{"id":43899546,"url":"https://github.com/movsb/gun","last_synced_at":"2026-04-02T00:31:36.027Z","repository":{"id":336414448,"uuid":"1141910647","full_name":"movsb/gun","owner":"movsb","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-05T06:57:23.000Z","size":183,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-05T10:36:19.228Z","etag":null,"topics":["openwrt","proxy","tproxy"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/movsb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-25T16:37:46.000Z","updated_at":"2026-03-05T06:57:26.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/movsb/gun","commit_stats":null,"previous_names":["movsb/gun"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/movsb/gun","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/movsb%2Fgun","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/movsb%2Fgun/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/movsb%2Fgun/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/movsb%2Fgun/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/movsb","download_url":"https://codeload.github.com/movsb/gun/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/movsb%2Fgun/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30226758,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T19:01:10.287Z","status":"ssl_error","status_checked_at":"2026-03-07T18:59:58.103Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openwrt","proxy","tproxy"],"created_at":"2026-02-06T18:29:35.103Z","updated_at":"2026-04-02T00:31:36.018Z","avatar_url":"https://github.com/movsb.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gun\n\n我自己实现并一直使用的一个小工具，用于在路由器(OpenWRT)或内网小主机上透明代理流量（仅限Linux系统）。\n\n简单、稳定为主，功能为辅。\n\n## 使用方式\n\n```bash\n$ gun\nUsage:\n  gun [command]\n\nAvailable Commands:\n  setup       推测系统版本并安装必要的系统工具和规则文件。\n  start       一键启动服务(域名服务、接管进程、代理进程)。\n  stop        手动还原系统状态(不包括：内核参数、用户组)。\n  update      安全地更新全部的规则配置文件。\n\nFlags:\n  -c, --config-dir string   配置文件目录。 (default \"/etc/gun\")\n  -h, --help                help for gun\n\nUse \"gun [command] --help\" for more information about a command.\n```\n\n### 安装必要的系统工具\n\n为了简化，这些步骤已经按系统做好标准化了。\n\n```bash\n# 这个命令会检测系统类型和版本，安装必要的系统组件和工具。\n$ gun setup\n```\n\n但是个人时间和能力有限，无法完整进行覆盖测试。\n\n### 初始化资源文件\n\n程序正常运行需要一些规则文件，比如国内的域名列表、路由段等。\n执行下面的命令可以自动从公开资源获取并保存到本地。\n\n```bash\n$ gun update\n```\n\n鸡生蛋、蛋生鸡问题：`update`命令会从GitHub网站上面下载资源，如果GitHub无法访问……\n\n### 编写配置文件\n\n配置文件非常简单，绝大部分配置默认，只需要配置一下出口参数即可。\n\n```yaml\n$ cat /etc/gun/gun.yaml\noutputs:\n  current: blog\n  stocks:\n    blog:\n      http2socks:\n        server: https://...\n        token: ...\n```\n\n### 启动主程序命令\n\n用 `start` 启动命令时，会自动配置好所需的一切配置：\n\n1. 内核参数\n2. 防火墙表、链和规则\n3. 黑白路由名单 ipset\n4. 系统路由接管\n5. DNS请求接管\n6. TCP/UDP接管\n\n### 停止\n\n直接结束主进程即可，会尽量把系统恢复到原始状态。\n\n也可以随意执行 `gun stop` 命令，会结束掉所有相关进程。\n\n### OpenWRT\n\n如果是想在OpenWRT上开机自动运行，可以把下面的语句添加到 System ➡️ Startup ➡️ Local Startup 中：\n\n```bash\ngun start \u003c /dev/null \u003e /dev/null 2\u003e\u00261 \u0026\n```\n\n日志已自动转发到 system log 中，可以用 `logread` 命令查看。\n\n## 支持的出口协议\n\n* direct\n* http2socks\n* Trojan\n* SSH\n* SOCKS5\n* NaiveProxy\n* Hysteria 2\n\n`direct`是直连协议，将`current`设置为`direct`时使用；\n`http2socks`、`trojan`、`ssh`、`socks5`直接内部实现，不依赖外部程序；\n`naive`和`hysteria`需要依赖外部二进制文件（需要自行下载，但不需要配置文件）。\n\n## 支持的入口协议\n\n* tproxy\n\n是的，仅这一个。\n所有的流量均是由 tproxy 转发到其它出口上的（如果出口协议本身支持tproxy，则不需要转发）。\n\n## DNS 域名服务器（转发器）\n\n域名服务器是我手动实现的一个内存内服务器，用于分流，所有数据缓存在内存中。\n\n支持的功能：\n\n* 域名分流解析（DoT）：常规域名直接解析，不可访问域名走代理后的TCP解析；\n* 未知域名（不在任何列表内的域名）走检测逻辑：若国内可解析且结果属国内路由段，走国内分流；\n* 解析结果自动添加到ipset，以通过iptables match set实现分流；\n* 支持域名屏蔽功能（不允许访问指定列表内的域名）；\n* 内存内缓存（最小TTL为5分钟）；\n\n其运行的时候依赖几个主要配置文件全部位于 `/etc/gun` 下，看文件名或者其内的注释可以了解其用途。\n\n如果主机本身有DNS服务器（比如OpenWRT），则会直接以此DNS为默认的国内域名解析器，加快解析速度。\n\n## 配置\n\n配置文件路径：`/etc/gun/gun.yaml`，格式为YAML。\n\n```yaml\ndns:\n  # DNS转发器的上游服务器。\n  # 格式：a.b.c.d 或 a.b.c.d:53\n  upstreams:\n    # 中国域名解析上游。\n    # 可以为空。如果为空：如果有进程监听53号端口，则使用此上游。\n    # 否则使用 223.5.5.5。\n    china: 223.5.5.5\n    # 国外域名解析上游。\n    # 可以为空。如果为空，使用 8.8.8.8。\n    banned: 8.8.8.8\n\n# 流量出口配置。\noutputs:\n  # 所有的库存出口列表。\n  # 格式为：自定义名字 -\u003e 协议配置。\n  # 见后面的“配置”一节。\n  stocks:\n    name1:\n      http2socks:\n        key1: value1\n    name2:\n      hysteria:\n        server: addr:port\n  # 当前使用的名字，来源于库存列表。\n  # 特殊值：direct，使用直连。\n  current: string\n```\n\n### http2socks\n\n```yaml\n# 服务器地址。\n# 形如：https://example.com/path/。\nserver: string\n# 客户端与服务端之间的预共享密钥。\ntoken: string\n```\n\n### SOCKS5\n\n```yaml\n# 服务器地址。\n# 形如：example.com:1080\nserver: string\n```\n\n暂未支持设置密码。\n\n### SSH\n\n```yaml\n# 服务器地址。\n# 形如：example.com:22。\nserver: string\n# 用户名。\nusername: string\n# 密码。\npassword: string\n```\n\n暂时只支持用户名密码认证，后续有需求再添加公钥认证。\n\n### Trojan\n\n只支持标准原生的Trojan协议。\n\n```yaml\n# 服务器地址。\n# 形如：example.com:443\nserver: string\n# 密码。\npassword: string\n# 是否允许不安全。\ninsecure_skip_verify: bool\n# 指定的服务器SNI名。\nsni: string\n```\n\n### Naive Proxy\n\n```yaml\n# 原 --proxy 参数的值，不包含认证信息。\nserver: string\n# 用户名。\nusername: string\n# 密码。\npassword: string\n# 二进制文件路径。\n# 默认为：配置目录/naive。\nbin: string\n```\n\n### Hysteria 2\n\n为安全起见，目前仅允许持有有效证书的服务器配置。\n\n```yaml\n# 服务器地址和端口。\n# 形如：example.com:443\nserver: string\n# 密码。形如：password 或 username:password。\npassword: string\n# 二进制文件路径。\n# 默认为：配置目录/hysteria。\nbin: string\n```\n\n## License\n\nMIT.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmovsb%2Fgun","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmovsb%2Fgun","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmovsb%2Fgun/lists"}