gostExample icon indicating copy to clipboard operation
gostExample copied to clipboard
verified publisher icon woodlyer

Can we hide destination IP behind cloudflare in gost?

Open lostsoul6 opened this issue 2 years ago • 7 comments

Hello Friends ,

I have a domestic and foreign VPS and I use gost tunnel . The issue is that today the IP of foreign VPS was blocked in the domestic VPS and no traffic could reach it .

I was using gost's forward+tls on the domestic server : -L=tcp://:2053 -F forward+tls://100.100.100.100:9000

My question is , is there any way to hide the foreign VPS IP behind CDN and use a domain there for example ?

Is there any specific tunnel or method that can hide foreign VPS IP or make the tunnel hard to detect ?

Thanks .

lostsoul6 avatar May 11 '23 18:05 lostsoul6

All the Transports Protocols gost support is list here.
What you need is CDN to hide IP.
Generally speaking, CDN is used to support HTTP , HTTPS, and WebSocket protocol.
I don't know wether gost support CDN usage. But, in theory, they works. So, you can try HTTP , HTTPS, and WebSocket with CDN.

Tunnel based on these transport protocals.
You may change the transport protocal in examples to a kind protocal listed here.
tcp - raw TCP
tls - TLS
mtls - Multiplex TLS, add multiplex on TLS (2.5+)
ws - Websocket
mws - Multiplex Websocket (2.5+)
wss - Websocket Secure Websocket based on wss
mwss - Multiplex Websocket Secure, multiplex on TLS secured Websocket (2.5+)
kcp - KCP (2.3+)
quic - QUIC (2.4+)
ssh - SSH (2.4+)
h2 - HTTP2 (2.4+)
h2c - HTTP2 Cleartext (2.4+)
obfs4 - OBFS4 (2.4+)
ohttp - HTTP Obfuscation (2.7+)
otls - TLS Obfuscation (2.11+)

woodlyer avatar May 12 '23 01:05 woodlyer

How to use costume sni when connecting to an external server?

omid-j-d avatar May 12 '23 15:05 omid-j-d

You can try this.

./gost -L sni://:443
./gost -L :1080 -F sni://server_ip:443?host=example.com

Offical doc about sni at: https://gost.run/tutorials/protocols/sni/

woodlyer avatar May 13 '23 13:05 woodlyer

I feel that the Chinese document has more information than the English one 😒 Are these settings correct? I want to encrypt sni with tls

./gost -L sni+tls://:443?certFile=cert.pem&keyFile=key.pem

./gost -L :1080 -F sni+tls://origin.example.com:443?host=cloudflare.example.com&?secure=true&serverName=origin.example.com

omid-j-d avatar May 13 '23 15:05 omid-j-d

@omid-j-d In Iran datacenters , they have limited upload speed to internet . Now tunnels don't work properly . Can we bypass limitation with sni+tls method ?

lostsoul6 avatar May 13 '23 16:05 lostsoul6

@omid-j-d In Iran datacenters , they have limited upload speed to internet . Now tunnels don't work properly . Can we bypass limitation with sni+tls method ?

No, the only way to solve this issue is to use dedicated servers, colocation and buy bandwidth. In my opinion, trying to use cloudflare is self-indulgent, thanks to stupid non-experts and youtubers who don't care about anything but views. Cloudflare is nothing interesting. If you want to use cloudflare, use the v2rayf client (from It uses the same technology as goodbye dpi) In general, I personally just wanted to answer the questions of all those who are involved in this dirty topic, and I realized that the answer is "it's not worth it".

omid-j-d avatar May 13 '23 16:05 omid-j-d

@omid-j-d There are many bugs in DPI. So we can use. For example ICMP, DNS etc.

woodlyer avatar May 14 '23 04:05 woodlyer