• Stars
    star
    162
  • Rank 232,284 (Top 5 %)
  • Language
    Go
  • License
    GNU Lesser Genera...
  • Created over 6 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

secure tunnel which help you protecting your tcp traffic between your machine and your service on remote.

shadowtunnel

Introduce

shadowtunnel is a secure encryption tunnel between your local machine and remote service to protect your TCP flow,

which can efficiently compress transmission, and the flow has no characteristics.

local machine <----> shadowtunnel <----> service on remote.

Usage

Usage of ./shadowtunnel:
  -E    outbound connection is encrypted
  -U    outbound connection is udp
  -c    compress traffic
  -cache string
        dns query cache file path (default "cache.dat")
  -daemon
        daemon mode
  -debug
        show debug info
  -dns string
        local dns server listen on address
  -dns-hosts string
        path of dns hosts file
  -dns-proxy
        is dns endpoint or not
  -dns-server string
        remote dns server to resolve domain (default "8.8.8.8:53")
  -e    inbound connection is encrypted
  -f weight
        forward address,such as : 127.0.0.1:8080 or with @weight: 127.0.0.1:8080@1
  -forever
        forever mode
  -l string
        local listen address, such as : 0.0.0.0:33000 (default ":50000")
  -lb-activeafter int
        host going actived after this success count (default 1)
  -lb-hashtarget hash
        use target address to choose parent for LB, only worked for LB's hash
        method and using `-redir` (default true)
  -lb-inactiveafter int
        host going inactived after this fail count (default 2)
  -lb-method string
        load balance method when use multiple parent,can be
        <roundrobin|leastconn|leasttime|hash|weight> (default "leasttime")
  -lb-onlyha high availability mode
        use only high availability mode to choose parent for LB
  -lb-retrytime int
        sleep time milliseconds after checking (default 2000)
  -lb-timeout int
        tcp milliseconds timeout of connecting to parent (default 3000)
  -log string
        logging output to file
  -m string
        method of encrypt/decrypt, these below are supported :
        aes-128-cfb,aes-192-cfb,des-cfb,cast5-cfb,rc4-md5,chacha20,aes-256-cfb,
        aes-128-ctr,aes-192-ctr,aes-256-ctr,bf-cfb,rc4-md5-6,chacha20-ietf
        (default "aes-192-cfb")
  -nolog
        turn off logging
  -p string
        password of encrypt/decrypt (default "shadowtunnel")
  -profiling
        profiling mode, in this mode, you should stopping process
        by : Ctrl+C or 'kill -s SIGHUP $PID_OF_shadowtunnel'
  -redir
        read target from socket's redirect opts of iptables
  -t int
        connection timeout seconds (default 3)
  -ttl int
        cache seconds of dns query , if zero , default ttl used. (default 300)
  -u    inbound connection is udp
  -v    show version

for example

1.http proxy

if we have a vps, IP is 2.2.2.2

firstly, we start a http proxy on 2.2.2.2.
download http proxy program, execute below on line command on vps with root:

wget https://github.com/snail007/goproxy/releases/download/v4.9/proxy-linux-amd64.tar.gz && tar zxfv proxy-linux-amd64.tar.gz && rm proxy-linux-amd64.tar.gz && mv proxy /usr/bin/ && proxy http -p 127.0.0.1:38080 &

2.Start a tunnel on VPS

download shadowtunnel program, execute below on line command on vps with root:

wget https://github.com/snail007/shadowtunnel/releases/download/v1.1/shadowtunnel-linux-amd64.tar.gz && tar zxfv shadowtunnel-linux-amd64.tar.gz && rm shadowtunnel-linux-amd64.tar.gz && mv shadowtunnel /usr/bin/

start a tunnel on vps listening on :50000 and forward to 127.0.0.1:38080 :

shadowtunnel -e -f 127.0.0.1:38080 -l :50000

3.start a tunnel on local machine

start a tunnel on local machine listening on :50000 and forward to 2.2.2.2:50000 :

shadowtunnel -E -f 2.2.2.2:50000 -l :50000

4.set http proxy configuration in chrome

setting local chrome's http proxy configuration as below:

ip: 127.0.0.1 port: 50000

5.done

TCP over UDP

1.http proxy

if we have a vps, IP is 2.2.2.2.

firstly, we start a http proxy on 2.2.2.2.
download http proxy program, execute below on line command on vps with root:

wget https://github.com/snail007/goproxy/releases/download/v4.9/proxy-linux-amd64.tar.gz && tar zxfv proxy-linux-amd64.tar.gz && rm proxy-linux-amd64.tar.gz && mv proxy /usr/bin/ && proxy http -p 127.0.0.1:38080 &

2.start a tunnel on vps

download shadowtunnel program, execute below on line command on vps with root:

wget https://github.com/snail007/shadowtunnel/releases/download/v1.1/shadowtunnel-linux-amd64.tar.gz && tar zxfv shadowtunnel-linux-amd64.tar.gz && rm shadowtunnel-linux-amd64.tar.gz && mv shadowtunnel /usr/bin/

start a tunnel on vps listening on udp :50000 and forward to tcp 127.0.0.1:38080 :

shadowtunnel -u -e -f 127.0.0.1:38080 -l :50000 -p your-password

3.start a tunnel on local machine

start a tunnel on local machine listening on tcp :50000 and forward to udp 2.2.2.2:50000 :

shadowtunnel -U -E -f 2.2.2.2:50000 -l :50000 -p your-password

4.set http proxy configuration in chrome

setting local chrome's http proxy configuration as below:

ip: 127.0.0.1 port: 50000

5.Done

Deamon & Forever & Log

-daemon:

Using the parameter -daemon allows shadowtunnel to detached from the current command line and run in the background.

-forever:

Using parameter -forever allows shadowtunnel to run in the way of creating and monitoring child processes,

If an abnormal exit occurs, the child process will be restarted to ensure that the service is always online..

-log

Using parameter -log, you can set the log output to the file instead of the command line output.

-nolog

Using parameter -nolog can completely shut off log output and save CPU occupation.

Generally, the three parameters (-daemon -forever -log /tmp/st.log) are used together, so that we can find out the cause of the problem by looking at the log when we have a problem.

for example:

shadowtunnel -u -e -f 127.0.0.1:38080 -l :50000 -p your-password -daemon -forever -log /tmp/st.log

DNS SERVICE

Shadowtunnel can provide local DNS query service, and has caching function to improve resolution speed.

It is necessary to have a superior service to start a DNS service while launching the port forwarding locally.

The -dns parameter sets the IP and port which the local DNS service listen, for example:0.0.0.0:5353

The -dns-server Parameters can be set to DNS servers that are ultimately used to resolve domain names, requiring the server to support TCP-style DNS queries, default:8.8.8.8:53.

for example:

shadowtunnel -E -f 2.2.2.2:50000 -l :50000 -p your-password -dns :5353 -dns-server 8.8.8.8:53

superior example:

If the superior is chain-style, then the superior of the DNS proxy in the chain is required to add the -dns-proxy parameter.

shadowtunnel -e -f 127.0.0.1:38080 -l :50000 -p your-password -dns-proxy

DNS CACHE

The -ttl parameter can set the DNS query result cache time. unit is second. if it is 0, and use the TTL of the query result.

The -cache parameter sets DNS cache file location to prevent program restart and cache disappear, which will reduce performance.

LOAD BALANCE

Support superior load balancing, repeat -f parameters if exist multiple superiors.

shadowtunnel -E -f 2.2.2.2:50000 -f 3.3.3.3:50000 -l :50000

SET RETRY INTERVAL AND TIMEOUT TIME

shadowtunnel -E -f 2.2.2.2:50000 -f 3.3.3.3:50000 -l :50000 -lb-method leastconn -lb-retrytime 300 -lb-timeout 300

SETTING WEIGHT

shadowtunnel -E -f 2.2.2.2:50000@2 -f 3.3.3.3:50000@1 -l :50000 -lb-method weight -lb-retrytime 300 -lb-timeout 300

USE TARGET ADDRESS TO SELECT SUPERIOR

shadowtunnel -E -f 2.2.2.2:50000@2 -f 3.3.3.3:50000@1 -l :50000 -lb-method hash -lb-hashtarget -lb-retrytime 300 -lb-timeout 300

DNS HOSTS

The -dns- hosts parameter sets the hosts file to be used when DNS is parsed, with the same content format as the system's hosts file.

shadowtunnel -f 2.2.2.2:50000 -dns :5353 -dns-hosts /etc/hosts

More Repositories

1

goproxy

🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
Go
14,094
star
2

proxy_admin_free

Proxy是高性能全功能的http代理、https代理、socks5代理、内网穿透、内网穿透p2p、内网穿透代理、内网穿透反向代理、内网穿透服务器、Websocket代理、TCP代理、UDP代理、DNS代理、DNS加密代理,代理API认证,全能跨平台代理服务器。
Shell
1,490
star
3

go-wingui

本项目是golang在windows上用户图形界面gui解决方案,本项目可以不用对你的go写的网站程序做任何修改,就可以实现本地化,使用go+html+css+js写windows本地应用
Go
221
star
4

goproxy-android

snail007/goproxy全能代理服务器安卓版。高性能的http代理、https代理、socks5代理、ss代理、内网穿透、内网穿透p2p、内网穿透代理、内网穿透反向代理、内网穿透服务器、游戏盾、游戏高防、游戏代理,支持API代理认证。websocke代理、tcp代理、udp代理、socket代理、高防服务器。支持正向代理、反向代理、透明代理、TCP内网穿透、UDP内网穿透、HTTP内网穿透、HTTPS内网穿透、https代理负载均衡、http代理负载均衡、socks5代理负载均衡、socket代理负载均衡、ss代理负载均衡、TCP/UDP端口映射、SSH中转、TLS加密传输、协议转换、防污染DNS代理,限速,限连接数。
Java
196
star
5

anytunnel

内网穿透,内网穿透代理服务器,商用内网穿透代理系统,内网穿透平台,内网穿透多用户会员系统。
JavaScript
134
star
6

goproxy-heroku

goproxy heroku 一键部署套装,把heroku变为免费的http(s)\socks5代理,搜索学习资料。
Shell
127
star
7

goproxy-jui

Desktop version of https://github.com/snail007/goproxy , windows and linux are supported.
94
star
8

autostart

autostart tools to set your application auto startup after desktop login,only for desktop version of linux , windows , mac.
Go
93
star
9

xware

迅雷远程下载固件(稳定版)
76
star
10

goproxy-cn

高性能的http代理、https代理、socks5代理、ss代理、内网穿透、内网穿透p2p、内网穿透代理、内网穿透反向代理、内网穿透服务器、游戏盾、游戏高防、游戏代理,支持API代理认证。websocke代理、tcp代理、udp代理、socket代理、高仿服务器。支持正向代理、反向代理、透明代理、TCP内网穿透、UDP内网穿透、HTTP内网穿透、HTTPS内网穿透、https代理负载均衡、http代理负载均衡、socks5代理负载均衡、socket代理负载均衡、ss代理负载均衡、TCP/UDP端口映射、SSH中转、TLS加密传输、协议转换、防污染DNS代理,限速,限连接数。官方QQ交流群: 42805407。
65
star
11

goproxy-ss-plugin-android

goproxy安卓全局代理,ss goproxy安卓插件, goproxy : https://github.com/snail007/goproxy
Java
63
star
12

goproxy-sdk

all platform sdk of goproxy , https://github.com/snail007/goproxy
53
star
13

wmq

Wrapped message queue which based on rabbitmq,support http protocol
Go
27
star
14

ddos-defalte

DDOS defalte是一款免费的用来防御和减轻DDoS攻击。它通过netstat监测跟踪创建大量网络连接的IP地址,在检测到某个结点超过预设的限制时,该程序会通过APF或iptables禁止或阻挡这些IP.
26
star
15

proxy-admin-cluster

Cluster web console of snail007/goproxy. proxyadmin集群版, snail007/goproxy集群控制面板。
Shell
23
star
16

lanass

goproxy的安卓内网穿透客户端,自带开启ss服务,方便好用,为你的内网开启一扇窗。
Java
21
star
17

go-fwatcher

go版的文件监控程序
Go
20
star
18

gmc

GMC is a powerful and flexible golang web and api development framework. GMC goal is high performance and write less code to do more things.
Go
15
star
19

sshx

Multiple ssh server connect and exec commands tool, powerful batch upload and batch download , file name wildcard is supported
14
star
20

go-activerecord

it is a sql builder for golang.Chain style to build your sql. It is easy to read from database or write data to database.
Go
14
star
21

webtail

golang implement of "tail -f" unix like, which in web browser , show log file content in browser real time.
Go
10
star
22

vscode-gotools

vscode编辑go代码的时候需要go get一些工具,但是很多工具地址都被天朝拒之门外了,这里是编译好的vscode编辑go代码需要的工具,解压后把所有文件放在$GOPATH\bin里面就可以了.
10
star
23

gptool-csharp

snail007/goproxy Windows 桌面版配置工具,C#开发。
C#
9
star
24

microphp

MicroPHP蜗牛微型phpMVC框架,麻雀虽小五脏俱全,拓展灵活。
PHP
9
star
25

gocron

golang计划任务通用服务
Go
9
star
26

gmct

toolchain for gmc go web framework, https://github.com/snail007/gmc .
Go
7
star
27

phprunner

linux下独立程序执行php文件,一个二进制文件,不依赖系统其他文件,可以解释执行php文件.
Go
7
star
28

stuff

6
star
29

gblog

A blog engine based on gmc golang framework。
Go
5
star
30

soter

a tiny & flexiable PHP framework
PHP
5
star
31

proxy-admin-commercial

A powerful and flexible proxies commercial web console based on snail007/goproxy . 基于goproxy的商业版Web控制面板。
Shell
5
star
32

mini-logger

mini but flexible and powerful logger for go
Go
4
star
33

goproxy_helper

Service config tool of proxy-admin on Windows.
C#
3
star
34

proxy-admin-vip

proxy-admin vip edition
Shell
3
star
35

motanx

motan fast starting tool package
Go
2
star
36

gf

gf for proxyadmin
Go
2
star
37

pchecker

different kinds of proxy server checking tool
2
star
38

tgbot-heroku

Deploy tgbot to heroku in one key, you can use it as your telegram private notifier.
Shell
2
star
39

goproxy-gui-stuff

goproxy gui stuff, project of https://github.com/snail007/goproxy
2
star
40

web

各个平台快速搭建静态文件web服务器,临时传文件用.
2
star
41

agentX

aim to be a any function agent on linux
2
star
42

cef2win

本程序是编译好的,可以直接被调用的cef程序,可以实现网页程序的本地化.使用html css js编写本地程序.
1
star
43

php-image-compress

php命令行压缩图片脚本,会保留原始图片的exif信息和文件创建时间和修改时间。
PHP
1
star
44

gpclient

nat forwarding client module of https://github.com/snail007/goproxy
Go
1
star
45

fcron

fcron-3.2.0-fixed-time-can-less-than-10-seconds
1
star
46

arm

Shell
1
star
47

ffmpeg

Shell
1
star
48

jdk

方便Linux安装jdk
Shell
1
star
49

httpreq

http request for ios & android
Go
1
star
50

gblog-heroku

deploy gblog to heroku in one key
Shell
1
star