transparent redirector of any TCP connection to proxy (Customized for Anti-GFW)
Clone or download
Pull request Compare This branch is 130 commits behind semigodking:master.
Permalink
Failed to load latest commit information.
debian Update redsocks.conf samples. Jan 3, 2012
doc README: document socksifying router setup. Mar 25, 2012
.gitignore added .depend to .gitignore Nov 11, 2010
Makefile Add support to shadowsocks proxy(IPv4 TCP only) Feb 17, 2015
README Rewrite the program and drop support to libevent 1.x. Dec 16, 2014
README.md Add support to shadowsocks proxy(IPv4 TCP only) Feb 17, 2015
autoproxy.c Fix: http-relay not work Feb 19, 2015
base.c Minor fixes. Dec 31, 2014
base.h Whitespace fixes. Jul 13, 2008
base64.c add base64 and md5 library for http auth Nov 14, 2010
base64.h minor fixes Nov 14, 2010
direct.c Rewrite the program and drop support to libevent 1.x. Dec 16, 2014
encrypt.c Add support to shadowsocks proxy(IPv4 TCP only) Feb 17, 2015
encrypt.h Add support to shadowsocks proxy(IPv4 TCP only) Feb 17, 2015
http-auth.c Change license to Apache 2.0 to ensure compatibility with android stack. Apr 20, 2011
http-auth.h remove time limit between consective attempts Nov 18, 2010
http-connect.c Introduce new method 'autohttp-connect'. Mar 20, 2013
http-relay.c fix proxy request Dec 11, 2014
ipcache.c Refine code and make autoproxy much configurable Feb 17, 2015
ipcache.h Refine code and make autoproxy much configurable Feb 17, 2015
list.h Whitespace fixes. Jul 13, 2008
log.c redsocks now compiles with libevent-2.0 Aug 1, 2011
log.h Fixed format string bug. May 21, 2009
main.c Refine code and make autoproxy much configurable Feb 17, 2015
main.h Refine code and make autoproxy much configurable Feb 17, 2015
md5.c add base64 and md5 library for http auth Nov 14, 2010
md5.h add base64 and md5 library for http auth Nov 14, 2010
parser.c Fix bug in DNS resolution - results were ignored (since 8179a1f). Apr 9, 2012
parser.h Added ability to create many redsocks config sections to have many re… Aug 18, 2008
redsocks.c Fix: http-relay not work Feb 19, 2015
redsocks.conf.example Add support to shadowsocks proxy(IPv4 TCP only) Feb 17, 2015
redsocks.h Refine code and make autoproxy much configurable Feb 17, 2015
redudp.c Fix: segments fault caused by 'redudp'. Feb 24, 2015
redudp.h Initial support for UDP + TPROXY redirection. No more dest_ip in redudp. Apr 12, 2012
shadowsocks.c Add support to shadowsocks proxy(IPv4 TCP only) Feb 17, 2015
socks4.c Change license to Apache 2.0 to ensure compatibility with android stack. Apr 20, 2011
socks5.c Make autoproxy feature independ on proxy implementation. Oct 22, 2013
socks5.h Cleanup: make socks5 structures reusable. Dec 2, 2010
tcpdns.c Add missing files and bug fix. Feb 13, 2015
tcpdns.h Add missing files and bug fix. Feb 13, 2015
utils.c Rewrite the program and drop support to libevent 1.x. Dec 16, 2014
utils.h Rewrite the program and drop support to libevent 1.x. Dec 16, 2014
version.h Added -h, -? CLI options for help & -v for redsocks-version. Nov 26, 2011

README.md

REDSOCKS2

This is a modified version of original redsocks. The name is changed to REDSOCKS2 to distinguish with original redsocks. This variant is useful for anti-GFW (Great Fire Wall). REDSOCKS2 contains several new features.

  1. Redirect TCP connections which are blocked via proxy automatically without need of blacklist.
  2. Redirect UDP based DNS requests via TCP connection.
  3. Integrated shadowsocks proxy support(IPv4 Only).
  4. Redirect TCP connections without proxy.
  5. Redirect TCP connections via specified network interface.

If you feel my work done is helpful, please consider donation. Thanks. Accept donations by AliPay with account semigodking@gmail.com

HOW it works

Anyone can help me to complete this part?

HOW TO BUILD

###Prerequisites The following libraries are required.

  • OpenSSL or PolarSSL

###Steps On general linux, simply run command below to build with OpenSSL.

make

To compile with PolarSSL

make USE_CRYPTO_POLARSSL=true

Since this variant of redsocks is customized for running with Openwrt, please read documents here (http://wiki.openwrt.org/doc/devel/crosscompile) for how to cross compile.

Configurations

Please see 'redsocks.conf.example' for whole picture of configuration file. Below are additional sample configuration sections for different usage.

###Redirect Blocked Traffic via Proxy Automatically To use the autoproxy feature, please change the redsocks section in configuration file like this:

redsocks {
 local_ip = 192.168.1.1;
 local_port = 1081;
 ip = 192.168.1.1;
 port = 9050;
 type = socks5; // I use socks5 proxy for GFW'ed IP
 autoproxy = 1; // I want autoproxy feature enabled on this section.
 // timeout is meaningful when 'autoproxy' is non-zero.
 // It specified timeout value when trying to connect to destination
 // directly. Default is 10 seconds. When it is set to 0, default
 // timeout value will be used.
 // NOTE: decreasing the timeout value may lead increase of chance for
 // normal IP to be misjudged.
 timeout = 13;
 //type = http-connect;
 //login = username;
 //password = passwd;
}

###Redirect Blocked Traffic via VPN Automatically Suppose you have VPN connection setup with interface tun0. You want all all blocked traffic pass through via VPN connection while normal traffic pass through via default internet connection.

redsocks {
	local_ip = 192.168.1.1;
	local_port = 1080;
	interface = tun0; // Outgoing interface for blocked traffic
	type = direct;
	timeout = 13;
	autoproxy = 1;
}

###Redirect Blocked Traffic via shadowsocks proxy Similar like other redsocks section. The encryption method is specified by field 'login'.

redsocks {
	local_ip = 192.168.1.1;
	local_port = 1080;
	type = shadowsocks;
 	ip = 192.168.1.1;
	port = 8388;
	timeout = 13;
	autoproxy = 1;
	login = 'aes-128-cfb'; // field 'login' is reused as encryption
						   // method of shadowsocks
	password = 'your password'; // Your shadowsocks password
}

List of supported encryption methods(Compiled with OpenSSL):

table
rc4
rc4-md5
aes-128-cfb
aes-192-cfb
aes-256-cfb
bf-cfb
camellia-128-cfb
camellia-192-cfb
camellia-256-cfb
cast5-cfb
des-cfb
idea-cfb
rc2-cfb
seed-cfb

List of supported encryption methods(Compiled with PolarSSL):

table
ARC4-128
ARC4-128
AES-128-CFB128
AES-192-CFB128
AES-256-CFB128
BLOWFISH-CFB64
CAMELLIA-128-CFB128
CAMELLIA-192-CFB128
CAMELLIA-256-CFB128

###Work with GoAgent To make redsocks2 works with GoAgent proxy, you need to set proxy type as 'http-relay' for HTTP protocol and 'http-connect' for HTTPS protocol
respectively. Suppose your goagent local proxy is running at the same server as redsocks2, The configuration for forwarding connections to GoAgent is like below:

redsocks {
 local_ip = 192.168.1.1;
 local_port = 1081; //HTTP should be redirect to this port.
 ip = 192.168.1.1;
 port = 8080;
 type = http-relay; // Must be 'htt-relay' for HTTP traffic. 
 autoproxy = 1; // I want autoproxy feature enabled on this section.
 // timeout is meaningful when 'autoproxy' is non-zero.
 // It specified timeout value when trying to connect to destination
 // directly. Default is 10 seconds. When it is set to 0, default
 // timeout value will be used.
 timeout = 13;
}
redsocks {
 local_ip = 192.168.1.1;
 local_port = 1082; // HTTPS should be redirect to this port.
 ip = 192.168.1.1;
 port = 8080;
 type = http-connect; // Must be 'htt-connect' for HTTPS traffic. 
 autoproxy = 1; // I want autoproxy feature enabled on this section.
 // timeout is meaningful when 'autoproxy' is non-zero.
 // It specified timeout value when trying to connect to destination
 // directly. Default is 10 seconds. When it is set to 0, default
 // timeout value will be used.
 timeout = 13;
}

###Redirect UPD based DNS Request via TCP connection Sending DNS request via TCP connection is one way to prevent from DNS poisoning. You can redirect all UDP based DNS requests via TCP connection with the following config section.

tcpdns {
	// Transform UDP DNS requests into TCP DNS requests.
	// You can also redirect connections to external TCP DNS server to
	// REDSOCKS transparent proxy via iptables.
	local_ip = 192.168.1.1; // Local server to act as DNS server
	local_port = 1053;      // UDP port to receive UDP DNS requests
	tcpdns1 = 8.8.4.4;      // DNS server that supports TCP DNS requests
	tcpdns2 = 8.8.8.8;      // DNS server that supports TCP DNS requests
	timeout = 4;            // Timeout value for TCP DNS requests
}

Then, you can either redirect all your DNS requests to the local IP:port configured above by iptables, or just change your system default DNS upstream server as the local IP:port configured above.

AUTHOR

Zhuofei Wang semigodking@gmail.com