Gole

A p2p hole-punching tool wrriten in Go, allowing two computers behind NAT to communicate with each other.

Features

TCP/UDP hole punching even when both sides are behind symmetric NATs (no guarantee 😉)
TCP/UDP tunneling over punched holes
KCP* tunneling for tcp-over-udp support
Built-in SOCKS5 proxy at tunnel endpoint
Traffic encryption, bypass censorship
STUN-less, command line driven

Quickstart

Suppose:

A has a web server listening at 127.0.0.1:8080
A is behind NAT and has a public ip of 3.3.3.3
B also behind NAT and have a public ip of 4.4.4.4
B want to access A's web server from his local machine at 127.0.0.1:1111
They agreed on a pair of tcp ports to open :3333(A) and :4444(B)

A run:

gole -v tcp 0.0.0.0:3333 4.4.4.4:4444 -op server -fwd=127.0.0.1:8080

B run:

gole -v tcp 0.0.0.0:4444 3.3.3.3:3333 -op client -fwd=127.0.0.1:1111

After successfully punching through both NATs, a TCP tunnel between above two open ports will be created.

B can then access A's web server from his localhost at 127.0.0.1:1111:

127.0.0.1:1111 --> (4.4.4.4:4444 <--> 3.3.3.3:3333) --> 127.0.0.1:8080

Usage

gole [GLOBAL_OPTIONS] MODE local_addr remote_addr MODE_OPTIONS...

    GLOBAL OPTIONS:
      -h
      -help
            Usage information
      -timeout=30
            How long in seconds an idle connection timeout and exit
            Please refer to wiki for more info
      -v
      -verbose
            Turn on debug output
      -enc=xor
            Encryption method
      -key=
            Encryption key (leave empty to disable encryption)
    
    MODE=tcp|udp

    MODE 'tcp' OPTIONS:
      -fwd=IP:PORT|socks5[,bind=eth1,fwmark=0,dscp=0]
            Forward to address in server mode
            Forward from address in client mode
            SOCKS5 proxy can only be set in server mode
                bind=interface|ip|hostname
                    bind source ip for outbound traffic
                fwmark=int
                    MARK value for outbound traffic, 0 to disable
                dscp=int
                    DSCP value for outbound traffic, 0 to disable
      -op=holepunch|server|client
            Operation to perform (default "holepunch")
            NOTE: "server" means first holepunch and start tunnel server

    MODE 'udp' OPTIONS:
      -fwd=IP:PORT|socks5[...]
            <same as in 'tcp' mode>
            NOTE: SOCKS5 proxy is only available in kcp protocol's server mode
      -op=holepunch|server|client
            <same as in 'tcp' mode>
      -proto=udp|kcp[,conf=path-to-kcp-config-file]
            Custom transport layer protocol on top of UDP tunnel (default "udp")
            NOTE: When using KCP protocol, forward address on both sides must be TCP address
      -ttl=0
            TTL value used in holepunching (0 to disable setting ttl)
            Should only be used when both sides are under symmetric NATs.
            For the full rationale of its usage, please refer to wiki.
            NOTE: Only one side needs to set it!

Building

make
./gole -h

Documentation

TODO: wiki

References

Bryan Ford, the UDP hole punching part of Gole is loosely based on his paper
xtaci, kcp-go
xtaci, smux
templexxx, xorsimd
ring04h, s5.go

Name		Name	Last commit message	Last commit date
Latest commit History 32 Commits
s5		s5
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
cli.go		cli.go
client.go		client.go
common.go		common.go
crypt.go		crypt.go
go.mod		go.mod
go.sum		go.sum
goler.png		goler.png
holepunch.go		holepunch.go
kconfig.go		kconfig.go
kcp.conf		kcp.conf
main.go		main.go
server.go		server.go

License

shawwwn/Gole

Folders and files

Latest commit

History

Repository files navigation

Gole

Features

Quickstart

Usage

Building

Documentation

References

About

Topics

Resources

License

Stars

Watchers

Forks

Languages