{"id":13337935,"url":"https://github.com/woodlyer/gostExample","last_synced_at":"2025-03-11T08:32:01.276Z","repository":{"id":166423600,"uuid":"603038421","full_name":"woodlyer/gostExample","owner":"woodlyer","description":"Some examples for building proxy and tunnel  with gost.","archived":false,"fork":false,"pushed_at":"2024-10-14T04:41:33.000Z","size":224,"stargazers_count":76,"open_issues_count":11,"forks_count":12,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-10-23T20:11:16.603Z","etag":null,"topics":["gost","http-proxy","kcp","proxy","shadowsocks","socks5","tcp","tls","tunnel"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/woodlyer.png","metadata":{"files":{"readme":"ReadMe.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-17T13:46:43.000Z","updated_at":"2024-10-19T22:31:46.000Z","dependencies_parsed_at":"2024-10-23T19:27:54.073Z","dependency_job_id":"3c3f1c4f-fed8-44c9-8ef5-43fafb13cbd8","html_url":"https://github.com/woodlyer/gostExample","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woodlyer%2FgostExample","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woodlyer%2FgostExample/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woodlyer%2FgostExample/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woodlyer%2FgostExample/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/woodlyer","download_url":"https://codeload.github.com/woodlyer/gostExample/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243000812,"owners_count":20219747,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gost","http-proxy","kcp","proxy","shadowsocks","socks5","tcp","tls","tunnel"],"created_at":"2024-07-29T19:15:16.268Z","updated_at":"2025-03-11T08:32:01.264Z","avatar_url":"https://github.com/woodlyer.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"\r\n# gost Example\r\nHelp you to use gost.  \r\ngost is a very good tunnel tool.  \r\nBut it's document is not very clear.  \r\nAnd gost itself is very very complicated, because it's powerful.  \r\n\r\nHere, I want to show some examples to help ordinary users to use gost.  \r\nIt doesn't mean gost can only do this. Just because gost is too powerful for everyone to handle. A little sample is enough for we to surf internet.    \r\n\r\n\r\n## Introduce\r\nversion 2 is here https://github.com/ginuerzh/gost  \r\nversion 3 is here https://github.com/go-gost/gost  \r\n**version 3 is now under developing. Not for publishing. But gost v3 has some new features**  \r\n\r\nOffical DOC site for version 2: https://v2.gost.run/  \r\nOffical DOC site for version 3: https://gost.run/\r\n\r\n\r\n## Download and run\r\nOpen release page to down the binaries for your platform.  \r\nversion 2: https://github.com/ginuerzh/gost/releases  \r\nversion 3: https://github.com/go-gost/gost/releases \r\n\r\n**In version 3 release page,there is gost_amd64v3.tar.gz, It means the cpu support amd64v3, If you don't know what's amd64v3, use amd64.tar.gz.**  \r\n\r\nOn windows, if you don't want to see the black terminal, you can use [gostGUI](https://github.com/woodlyer/gostGUI) to run gost.exe in the background.  \r\nOn Android, May be you can use [ShadowsocksGostPlugin](https://github.com/segfault-bilibili/ShadowsocksGostPlugin) .  \r\nOn IOS, May be you can use [shadowrocket](https://www.applevis.com/apps/ios/utilities/shadowrocket) .  \r\n\r\n\r\n## gost basic\r\n### gost default works as a socks5+http proxy server.  \r\nIt can support socks5 and http proxy protocol at the same time.  \r\n```\r\n# gost listen socks5 on :1080\r\ngost -L :1080\r\ngost -L admin:123456@:1080\r\ngost -L :1080?auth=YWRtaW46MTIzNDU2\r\n\r\n# you can use curl to test the proxy.\r\ncurl -x socks5://localhost:1080  https://google.com\r\ncurl -x socks5h://localhost:1080 https://google.com  #use socks5h to set remote server do dns resolve.\r\ncurl -x http://localhost:1080    https://google.com\r\n\r\n# auth is base64(user:pass). generation method: \r\necho -n 'user:pass' | base64\r\necho YWRtaW46MTIzNDU2 | base64 -d\r\n```\r\n### gost use -F to forward the socks5 request to the server\r\n```\r\ngost -L :1080   # socks5 listen on server.com\r\ngost -L :1080   -F server.com:1080\r\n```\r\n\r\n### gost can also works as a tunnel(port mapping).  \r\nA tunnel is basicly a port mapping\r\n```\r\n# port mapping :22 to local 192.168.0.100:22\r\ngost -L tcp://:22/192.168.0.100:22\r\n```\r\n\r\nAdd -F to forward port mapping to remote host.\r\n```\r\n# run gost on server\r\ngost -L relay://:9000\r\n# run gost on client\r\n# here the 192.168.0.100 is server side host ip address\r\ngost -L tcp://:22/192.168.0.100:22  -F  relay://server.com:9000\r\n```\r\n\r\n### Application protocol and Transport protocol  \r\nProtocals supported list by gost:  \r\nThese application protocals work up on the transport protocols.  \r\nApplication protocol is used to do proxy.  \r\nTransport protocol is used to do transport.  \r\n\r\nyou can join them with \"+\", like this:\r\n```\r\nrelay+kcp\r\nrelay+tls\r\nrelay+mtls\r\n\r\nhttp+kcp\r\nhttp+tls\r\n```\r\n\r\n\r\n1. Application Protocols  \r\n- http - HTTP\r\n- http2 - HTTP2\r\n- socks4 - SOCKS4 (2.4+)\r\n- socks4a - SOCKS4A (2.4+)\r\n- socks5 - SOCKS5\r\n- ss - Shadowsocks\r\n- ss2 - Shadowsocks with AEAD support (2.8+)\r\n- sni - SNI (2.5+)\r\n- forward - Forward (usually used to break down protocal, such as kcp+ss  to  kcp and ss). always work with tcp like this: \"-L=tcp://  -F forward+kcp\"\r\n- relay - TCP/UDP relay (2.11+). relay is always used to do tcp relay or udp relay.  \r\n\r\n2. Transports Protocols  \r\nTunnel based on these transport protocals.  \r\nYou may change the transport protocal in examples to a kind protocal listed here.  \r\n- tcp - raw TCP\r\n- tls - TLS\r\n- mtls - Multiplex TLS, add multiplex on TLS (2.5+)\r\n- ws - Websocket\r\n- mws - Multiplex Websocket (2.5+)\r\n- wss - Websocket Secure Websocket based on wss\r\n- mwss - Multiplex Websocket Secure, multiplex on TLS secured Websocket (2.5+)\r\n- kcp - KCP (2.3+)\r\n- quic - QUIC (2.4+)\r\n- ssh - SSH (2.4+)\r\n- h2 - HTTP2 (2.4+)\r\n- h2c - HTTP2 Cleartext (2.4+)\r\n- obfs4 - OBFS4 (2.4+)\r\n- ohttp - HTTP Obfuscation (2.7+)\r\n- otls - TLS Obfuscation (2.11+)\r\n\r\n3. How to choose a good transport protocol?  \r\nkcp and quic are based on udp. If udp is OK you cannot use them.  \r\nkcp support tcp mode.  use like this:  ./gost -L=kcp://:9000?tcp=true  \r\ntls / mtls is widely used when use tcp.   \r\nws / wss / http is a little lower efficiency than tls.\r\n\r\n\r\n\r\n\r\n\r\n\r\n## What's Tunnel?\r\n\r\ngost is named from \"GO Simple Tunnel\", and it was always used as a tunnel.  \r\nAlthough gost can works as a proxy.  \r\n\r\nWhen gost works as tunnel, the network is like this.  \r\nGost client and gost server set up a tunnel to serve for proxy server run on.\r\n![net](./tunnel.png)\r\n\r\n\r\n## gost Tunnel Example\r\n\r\nThe first line is for gost server, running on VPS.  \r\nThe second line is for gost client, running on your PC.\r\n\r\nSuppose you are running SS(shadowsocks) or v2ray on 8388, on the client side, the gost tunnel works on 127.0.0.1:8083 links to SS or V2ray on your server.  \r\nYou should modified the server_ip to your own domain name or ip address.   \r\nGost supports many protocol. Such as quic, kcp, wss, tls etc. You may change the protocal to the one you need.  \r\n **!!!caution!!!**  \r\nIn the example, I write \"tcp://127.0.0.1:8083\",  gost only serve for this PC.   \r\nIf you want to serve for other PC,  you should write \"tcp://:8083\" .  \r\n\r\n\r\n- kcp tunnel  \r\nI recommend you use kcp. kcp protocal is based on udp.  \r\nkcp can speed up your connection and keep your connection secure.\r\n\r\n```\r\n# server,  ss or v2ray listen on 8083 \r\n./gost -L kcp://:9000/:8083 \r\n./gost -L tcp://127.0.0.1:8083  -F forward+kcp://server_ip:9000\r\n```\r\nIf you want to change some parameter of kcp. you can write a file named \"kcp.json\" and append it into cmd.  \r\nlike this:  \r\n```\r\n./gost -L kcp://:9000/:8083?c=./kcp.json \r\n./gost -L tcp://127.0.0.1:8083  -F forward+kcp://server_ip:9000?c=./kcp.json\r\n```\r\n \r\nMore info about kcp parameter. see: https://github.com/xtaci/kcptun  \r\nkcp.json default value:\r\n``` json\r\n{\r\n    \"key\": \"it's a secrect\",\r\n    \"crypt\": \"aes\",\r\n    \"mode\": \"fast\",\r\n    \"mtu\" : 1350,\r\n    \"sndwnd\": 1024,\r\n    \"rcvwnd\": 1024,\r\n    \"datashard\": 10,\r\n    \"parityshard\": 3,\r\n    \"dscp\": 0,\r\n    \"nocomp\": false,\r\n    \"acknodelay\": false,\r\n    \"nodelay\": 0,\r\n    \"interval\": 40,\r\n    \"resend\": 0,\r\n    \"nc\": 0,\r\n    \"sockbuf\": 4194304,\r\n    \"keepalive\": 10,\r\n    \"snmplog\": \"\",\r\n    \"snmpperiod\": 60,\r\n    \"tcp\": false\r\n}\r\n```\r\nYou should change the \"key\" or \"crypt\" to be more secure.  \r\n\"crypt\" can be: aes, aes-128, aes-192, salsa20, blowfish, twofish, cast5, 3des, tea, xtea, xor, sm4, none  \r\nchange \"rcvwnd\"  and \"sndwnd\" to 2048 to make kcp faster.  \r\nOther parameters doesn't need changed, if you don't know what it means.  \r\n\r\n\r\n- tls tunnel\r\n```\r\n./gost -L tls://:443/:8083\r\n./gost -L=tcp://127.0.0.1:8083 -F relay+tls://server_ip:443\r\n```\r\n\r\n- quic tunnel\r\n```\r\n./gost -L quic://:1443/:8083\r\n./gost -L tcp://127.0.0.1:8083  -F \"relay+quic://server_ip:1443\"\r\n```\r\n\r\n- dtls tunnel.  \r\ndtls is only available in v3. \r\n```\r\n./gost -L dtls://:1443/:8083\r\n./gost -L tcp://127.0.0.1:8083  -F \"relay+dtls://server_ip:1443\"\r\n```\r\n\r\n- icmp tunnel.   \r\nicmp tunnel is only available in v3.\r\n```\r\necho 1 \u003e /proc/sys/net/ipv4/icmp_echo_ignore_all\r\n./gost -L icmp://:0\r\n./gost -L :8080 -F \"relay+icmp://server_ip:12345?keepAlive=true\u0026ttl=10s\"\r\n```\r\n\r\n\r\n## gost Proxy Examples\r\nWhen gost act as a socks5 proxy.  \r\nyou can connect socks5://127.0.0.1:1080 to connect the internet.\r\nUse kcp or other different protocal to pass the wall.  \r\n\u003cimg src=\"./proxy.png\" width=\"600\"  alt=\"proxy\"/\u003e\u003cbr/\u003e\r\n\r\n\r\n- tls proxy\r\n```\r\n./gost -L tls://:443\r\n./gost -L :1080 -F tls://server_ip:443\r\n```\r\n\r\n- mtls proxy\r\n```\r\n./gost -L mtls://:443\r\n./gost -L :1080 -F mtls://server_ip:443\r\n```\r\n\r\n- kcp proxy\r\n```\r\n./gost -L=kcp://:9000\r\n./gost -L=:1080 -F=kcp://server_ip:9000\r\n```\r\n\r\n- kcp proxy with fake tcp\r\n```\r\n./gost -L=kcp://:9000?kcp.tcp=true\r\n./gost -L=:1080 -F=kcp://server_ip:9000?kcp.tcp=true\r\n```\r\n\r\n\r\n\r\n\r\n\r\n## Port forward\r\nIf You want to connect  remote_ip and port. But you cann't for some reason.  \r\nSo, You let the server do the port forward.   client directly connect to gost client to connect target.\r\nclient -\u003e  [gost client:port]  -\u003e [gost server]  -\u003e  [target ip+port]\r\n\r\n\r\nThe cmd is like this,  kcp can be replaced with tls,quic,socks,etc...\r\nclient connect 127.0.0.1:9000 as connect to [remote_ip:port]\r\nThis cmd only need change the para(remote_ip:port) on client.  \r\nIt's very good for user.  \r\n\r\n```\r\n# client easily change the remote_ip and port\r\n./gost -L relay://:9000  \r\n./gost -L=tcp://127.0.0.1:8388/remote_ip:port   -F relay://server_ip:9000   \r\n```\r\n\r\nusing relay+tls to do the relay\r\n```bash\r\n./gost -L relay+tls://:9000 \r\n./gost -L=tcp://127.0.0.1:8388/remote_ip:port  -F relay+tls://server_ip:9000\r\n```\r\n\r\n\r\nAnother methods to do remote port forward.\r\n``` bash\r\n# server do the port forward\r\n./gost -L kcp://:9000/remote_ip:port  \r\n./gost -L tcp://127.0.0.1:8388 -F forward+kcp://server_ip:9000\r\n\r\n\r\n# set dest ip:port at client\r\n./gost -L kcp://:9000   \r\n./gost -L tcp://127.0.0.1:9000/remote_ip:port -F kcp://server_ip:9000\r\n```\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n## TCP Port Mapping for relay on one PC\r\nUse gost listen on 22 to connect 192.168.1.100:22.\r\nOther clients which cannot connect to 192.168.1.100 can connect gost to dest.\r\nclient  -\u003e  gost[:22]  -\u003e  192.168.1.100:22\r\n```\r\ngost -L tcp://:22/192.168.1.100:22\r\n# ssh\r\nssh root@127.0.0.1 -p 22   \r\n```\r\n\r\n\r\n\r\n\r\n\r\n## gost \"rtcp\" reverse port forward  \r\n\"rtcp\" means the dest is entry, it can reach your address.  \r\nThe direction of rtcp is reverse to tcp port mapping.  \r\n\r\nForward the port :2222 on the server to the host(192.168.1.1:22) in client side.  \r\n\u003cimg src=\"./rtcp.png\" width=\"600\"  alt=\"rtcp\"/\u003e\u003cbr/\u003e\r\n\r\n```\r\n# server\r\n./gost -L kcp://:9000            # for v2. \r\n./gost -L kcp://:9000?bind=true  # for v3. bind=true to enable server bind function.\r\n# client\r\n./gost -L=rtcp://:2222/192.168.1.1:22  -F=kcp://server_ip:9000\r\n\r\n# ssh cmd to access sshd server in the Intranet\r\nssh root@server_ip -p 2222\r\n```\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n## gost cmds to run KCP + SS\r\nrun gost and ss on server, SS client connect to 127.0.0.1:8838 as connect to remote server.  \r\n```\r\n# server \r\nwget --no-check-certificate  https://github.com/ginuerzh/gost/releases/download/v2.11.5/gost-linux-amd64-2.11.5.gz\r\ngzip -dk  gost-linux-amd64-2.11.5.gz\r\nmv  gost-linux-amd64-2.11.5  gost\r\nchmod +x  gost\r\n./gost -L kcp://:9000/:8388  -L ss://aes-256-gcm:passwd@127.0.0.1:8388 \r\n\r\n# client\r\n./gost  -L tcp://:8388  -F \"forward+kcp://server_ip:9000\"\r\n\r\n# ss param\r\nss://aes-256-gcm:passwd@127.0.0.1:8388 \r\n```\r\nss cipher method contains:\r\n```\r\n1. AES-256-CFB  \r\n2. AES-128-CFB  \r\n3. CHACHA20  \r\n4. CHACHA20-IETF  \r\n5. AES-256-GCM  \r\n6. AES-128-GCM  \r\n7. RC4-MD5  \r\n```\r\n\r\n\r\n\r\n## gost cmds to run KCP + V2ray  \r\nv2ray is a little complicated than ss.  \r\nbut more popular.  \r\nIf you want to run gost tunnel to support v2ray, please see  [v2ray dir in this repository](./v2ray).\r\n\r\n\r\n\r\n# Compare to other tools\r\n- gost is a tunnel or proxy. gost support many protocol(such as tls,wss,quic,kcp...).  \r\nquic with gost is slow.  \r\n- hysteria is based on quic(modified), tcp or udp, act as tunnel or proxy. It support obfs, so will not be blocked for using quic.  \r\n- tuic is based on standard quic, and is the most fast. But maybe blocked for quic.  \r\n- kcptun is a good kcp tunnel, but it is blocked now. Use kcp of gost is OK.  \r\n- xray or v2fly. It's used by many people. They are the main enemy of GFW. based on tcp.   \r\n\r\nhysteria:  https://github.com/apernet/hysteria  \r\ntuic:      https://github.com/EAimTY/tuic  \r\nkcptun:    https://github.com/xtaci/kcptun  \r\nxray:      https://github.com/XTLS/Xray-core  \r\n\r\n\r\n\r\n\r\n# Some tips\r\n## how to run gost at background\r\n- run gost at background in Linux  \r\nuse nohup to run gost in background and the log redirect to gost.log  \r\n``` \r\n  nohup ./gost -L mtls://:443  \u003e\u003e gost.log  2\u003e\u00261 \u0026\r\n```\r\n\r\n- run gost as a service  \r\nuse systemd to install gost as a service.  \r\nmore info see [gost service](./service).\r\n\r\n\r\n\r\n## run gost in openwrt\r\nSome openwrt system has can install gost easily by opkg. https://github.com/SuLingGG/OpenWrt-Rpi  \r\nThe gost build for openwrt info is here:  https://github.com/kenzok8/openwrt-packages/tree/master/gost  \r\nluci-app-gost is the web page to admin gost. see: https://github.com/kenzok8/openwrt-packages/tree/master/luci-app-gost  \r\n\r\n\r\n## security caution\r\nRemember to add user and password autication, when you listen a socks5 server on 0.0.0.0  \r\nOr you just listen on 127.0.0.1 like this:  \r\n```\r\ngost -L admin:123456@:1080  # default listen on 0.0.0.0\r\ngost -L 127.0.0.1:1080      # only available on localhost\r\n```\r\n\r\n\r\n# gost v3 tips\r\ngost version 3 is different from v2.\r\n\r\n## rtcp need bind parameter\r\nwhen you use gost v3 to do rtcp, you must add \"bind=true\" to cmd to allow server's bind operation.  \r\n```\r\ngost -L relay://:9000?bind=true\r\ngost -L rtcp://:80/:8080 -F relay://server.com:9000\r\n```\r\n\r\n## kcp use tcp \r\ngost v3 support \"kcp.tcp=true\" to config kcp parameter.  \r\nmore info see: https://gost.run/tutorials/protocols/kcp/  \r\n```\r\ngost -L kcp://:9000?kcp.tcp=true   # use tcp to transfer kcp, need root privilege.\r\ngost -L kcp://:9000?kcp.configFile=kcp.json # use kcp.json to set kcp parameter\r\n```\r\nkcp.json content example.   \r\n```\r\n{\r\n    \"tcp\": true\r\n}\r\n```\r\n\r\n\r\n\r\n\r\n\r\n\r\n## Doesn't have a VPS?\r\nOh, It's very easy. Buy one.  \r\n- [bandwagonhost](https://bandwagonhost.com/aff.php?aff=56257)   $49.9 for 1 year.\r\n- [vultr.com](https://www.vultr.com/?ref=7621285)  Easy to use.\r\n- [DMIT](https://www.dmit.io/)   Many data center.\r\n- [racknerd.com](https://my.racknerd.com/aff.php?aff=3278) It's very cheap. Click this link to buy  is cheap [BlackFriday](https://www.racknerd.com/NewYear/).  Only $10.28 for 1 year. If you want the net is fast, you should buy $24 vps, and select Location to Los Angeles.\r\n- [arvancloud.ir](https://arvancloud.ir) It's used by many Iran people. It support bitcoin and USDT.  \r\n- [ApeWeb](https://cms.apeweb.uk/index.php?rp=/store/global-customers) Cheap, accepts customers globally including Iran and takes crypto currency. Servers in Europe. \r\n- [PQ Hosting](https://pq.hosting/?from=580849)  Europe vps provider, only 4.77€ per month. Very cheap.  \r\n\r\n\r\n\r\n\r\n\r\n## Still don't know how to do?\r\nIf you have read this document and don't know how to use gost, maybe you don't need to waste some more time on it.  \r\nPlease use some commercial mature VPN service.   \r\nSuch as:\r\n- 1.[justMysocks.net](https://justmysocks.net/members/aff.php?aff=24386)   \r\n- 2.[ExpressVPN](https://www.expressvpn.com/) \r\n- 3.[StrongVPN](https://www.strongvpn.com) \r\n\r\n\r\n\r\n\r\n## Star \r\nYou have read to here, why not click the star button for once?\r\n\r\n\r\n\r\n\r\n\r\n# Welcome Pull Requests\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwoodlyer%2FgostExample","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwoodlyer%2FgostExample","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwoodlyer%2FgostExample/lists"}