Gost

gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets.

The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulation to mask traffic patterns and bypass firewalls using WebSocket, QUIC, HTTP/2, KCP, and VSOCK. Traffic security is managed via cipher-based encryption and TLS transport wrapping, with support for self-signed certificate generation and server pinning.

Broad capabilities cover wide-ranging network infrastructure needs, including local and remote port forwarding, DNS query proxying, and SNI-based traffic routing. It implements various proxy server types for HTTP, SOCKS5, and Shadowsocks, while offering access control through IP filtering and user authentication. Operational features include dynamic configuration reloading and network statistics logging via Unix system signals.

Features

Traffic Tunneling - Creates encrypted tunnels to route network data between clients and servers to bypass restrictions.

Transparent Proxies - Intercepts and redirects network traffic at the IP level without requiring client-side configuration.

Protocol Encapsulation - Wraps proxy protocols within carriers like WebSocket, QUIC, and HTTP/2 to bypass network restrictions.

HTTP Proxies - Hosts and connects to proxy servers using SOCKS5 and HTTP protocols to manage outbound traffic.

UDP Tunneling - Encapsulates and transports UDP traffic through proxy connections to enable secure data transmission.

Network Routing and Traffic Management - Directs data packets and balances traffic loads across network paths and backend servers based on destination rules.

Encrypted Relaying - Forwards packets through intermediary nodes to establish connectivity between hosts that cannot communicate directly.

Request Routing - Implements request routing logic to direct traffic through an ordered sequence of proxy nodes.

Network Traffic Routing - Directs incoming connections through specific proxy chains, bypasses, or IP routes.

Network Transport Protocols - Provides robust transport layer implementations for HTTP2, QUIC, KCP, SOCKS5, and SSH.

Proxy Chaining - Routes traffic through a chain of proxies using protocols like HTTP, SOCKS5, and Shadowsocks.

Proxy Servers - Provides the ability to listen for incoming connections and forward traffic using configurable handlers.

SOCKS Proxies - Implements SOCKS4 and SOCKS5 proxy servers to route network traffic and mask origin addresses.

Traffic Obfuscation - Masks network traffic using WebSocket, HTTP/2, and QUIC to bypass firewalls and deep packet inspection.

Traffic Redirection Tools - Intercepts TCP and UDP traffic at the packet level to route it through a proxy without client configuration.

TCP and UDP Forwarders - Forwards both connection-oriented TCP and packet-based UDP network streams through a proxy server.

Transparent Proxying - Intercepts TCP and UDP traffic at the network layer to route it through a proxy without client configuration.

Virtual Network Interfaces - Sets up TUN virtual network interfaces to intercept and route IP packets through secure tunnels.

Encrypted Tunneling - Provides mechanisms for establishing secure, encrypted connections to route traffic between clients and servers.

Pluggable Transports - Encapsulates data within various transport wrappers to bypass firewalls and obfuscate traffic.

Proxy Authentication - Enforces and manages access control on network proxy connections using user credential validation.

Secure Tunneling - Establishes encrypted connections using TLS and SSH to route data securely across untrusted environments.

Traffic Encryption - Encrypts data using various ciphers to protect information flowing through proxy tunnels.

Multi-Protocol Proxy Managers - Hosts proxy servers using multiple standard protocols including HTTP, SOCKS, and Shadowsocks.

Proxy Chaining - Routes network traffic through multiple sequential proxy nodes to mask origin addresses and bypass restrictions.

Connection Establishment Protocols - Implements a configurable connector and transporter layer for initiating network connections through proxies.

Connection Handshake Protocols - Executes protocol-specific handshakes to establish secure tunnels across SOCKS5, SSH, and Shadowsocks standards.

Connection Multiplexing - Bundles multiple logical data streams into a single physical connection to reduce handshake overhead.

WebSocket Proxy Tunnels - Wraps proxy protocols within WebSocket connections to bypass restrictive network firewalls.

DNS Query Routers - Intercepts DNS requests and forwards them to specified upstream resolvers.

Proxy and Tunneling Clients - Deploys servers and clients to tunnel traffic using various protocols like HTTP and SOCKS.

HTTP/2 Stream Wrapping - Wraps network traffic in HTTP/2 streams to bypass restrictive firewalls.

HTTP/2 Tunnels - Establishes secure network tunnels using HTTP/2 with support for authentication and custom user agents.

Port Forwarding Tools - Provides utilities for mapping local TCP and UDP ports to remote destination addresses.

Proxy Node Selection Strategies - Implements round-robin and random strategies to select available nodes from a provider pool.

Proxy Server Management - Manages incoming HTTP proxy requests by forwarding traffic based on configured whitelists and blacklists.

Stream Multiplexers - Routes multiple concurrent data streams through a single persistent WebSocket connection.

Traffic Filtering Rules - Defines and applies rules to permit or deny network connections based on hostnames and ports.

Traffic Interception - Creates TUN and TAP devices to intercept operating system IP packets for secure tunneling.

Traffic Proxying - Routes network connections by inspecting the Server Name Indication during the TLS handshake.

Traffic Routing - Routes traffic around tunnels based on IP address or domain matching patterns.

Traffic Routing Strategies - Implements routing strategies that direct traffic to specific destinations based on SNI inspection.

Tunneling Configuration Tools - Allows defining tunnel endpoints via URIs that specify protocols, transport layers, and authentication.

KCP-QUIC Proxies - Wraps proxy protocols within KCP transports to optimize performance over unstable networks.

Access Authentication - Validates user credentials against local key-value pairs to permit or deny secure tunnel connection requests.

Self-Signed Generators - Generates random self-signed TLS certificates and private keys for secure node identity.

Handshake Protocols - Executes protocol-specific handshakes with proxy servers to establish secure communication channels.

Network Encryption - Encrypts communication between distributed proxy nodes using TLS certificates and server pinning.

Network Access Controls - Implements security policies to restrict or permit network connectivity based on hostnames and port ranges.

SSH Tunneling - Forwards network traffic through SSH connections to secure communication or bypass firewalls.

TLS Transfer Security - Secures proxy communication using TLS certificates with server validation and pinning.

Traffic Obfuscation - Utilizes the obfs4 protocol to mask proxy traffic and bypass deep packet inspection.

Connection String Parsing - Implements parsing of connection strings to define ordered sequences of proxy nodes for traffic routing.

IP Access Restrictions - Filters network connections using IP-based whitelists and blacklists to control access.

Proxy Protocols - Versatile tunneling tool supporting multiple proxy protocols and transport layers.

ginuerzhgost

Features

Star history