From cb9059bf3bff73ede2b71154c25608f0d4cf76c2 Mon Sep 17 00:00:00 2001 From: wangyu Date: Mon, 17 Aug 2020 18:26:20 -0400 Subject: [PATCH] update readme.md --- README.md | 83 ++++++++------------------------------------- doc/README.zh-cn.md | 33 ++++-------------- 2 files changed, 20 insertions(+), 96 deletions(-) diff --git a/README.md b/README.md index 3d22d61..dcc3521 100755 --- a/README.md +++ b/README.md @@ -1,27 +1,27 @@ # Udp2raw-tunnel -A Tunnel which turns UDP Traffic into Encrypted FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls(or Unstable UDP Environment). It can defend Replay-Attack and supports Multiplexing. It also acts as a Connection Stabilizer. - -![image0](images/image0.PNG) +A Tunnel which turns UDP Traffic into Encrypted FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls(or Unstable UDP Environment). When used alone,udp2raw tunnels only UDP traffic. Nevertheless,if you used udp2raw + any UDP-based VPN together,you can tunnel any traffic(include TCP/UDP/ICMP),currently OpenVPN/L2TP/ShadowVPN and [tinyfecVPN](https://github.com/wangyu-/tinyfecVPN) are confirmed to be supported. -![image_vpn](images/udp2rawopenvpn.PNG) -[简体中文](/doc/README.zh-cn.md)(内容更丰富) +![image0](images/image0.PNG) + +or + +![image_vpn](images/udp2rawopenvpn.PNG) [udp2raw wiki](https://github.com/wangyu-/udp2raw-tunnel/wiki) +[简体中文](/doc/README.zh-cn.md)(内容更丰富) + + # Support Platforms -Linux host (including desktop Linux,Android phone/tablet,OpenWRT router,or Raspberry PI) with root access. +Linux host (including desktop Linux,Android phone/tablet,OpenWRT router,or Raspberry PI) with root account or cap_net_raw capability. For Windows and MacOS users, use the udp2raw in [this repo](https://github.com/wangyu-/udp2raw-multiplatform). -For Windows and MacOS You can run udp2raw inside [this](https://github.com/wangyu-/udp2raw-tunnel/releases/download/20171108.0/lede-17.01.2-x86_virtual_machine_image.zip) 7.5mb virtual machine image(make sure network adapter runs at bridged mode). - - - # Features ### Send/Receive UDP Packets with ICMP/FakeTCP/UDP headers ICMP/FakeTCP headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. In ICMP header mode,udp2raw works like an ICMP tunnel. @@ -29,12 +29,14 @@ ICMP/FakeTCP headers help you bypass UDP blocking, UDP QOS or improper UDP NAT b UDP headers are also supported. In UDP header mode, it behaves just like a normal UDP tunnel, and you can just make use of the other features (such as encryption, anti-replay, or connection stalization). ### Simulated TCP with Real-time/Out-of-Order Delivery -In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates following TCP options: `MSS`, `sackOk`, `TS`, `TS_ack`, `wscale`.Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN. +In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates a few TCP options such as: `MSS`, `sackOk`, `TS`, `TS_ack`, `wscale`. Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN. ### Encryption, Anti-Replay * Encrypt your traffic with AES-128-CBC. * Protect data integrity by HMAC-SHA1 (or weaker MD5/CRC32). -* Defense replay attack with an anti-replay window, smiliar to IPSec and OpenVPN. +* Defense replay attack with anti-replay window. + +[Notes on encryption](https://github.com/wangyu-/udp2raw-tunnel/wiki/Notes-on-encryption) ### Failure Dectection & Stablization (Connection Recovery) Conection failures are detected by heartbeats. If timed-out, client will automatically change port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild. @@ -218,63 +220,6 @@ raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5 (reverse speed was simliar and not uploaded) -# Application -## Tunneling any traffic via raw traffic by using udp2raw +openvpn -![image_vpn](images/udp2rawopenvpn.PNG) -1. Bypasses UDP block/UDP QOS - -2. No TCP over TCP problem (TCP over TCP problem http://sites.inka.de/bigred/devel/tcp-tcp.html ,https://community.openvpn.net/openvpn/ticket/2 ) - -3. OpenVpn over ICMP also becomes a choice - -4. Supports almost any UDP-based VPN - -More details at [openvpn+udp2raw_guide](https://github.com/wangyu-/udp2raw-tunnel/wiki/udp2raw-openvpn-config-guide) -## Speed-up tcp connection via raw traffic by using udp2raw+kcptun -kcptun is a tcp connection speed-up program,it speeds-up tcp connection by using kcp protocol on-top of udp.by using udp2raw,you can use kcptun while udp is QoSed or blocked. -(kcptun, https://github.com/xtaci/kcptun) - -## Speed-up tcp connection via raw traffic by using udp2raw+finalspeed -finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up tcp connection by using kcp protocol on-top of udp or tcp.but its tcp mode doesnt support openvz,you can bypass this problem if you use udp2raw+finalspeed together,and icmp mode also becomes avaliable. - -# How to build -read [build_guide](/doc/build_guide.md) - -# Other -### Easier installation on ArchLinux -``` -yaourt -S udp2raw-tunnel # or -pacaur -S udp2raw-tunnel -``` - -# Related work -### kcptun-raw -udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode. - -https://github.com/Chion82/kcptun-raw -### relayRawSocket -kcptun-raw was inspired by relayRawSocket. A simple udp to raw tunnel,wrote in python - -https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket -### kcpraw -another project of kcptun with tcp mode - -https://github.com/ccsexyz/kcpraw - -### icmptunnel -Transparently tunnel your IP traffic through ICMP echo and reply packets. - -https://github.com/DhavalKapil/icmptunnel - -### Tcp Minion -Tcp Minion is a project which modifid the code of tcp stack in kernel,and implemented real-time out-order udp packet delivery through this modified tcp stack.I failed to find the implementation,but there are some papers avaliable: - -https://arxiv.org/abs/1103.0463 - -http://korz.cs.yale.edu/2009/tng/papers/pfldnet10.pdf - -https://pdfs.semanticscholar.org/9e6f/e2306f4385b4eb5416d1fcab16e9361d6ba3.pdf - # wiki Check wiki for more info: diff --git a/doc/README.zh-cn.md b/doc/README.zh-cn.md index a135e8d..4a9b52d 100644 --- a/doc/README.zh-cn.md +++ b/doc/README.zh-cn.md @@ -14,21 +14,19 @@ udp2raw tunnel,通过raw socket给UDP包加上TCP或ICMP header,进而绕过 **提示:** -udp2raw不是加速器,只是一个帮助你绕过UDP限制的工具。如果你需要UDP加速器,请看UDPspeeder。 +udp2raw不是加速器,只是一个帮助你绕过UDP限制的工具。如果你需要UDP“加速器” (改善UDP丢包),请看UDPspeeder。 UDPspeeder的repo: https://github.com/wangyu-/UDPspeeder # 支持的平台 -Linux主机,有root权限。可以是PC、android手机/平板、openwrt路由器、树莓派。主机上最好安装了iptables命令(apt/yum很容易安装)。 +Linux主机,有root权限或cap_net_raw capability.。可以是PC、android手机/平板、openwrt路由器、树莓派。主机上最好安装了iptables命令(apt/yum很容易安装)。 Release中提供了`amd64`、`x86`、`arm`、`mips_be`、`mips_le`的预编译binary. ##### 对于windows和mac用户: -可以用[这个repo](https://github.com/wangyu-/udp2raw-multiplatform)里的udp2raw,原生运行。 - -可以把udp2raw运行在虚拟机上(网络必须是桥接模式)。可以参考: https://github.com/wangyu-/udp2raw-tunnel/wiki/在windows-mac上运行udp2raw客户端,带图形界面 +可以用[这个repo](https://github.com/wangyu-/udp2raw-multiplatform)里的udp2raw。 ##### 对于ios和游戏主机用户: @@ -44,10 +42,10 @@ Release中提供了`amd64`、`x86`、`arm`、`mips_be`、`mips_le`的预编译bi ### 心跳保活、自动重连,连接恢复 心跳保活、自动重连,udp2raw重连可以恢复上次的连接,重连后上层连接继续有效,底层掉线上层不掉线。有效解决上层连接断开的问题。 (功能借鉴自[kcptun-raw](https://github.com/Chion82/kcptun-raw))(**就算你拔掉网线重插,或者重新拨号获得新ip,上层应用也不会断线**) -### 加密 防重放攻击 +### 加密、防重放攻击 用aes128cbc加密(或更弱的xor),hmac-sha1(或更弱的md5/crc32/simple)做数据完整校验。用类似ipsec/openvpn的replay window机制来防止重放攻击。 -设计目标是,即使攻击者可以监听到tunnel的所有包,可以选择性丢弃tunnel的任意包,可以重放任意包;攻击者也没办法获得tunnel承载的任何数据,也没办法向tunnel的数据流中通过包构造/包重放插入任何数据。 +[Notes on encryption](https://github.com/wangyu-/udp2raw-tunnel/wiki/Notes-on-encryption) ### 其他特性 信道复用,client的udp端支持多个连接。 @@ -56,7 +54,7 @@ server支持多个client,也能正确处理多个连接的重连和连接恢 NAT 穿透 ,tcp icmp udp模式都支持nat穿透。 -支持Openvz,配合finalspeed使用,可以在openvz上用tcp模式的finalspeed +支持Openvz,配合finalspeed使用,可以在openvz上用tcp模式的finalspeed. 支持Openwrt,没有编译依赖,容易编译到任何平台上。 @@ -264,25 +262,6 @@ raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5 [udp2raw+kcptun step_by_step教程](kcptun_step_by_step.md) ### 中转 finalspeed [udp2raw+finalspeed step_by_step教程](finalspeed_step_by_step.md) -# 如何自己编译 -[编译教程](build_guide.zh-cn.md) -# 相关repo -### kcptun-raw -udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode. - -https://github.com/Chion82/kcptun-raw -### relayRawSocket -kcptun-raw was inspired by relayRawSocket. A simple udp to raw tunnel,wrote in python - -https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket -### kcpraw -another project of kcptun with tcp mode - -https://github.com/ccsexyz/kcpraw -### icmptunnel -Transparently tunnel your IP traffic through ICMP echo and reply packets. - -https://github.com/DhavalKapil/icmptunnel # wiki