diff --git a/README.md b/README.md index 3776ad5..9a95485 100755 --- a/README.md +++ b/README.md @@ -6,8 +6,8 @@ An Encrpyted,Anti-Replay,Multiplexed Udp Tunnel,tunnels udp traffic through fake [简体中文](/doc/README.zh-cn.md) ### Send/Recv Udp Packet as Raw Packet with TCP header,ICMP header Which can help you bypass udp blocking or udp QOS or just poorly supported udp NAT behavior by some ISP. Raw packet with UDP header is also supported,in this way you can just make use of the encrpyting and anti-replay feature. -### Encrpytion and Anti-Replay -encrypt your traffic with aes128cbc,protects data integrity by md5 or crc32,protect replay attack with an anti-replay window smiliar to ipsec/openvpn. +### Encrpytion,Anti-Replay,Anti-MITM +encrypt your traffic with aes128cbc,protects data integrity by md5 or crc32,protect replay attack with an anti-replay window smiliar to ipsec/openvpn.Client and server use pre shared secret to verify each other,man-in-the-middle is impossible. ### Simulated TCP Handshake simulated 3-way handshake,simluated seq ack_seq. Simluated tcp options:MSS,sackOk,TS,TS_ack,wscale. Provides real-time delivery ,no tcp over tcp problem when using openvpn. ### Connnection Failure Dectection & Recover @@ -26,7 +26,7 @@ Openwrt Supported,no dependence package,easy to compile,ar71xx binary included i bypass udp qos,bypass udp blocking,openvpn tcp over tcp problem,openvpn over icmp,udp to icmp tunnel,udp to tcp tunnel,udp via icmp,udp via tcp # Getting Started ### Prerequisites -linux host,root access. if you want to use it on window,you can use VMware(both bridged mode and nat mode are supported). +linux host(include desktop linux,openwrt router,raspberry pi),root access. if you want to use it on window,you can use VMware(both bridged mode and nat mode are supported). ### Installing download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases ### Running @@ -120,12 +120,12 @@ raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5 3. openvpn over icmp also becomes a choice more details at [openvpn+udp2raw_guide](/doc/openvpn_guide.md) -### tunneling kcptun -make kcptun support tcp mode. +### speed-up tcp connection via raw traffic by using udp2raw+kcptun +kcptun is a tcp connection speed-up program,it speeds-up tcp connection by using kcp protocol on-top of udp.by using udp2raw,you can use kcptun while udp is QoSed or blocked. (kcptun, https://github.com/xtaci/kcptun) -### tunneling finalspeed -finalspeed 's tcp mode doesnt work on openvz VPS.you can use finalspeed 's udp mode,and tunnel udp through tcp with this tunnel. +### speed-up tcp connection via raw traffic by using udp2raw+finalspeed +finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up tcp connection by using kcp protocol on-top of udp or tcp.but its tcp mode doesnt support openvz,you can bypass this problem if you use udp2raw+finalspeed together,and icmp mode also becomes avaliable. # Related work ### kcptun-raw diff --git a/doc/README.zh-cn.md b/doc/README.zh-cn.md index 310a8f8..8df5c68 100644 --- a/doc/README.zh-cn.md +++ b/doc/README.zh-cn.md @@ -14,16 +14,18 @@ https://github.com/wangyu-/UDPspeeder ### 把udp流量伪装成tcp /icmp 用raw socket给udp包加上tcp/icmp包头,可以突破udp流量限制或Udp QOS。或者在udp nat有问题的环境下,提升稳定性。  另外也支持用raw 发udp包,这样流量不会被伪装,只会被加密。 -### 加密 防重放攻击 +### 加密 防重放攻击 防中间人攻击 用aes128cbc加密,md5/crc32做数据完整校验。用类似ipsec/openvpn的 replay windows机制来防止重放攻击。 -设计目标是,即使攻击者可以监听到tunnel的所有包,可以选择性丢弃tunnel的任意包,可以重放任意包;攻击者也没办法获得tunnel承载的任何数据,也没办法向tunnel的数据流中通过包构造/包重放插入任何数据。 +设计目标是,即使攻击者可以监听到tunnel的所有包,可以选择性丢弃tunnel的任意包,可以重放任意包;攻击者也没办法获得tunnel承载的任何数据,也没办法向tunnel的数据流中通过包构造/包重放插入任何数据。udp2raw client和server用预分配密钥(pre-shared secret)互相认证,无法被中间人攻击。 + + ### 模拟TCP3次握手 模拟TCP3次握手,模拟seq ack过程。另外还模拟了一些tcp option:MSS,sackOk,TS,TS_ack,wscale,用来使流量看起来更像是由普通的linux tcp协议栈发送的。 ### 心跳保活、自动重连,连接快速恢复,单向链路失效检测 -心跳保活、自动重连,udp2raw重连可以恢复上次的连接,重连后上层连接继续有效,底层掉线上层不掉线。有效解决上层连接断开的问题。 (功能借鉴自[kcptun-raw](https://github.com/Chion82/kcptun-raw)) +心跳保活、自动重连,udp2raw重连可以恢复上次的连接,重连后上层连接继续有效,底层掉线上层不掉线。有效解决上层连接断开的问题。 (功能借鉴自[kcptun-raw](https://github.com/Chion82/kcptun-raw))(**就算你拔掉网线重插,或者重新拨号获得新ip,上层应用也不会断线**) Client能用单倍的超时时间检测到单向链路的失效,不管是上行还是下行,只要有一个方向失效就能被client检测到。重连只需要client发起,就可以立即被server处理,不需要等到server端的连接超时后。