基础
安装
- 下载地址:Gost Github Release地址
- 选择架构对应版本,我这里以
linux_amd64为例
wget -O gost.tar.gz https://github.com/go-gost/gost/releases/download/v3.0.0-nightly.20240201/gost_3.0.0-nightly.20240201_linux_amd64.tar.gz && tar -zxvf ./gost.tar.gz && rm ./gost.tar.gz
- 重启脚本
echo '#!/bin/bash
ps -ef | grep "gost" | grep -v grep | awk "{print$2}" | xargs -I {} kill {}
nohup ./gost -C ./config.yaml > gost.log 2>&1 &
' > ./restart.sh && chmod +x ./restart.sh
命令使用
命令行使用
Usage of ./gost:
-C string
configuration file
-D debug mode
-F value
chain node list
-L value
service list
-O string
output format, one of yaml|json format
-V print version
-api string
api service address
-metrics string
metrics service address
上诉命令中,最常用的一般有
-C:指定配置文件-F:指定chain-L:指定Listener-O:命令行输出为配置文件
场景
命令行为直接输入,配置模式指的是通过-C来指定配置变量
场景一: 端口转发
最基础的端口转发
- 节点A为入口,需要转发到HK的节点B端口
11687端口
- 命令模式:
gost -L tcp://:40002/节点B的IP:11687 -L udp://:40002/节点B的IP:11687
- 配置模式:
{
"services": [
{
"name": "service-0",
"addr": ":40002",
"handler": {
"type": "tcp"
},
"listener": {
"type": "tcp"
},
"forwarder": {
"nodes": [
{
"name": "target-0",
"addr": "节点B的IP:11687"
}
]
}
},
{
"name": "service-1",
"addr": ":40002",
"handler": {
"type": "udp"
},
"listener": {
"type": "udp"
},
"forwarder": {
"nodes": [
{
"name": "target-0",
"addr": "节点B的IP:11687"
}
]
}
}
]
}
加密隧道的端口转发
- 入口服务器
这个命令只是将入口节点的40006端口转发到192.168.2.120.3389,这里的192.168.2.120实际上指的是中转服务器到192.168.2.120:3389
- 命令模式:
gost -L tcp://:40006/192.168.2.120:3389 -F relay+tls://ip:8443
- 配置模式:
{
"services": [
{
"name": "service-0",
"addr": ":40006",
"handler": {
"type": "tcp",
"chain": "chain-0"
},
"listener": {
"type": "tcp"
},
"forwarder": {
"nodes": [
{
"name": "target-0",
"addr": "192.168.2.120:3389"
}
]
}
}
],
"chains": [
{
"name": "chain-0",
"hops": [
{
"name": "hop-0",
"nodes": [
{
"name": "node-0",
"addr": "ip:8443",
"connector": {
"type": "relay"
},
"dialer": {
"type": "tls",
"tls": {
"serverName": "ip"
}
}
}
]
}
]
}
]
}
- 中转服务器
- 命令模式:
gost -L relay+tls://:8443
- 配置文件模式:
{
"services": [
{
"name": "service-0",
"addr": ":8443",
"handler": {
"type": "relay"
},
"listener": {
"type": "tls"
}
}
]
}
端口如何复用
在上面加密隧道建立完成之后,其实可以多次复用这个隧道,比如:
gost -L tcp://:40006/192.168.2.120:3389 -F relay+tls://ip:8443
上面这个只转发了一个端口,实际上可以通过-L多个端口转发,复用一个隧道
gost -L tcp://:40006/192.168.2.120:3389 -L tcp://:40007/192.168.2.22:22 -F relay+tls://ip:8443
场景二:内网穿透
基础的内网穿透
- 带有公网ip的服务器
与上面的转发相比,内网穿透的场景是:节点A有公网IP,节点B没有公网;在上面转发的配置中节点A是需要访问节点B的公网IP+端口,内网穿透明显不一样
在带有公网IP的服务器上,监听40005端口,并且开启bind=true,其中bind=true的意思是允许内网穿透的节点直接在有公网ip的服务器上开端口
- 命令模式:
gost -L relay+tls://:40005?bind=true
- 配置模式:
{
"services": [
{
"name": "service-0",
"addr": ":40005",
"handler": {
"type": "relay",
"metadata": {
"bind": "true"
}
},
"listener": {
"type": "tls",
"metadata": {
"bind": "true"
}
},
"metadata": {
"bind": "true"
}
}
]
}
- 内网的服务器
下面命令意思为:在有公网ip的服务器上打开2222端口,并且转发到本地22端口
- 命令模式:
gost -L rtcp://:2222/:22 -F 'relay+tls://ip:40005'
- 配置模式:
{
"services": [
{
"name": "service-0",
"addr": ":2222",
"handler": {
"type": "rtcp"
},
"listener": {
"type": "rtcp",
"chain": "chain-0"
},
"forwarder": {
"nodes": [
{
"name": "target-0",
"addr": ":22"
}
]
}
}
],
"chains": [
{
"name": "chain-0",
"hops": [
{
"name": "hop-0",
"nodes": [
{
"name": "node-0",
"addr": "ip:40005",
"connector": {
"type": "relay"
},
"dialer": {
"type": "tls",
"tls": {
"serverName": "ip"
}
}
}
]
}
]
}
]
}