Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can we hide destination IP behind cloudflare in gost? #8

Open
lostsoul6 opened this issue May 11, 2023 · 7 comments
Open

Can we hide destination IP behind cloudflare in gost? #8

lostsoul6 opened this issue May 11, 2023 · 7 comments

Comments

@lostsoul6
Copy link

Hello Friends ,

I have a domestic and foreign VPS and I use gost tunnel . The issue is that today the IP of foreign VPS was blocked in the domestic VPS and no traffic could reach it .

I was using gost's forward+tls on the domestic server : -L=tcp://:2053 -F forward+tls://100.100.100.100:9000

My question is , is there any way to hide the foreign VPS IP behind CDN and use a domain there for example ?

Is there any specific tunnel or method that can hide foreign VPS IP or make the tunnel hard to detect ?

Thanks .
@woodlyer
Copy link
Owner

All the Transports Protocols gost support is list here.
What you need is CDN to hide IP.
Generally speaking, CDN is used to support HTTP , HTTPS, and WebSocket protocol.
I don't know wether gost support CDN usage. But, in theory, they works.
So, you can try HTTP , HTTPS, and WebSocket with CDN.

Tunnel based on these transport protocals.
You may change the transport protocal in examples to a kind protocal listed here.
tcp - raw TCP
tls - TLS
mtls - Multiplex TLS, add multiplex on TLS (2.5+)
ws - Websocket
mws - Multiplex Websocket (2.5+)
wss - Websocket Secure Websocket based on wss
mwss - Multiplex Websocket Secure, multiplex on TLS secured Websocket (2.5+)
kcp - KCP (2.3+)
quic - QUIC (2.4+)
ssh - SSH (2.4+)
h2 - HTTP2 (2.4+)
h2c - HTTP2 Cleartext (2.4+)
obfs4 - OBFS4 (2.4+)
ohttp - HTTP Obfuscation (2.7+)
otls - TLS Obfuscation (2.11+)

@omid-j-d
Copy link

omid-j-d commented May 12, 2023
edited
Loading

How to use costume sni when connecting to an external server?

@woodlyer
Copy link
Owner

You can try this.

./gost -L sni://:443
./gost -L :1080 -F sni://server_ip:443?host=example.com

Offical doc about sni at: https://gost.run/tutorials/protocols/sni/

@omid-j-d
Copy link

I feel that the Chinese document has more information than the English one 😒 Are these settings correct? I want to encrypt sni with tls

./gost -L sni+tls://:443?certFile=cert.pem&keyFile=key.pem

./gost -L :1080 -F sni+tls://origin.example.com:443?host=cloudflare.example.com&?secure=true&serverName=origin.example.com

@lostsoul6
Copy link
Author

@omid-j-d
In Iran datacenters , they have limited upload speed to internet . Now tunnels don't work properly .
Can we bypass limitation with sni+tls method ?

@omid-j-d
Copy link

@omid-j-d In Iran datacenters , they have limited upload speed to internet . Now tunnels don't work properly . Can we bypass limitation with sni+tls method ?

No, the only way to solve this issue is to use dedicated servers, colocation and buy bandwidth. In my opinion, trying to use cloudflare is self-indulgent, thanks to stupid non-experts and youtubers who don't care about anything but views. Cloudflare is nothing interesting. If you want to use cloudflare, use the v2rayf client (from It uses the same technology as goodbye dpi) In general, I personally just wanted to answer the questions of all those who are involved in this dirty topic, and I realized that the answer is "it's not worth it".

@woodlyer
Copy link
Owner

woodlyer commented May 14, 2023
edited
Loading

@omid-j-d There are many bugs in DPI. So we can use.
For example ICMP, DNS etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@omid-j-d @woodlyer @lostsoul6