-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
new release for supporting udp tunneling
- Loading branch information
Showing
4 changed files
with
78 additions
and
76 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
[package] | ||
name = "omnip" | ||
version = "0.5.1" | ||
version = "0.6.0" | ||
edition = "2021" | ||
|
||
[lib] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
omnip - {tcp / http proxy / socks proxy} over quic | ||
omnip - [tcp | udp | http proxy | socks proxy] over quic | ||
-------- | ||
|
||
An all in one proxy implementation written in Rust. | ||
An all-in-one proxy written in Rust. | ||
|
||
Features | ||
-------- | ||
|
@@ -16,18 +16,24 @@ Features | |
* `omnip -a socks5://127.0.0.1:9000 --upstream http+quic://DOMAIN:3515 -lD` | ||
Note: The commands above will use auto-generated self-signed certificate for QUIC, which is for demonstration only. Domain name with certificate issued by trusted CA is recommended. For more details, see README of the [rstun](https://github.com/neevek/rstun) project, which omnip uses to implement proxy over QUIC. And remember to set a password for the server with the `-p` or `--password` option. | ||
5. Supports plain tcp connections over QUIC, which can be used to expose a port of remote server through the QUIC tunnel, for example: | ||
* Start a QUIC server that forwards all its payload to the local SSH port: | ||
* `omnip -a tcp+quic://0.0.0.0:3515 -upstream tcp://127.0.0.1:22 -lD` | ||
* Start a QUIC server that forwards all its tcp payload to the local SSH port: | ||
* `omnip -a tcp+quic://0.0.0.0:3515 --upstream tcp://127.0.0.1:22 -lD` | ||
* Connect to the tunnel server and SSH into the remote server through the QUIC tunnel: | ||
* `omnip -a tcp://0.0.0.0:3721 -upstream tcp+quic://DOMAIN:3515 -lD` | ||
* `omnip -a tcp://0.0.0.0:3721 --upstream tcp+quic://DOMAIN:3515 -lD` | ||
* `ssh -p 3721 [email protected]` | ||
6. Supports simple proxy rules, traffic will be relayed to upstream if the requested domain matches one of the proxy rules, this is for achieving *Smart Proxy* to control which domains should be forwarded through the tunnel, for example: | ||
6. Supports plain udp tunneling over QUIC, for example: | ||
* Start a QUIC server that forwards all its udp payload to `1.1.1.1:53`: | ||
* `omnip -a udp+quic://0.0.0.0:3515 --upstream udp://1.1.1.1:53 -lD` | ||
* Connect to the tunnel server and resolve DNS via the tunnel: | ||
* `omnip -a udp://0.0.0.0:5353 --upstream udp+quic://DOMAIN:3515 -lD` | ||
* `dig @127.0.0.1 -p 5353 github.com` | ||
7. Supports simple proxy rules, traffic will be relayed to upstream if the requested domain matches one of the proxy rules, this is for achieving *Smart Proxy* to control which domains should be forwarded through the tunnel, for example: | ||
* example.com | ||
* .example.com | ||
* ||example.com | ||
* ... | ||
7. Supports DoT (DNS-over-TLS) or custom name servers, for example: `--dot-server dns.google`, `--name-servers 1.1.1.1,8.8.8.8`, if both are specified, DoT server takes precedence. | ||
8. Simple Web UI can be accessed from the same port of the proxy server, DNS servers and tunnel connection can be configured through the Web UI. | ||
8. Supports DoT (DNS-over-TLS) or custom name servers, for example: `--dot-server dns.google`, `--name-servers 1.1.1.1,8.8.8.8`, if both are specified, DoT server takes precedence. | ||
9. Simple Web UI can be accessed from the same port of the proxy server, DNS servers and tunnel connection can be configured through the Web UI. | ||
|
||
Examples | ||
-------- | ||
|
@@ -85,62 +91,58 @@ Examples | |
![omnip](https://github.com/neevek/omnip/raw/master/omnip2.jpg) | ||
``` | ||
USAGE: | ||
omnip [OPTIONS] --addr <ADDR> | ||
|
||
OPTIONS: | ||
-a, --addr <ADDR> | ||
Server address [<tcp|http|socks5|socks4|tcp+quic|http+quic|socks5+quic|socks4+quic>://][ip:]port for | ||
example: http://127.0.0.1:8000, http+quic://127.0.0.1:8000 | ||
|
||
-u, --upstream <UPSTREAM> | ||
upstream which the proxy server will relay traffic to based on proxy rules, | ||
[<tcp|http|socks5|socks4>://][ip|domain]:port for example: http://127.0.0.1:8000, | ||
http+quic://127.0.0.1:8000 [default: ] | ||
|
||
-r, --proxy-rules-file <PROXY_RULES_FILE> | ||
Path to the proxy rules file [default: ] | ||
|
||
-t, --threads <THREADS> | ||
Threads to run async tasks, default to number of cpu cores [default: 0] | ||
|
||
--dot-server <DOT_SERVER> | ||
DoT (DNS-over-TLS) server, e.g. dns.google [default: ] | ||
|
||
--name-servers <NAME_SERVERS> | ||
comma saprated domain servers (E.g. 1.1.1.1,8.8.8.8), which will be used if no | ||
dot_server is specified, or system default if empty [default: ] | ||
|
||
-c, --cert <CERT> | ||
Applicable only for +quic protocols Path to the certificate file, if | ||
empty, a self-signed certificate with the domain "localhost" will be used [default: ] | ||
|
||
-k, --key <KEY> | ||
Applicable only for +quic protocols Path to the key file, can be empty if | ||
no cert is provided [default: ] | ||
|
||
-p, --password <PASSWORD> | ||
Applicable only for +quic protocols Password of the +quic server [default: ] | ||
|
||
-e, --cipher <CIPHER> | ||
Applicable only for +quic protocols Password of the +quic server [default: | ||
chacha20-poly1305] [possible values: chacha20-poly1305, aes-256-gcm, aes-128-gcm] | ||
|
||
-i, --max-idle-timeout-ms <MAX_IDLE_TIMEOUT_MS> | ||
Applicable only for quic protocol as upstream Max idle timeout for the QUIC | ||
connections [default: 120000] | ||
|
||
-w, --watch-proxy-rules-change | ||
reload proxy rules if updated | ||
|
||
-l, --loglevel <LOGLEVEL> | ||
[default: I] [possible values: T, D, I, W, E] | ||
|
||
-h, --help | ||
Print help information | ||
|
||
-V, --version | ||
Print version information | ||
Usage: omnip [OPTIONS] --addr <ADDR> | ||
|
||
Options: | ||
-a, --addr <ADDR> | ||
Server address [<tcp|http|socks5|socks4|tcp+quic|http+quic|socks5+quic|socks4+quic>://][ip:]port | ||
for example: http://127.0.0.1:8000, http+quic://127.0.0.1:8000 | ||
-u, --upstream <UPSTREAM> | ||
Upstream which the proxy server will relay traffic to based on proxy rules, | ||
[<http|socks5|socks4>://]ip:port for example: http://127.0.0.1:8000, http+quic://127.0.0.1:8000 [default: ] | ||
-r, --proxy-rules-file <PROXY_RULES_FILE> | ||
Path to the proxy rules file [default: ] | ||
-t, --threads <THREADS> | ||
Threads to run async tasks, default to number of cpu cores [default: 0] | ||
--dot-server <DOT_SERVER> | ||
DoT (DNS-over-TLS) server, e.g. dns.google [default: ] | ||
--name-servers <NAME_SERVERS> | ||
comma saprated domain servers (E.g. 1.1.1.1,8.8.8.8), which will be used | ||
if no dot_server is specified, or system default if empty [default: ] | ||
-c, --cert <CERT> | ||
Applicable only for +quic protocols | ||
Path to the certificate file, if empty, a self-signed certificate | ||
with the domain "localhost" will be used [default: ] | ||
-k, --key <KEY> | ||
Applicable only for +quic protocols | ||
Path to the key file, can be empty if no cert is provided [default: ] | ||
-p, --password <PASSWORD> | ||
Applicable only for +quic protocols | ||
Password of the +quic server [default: ] | ||
-e, --cipher <CIPHER> | ||
Applicable only for +quic protocols | ||
Cipher for encryption [default: chacha20-poly1305] [possible values: chacha20-poly1305, aes-256-gcm, aes-128-gcm] | ||
-i, --max-idle-timeout-ms <MAX_IDLE_TIMEOUT_MS> | ||
Applicable only for quic protocol as upstream | ||
Max idle timeout for the QUIC connections [default: 120000] | ||
-R, --retry-interval-ms <RETRY_INTERVAL_MS> | ||
Applicable only for quic protocol as upstream | ||
Max idle timeout for the QUIC connections [default: 5000] | ||
--tcp-nodelay | ||
Set TCP_NODELAY | ||
-w, --watch-proxy-rules-change | ||
Reload proxy rules if updated | ||
-l, --loglevel <LOGLEVEL> | ||
Log level [default: I] [possible values: T, D, I, W, E] | ||
-E, --encode-base64 | ||
Print the args as base64 string to be used in opp:// address, will be ignored if passing in | ||
as an opp:// address, which can combine all args as a single base64 string | ||
-D, --decode-base64 | ||
Decode and print the base64 encoded opp:// address | ||
-h, --help | ||
Print help | ||
-V, --version | ||
Print version | ||
``` | ||
License | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters