search

woodlyer / gostExample

Some examples for building proxy and tunnel with gost.
GNU General Public License v3.0
71 stars 9 forks source link

v2ray over ssh tunnel #5

Closed vahobrsti closed 1 year ago

vahobrsti commented 1 year ago

hi my friend,

thanks for the repository and examples. It helped a lot; I have

1- ServerIran: Domestic VPS with outgoing udp blocked. So no udp will be allowed to go outside of Iran. 2- ServerPoland: Foreign VPS which has V2ray (vmess - could be any other protocol- running on 3443 port) installed

In your example, you have included kcp/tls/quic/wss 

[xray client] -----tcp--->  [gost client:1234]-----kcp/tls/quic/wss----> [gost server:9000] ----tcp---->[xray server:1234]

I wanna achieve this: 

[xray client] -----tcp--->  [gost client:1234]-----ssh tunnel----> [gost server:9000] ----tcp---->[xray server:1234]

From ServerIran to ServerPoland, I have a ssh tunnel (forward 9443 local to 3443 foreign) with port forwarding by running: 

ssh -N -f  -L 9443:polanddomain.com:3443 ubuntu@polanddomain.com

On ServerIran, I have this: 

gost -L tcp://:3443 -F=/:9443

Expectation is whatever comes through xray client on port 3443 will be forwarded to 9443 local and from 9443 will be forwarded through ssh and reach to PoalndServer. This doesn't work. Any idea why is that?

woodlyer commented 1 year ago

you should do portMapping like this. Not use -F
-F is used to forward the connection to another gost connection.

gost -L tcp://:3443/:9443

I recommend you don't use ssh program, directly use gost is easy and safe.

# xray server listen on :1234
# Poland Server
./gost -L relay+ssh://:9000     

# IranServer
./gost -L=tcp://:1234/127.0.0.1:1234  -F relay+ssh://polanddomain.com:9000

ssh in the cmd can be replaced with kcp,tls,quic or what ever listed here:
It depends on which protocal can pass the wall.

tcp - raw TCP
tls - TLS
mtls - Multiplex TLS, add multiplex on TLS (2.5+)
ws - Websocket
mws - Multiplex Websocket (2.5+)
wss - Websocket Secure Websocket based on wss
mwss - Multiplex Websocket Secure, multiplex on TLS secured Websocket (2.5+)
kcp - KCP (2.3+)
quic - QUIC (2.4+)
ssh - SSH (2.4+)
h2 - HTTP2 (2.4+)
h2c - HTTP2 Cleartext (2.4+)
obfs4 - OBFS4 (2.4+)
ohttp - HTTP Obfuscation (2.7+)
otls - TLS Obfuscation (2.11+)
vahobrsti commented 1 year ago

Thanks. It seems the issue was that I was forwarding the traffic not realying. so basically relaying changes the data channel while forwarding is acting like a switch in Layer 3. I managed to get it work by a bit modification in poland server: design: 

[xray client] -----tcp--->  [gost client:1234]-----ssh tunnel----> [gost server:9000] ----tcp---->[xray server:1234]

Here is the modification

# xray server listen on :1234
# Poland Server
./gost -L relay+ssh://:9000/:1234

# IranServer
./gost -L=tcp://:1234   -F relay+ssh://polanddomain.com:9000

Thanks for your help.

woodlyer commented 1 year ago

They all works. There is little difference between these two cmds. I like do port mapping on client. 

 #port mapping on server
./gost -L relay+ssh://:9000/:1234  
./gost -L=tcp://:1234   -F relay+ssh://polanddomain.com:9000  

#port mapping on client
./gost -L relay+ssh://:9000 
./gost -L=tcp://:1234/127.0.0.1:1234  -F relay+ssh://polanddomain.com:9000
vahobrsti commented 1 year ago

Hi my friend, I see your point now. Just tested your setup and works perfectly fine. Is there any reason why you recommend port mapping in the client?

woodlyer commented 1 year ago

I can change the dest ip+port easily on client without login server.