github/wangyu-udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2025-01-19 14:29:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/wangyu-/udp2raw-tunnel

Browse Source
This commit is contained in:
wangyu 2017-08-11 16:17:43 +08:00
commit 1bbe19cdee
2 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -6,8 +6,8 @@ An Encrpyted,Anti-Replay,Multiplexed Udp Tunnel,tunnels udp traffic through fake
[简体中文](/doc/README.zh-cn.md) [简体中文](/doc/README.zh-cn.md)
### Send/Recv Udp Packet as Raw Packet with TCP header,ICMP header ### Send/Recv Udp Packet as Raw Packet with TCP header,ICMP header
Which can help you bypass udp blocking or udp QOS or just poorly supported udp NAT behavior by some ISP. Raw packet with UDP header is also supported,in this way you can just make use of the encrpyting and anti-replay feature. Which can help you bypass udp blocking or udp QOS or just poorly supported udp NAT behavior by some ISP. Raw packet with UDP header is also supported,in this way you can just make use of the encrpyting and anti-replay feature.
### Encrpytion and Anti-Replay ### Encrpytion,Anti-Replay,Anti-MITM
encrypt your traffic with aes128cbc,protects data integrity by md5 or crc32,protect replay attack with an anti-replay window smiliar to ipsec/openvpn. encrypt your traffic with aes128cbc,protects data integrity by md5 or crc32,protect replay attack with an anti-replay window smiliar to ipsec/openvpn.Client and server use pre shared secret to verify each other,man-in-the-middle is impossible.
### Simulated TCP Handshake ### Simulated TCP Handshake
simulated 3-way handshake,simluated seq ack_seq. Simluated tcp options:MSS,sackOk,TS,TS_ack,wscale. Provides real-time delivery ,no tcp over tcp problem when using openvpn. simulated 3-way handshake,simluated seq ack_seq. Simluated tcp options:MSS,sackOk,TS,TS_ack,wscale. Provides real-time delivery ,no tcp over tcp problem when using openvpn.
### Connnection Failure Dectection & Recover ### Connnection Failure Dectection & Recover
@ -26,7 +26,7 @@ Openwrt Supported,no dependence package,easy to compile,ar71xx binary included i
bypass udp qos,bypass udp blocking,openvpn tcp over tcp problem,openvpn over icmp,udp to icmp tunnel,udp to tcp tunnel,udp via icmp,udp via tcp bypass udp qos,bypass udp blocking,openvpn tcp over tcp problem,openvpn over icmp,udp to icmp tunnel,udp to tcp tunnel,udp via icmp,udp via tcp
# Getting Started # Getting Started
### Prerequisites ### Prerequisites
linux host,root access. if you want to use it on window,you can use VMware(both bridged mode and nat mode are supported). linux host(include desktop linux,openwrt router,raspberry pi),root access. if you want to use it on window,you can use VMware(both bridged mode and nat mode are supported).
### Installing ### Installing
download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases
### Running ### Running
@ -120,12 +120,12 @@ raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5
3. openvpn over icmp also becomes a choice 3. openvpn over icmp also becomes a choice
more details at [openvpn+udp2raw_guide](/doc/openvpn_guide.md) more details at [openvpn+udp2raw_guide](/doc/openvpn_guide.md)
### tunneling kcptun ### speed-up tcp connection via raw traffic by using udp2raw+kcptun
make kcptun support tcp mode. kcptun is a tcp connection speed-up program,it speeds-up tcp connection by using kcp protocol on-top of udp.by using udp2raw,you can use kcptun while udp is QoSed or blocked.
(kcptun, https://github.com/xtaci/kcptun) (kcptun, https://github.com/xtaci/kcptun)
### tunneling finalspeed ### speed-up tcp connection via raw traffic by using udp2raw+finalspeed
finalspeed 's tcp mode doesnt work on openvz VPS.you can use finalspeed 's udp mode,and tunnel udp through tcp with this tunnel. finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up tcp connection by using kcp protocol on-top of udp or tcp.but its tcp mode doesnt support openvz,you can bypass this problem if you use udp2raw+finalspeed together,and icmp mode also becomes avaliable.
# Related work # Related work
### kcptun-raw ### kcptun-raw

8
doc/README.zh-cn.md
View File

@ -14,16 +14,18 @@ https://github.com/wangyu-/UDPspeeder
### 把udp流量伪装成tcp /icmp ### 把udp流量伪装成tcp /icmp
用raw socket给udp包加上tcp/icmp包头可以突破udp流量限制或Udp QOS。或者在udp nat有问题的环境下提升稳定性。  另外也支持用raw 发udp包这样流量不会被伪装只会被加密。 用raw socket给udp包加上tcp/icmp包头可以突破udp流量限制或Udp QOS。或者在udp nat有问题的环境下提升稳定性。  另外也支持用raw 发udp包这样流量不会被伪装只会被加密。
### 加密 防重放攻击 ### 加密 防重放攻击 防中间人攻击
用aes128cbc加密md5/crc32做数据完整校验。用类似ipsec/openvpn的 replay windows机制来防止重放攻击。 用aes128cbc加密md5/crc32做数据完整校验。用类似ipsec/openvpn的 replay windows机制来防止重放攻击。
设计目标是即使攻击者可以监听到tunnel的所有包可以选择性丢弃tunnel的任意包可以重放任意包攻击者也没办法获得tunnel承载的任何数据也没办法向tunnel的数据流中通过包构造/包重放插入任何数据。 设计目标是即使攻击者可以监听到tunnel的所有包可以选择性丢弃tunnel的任意包可以重放任意包攻击者也没办法获得tunnel承载的任何数据也没办法向tunnel的数据流中通过包构造/包重放插入任何数据。udp2raw client和server用预分配密钥pre-shared secret互相认证无法被中间人攻击。
### 模拟TCP3次握手 ### 模拟TCP3次握手
模拟TCP3次握手模拟seq ack过程。另外还模拟了一些tcp optionMSS,sackOk,TS,TS_ack,wscale用来使流量看起来更像是由普通的linux tcp协议栈发送的。 模拟TCP3次握手模拟seq ack过程。另外还模拟了一些tcp optionMSS,sackOk,TS,TS_ack,wscale用来使流量看起来更像是由普通的linux tcp协议栈发送的。
### 心跳保活、自动重连,连接快速恢复,单向链路失效检测 ### 心跳保活、自动重连,连接快速恢复,单向链路失效检测
心跳保活、自动重连udp2raw重连可以恢复上次的连接重连后上层连接继续有效底层掉线上层不掉线。有效解决上层连接断开的问题。 (功能借鉴自[kcptun-raw](https://github.com/Chion82/kcptun-raw) 心跳保活、自动重连udp2raw重连可以恢复上次的连接重连后上层连接继续有效底层掉线上层不掉线。有效解决上层连接断开的问题。 (功能借鉴自[kcptun-raw](https://github.com/Chion82/kcptun-raw)**就算你拔掉网线重插或者重新拨号获得新ip上层应用也不会断线**
Client能用单倍的超时时间检测到单向链路的失效不管是上行还是下行只要有一个方向失效就能被client检测到。重连只需要client发起就可以立即被server处理不需要等到server端的连接超时后。 Client能用单倍的超时时间检测到单向链路的失效不管是上行还是下行只要有一个方向失效就能被client检测到。重连只需要client发起就可以立即被server处理不需要等到server端的连接超时后。