mirror of
https://github.com/wangyu-/udp2raw.git
synced 2025-01-19 22:39:31 +08:00
Merge branch 'master' of https://github.com/wangyu-/udp2raw-tunnel
This commit is contained in:
commit
00a3955de0
38
README.md
38
README.md
@ -1,12 +1,12 @@
|
|||||||
# Udp2raw-tunnel
|
# Udp2raw-tunnel
|
||||||
![image0](images/image0.PNG)
|
![image0](images/image0.PNG)
|
||||||
|
|
||||||
An encrpyted, anti-replay, multiplexing UDP tunnel which tunnels UDP traffic with fake TCP or ICMP header using raw socket. Also acts as a connection stablizer.
|
An Encrpyted,Anti-Replay,Multiplexed UDP Tunnel which can help you Bypass UDP Block or QoS by tunneling UDP traffic through Fake-TCP or ICMP by using raw socket.It aslo acts as a Connection Stablizer.
|
||||||
|
|
||||||
[简体中文](/doc/README.zh-cn.md)
|
[简体中文](/doc/README.zh-cn.md)
|
||||||
# Features
|
# Features
|
||||||
### Send / Receive UDP Packet with fake headers
|
### Send / Receive UDP Packet with fake-tcp/icmp headers
|
||||||
Fake headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. Raw packets with UDP headers are also supported, in this mode you can just use the encrpyting,anti-replay and connection-stablize feature.
|
Fake-tcp/icmp headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. Raw packets with UDP headers are also supported.In UDP header mode,it behaves just like a normal UDP tunnel,and you can just make use of the other features.
|
||||||
|
|
||||||
### Simulate TCP Handshake
|
### Simulate TCP Handshake
|
||||||
Simulates the 3-way handshake, along with seq and ack_seq. TCP options MSS, sackOk, TS, TS_ack, wscale are also simulated. Real-time delivery guaranteed, no TCP over TCP problem when using OpenVPN.
|
Simulates the 3-way handshake, along with seq and ack_seq. TCP options MSS, sackOk, TS, TS_ack, wscale are also simulated. Real-time delivery guaranteed, no TCP over TCP problem when using OpenVPN.
|
||||||
@ -18,7 +18,7 @@ Simulates the 3-way handshake, along with seq and ack_seq. TCP options MSS, sack
|
|||||||
* Authenticate mutually, no more MITM attacks.
|
* Authenticate mutually, no more MITM attacks.
|
||||||
|
|
||||||
### Failure Dectection & Stablization (Connection Recovery)
|
### Failure Dectection & Stablization (Connection Recovery)
|
||||||
Conection failures are detected by heartbeats. If timed-out, the client will automatically change the port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild.
|
Conection failures are detected by heartbeats. If timed-out,client will automatically change port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild.
|
||||||
|
|
||||||
For example, if you use UDP2RAW + OpenVPN, OpenVPN won't lose connection after any reconnect, **even if the network cable is re-plugged or the WiFi access point is changed**.
|
For example, if you use UDP2RAW + OpenVPN, OpenVPN won't lose connection after any reconnect, **even if the network cable is re-plugged or the WiFi access point is changed**.
|
||||||
|
|
||||||
@ -27,7 +27,7 @@ For example, if you use UDP2RAW + OpenVPN, OpenVPN won't lose connection after a
|
|||||||
|
|
||||||
* **Multiple Clients** One server can have multiple clients.
|
* **Multiple Clients** One server can have multiple clients.
|
||||||
|
|
||||||
* **NAT Support** All of the 3 modes work in NAT-ed environments.
|
* **NAT Support** All of the 3 modes work in NAT environments.
|
||||||
|
|
||||||
* **OpenVZ Support** Tested on BandwagonHost.
|
* **OpenVZ Support** Tested on BandwagonHost.
|
||||||
|
|
||||||
@ -47,7 +47,7 @@ For example, if you use UDP2RAW + OpenVPN, OpenVPN won't lose connection after a
|
|||||||
### Prerequisites
|
### Prerequisites
|
||||||
A Linux host (including desktop Linux, OpenWRT router, or Raspberry PI) with root access.
|
A Linux host (including desktop Linux, OpenWRT router, or Raspberry PI) with root access.
|
||||||
|
|
||||||
If you want to use it on MICRO$OFT Windows, you can use VMware or Hyper-V (both bridged mode and NAT mode are supported).
|
If you want to use it on MICRO$OFT Windows, you can use VMware or Hyper-V (both bridged mode and <del>NAT mode</del> are supported).
|
||||||
|
|
||||||
### Installing
|
### Installing
|
||||||
Download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases
|
Download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases
|
||||||
@ -104,13 +104,13 @@ other options:
|
|||||||
```
|
```
|
||||||
|
|
||||||
### IPTABLES rule
|
### IPTABLES rule
|
||||||
This program sends packets via raw socket. In FakeTCP mode, Linux kernel TCP packet processing has to be blocked by a iptables rule on both sides, otherwise the kernel will automatically send RST for an unrecongized TCP packet and you will sustain from stability / peformance problems. You can use `-a` option to let the program automatically add / delete iptables rule on start / exit. You can also use the -g option to generate iptables rule and add it manually.
|
This program sends packets via raw socket. In FakeTCP mode, Linux kernel TCP packet processing has to be blocked by a iptables rule on both sides, otherwise the kernel will automatically send RST for an unrecongized TCP packet and you will sustain from stability / peformance problems. You can use `-a` option to let the program automatically add / delete iptables rule on start / exit. You can also use the `-g` option to generate iptables rule and add it manually.
|
||||||
|
|
||||||
### `cipher-mode` and `auth-mode`
|
### `cipher-mode` and `auth-mode`
|
||||||
It is suggested to use AES-128-CBC + MD5 to obtain maximum security. If you want to run the program on a router, you can try XOR + simple, which can fool packet inspection by firewalls the most of time, but it cannot protect you from serious attacks. Mode none is only for debugging purpose. It is not recommended to set the cipher-mode or auth-mode to none.
|
It is suggested to use `aes128cbc` + `md5` to obtain maximum security. If you want to run the program on a router, you can try `xor` + `simple`, which can fool packet inspection by firewalls the most of time, but it cannot protect you from serious attacks. Mode none is only for debugging purpose. It is not recommended to set the cipher-mode or auth-mode to none.
|
||||||
|
|
||||||
### seq-mode
|
### seq-mode
|
||||||
The FakeTCP mode does not behave 100% like a real tcp connection. ISPs may be able to distinguish the simulated tcp traffic from the real TCP traffic (though it's costly). seq-mode can help you change the seq increase behavior slightly. If you experience any problems, try to change the value.
|
The FakeTCP mode does not behave 100% like a real tcp connection. ISPs may be able to distinguish the simulated tcp traffic from the real TCP traffic (though it's costly). seq-mode can help you change the seq increase behavior slightly. If you experience connection problems, try to change the value.
|
||||||
|
|
||||||
# Peformance Test
|
# Peformance Test
|
||||||
#### Test method:
|
#### Test method:
|
||||||
@ -131,14 +131,14 @@ raw_mode: faketcp cipher_mode: xor auth_mode: simple
|
|||||||
|
|
||||||
![image4](images/image4.PNG)
|
![image4](images/image4.PNG)
|
||||||
|
|
||||||
(reverse speed is simliar and not uploaded)
|
(reverse speed was simliar and not uploaded)
|
||||||
|
|
||||||
### Test2
|
### Test2
|
||||||
raw_mode: faketcp cipher_mode: aes128cbc auth_mode: md5
|
raw_mode: faketcp cipher_mode: aes128cbc auth_mode: md5
|
||||||
|
|
||||||
![image5](images/image5.PNG)
|
![image5](images/image5.PNG)
|
||||||
|
|
||||||
(reverse speed is simliar and not uploaded)
|
(reverse speed was simliar and not uploaded)
|
||||||
|
|
||||||
# Application
|
# Application
|
||||||
### tunneling any traffic via raw traffic by using udp2raw +openvpn
|
### tunneling any traffic via raw traffic by using udp2raw +openvpn
|
||||||
@ -160,19 +160,27 @@ finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up
|
|||||||
# How to build
|
# How to build
|
||||||
read [build_guide](/doc/build_guide.md)
|
read [build_guide](/doc/build_guide.md)
|
||||||
|
|
||||||
|
# Other
|
||||||
|
### Easier installation on ArchLinux
|
||||||
|
```
|
||||||
|
yaourt -S udp2raw-tunnel # or
|
||||||
|
pacaur -S udp2raw-tunnel
|
||||||
|
```
|
||||||
|
|
||||||
# Related work
|
# Related work
|
||||||
### kcptun-raw
|
### kcptun-raw
|
||||||
this project was inspired by kcptun-raw,which modified kcptun to support tcp mode.
|
udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode.
|
||||||
|
|
||||||
https://github.com/Chion82/kcptun-raw
|
https://github.com/Chion82/kcptun-raw
|
||||||
|
### relayRawSocket
|
||||||
|
kcptun-raw was inspired by relayRawSocket. A simple udp to raw tunnel,wrote in python
|
||||||
|
|
||||||
|
https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket
|
||||||
### kcpraw
|
### kcpraw
|
||||||
another project of kcptun with tcp mode
|
another project of kcptun with tcp mode
|
||||||
|
|
||||||
https://github.com/ccsexyz/kcpraw
|
https://github.com/ccsexyz/kcpraw
|
||||||
### relayRawSocket
|
|
||||||
a simple udp to raw tunnel without simluated 3-way handshake ,wrote in python
|
|
||||||
|
|
||||||
https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket
|
|
||||||
### icmptunnel
|
### icmptunnel
|
||||||
Transparently tunnel your IP traffic through ICMP echo and reply packets.
|
Transparently tunnel your IP traffic through ICMP echo and reply packets.
|
||||||
|
|
||||||
|
@ -49,7 +49,7 @@ epoll纯异步,高并发,除了回收过期连接外,所有操作的时间
|
|||||||
# 简明操作说明
|
# 简明操作说明
|
||||||
|
|
||||||
### 环境要求
|
### 环境要求
|
||||||
Linux主机,有root权限。主机上最好安装了iptables命令(apt/yum很容易安装)。在windows和mac上可以开虚拟机(桥接模式和NAT模式经测试都可用)。
|
Linux主机,有root权限。主机上最好安装了iptables命令(apt/yum很容易安装)。在windows和mac上可以开虚拟机(桥接模式和<del>NAT模式</del>经测试都可用)。
|
||||||
|
|
||||||
### 安装
|
### 安装
|
||||||
下载编译好的二进制文件,解压到任意目录。
|
下载编译好的二进制文件,解压到任意目录。
|
||||||
@ -157,17 +157,17 @@ raw_mode: faketcp cipher_mode: aes128cbc auth_mode: md5
|
|||||||
[编译教程](build_guide.zh-cn.md)
|
[编译教程](build_guide.zh-cn.md)
|
||||||
# 相关repo
|
# 相关repo
|
||||||
### kcptun-raw
|
### kcptun-raw
|
||||||
this project was inspired by kcptun-raw,which modified kcptun to support tcp mode.
|
udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode.
|
||||||
|
|
||||||
https://github.com/Chion82/kcptun-raw
|
https://github.com/Chion82/kcptun-raw
|
||||||
|
### relayRawSocket
|
||||||
|
kcptun-raw was inspired by relayRawSocket. A simple udp to raw tunnel,wrote in python
|
||||||
|
|
||||||
|
https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket
|
||||||
### kcpraw
|
### kcpraw
|
||||||
another project of kcptun with tcp mode
|
another project of kcptun with tcp mode
|
||||||
|
|
||||||
https://github.com/ccsexyz/kcpraw
|
https://github.com/ccsexyz/kcpraw
|
||||||
### relayRawSocket
|
|
||||||
a simple udp to raw tunnel without simluated 3-way handshake ,wrote in python
|
|
||||||
|
|
||||||
https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket
|
|
||||||
### icmptunnel
|
### icmptunnel
|
||||||
Transparently tunnel your IP traffic through ICMP echo and reply packets.
|
Transparently tunnel your IP traffic through ICMP echo and reply packets.
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user