gotunnel is a secure tcp tunnel software. It use persistent tcp connection(s) to comminicate bettwen client and server, so it's not a port forwarder.
gotunnel could be added to any c/s system using tcp protocal. Make system structure evolve from
client <--------------> server
to
client <-> gotunnel <--------------> gotunnel <-> server
to gain gotunnel's valuable features, such as secure and persistent.
build
In your go workspace, run command as below:
go get github.com/xjdrew/gotunnel
If you don't known how to create a golang workspace, please see install.sh
Usage
usage: bin/gotunnel
-backend="127.0.0.1:1234": backend address
-listen=":8000": listen address
-log=1: log level
-secret="the answer to life, the universe and everything": tunnel secret
-timeout=10: tunnel read/write timeout
-tunnels=0: low level tunnel count, 0 if work as server
some options:
- secret: for authentication and exchanging encryption key
- tunnels: 0 means gotunnel will and as server; Any value larger than 0 means gotunnel will work as client, and build tunnels tcp connections to server.
- timeout: if can't read a packet body in timeout seconds, will recreate this tunnel. It's useful if theres is a critical firewall between gotunnel client and server.
Example
Suppose you have a squid server, and you use it as a http proxy. Usually, you will start the server:
$ squid3 -a 8080
and use it on your pc:
curl --proxy server:8080 http://example.com
It works fine but all traffic between your server and pc is plaintext, so someone can monitor you easily. In this case, gotunnel could help to encrypt your traffic.
First, on your server, resart squid to listen on a local port, for example 127.0.0.1:3128. Then start gotunnel server, listen on 8000 and use 127.0.0.1:3128 as backend.
$ ./gotunnel -listen=:8000 -backend=127.0.0.1:3128 secret="your secret" -log=10
(在linux vps上,
装好gotunnel后,运行:
gotunnel -listen=:8000 -backend=127.0.0.1:10080 -secret=my-secret -tunnels=0
cd $GOPATH
go get -u -v github.com/xjdrew/gotunnel
gotunnel -listen=:8000 -backend=127.0.0.1:10080 -secret=my-secret -tunnels=0
这里的10080为我所安装的某个socks代理服务器程序的端口。socks代理服务器程序可选用ssocks或者mocks.
不过这里的命令gotunnel -listen=:8000 -backend=127.0.0.1:10080 -secret=my-secret -tunnels=0是运行在前台的,容易退出,我们可以利用systemd来把此命令运行为service:
nano /etc/systemd/system/gotunnel-by-xjdrew.service
其内容为:
[Unit]
After=network.target
[Service]
ExecStart=/root/go/gopath/bin/gotunnel-by-xjdrew -listen=:8000 -backend=127.0.0.1:10080 -secret=iloveson -tunnels=0
Restart=always
[Install]
WantedBy=multi-user.target
然后运行:
systemctl start gotunnel-by-xjdrew
systemctl enable gotunnel-by-xjdrew
服务器端搭建完成。
在客户端机器上运行:
cd $GOPATH
go get -u -v github.com/xjdrew/gotunnel
mv ~/go1.10.2/go/bin/gotunnel ~/go1.10.2/go/bin/gotunnel-by-xjdrew
然后运行:
~/go1.10.2/go/bin/gotunnel-by-xjdrew -listen=127.0.0.1:7070 -backend=vps-ip:8000 -secret=my-secret -tunnels=1
然后设置客户端机器的浏览器的socks5代理为127.0.0.1:7070,即可翻墙。如果在服务器上所用的backend程序是http proxy,比如squid或者
tinyproxy,则需设置客户端机器的浏览器的http代理为127.0.0.1:7070,浏览器即可翻墙)
Second, on your pc, start gotunnel client:
./gotunnel -tunnels=1 -listen="127.0.0.1:8080" -backend="server:8000" -secret="your-secret"
Then you can use squid3 on you local port as before, but all your traffic is encrypted.
Besides that, you don't need to create and destory tcp connection between your pc and server, because gotunnel use long-live tcp connections as low tunnel. In most cases, it would be faster。
from https://github.com/xjdrew/gotunnel
https://github.com/xjdrew/gotunnel/issues/13
起初,我用squid做后端,因为squid太臃肿,导致翻墙效率低下。后来我改用某个socks代理服务器程序(比如mocks,http://briteming.blogspot.com/2012/02/socks-server-mocks.html)做后端,翻墙速度堪称秒开。
---------------
similar to gost -http://briteming.blogspot.com/2015/05/gost.html
---------------
https://github.com/xjdrew/gotunnel/issues/13
起初,我用squid做后端,因为squid太臃肿,导致翻墙效率低下。后来我改用某个socks代理服务器程序(比如mocks,http://briteming.blogspot.com/2012/02/socks-server-mocks.html)做后端,翻墙速度堪称秒开。
---------------
similar to gost -http://briteming.blogspot.com/2015/05/gost.html
---------------
一个适用于腾讯开放平台的 tunnel
目前如果要与腾讯合作运营游戏的话,是必须把服务器运行在腾讯的云平台上的。鉴于腾讯的强势地位,严禁自己托管机器,也禁止选择别家的云服务。至于腾讯开放平台,谁用谁知道,呵呵。既然都叫”开放“了,你就能想像是什么意思,所谓共和国还要在名字前加个 “人民” 呢 :)
如果你把 “必须运营在腾讯云平台” 这条当成企鹅税来看待,也就了然了。无非是多花点钱用差点的硬件,增加点程序员人工为它写些代码适配,出点啥莫名其妙的问题,忍忍,多吐点槽就好了。要理解大公司部门多,各个部门都需要完成自己的 KPI ,刷点存在感。
当然也有可能你的程序无法获得需要的处理能力,或是你不堪忍受在云平台上的各种奇葩。那么还有一条路可以偷偷走。那就是想办法自己另外托管机器,然后写一个 tunnel 程序把服务器连起来。
鉴于腾讯开放平台的开放性,普通现成的 tunnel 程序可能满足不了需求。晓靖同学最近在学 go 语言兴致比较高,用 go 实现了一个。需要的同学可以自取 。
这个东西完成了这样的功能:
你可以在开放平台下运行一份 gate ,监听一个端口。用户可以通过这个端口请求你提供的服务。
由于你可能没有权限从开放平台向外网发出连接。所以 gate 还需要再监听另一个端口,让你的服务器可以从外部连接进去。
然后,你在你的服务器这边(可能是你自己另外托管的机器上,也可以直接是你家里或办公室里的机器)启动一份 node 连接上放在开放平台中的 gate 。连接建立后,node 会把用户对 gate 的所有请求都转换成本地请求,你的服务器只需要启动在和 node 同一台机器上,就能处理它们了。
由于开放平台 tgw 的某种奇葩设计,从外部连入的 tcp 连接都会多出一个莫名其妙的包头 。自然你不希望看见它。gotunnel 这个服务会很贴心的帮你去掉它们。
当然,使用 tunnel 会使得所有用户的数据流都需要绕道几次才能辗转抵达你的真正服务器,所以单纯的请求回应测试会看到性能下降不少。但是长期总吞吐量是不变的。它在中间仅仅是做了包转发的工作,并没有降低你的服务器的处理能力.
from http://blog.codingnow.com/2014/06/gotunnel.html