From 7592729abc2479ae04604ad25a651ea2d14d7daf Mon Sep 17 00:00:00 2001 From: wangyu- Date: Thu, 10 Aug 2017 22:42:00 -0700 Subject: [PATCH 1/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3776ad5..6f68aa0 100755 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Openwrt Supported,no dependence package,easy to compile,ar71xx binary included i bypass udp qos,bypass udp blocking,openvpn tcp over tcp problem,openvpn over icmp,udp to icmp tunnel,udp to tcp tunnel,udp via icmp,udp via tcp # Getting Started ### Prerequisites -linux host,root access. if you want to use it on window,you can use VMware(both bridged mode and nat mode are supported). +linux host(include desktop linux,openwrt router,raspberry pi),root access. if you want to use it on window,you can use VMware(both bridged mode and nat mode are supported). ### Installing download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases ### Running From 1b9f2a1e0ec032a525b7db08cc977df597be7885 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Thu, 10 Aug 2017 22:51:50 -0700 Subject: [PATCH 2/8] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 6f68aa0..4d9350c 100755 --- a/README.md +++ b/README.md @@ -120,12 +120,12 @@ raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5 3. openvpn over icmp also becomes a choice more details at [openvpn+udp2raw_guide](/doc/openvpn_guide.md) -### tunneling kcptun -make kcptun support tcp mode. +### speed-up tcp connection by using udp2raw+kcptun +kcptun is a tcp connection speed up program,it speed-ups tcp connection by using kcp protocol on-top of udp.by using udp2raw,you can use kcptun while udp is QoSed or blocked. (kcptun, https://github.com/xtaci/kcptun) -### tunneling finalspeed -finalspeed 's tcp mode doesnt work on openvz VPS.you can use finalspeed 's udp mode,and tunnel udp through tcp with this tunnel. +### speed-up tcp connection by using udp2raw+finalspeed +finalspeed is a tcp connection speed up program similiar to kcptun,it speed-ups tcp connection by using kcp protocol on-top of udp or tcp.but its tcp mode doesnt support openvz,you can bypass this problem if you use udp2raw+finalspeed together. # Related work ### kcptun-raw From 8f04c8278857b972c99e61d6c87070c07c2730b1 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Thu, 10 Aug 2017 22:53:01 -0700 Subject: [PATCH 3/8] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4d9350c..2180d0f 100755 --- a/README.md +++ b/README.md @@ -121,11 +121,11 @@ raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5 more details at [openvpn+udp2raw_guide](/doc/openvpn_guide.md) ### speed-up tcp connection by using udp2raw+kcptun -kcptun is a tcp connection speed up program,it speed-ups tcp connection by using kcp protocol on-top of udp.by using udp2raw,you can use kcptun while udp is QoSed or blocked. +kcptun is a tcp connection speed-up program,it speeds-up tcp connection by using kcp protocol on-top of udp.by using udp2raw,you can use kcptun while udp is QoSed or blocked. (kcptun, https://github.com/xtaci/kcptun) ### speed-up tcp connection by using udp2raw+finalspeed -finalspeed is a tcp connection speed up program similiar to kcptun,it speed-ups tcp connection by using kcp protocol on-top of udp or tcp.but its tcp mode doesnt support openvz,you can bypass this problem if you use udp2raw+finalspeed together. +finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up tcp connection by using kcp protocol on-top of udp or tcp.but its tcp mode doesnt support openvz,you can bypass this problem if you use udp2raw+finalspeed together. # Related work ### kcptun-raw From 1a2cd767c09f93cb466799df6caff2545d23e3e9 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Thu, 10 Aug 2017 23:06:34 -0700 Subject: [PATCH 4/8] Update README.zh-cn.md --- doc/README.zh-cn.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/README.zh-cn.md b/doc/README.zh-cn.md index 310a8f8..2a58699 100644 --- a/doc/README.zh-cn.md +++ b/doc/README.zh-cn.md @@ -23,7 +23,7 @@ https://github.com/wangyu-/UDPspeeder 模拟TCP3次握手,模拟seq ack过程。另外还模拟了一些tcp option:MSS,sackOk,TS,TS_ack,wscale,用来使流量看起来更像是由普通的linux tcp协议栈发送的。 ### 心跳保活、自动重连,连接快速恢复,单向链路失效检测 -心跳保活、自动重连,udp2raw重连可以恢复上次的连接,重连后上层连接继续有效,底层掉线上层不掉线。有效解决上层连接断开的问题。 (功能借鉴自[kcptun-raw](https://github.com/Chion82/kcptun-raw)) +心跳保活、自动重连,udp2raw重连可以恢复上次的连接,重连后上层连接继续有效,底层掉线上层不掉线。有效解决上层连接断开的问题。 (功能借鉴自[kcptun-raw](https://github.com/Chion82/kcptun-raw))(**就算你拔掉网线重插,或者重新拨号获得新ip,上层应用也不会断线**) Client能用单倍的超时时间检测到单向链路的失效,不管是上行还是下行,只要有一个方向失效就能被client检测到。重连只需要client发起,就可以立即被server处理,不需要等到server端的连接超时后。 From eb59012b7bf8b4245f75e27f0cc8bac0fb3ce346 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Thu, 10 Aug 2017 23:31:42 -0700 Subject: [PATCH 5/8] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2180d0f..33f1025 100755 --- a/README.md +++ b/README.md @@ -120,12 +120,12 @@ raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5 3. openvpn over icmp also becomes a choice more details at [openvpn+udp2raw_guide](/doc/openvpn_guide.md) -### speed-up tcp connection by using udp2raw+kcptun +### speed-up tcp connection via raw traffic by using udp2raw+kcptun kcptun is a tcp connection speed-up program,it speeds-up tcp connection by using kcp protocol on-top of udp.by using udp2raw,you can use kcptun while udp is QoSed or blocked. (kcptun, https://github.com/xtaci/kcptun) -### speed-up tcp connection by using udp2raw+finalspeed -finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up tcp connection by using kcp protocol on-top of udp or tcp.but its tcp mode doesnt support openvz,you can bypass this problem if you use udp2raw+finalspeed together. +### speed-up tcp connection via raw traffic by using udp2raw+finalspeed +finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up tcp connection by using kcp protocol on-top of udp or tcp.but its tcp mode doesnt support openvz,you can bypass this problem if you use udp2raw+finalspeed together,and icmp mode also becomes avaliable. # Related work ### kcptun-raw From 3fa1a99046bf848038f9706ede46c030a9943c81 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Thu, 10 Aug 2017 23:47:36 -0700 Subject: [PATCH 6/8] Update README.zh-cn.md --- doc/README.zh-cn.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/README.zh-cn.md b/doc/README.zh-cn.md index 2a58699..8df5c68 100644 --- a/doc/README.zh-cn.md +++ b/doc/README.zh-cn.md @@ -14,10 +14,12 @@ https://github.com/wangyu-/UDPspeeder ### 把udp流量伪装成tcp /icmp 用raw socket给udp包加上tcp/icmp包头,可以突破udp流量限制或Udp QOS。或者在udp nat有问题的环境下,提升稳定性。  另外也支持用raw 发udp包,这样流量不会被伪装,只会被加密。 -### 加密 防重放攻击 +### 加密 防重放攻击 防中间人攻击 用aes128cbc加密,md5/crc32做数据完整校验。用类似ipsec/openvpn的 replay windows机制来防止重放攻击。 -设计目标是,即使攻击者可以监听到tunnel的所有包,可以选择性丢弃tunnel的任意包,可以重放任意包;攻击者也没办法获得tunnel承载的任何数据,也没办法向tunnel的数据流中通过包构造/包重放插入任何数据。 +设计目标是,即使攻击者可以监听到tunnel的所有包,可以选择性丢弃tunnel的任意包,可以重放任意包;攻击者也没办法获得tunnel承载的任何数据,也没办法向tunnel的数据流中通过包构造/包重放插入任何数据。udp2raw client和server用预分配密钥(pre-shared secret)互相认证,无法被中间人攻击。 + + ### 模拟TCP3次握手 模拟TCP3次握手,模拟seq ack过程。另外还模拟了一些tcp option:MSS,sackOk,TS,TS_ack,wscale,用来使流量看起来更像是由普通的linux tcp协议栈发送的。 From 90b1897d4a376af16a1644b22ae382804fa285f9 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Thu, 10 Aug 2017 23:49:24 -0700 Subject: [PATCH 7/8] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 33f1025..f55e632 100755 --- a/README.md +++ b/README.md @@ -6,8 +6,8 @@ An Encrpyted,Anti-Replay,Multiplexed Udp Tunnel,tunnels udp traffic through fake [简体中文](/doc/README.zh-cn.md) ### Send/Recv Udp Packet as Raw Packet with TCP header,ICMP header Which can help you bypass udp blocking or udp QOS or just poorly supported udp NAT behavior by some ISP. Raw packet with UDP header is also supported,in this way you can just make use of the encrpyting and anti-replay feature. -### Encrpytion and Anti-Replay -encrypt your traffic with aes128cbc,protects data integrity by md5 or crc32,protect replay attack with an anti-replay window smiliar to ipsec/openvpn. +### Encrpytion,Anti-Replay,Anti-MITM +encrypt your traffic with aes128cbc,protects data integrity by md5 or crc32,protect replay attack with an anti-replay window smiliar to ipsec/openvpn.client and server use pre shared secret to verify each other,man-in-the-middle is impossible. ### Simulated TCP Handshake simulated 3-way handshake,simluated seq ack_seq. Simluated tcp options:MSS,sackOk,TS,TS_ack,wscale. Provides real-time delivery ,no tcp over tcp problem when using openvpn. ### Connnection Failure Dectection & Recover From 9479c955102325806154f8427169e1950329f9d2 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Thu, 10 Aug 2017 23:49:55 -0700 Subject: [PATCH 8/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f55e632..9a95485 100755 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ An Encrpyted,Anti-Replay,Multiplexed Udp Tunnel,tunnels udp traffic through fake ### Send/Recv Udp Packet as Raw Packet with TCP header,ICMP header Which can help you bypass udp blocking or udp QOS or just poorly supported udp NAT behavior by some ISP. Raw packet with UDP header is also supported,in this way you can just make use of the encrpyting and anti-replay feature. ### Encrpytion,Anti-Replay,Anti-MITM -encrypt your traffic with aes128cbc,protects data integrity by md5 or crc32,protect replay attack with an anti-replay window smiliar to ipsec/openvpn.client and server use pre shared secret to verify each other,man-in-the-middle is impossible. +encrypt your traffic with aes128cbc,protects data integrity by md5 or crc32,protect replay attack with an anti-replay window smiliar to ipsec/openvpn.Client and server use pre shared secret to verify each other,man-in-the-middle is impossible. ### Simulated TCP Handshake simulated 3-way handshake,simluated seq ack_seq. Simluated tcp options:MSS,sackOk,TS,TS_ack,wscale. Provides real-time delivery ,no tcp over tcp problem when using openvpn. ### Connnection Failure Dectection & Recover