GoHop is a VPN implemented in golang, with innate encryption and obfuscation. The goal of this project is to escape from censorship and intelligent package inspection.
A VPN implemention in golang, with crypto and obfuscation in nature.
Why Reinvent the Wheel?
There're already lots of VPN solutions like OpenVPN, L2TP with IPSec, PPTP and other commercial VPNs. But one key problem of these VPNs are that they're only built for anti-censorship instead of anti-GFW, of course, because their developers are not Chinese.
In the past, encrypting packets is enough to get through GFW, but around Nov. 2012, with the upgrading of GFW, where DPI(deep packet inspection) and Machine Learning was introduced, although they cannot decrypt the packets and see the contents, they can still detect there're HTTP packets encrypted inside VPN packets, thus both OpenVPN and SSH tunnel was blocked in China.
How to Escape from DPI
There's no silver bullet to escape from the intelligent GFW, except for revolution :). All what I'm going to do are temporal solutions.
First, OpenVPN and SSH are both built on top of SSL, which has distinct handshake character and can be easily detected by GFW. Second, all present VPN solutions are single-port or single-protocol, thus the flow can be captured easily and with the help of machine learning, new protocols can be inspected, too.
So I'm going to implement a VPN with these features:
- Pre-shared key based authentication, randomly generated key for encryption. NO SSL, maybe a reinvented SSL :).
- "Frequency hopping"-like port and protocol hopping, both handshake and packet transmission will be actually done in random port and protocol.
- Traffic shaping to hide protocol's statistical properties.
Notice
GoHop is built on top of Linux's
tun/tap
device. Currently it supports neither Windows nor OS X
I think it would not be very difficult to port it to OS X. However, I'm not able to develop a OS X edition as I'm not a mac owner. If u wanna help, please fork and send me pull requests, I'd appreciate it.
How To Use
Download
You can get updated release from https://github.com/bigeagle/gohop/releases , go programs are static-linked, so it's very likely that my pre-built releases can run on your box.
Build and Install
Building GoHop needs Go 1.1 or higher.
gohop is a go-gettable package:
go get github.com/bigeagle/gohop
Config and Run
On the server, if u are using it for anti-GFW internet access, ip forwarding is needed:
sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -j MASQUERADE
edit
server.ini
as your server's config file. Rungohop server.ini
at client side, edit
client.ini
as your config file, custom routes is supported so that in-china network packets will not go through gohop. Rungohop client.ini
wait until u see
Connection Initialized
, pay attention to your DNS config, if u are using a Chinese DNS server, u're still unable to access blocked websites.
now try to ping
twitter.com
and cheers :).Publications
If you think this helpful, please cite:
- Wang, Yuzhi; Ji, Ping; Ye, Borui; Wang, Pengjun; Luo, Rong; Yang, Huazhong, "GoHop: Personal VPN to defend from censorship," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.27,33, 2014
from https://github.com/bigeagle/gohop
(http://icact.org/upload/2014/0096/20140096_finalpaper.pdf)
--------------
登录linux vps,安装go环境,cd /usr/local/go/gopath
root@localhost:/usr/local/go/gopath# go get github.com/golang/snappy
root@localhost:/usr/local/go/gopath# go get github.com/bigeagle/gohop
root@localhost:/usr/local/go/gopath# ls ../bin
go gofmt goproxy gox shadowsocks-server tendermint zas
godoc gohop gor hugo simple-website tunnel zs
(出现了gohop,说明gohop安装成功)
root@localhost:/usr/local/go/gopath#