No Encryption?

Question

No Encryption?

Closed this issue 4 years ago · 13 comments

It's easy to get detected by GFW, do you think?

Answer 1 · 2019-08-03T14:45:08.000Z

Yes, the standard socks5 proxy protocol is easy to detected by GFW. This is just a transparent proxy client that communicate with socks5 compatible server. We can use any obfuscation protocol for cross-border communication.

Answer 2 · 2019-08-03T14:47:13.000Z

Would you consider adding a Websocket and TLS1.3 layer on top of the socks5 protocol?

Answer 3 · 2019-08-03T14:53:19.000Z

How to work? What can this solve?

Answer 4 · 2019-08-03T14:56:42.000Z

something like vmess+websocket+tls+nginx. replace vmess with socks5, you'll have user authentication via socks5 between server and client, as well as strong encryption and a standard https fingerprint, pretty safe.

Answer 5 · 2019-08-03T15:23:51.000Z

Sounds good, I have a private project that implements a confusing protocol and seems works fine. I think it's better to implement a socks5 compatible server based on WebSocket and TLS, and use it in combination with this project?

Answer 6 · 2019-08-03T15:46:18.000Z

Yeah, good idea, you can put the sock5 server behind Nginx. Other confusing protocol won't live long.

Answer 7 · 2019-08-25T02:34:00.000Z

Any plan to add PURE tproxy support, so only mangle table is needed, and both udp and tcp are supported.

Reference:
https://www.kernel.org/doc/Documentation/networking/tproxy.txt

Answer 8 · 2019-08-25T02:35:13.000Z

I found that this program is very useful when work with Trojan

Answer 9 · 2019-08-26T04:30:41.000Z

Any plan to add PURE tproxy support, so only mangle table is needed, and both udp and tcp are supported.

Reference:
https://www.kernel.org/doc/Documentation/networking/tproxy.txt

IIRC, the TPROXY target needs privilege capabilities.

Answer 10 · 2019-08-26T05:16:05.000Z

Any plan to add PURE tproxy support, so only mangle table is needed, and both udp and tcp are supported.
Reference:
https://www.kernel.org/doc/Documentation/networking/tproxy.txt

IIRC, the TPROXY target needs privilege capabilities.

Yes, that's correct, setcap can get things done so that No root privilege is needed to listen as tproxy.

Answer 11 · 2019-08-27T05:24:51.000Z

Any plan to add PURE tproxy support, so only mangle table is needed, and both udp and tcp are supported.
Reference:
https://www.kernel.org/doc/Documentation/networking/tproxy.txt

IIRC, the TPROXY target needs privilege capabilities.

Yes, that's correct, setcap can get things done so that No root privilege is needed to listen as tproxy.

This project is run as a module in JVM on Android, not a standalone process, may be can not set caps for it.

Answer 12 · 2019-08-27T07:28:16.000Z

OK, maybe add an option to listen as TPROXY?

Answer 13 · 2019-08-30T02:13:43.000Z

OK, maybe add an option to listen as TPROXY?

Yes.