
Some examples for using gost.

GNU General Public License v3.0GPL-3.0

gost Example

Help you to use gost.
gost is a very good tunnel tool.
But it's document is not very clear.
And gost itself is very very complicated, because it's powerful.

Here, I want to show some examples to help ordinary users to use gost.
It doesn't mean gost can only do this. Just because gost is too powerful for everyone to handle. A little sample is enough for we to surf internet.


version 2 is here https://github.com/ginuerzh/gost
version 3 is here https://github.com/go-gost/gost **version 3 is now under developing. Not for publishing. **

Offical DOC site for v2: https://v2.gost.run/
Offical DOC site for v3: https://gost.run/

Download and run

Open release page to down the binaries for your platform.
v2: https://github.com/ginuerzh/gost/releases
v3: https://github.com/go-gost/gost/releases

On windows, if you don't want to see the black terminal, you can use gostGUI to run gost.exe in the background.
On Android, May be you can use ShadowsocksGostPlugin .
On IOS, May be you can use shadowrocket .

General Network Knowlege

gost is named from "GO Simple Tunnel", and it's always used as a tunnel.
Although gost can works as a proxy.

When gost works as tunnel, the network is like this.
Gost client and gost server set up a tunnel to serve for proxy server run on. net

gost Tunnel Example

The first line is for gost server, running on VPS.
The second line is for gost client, running on your PC.

Suppose you are running SS(shadowsocks) or v2ray on 8388, on the client side, the gost tunnel works on links to SS or V2ray on your server.

You should modified the server_ip to your own domain name or ip address.

Gost supports many protocol. Such as quic, kcp, wss, tls etc. You may change the protocal to the one you need.

  • kcp tunnel (I recommend you use kcp to speed up and secure)
    kcp protocal is based on udp.
    kcp can speed up your connection and keep your connection secure.
# server,  ss or v2ray listen on 8083 
./gost -L kcp://:9000/:8083 
./gost -L tcp://  -F forward+kcp://server_ip:9000

If you want to change some parameter of kcp. you can write a kcp.json and append it into cmd. like this:

./gost -L kcp://:9000/:8083?c=./kcp.json 
./gost -L tcp://  -F forward+kcp://server_ip:9000?c=./kcp.json

I recommend you to change the kcp.json. But default parameter doesn't matter much.
More info about kcp parameter. see: https://github.com/xtaci/kcptun
kcp.json :

    "key": "it's a secrect",
    "crypt": "aes",
    "mode": "fast",
    "mtu" : 1350,
    "sndwnd": 1024,
    "rcvwnd": 1024,
    "datashard": 10,
    "parityshard": 3,
    "dscp": 0,
    "nocomp": false,
    "acknodelay": false,
    "nodelay": 0,
    "interval": 40,
    "resend": 0,
    "nc": 0,
    "sockbuf": 4194304,
    "keepalive": 10,
    "snmplog": "",
    "snmpperiod": 60,
    "tcp": false
  • tls tunnel
./gost -L tls://:443/:8083
./gost -L=tcp:// -F forward+tls://server_ip:443
  • quic tunnel
./gost -L quic://:1443/:8083
./gost -L tcp://  -F "forward+quic://server_ip:1443"
  • dtls tunnel.
    dtls in only available in v3. Not tested.
./gost -L dtls://:1443/:8083
./gost -L tcp://  -F "forward+dtls://server_ip:1443"
  • icmp tunnel. only for v3
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
./gost -L icmp://:0
./gost -L :8080 -F "relay+icmp://server_ip:12345?keepAlive=true&ttl=10s"

gost Proxy Examples

gost act as a socks5 proxy.
you can connect socks5:// to connect the internet. different protocal used to pass the wall.

  • tls proxy
./gost -L tls://:443
./gost -L :8080 -F tls://server_ip:443
  • mtls proxy
./gost -L mtls://:443
./gost -L :8080 -F mtls://server_ip:443
  • kcp proxy
./gost -L=kcp://:8388
./gost -L=:8080 -F=kcp://server_ip:8388
  • kcp proxy with fake tcp
./gost -L=kcp://:8388?tcp=true
./gost -L=:8080 -F=kcp://server_ip:8388?tcp=true

Remote port forward

If You want to connect remote_ip and port. But you cann't for some reason.
So, You let the server do the port forward. client directly connect to gost client to connect target. client -> [gost client] -> [gost server] -> [target ip+port]

The cmd is like this, kcp can be replaced with tls,quic,socks,etc...

# this is recomended
# client set remote ip and port
./gost -L kcp://:9000  #gost server
./gost -L=rtcp:// -F forward+kcp://server_ip:9000   #gost client

client connect as connect to [remote_ip:port] This cmd only need change the para(remote_ip:port) on client.
It's very good for user.

Another methods to do remote port forward.

# server do the port forward
./gost -L kcp://:9000/remote_ip:port  #server
./gost -L tcp:// -F forward+kcp://server_ip:9000

# working. but not recommended maybe a little low efficency
./gost -L kcp://:9000  #server
./gost -L tcp:// -F kcp://server_ip:9000

remote port mapping with relay

# standard using
./gost -L relay+tls://:9000 
./gost -L=tcp://  -F relay+tls://server_ip:9000

TCP Port Mapping for relay

Use gost listen on 22 to connect Other clients which cannot connect to can connect gost to dest. client -> gost[:22] ->

gost -L tcp://:22/
# ssh
ssh root@ -p 22   

Some tips

  • run gost at background in Linux use nohup to run gost in background and the log redirect to gost.log
  nohup ./gost -L mtls://:443  >> gost.log  2>&1 &

Doesn't have a VPS?

Oh, It's very easy. Buy one.

Don't know how to do?

If you have read this document and don't know how to use gost, maybe you don't need to waste some more time on it.
Please use some commercial mature VPN service.
Such as:


You have read to here, why not click the star button for once?

Welcome Pull Requests