Skip to content

Latest commit

 

History

History
133 lines (88 loc) · 4.4 KB

README.md

File metadata and controls

133 lines (88 loc) · 4.4 KB
DPI Tunnel logo

DPI Tunnel for Linux

Free, simple and serverless solution against censorship for Linux PCs and routers

License Latest release Downloads

What is it

DPI Tunnel is a proxy server, that allows you to bypass censorship

It is NOT a VPN and will NOT change your IP

DPI Tunnel uses desync attacks to fool DPI filters

RUN IT AS ROOT

Features

  • Bypass many restrictions: blocked or throttled resources
  • Create profiles for different ISPs and automatically change them when the connection switches
  • Easily autoconfigure for your ISP
  • Has HTTP and transparent proxy modes

Configuring

For most of the ISPs, one of the these 2 profiles will be enough

--ca-bundle-path=<path_to_cabundle> --desync-attacks=fake,disorder_fake --split-position=2 --auto-ttl=1-4-10 --min-ttl=3 --doh --doh-server=https://dns.google/dns-query --wsize=1 --wsfactor=6
--ca-bundle-path=<path_to_cabundle> --desync-attacks=fake,disorder_fake --split-position=2 --wrong-seq --doh --doh-server=https://dns.google/dns-query --wsize=1 --wsfactor=6

CA Bundle is a file that contains root and intermediate SSL certificates. Required for DoH and autoconfig to work. You can get it for example from the curl website

For other ISPs, --auto will automatically find proper settings

Running

HTTP mode (default)

This mode is good for PC or any other device which will only use the proxy for itself.

Run executable with options either from autoconfig or from one of the suggested profiles. The program will tell IP and port on which the proxy server is running. 0.0.0.0 IP means any of IPs this machine has.

Set this proxy in browser or system settings

Transparent mode

This mode is good for router which will use the proxy for the entire local network.

Run executable with --mode transparent and append options either from autoconfig or from one of the suggested profiles. The program will tell IP and port on which the proxy server is running. 0.0.0.0 IP means any of IPs this machine has.

If proxy running on router

1. Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1
2. Disable ICMP redirects
sysctl -w net.ipv4.conf.all.send_redirects=0
3. Enter something like the following iptables rules
iptables -t nat -A PREROUTING -i <iface> -p tcp --dport 80 -j REDIRECT --to-port <proxy_port>
iptables -t nat -A PREROUTING -i <iface> -p tcp --dport 443 -j REDIRECT --to-port <proxy_port>

If proxy running on machine in local network (Raspberry PI for example)

1. On router
iptables -t mangle -A PREROUTING -j ACCEPT -p tcp -m multiport --dports 80,443 -s <proxy_machine_ip>
iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp -m multiport --dports 80,443
ip rule add fwmark 3 table 2
ip route add default via <proxy_machine_ip> dev <iface> table 2
2. On proxy machine
  1. Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1
  1. Disable ICMP redirects
sysctl -w net.ipv4.conf.all.send_redirects=0
  1. Enter something like the following iptables rules:
iptables -t nat -A PREROUTING -i <iface> -p tcp --dport 80 -j REDIRECT --to-port <proxy_port>
iptables -t nat -A PREROUTING -i <iface> -p tcp --dport 443 -j REDIRECT --to-port <proxy_port>

Links

Thanks

Dependencies