安装)。在windows和mac上可以开虚拟机(桥接模式和NAT模式经测试都可用)。 ### 安装 下载编译好的二进制文件,解压到任意目录。