透明代理支持ipv6

[islercn]

透明代理对ipv6的支持一直没有实现，目前3.0rc0依然还是不支持（socks代理等支持），不知日后是否有支持计划？

[fernvenue]

Can be reproduced, and I just found out that we can create an IPv6 port forwarding service point to an IPv4 transparent proxy service, so that we can do IPv6 transparent proxy on gost for now.

Hope gost can support IPv6 transparent proxy service natively :)

[islercn]

请问这个问题还有解决的计划吗？ @ginuerzh

[ginuerzh]

优先级较低，短期内无计划，同时欢迎PR。

[ginuerzh]

最新提交已经支持ipv6。

[fernvenue]

Hi @ginuerzh, thanks for your update. But I got an issue here, this is an IPv4 based TPROXY service:

~$ curl -I https://youtube.com --resolve youtube.com:443:198.18.169.1
HTTP/2 301

And this one is an IPv6 based TPROXY service:

~$ curl -I https://youtube.com --resolve youtube.com:443:2001:db8:169::1
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to youtube.com:443

The IPv4 TPROXY test log:

gost[5863]: {"dst":"198.18.169.1:443/tcp","handler":"red","host":"youtube.com:443","kind":"handler","level":"info","listener":"red","local":"198.18.169.1:443","msg":"198.18.186.42:54320 <-> youtube.com:443","remote":"198.18.186.42:54320","service":"red4-https","time":"2024-07-11T23:20:30.529+06:00"}

The IPv6 TPROXY test log, this is the related one I can found:

gost[5863]: {"handler":"red","kind":"handler","level":"info","listener":"tcp","local":"[2001:db8:169::1]:443","msg":"[2001:db8:186::42]:36008 <> [2001:db8:169::1]:443","remote":"[2001:db8:186::42]:36008","service":"red6-https","time":"2024-07-11T23:26:28.211+06:00"}

And the version:

~# gost -V       
gost v3.0.0-nightly.20240711 (go1.22.5 linux/amd64)

Part of my configuration:

- name: red4-http
  addr: "198.18.169.1:80"
  sockopts:
    mark: 100
  handler:
    type: red
    chain: chain-01
    metadata:
      sniffing: true
  listener:
    type: red
- name: red4-https
  addr: "198.18.169.1:443"
  sockopts:
    mark: 100
  handler:
    type: red
    chain: chain-01
    metadata:
      sniffing: true
  listener:
    type: red
- name: red6-http
  addr: "[2001:db8:169::1]:80"
  sockopts:
    mark: 100
  handler:
    type: red
    chain: chain-01
    metadata:
      sniffing: true
  listener:
    type: tcp
- name: red6-https
  addr: "[2001:db8:169::1]:443"
  sockopts:
    mark: 100
  handler:
    type: red
    chain: chain-01
    metadata:
      sniffing: true
  listener:
    type: tcp

May or may not related to https://github.com/go-gost/gost/issues/379? I'm not sure, feel free to tell me if anything I can help with :)

[ginuerzh]

You need to add tproxy=true option to both listener and handler to enable TPROXY mode, otherwise it is redirect mode.

[fernvenue]

You need to add tproxy=true option to both listener and handler to enable TPROXY mode, otherwise it is redirect mode.

Thanks! It works perfectly great for both IPv4 and IPv6 now :)

[islercn]

没有成功，我用的v3.0.0-nightly.20240715，gost_3.0.0-nightly.20240715_linux_amd64，名字后带v3的也试了，都不行。

命令：./gost3 -L red://:1238 -F https://123:123@proxy.com:443 -D info

防火墙规则：ip6tables -t nat -A VI -p tcp -m set --match-set list6 dst -j REDIRECT --to-ports 1238

这个代理服务器（proxy.com）是同时支持v4和v6的，我本地也是公网v4+v6，路由器是openwrt x64 23.05

测试经过透明代理访问一个纯v6网站打不开，浏览器提示ERR_TIMED_OUT

别的都不改，关掉gost，使用goproxy能打开网页，命令：./proxy sps -S http -T tcp -P https://123:123@proxy.com:443 --redir -p :1238

顺便说一下，之前报告一个issue：https://github.com/go-gost/gost/issues/127 ，也是使用gost时有报503错误，不知道是否有关联

下面是日志，其中11开头的是我本地的ipv6，22::22是访问的纯v6服务器，33.33.33.33和proxy.com是代理服务器： {"caller":"tcp/handler.go:66","handler":"red","kind":"handler","level":"info","listener":"red","local":"[11:11:11:11::1]:1238","msg":"[11:11:11:11:7c94:ac43:7b26:75e5]:61709 <> [11:11:11:11::1]:1238","remote":"[11:11:11:11:7c94:ac43:7b26:75e5]:61709","service":"service-0","time":"2024-07-15T16:27:33.193Z"}

{"caller":"tcp/handler.go:118","dst":"[22::22]:47873/tcp","handler":"red","kind":"handler","level":"debug","listener":"red","local":"[11:11:11:11::1]:1238","msg":"[11:11:11:11:7c94:ac43:7b26:75e5]:61709 >> [22::22]:47873","remote":"[11:11:11:11:7c94:ac43:7b26:75e5]:61709","service":"service-0","time":"2024-07-15T16:27:33.193Z"}

{"caller":"chain/router.go:93","handler":"red","kind":"handler","level":"debug","listener":"red","msg":"dial [22::22]:47873/tcp","service":"service-0","time":"2024-07-15T16:27:33.194Z"}

{"caller":"hop/hop.go:176","hop":"hop-0","kind":"hop","level":"debug","msg":"filter by host: 22::22","time":"2024-07-15T16:27:33.194Z"}

{"caller":"chain/router.go:114","handler":"red","kind":"handler","level":"debug","listener":"red","msg":"route(retry=0) node-0@proxy.com:443 > [22::22]:47873","service":"service-0","time":"2024-07-15T16:27:33.194Z"}

{"address":"[22::22]:47873","caller":"http/connector.go:52","connector":"http","dialer":"tls","hop":"hop-0","kind":"connector","level":"debug","local":"222.131.14.183:59472","msg":"connect [22::22]:47873/tcp","network":"tcp","node":"node-0","remote":"33.33.33.33:443","time":"2024-07-15T16:27:33.209Z"}

{"caller":"chain/router.go:129","handler":"red","kind":"handler","level":"error","listener":"red","msg":"route(retry=0) 503 Connect failed","service":"service-0","time":"2024-07-15T16:27:48.128Z"}

{"caller":"tcp/handler.go:127","dst":"[22::22]:47873/tcp","handler":"red","kind":"handler","level":"error","listener":"red","local":"[11:11:11:11::1]:1238","msg":"503 Connect failed","remote":"[11:11:11:11:7c94:ac43:7b26:75e5]:61594","service":"service-0","time":"2024-07-15T16:27:48.128Z"}

{"caller":"tcp/handler.go:70","dst":"[22::22]:47873/tcp","duration":30052587007,"handler":"red","kind":"handler","level":"info","listener":"red","local":"[11:11:11:11::1]:1238","msg":"[11:11:11:11:7c94:ac43:7b26:75e5]:61594 >< [11:11:11:11::1]:1238","remote":"[11:11:11:11:7c94:ac43:7b26:75e5]:61594","service":"service-0","time":"2024-07-15T16:27:48.129Z"}

{"caller":"service/service.go:241","handler":"red","kind":"service","level":"error","listener":"red","msg":"503 Connect failed","service":"service-0","time":"2024-07-15T16:27:48.129Z"}