{"id":13509979,"url":"https://github.com/snail007/shadowtunnel","last_synced_at":"2025-08-18T19:06:10.271Z","repository":{"id":57487856,"uuid":"137840327","full_name":"snail007/shadowtunnel","owner":"snail007","description":"secure tunnel which help you protecting your tcp traffic between your machine and your service on remote.","archived":false,"fork":false,"pushed_at":"2019-03-27T04:54:42.000Z","size":66,"stargazers_count":162,"open_issues_count":7,"forks_count":39,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-05T16:37:04.731Z","etag":null,"topics":["gfw","gfwlist","http-proxy","https-proxy","shadowsocks","shadowsocksr-libev","socks5-proxy","ssr","tcp-proxy","tunnel-client","tunnel-server"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/snail007.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-06-19T04:34:46.000Z","updated_at":"2025-02-11T15:50:38.000Z","dependencies_parsed_at":"2022-08-29T11:21:59.492Z","dependency_job_id":null,"html_url":"https://github.com/snail007/shadowtunnel","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/snail007/shadowtunnel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snail007%2Fshadowtunnel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snail007%2Fshadowtunnel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snail007%2Fshadowtunnel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snail007%2Fshadowtunnel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/snail007","download_url":"https://codeload.github.com/snail007/shadowtunnel/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snail007%2Fshadowtunnel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271043560,"owners_count":24689780,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-18T02:00:08.743Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gfw","gfwlist","http-proxy","https-proxy","shadowsocks","shadowsocksr-libev","socks5-proxy","ssr","tcp-proxy","tunnel-client","tunnel-server"],"created_at":"2024-08-01T02:01:19.670Z","updated_at":"2025-08-18T19:06:10.232Z","avatar_url":"https://github.com/snail007.png","language":"Go","funding_links":[],"categories":["Go","\u003ca id=\"d03d494700077f6a65092985c06bf8e8\"\u003e\u003c/a\u003e工具","others","shadowsocks"],"sub_categories":["\u003ca id=\"57b8e953d394bbed52df2a6976d98dfa\"\u003e\u003c/a\u003eSocks"],"readme":"# shadowtunnel\n\n## Introduce\n\nshadowtunnel is a secure encryption tunnel between your local machine and remote service to protect your TCP flow,\n\nwhich can efficiently compress transmission, and the flow has no characteristics.\n\nlocal machine \u003c----\u003e shadowtunnel \u003c----\u003e service on remote.\n\n## Usage\n\n```text\nUsage of ./shadowtunnel:\n -E outbound connection is encrypted\n -U outbound connection is udp\n -c compress traffic\n -cache string\n dns query cache file path (default \"cache.dat\")\n -daemon\n daemon mode\n -debug\n show debug info\n -dns string\n local dns server listen on address\n -dns-hosts string\n path of dns hosts file\n -dns-proxy\n is dns endpoint or not\n -dns-server string\n remote dns server to resolve domain (default \"8.8.8.8:53\")\n -e inbound connection is encrypted\n -f weight\n forward address,such as : 127.0.0.1:8080 or with @weight: 127.0.0.1:8080@1\n -forever\n forever mode\n -l string\n local listen address, such as : 0.0.0.0:33000 (default \":50000\")\n -lb-activeafter int\n host going actived after this success count (default 1)\n -lb-hashtarget hash\n use target address to choose parent for LB, only worked for LB's hash\n method and using `-redir` (default true)\n -lb-inactiveafter int\n host going inactived after this fail count (default 2)\n -lb-method string\n load balance method when use multiple parent,can be\n \u003croundrobin|leastconn|leasttime|hash|weight\u003e (default \"leasttime\")\n -lb-onlyha high availability mode\n use only high availability mode to choose parent for LB\n -lb-retrytime int\n sleep time milliseconds after checking (default 2000)\n -lb-timeout int\n tcp milliseconds timeout of connecting to parent (default 3000)\n -log string\n logging output to file\n -m string\n method of encrypt/decrypt, these below are supported :\n aes-128-cfb,aes-192-cfb,des-cfb,cast5-cfb,rc4-md5,chacha20,aes-256-cfb,\n aes-128-ctr,aes-192-ctr,aes-256-ctr,bf-cfb,rc4-md5-6,chacha20-ietf\n (default \"aes-192-cfb\")\n -nolog\n turn off logging\n -p string\n password of encrypt/decrypt (default \"shadowtunnel\")\n -profiling\n profiling mode, in this mode, you should stopping process\n by : Ctrl+C or 'kill -s SIGHUP $PID_OF_shadowtunnel'\n -redir\n read target from socket's redirect opts of iptables\n -t int\n connection timeout seconds (default 3)\n -ttl int\n cache seconds of dns query , if zero , default ttl used. (default 300)\n -u inbound connection is udp\n -v show version\n```\n\n## for example\n\n1.http proxy\n\nif we have a vps, IP is 2.2.2.2\n\nfirstly, we start a http proxy on 2.2.2.2. \ndownload http proxy program, execute below on line command on vps with root:\n\nwget https://github.com/snail007/goproxy/releases/download/v4.9/proxy-linux-amd64.tar.gz \u0026\u0026 tar zxfv proxy-linux-amd64.tar.gz \u0026\u0026 rm proxy-linux-amd64.tar.gz \u0026\u0026 mv proxy /usr/bin/ \u0026\u0026 proxy http -p 127.0.0.1:38080 \u0026\n\n2.Start a tunnel on VPS\n\ndownload shadowtunnel program, execute below on line command on vps with root:\n\nwget https://github.com/snail007/shadowtunnel/releases/download/v1.1/shadowtunnel-linux-amd64.tar.gz \u0026\u0026 tar zxfv shadowtunnel-linux-amd64.tar.gz \u0026\u0026 rm shadowtunnel-linux-amd64.tar.gz \u0026\u0026 mv shadowtunnel /usr/bin/\n\nstart a tunnel on vps listening on :50000 and forward to 127.0.0.1:38080 :\n\n`shadowtunnel -e -f 127.0.0.1:38080 -l :50000`\n\n3.start a tunnel on local machine\n\nstart a tunnel on local machine listening on :50000 and forward to 2.2.2.2:50000 :\n\n`shadowtunnel -E -f 2.2.2.2:50000 -l :50000`\n\n4.set http proxy configuration in chrome\n\nsetting local chrome's http proxy configuration as below:\n\nip: 127.0.0.1\nport: 50000\n\n5.done\n\n## TCP over UDP\n\n1.http proxy\n\nif we have a vps, IP is 2.2.2.2. \n\nfirstly, we start a http proxy on 2.2.2.2. \ndownload http proxy program, execute below on line command on vps with root:\n\n`wget https://github.com/snail007/goproxy/releases/download/v4.9/proxy-linux-amd64.tar.gz \u0026\u0026 tar zxfv proxy-linux-amd64.tar.gz \u0026\u0026 rm proxy-linux-amd64.tar.gz \u0026\u0026 mv proxy /usr/bin/ \u0026\u0026 proxy http -p 127.0.0.1:38080 \u0026`\n\n2.start a tunnel on vps\n\ndownload shadowtunnel program, execute below on line command on vps with root:\n\n`wget https://github.com/snail007/shadowtunnel/releases/download/v1.1/shadowtunnel-linux-amd64.tar.gz \u0026\u0026 tar zxfv shadowtunnel-linux-amd64.tar.gz \u0026\u0026 rm shadowtunnel-linux-amd64.tar.gz \u0026\u0026 mv shadowtunnel /usr/bin/`\n\nstart a tunnel on vps listening on udp :50000 and forward to tcp 127.0.0.1:38080 :\n\n`shadowtunnel -u -e -f 127.0.0.1:38080 -l :50000 -p your-password`\n\n3.start a tunnel on local machine\n\nstart a tunnel on local machine listening on tcp :50000 and forward to udp 2.2.2.2:50000 :\n\n`shadowtunnel -U -E -f 2.2.2.2:50000 -l :50000 -p your-password`\n\n4.set http proxy configuration in chrome\n\nsetting local chrome's http proxy configuration as below:\n\nip: 127.0.0.1\nport: 50000\n\n5.Done\n\n## Deamon \u0026 Forever \u0026 Log\n\n-daemon:\n\nUsing the parameter -daemon allows shadowtunnel to detached from the current command line and run in the background.\n\n-forever:\n\nUsing parameter -forever allows shadowtunnel to run in the way of creating and monitoring child processes,\n\nIf an abnormal exit occurs, the child process will be restarted to ensure that the service is always online..\n\n-log\n\nUsing parameter -log, you can set the log output to the file instead of the command line output.\n\n-nolog\n\nUsing parameter -nolog can completely shut off log output and save CPU occupation.\n\nGenerally, the three parameters (-daemon -forever -log /tmp/st.log) are used together, so that we can find out the cause of the problem by looking at the log when we have a problem.\n\nfor example:\n\n`shadowtunnel -u -e -f 127.0.0.1:38080 -l :50000 -p your-password -daemon -forever -log /tmp/st.log`\n\n## DNS SERVICE\n\nShadowtunnel can provide local DNS query service, and has caching function to improve resolution speed.\n\nIt is necessary to have a superior service to start a DNS service while launching the port forwarding locally.\n\nThe -dns parameter sets the IP and port which the local DNS service listen, for example:0.0.0.0:5353\n\nThe -dns-server Parameters can be set to DNS servers that are ultimately used to resolve domain names, requiring the server to support TCP-style DNS queries, default:8.8.8.8:53.\n\nfor example:\n\n`shadowtunnel -E -f 2.2.2.2:50000 -l :50000 -p your-password -dns :5353 -dns-server 8.8.8.8:53`\n\nsuperior example:\n\nIf the superior is chain-style, then the superior of the DNS proxy in the chain is required to add the -dns-proxy parameter.\n\n`shadowtunnel -e -f 127.0.0.1:38080 -l :50000 -p your-password -dns-proxy`\n\n## DNS CACHE\n\nThe -ttl parameter can set the DNS query result cache time. unit is second. if it is 0, and use the TTL of the query result.\n\nThe -cache parameter sets DNS cache file location to prevent program restart and cache disappear, which will reduce performance. \n\n## LOAD BALANCE\n\nSupport superior load balancing, repeat -f parameters if exist multiple superiors.\n\n`shadowtunnel -E -f 2.2.2.2:50000 -f 3.3.3.3:50000 -l :50000`\n\n### SET RETRY INTERVAL AND TIMEOUT TIME\n\n`shadowtunnel -E -f 2.2.2.2:50000 -f 3.3.3.3:50000 -l :50000 -lb-method leastconn -lb-retrytime 300 -lb-timeout 300`\n\n### SETTING WEIGHT \n\n`shadowtunnel -E -f 2.2.2.2:50000@2 -f 3.3.3.3:50000@1 -l :50000 -lb-method weight -lb-retrytime 300 -lb-timeout 300`\n\n### USE TARGET ADDRESS TO SELECT SUPERIOR\n\n`shadowtunnel -E -f 2.2.2.2:50000@2 -f 3.3.3.3:50000@1 -l :50000 -lb-method hash -lb-hashtarget -lb-retrytime 300 -lb-timeout 300`\n\n## DNS HOSTS\n\nThe -dns- hosts parameter sets the hosts file to be used when DNS is parsed, with the same content format as the system's hosts file.\n\n`shadowtunnel -f 2.2.2.2:50000 -dns :5353 -dns-hosts /etc/hosts`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnail007%2Fshadowtunnel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsnail007%2Fshadowtunnel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnail007%2Fshadowtunnel/lists"}