leap
obfsvpn

Repository

--------------------
 application data
--------------------
      OpenVPN
--------------------
   obfsvpn proxy
--------------------
       obfs4
--------------------
   wire transport
--------------------
$ docker-compose up -d
$ docker-compose ps
          Name                        Command               State         Ports
--------------------------------------------------------------------------------------
obfsvpn_client_1           dumb-init /usr/bin/start.sh      Up
obfsvpn_obfsvpn-1_1        dumb-init /opt/obfsvpn/sta ...   Up
obfsvpn_obfsvpn-2_1        dumb-init /opt/obfsvpn/sta ...   Up
obfsvpn_openvpn-server_1   dumb-init /opt/openvpn-ser ...   Up      5540/tcp, 5540/udp
$ docker-compose logs client
$ docker-compose logs client openvpn-server
# to tail all logs:
$ docker-compose logs -f
$ docker-compose exec client ip route
0.0.0.0/1 via 10.8.0.5 dev tun0
default via 192.168.80.1 dev eth0
10.8.0.1 via 10.8.0.5 dev tun0
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6
127.0.0.1 via 192.168.80.1 dev eth0
128.0.0.0/1 via 10.8.0.5 dev tun0
192.168.80.0/20 dev eth0 proto kernel scope link src 192.168.80.3

$ docker-compose exec client ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=109 time=12.495 ms
64 bytes from 8.8.8.8: seq=1 ttl=109 time=13.614 ms
64 bytes from 8.8.8.8: seq=2 ttl=109 time=13.900 ms

$ docker-compose exec openvpn-server iperf3 -s --bind-dev tun0

❯ docker-compose exec client iperf3 -c 10.8.0.1 --bind-dev tun0
Connecting to host 10.8.0.1, port 5201
[  5] local 10.8.0.6 port 51390 connected to 10.8.0.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  40.9 MBytes   343 Mbits/sec  206    801 KBytes
[  5]   1.00-2.00   sec  36.2 MBytes   304 Mbits/sec  106    601 KBytes
[  5]   2.00-3.00   sec  41.2 MBytes   346 Mbits/sec    6    456 KBytes
[  5]   3.00-4.00   sec  40.0 MBytes   336 Mbits/sec    0    512 KBytes
[  5]   4.00-5.00   sec  42.5 MBytes   357 Mbits/sec    0    565 KBytes
[  5]   5.00-6.00   sec  43.8 MBytes   367 Mbits/sec    0    615 KBytes
[  5]   6.00-7.00   sec  36.2 MBytes   304 Mbits/sec   22    457 KBytes
[  5]   7.00-8.00   sec  41.2 MBytes   346 Mbits/sec    0    525 KBytes
[  5]   8.00-9.00   sec  41.2 MBytes   346 Mbits/sec    0    575 KBytes
[  5]   9.00-10.00  sec  40.0 MBytes   336 Mbits/sec    0    610 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   403 MBytes   338 Mbits/sec  340             sender
[  5]   0.00-10.02  sec   401 MBytes   336 Mbits/sec                  receiver

iperf Done.
❯ docker-compose --env-file ./.env.hopping exec client ping -c 3 -I tun0 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=113 time=12.829 ms
64 bytes from 8.8.8.8: seq=1 ttl=113 time=19.346 ms
64 bytes from 8.8.8.8: seq=2 ttl=113 time=19.013 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 12.829/17.062/19.346 ms
$ ./scripts/integration-test.sh
$ ./scripts/integration-test.sh hop
$ ./scripts/integration-test.sh kcp
$ go run ./cmd/client --help
Usage of /tmp/go-build901008461/b001/exe/client:
  -c string
        The remote obfs4 certificates separated by commas. If hopping is not enabled only the first cert will be used
  -h    Connect with openvpn over udp in hopping mode
  -i string
        The host for the local proxy (default: localhost) (default "127.0.0.1")
  -j uint
        A random range to wait (on top of the minimum) seconds before hopping. Only applicable to hopping (default 5)
  -kcp
        Enable KCP mode
  -kcp-disable-flow-control
        KCP DisableFlowControl (default true)
  -kcp-interval int
        KCP Interval (default 10)
  -kcp-mtu int
        KCP MTU (default 1400)
  -kcp-no-delay
        KCP NoDelay (default true)
  -kcp-read-buffer int
        KCP ReadBuffer (default 16777216)
  -kcp-receive-window-size int
        KCP ReceiveWindowSize (default 65535)
  -kcp-resend int
        KCP Resend (default 2)
  -kcp-send-window-size int
        KCP SendWindowSize (default 65535)
  -kcp-write-buffer int
        KCP WriteBuffer (default 16777216)
  -m uint
        The minimun number of seconds to wait before hopping. Only applicable to hopping (default 5)
  -p string
        The port for the local proxy (default: 8080) (default "8080")
  -pc uint
        The number of ports to try for each remote. Only applicable to hopping (default 100)
  -ps int
        The random seed to generate ports from. Only applicable to hopping (default 1)
  -r string
        The remote obfs4 endpoint ips (no port) separated by commas. If hopping is not enabled only the first cert will be used
  -rp string
        The remote obfs4 endpoint port to use. Only applicable to NON-hopping
  -v    Enable verbose logging
❯ curl -sL https://api.demo.bitmask.net/api/5/bridges | jq                                                                                                                                                                                                                                                                                                                                 ✘ 4
[
  {
    "healthy": true,
    "host": "cod.demo.bitmask.net",
    "ip_addr": "37.218.245.94",
    "ip6_addr": "",
    "load": 0,
    "location": "northbrabant",
    "overloaded": false,
    "port": 443,
    "transport": "tcp",
    "type": "obfs4",
    "options": {
      "cert": "k0L4LFg0Wk98v7P66xvgAx2ud+kggvjZX/qul3iFTJGH5X7xSHT+vVL4UZR0WI3SkmDzUg",
      "iatMode": "0"
    },
    "bucket": ""
  },
  {
    "healthy": true,
    "host": "cod.demo.bitmask.net",
    "ip_addr": "37.218.245.94",
    "ip6_addr": "",
    "load": 0,
    "location": "northbrabant",
    "overloaded": false,
    "port": 4431,
    "transport": "kcp",
    "type": "obfs4",
    "options": {
      "cert": "k0L4LFg0Wk98v7P66xvgAx2ud+kggvjZX/qul3iFTJGH5X7xSHT+vVL4UZR0WI3SkmDzUg",
      "iatMode": "0"
    },
    "bucket": ""
  },
  {
    "healthy": true,
    "host": "mullet.demo.bitmask.net",
    "ip_addr": "37.218.241.208",
    "ip6_addr": "",
    "load": 0,
    "location": "florida",
    "overloaded": false,
    "port": 443,
    "transport": "tcp",
    "type": "obfs4",
    "options": {
      "cert": "k0L4LFg0Wk98v7P66xvgAx2ud+kggvjZX/qul3iFTJGH5X7xSHT+vVL4UZR0WI3SkmDzUg",
      "iatMode": "0"
    },
    "bucket": ""
  },
  {
    "healthy": true,
    "host": "mullet.demo.bitmask.net",
    "ip_addr": "37.218.241.208",
    "ip6_addr": "",
    "load": 0,
    "location": "florida",
    "overloaded": false,
    "port": 4431,
    "transport": "kcp",
    "type": "obfs4",
    "options": {
      "cert": "k0L4LFg0Wk98v7P66xvgAx2ud+kggvjZX/qul3iFTJGH5X7xSHT+vVL4UZR0WI3SkmDzUg",
      "iatMode": "0"
    },
    "bucket": ""
  }
]
$ go run ./cmd/client -c "k0L4LFg0Wk98v7P66xvgAx2ud+kggvjZX/qul3iFTJGH5X7xSHT+vVL4UZR0WI3SkmDzUg" -r 37.218.245.94 -rp 443 -v
2024/08/12 16:16:42 proxyAddr: 127.0.0.1:8080
2024/08/12 16:16:42 obfs4 endpoints: [37.218.245.94:443]
2024/08/12 16:16:42 Update state: STARTING
2024/08/12 16:16:43 Update state: RUNNING
$ ss -ul src 127.0.0.1:8080
State                 Recv-Q                 Send-Q                                 Local Address:Port                                 Peer Address:Port                Process
UNCONN                0                      0                                          127.0.0.1:8080                                      0.0.0.0:*
$ go run ./cmd/client -c "k0L4LFg0Wk98v7P66xvgAx2ud+kggvjZX/qul3iFTJGH5X7xSHT+vVL4UZR0WI3SkmDzUg" -r 37.218.245.94 -rp 4431 -v -kcp
2024/08/12 16:22:11 proxyAddr: 127.0.0.1:8080
2024/08/12 16:22:11 obfs4 endpoints: [37.218.245.94:4431]
2024/08/12 16:22:11 Update state: STARTING
2024/08/12 16:22:11 Dialing kcp://37.218.245.94:4431
2024/08/12 16:22:11 Update state: RUNNING
$ openvpn --remote 127.0.0.1 8080 --proto udp [A BUNCH MORE OPENVPN FLAGS/CONFIGS HERE]
go get -u golang.org/x/mobile/cmd/gomobile
gomobile init
gomobile bind -x -target android -o mobile/android/obfsvpn.aar ./client/