search

woodlyer / gostExample

Some examples for building proxy and tunnel with gost.
GNU General Public License v3.0
71 stars 9 forks source link

Can we hide destination IP behind cloudflare in gost? #8

Open lostsoul6 opened 1 year ago

lostsoul6 commented 1 year ago

Hello Friends ,

I have a domestic and foreign VPS and I use gost tunnel . The issue is that today the IP of foreign VPS was blocked in the domestic VPS and no traffic could reach it .

I was using gost's forward+tls on the domestic server : -L=tcp://:2053 -F forward+tls://100.100.100.100:9000

My question is , is there any way to hide the foreign VPS IP behind CDN and use a domain there for example ?

Is there any specific tunnel or method that can hide foreign VPS IP or make the tunnel hard to detect ?

Thanks .

woodlyer commented 1 year ago

All the Transports Protocols gost support is list here.
What you need is CDN to hide IP.
Generally speaking, CDN is used to support HTTP , HTTPS, and WebSocket protocol.
I don't know wether gost support CDN usage. But, in theory, they works. So, you can try HTTP , HTTPS, and WebSocket with CDN.

Tunnel based on these transport protocals.
You may change the transport protocal in examples to a kind protocal listed here.
tcp - raw TCP
tls - TLS
mtls - Multiplex TLS, add multiplex on TLS (2.5+)
ws - Websocket
mws - Multiplex Websocket (2.5+)
wss - Websocket Secure Websocket based on wss
mwss - Multiplex Websocket Secure, multiplex on TLS secured Websocket (2.5+)
kcp - KCP (2.3+)
quic - QUIC (2.4+)
ssh - SSH (2.4+)
h2 - HTTP2 (2.4+)
h2c - HTTP2 Cleartext (2.4+)
obfs4 - OBFS4 (2.4+)
ohttp - HTTP Obfuscation (2.7+)
otls - TLS Obfuscation (2.11+)
omid-j-d commented 1 year ago

How to use costume sni when connecting to an external server?

woodlyer commented 1 year ago

You can try this. 

./gost -L sni://:443
./gost -L :1080 -F sni://server_ip:443?host=example.com

Offical doc about sni at: https://gost.run/tutorials/protocols/sni/

omid-j-d commented 1 year ago

I feel that the Chinese document has more information than the English one 😒 Are these settings correct? I want to encrypt sni with tls

./gost -L sni+tls://:443?certFile=cert.pem&keyFile=key.pem

./gost -L :1080 -F sni+tls://origin.example.com:443?host=cloudflare.example.com&?secure=true&serverName=origin.example.com

lostsoul6 commented 1 year ago

@omid-j-d In Iran datacenters , they have limited upload speed to internet . Now tunnels don't work properly . Can we bypass limitation with sni+tls method ?

omid-j-d commented 1 year ago

@omid-j-d In Iran datacenters , they have limited upload speed to internet . Now tunnels don't work properly . Can we bypass limitation with sni+tls method ?

No, the only way to solve this issue is to use dedicated servers, colocation and buy bandwidth. In my opinion, trying to use cloudflare is self-indulgent, thanks to stupid non-experts and youtubers who don't care about anything but views. Cloudflare is nothing interesting. If you want to use cloudflare, use the v2rayf client (from It uses the same technology as goodbye dpi) In general, I personally just wanted to answer the questions of all those who are involved in this dirty topic, and I realized that the answer is "it's not worth it".

woodlyer commented 1 year ago

@omid-j-d There are many bugs in DPI. So we can use. For example ICMP, DNS etc.