krlvm / powertunnel Goto Github PK
View Code? Open in Web Editor NEWPowerful and extensible proxy server with anti-censorship functionality
License: GNU General Public License v3.0
Powerful and extensible proxy server with anti-censorship functionality
License: GNU General Public License v3.0
Собственно сабж.
В новом PT выскакивает запрос на сохранение настроек (в том числе и в панели плагинов) даже без их изменения.
When trying to launch Powertunnel v2.0 or above the program crashes with following output/error :
Windows 10 with AdoptOpenJDK 11,16,17 :
PowerTunnel version 2.2
Powerful and extensible proxy server
(c) krlvm, 2019-2022
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
Linux with JRE 11,16 :
PowerTunnel version 2.2
Powerful and extensible proxy server
(c) krlvm, 2019-2022
usage: PowerTunnel
--auth-password set proxy authorization password
--auth-username set proxy authorization username
--cfg set preference value
--disable-updater disable Update Notifier
--enable-logging enable logging to file
--help display help
--ip set proxy server IP address
--port set proxy server port
--start start proxy server after load
--upstream-auth-username set upstream proxy password
--upstream-proxy-host set upstream proxy host
--upstream-proxy-port set upstream proxy port
--version print version details
Как на десктопном PT запустить прокси одновременно на локалхосте и основном интерфейсе (ip-адресе) ? Два параметра ip исключают друг друга и PT применяет прописанный последним.
PowerTunnel version 2.0.1
Powerful and extensible proxy server
(c) krlvm, 2019-2022
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
Exception in thread "main" java.lang.reflect.InaccessibleObjectException: Unable to make field private static java.lang.String sun.awt.X11.XToolkit.awtAppClassName accessible: module java.desktop does not "opens sun.awt.X11" to unnamed module @5c663359
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178)
at java.base/java.lang.reflect.Field.setAccessible(Field.java:172)
at io.github.krlvm.powertunnel.desktop.utilities.UIUtility.setAWTName(UIUtility.java:95)
at io.github.krlvm.powertunnel.desktop.Main.main(Main.java:213)
hello, I am the writer of https://github.com/arloor/HttpProxy.
I found this project after you starred my project. As many people know, China government does Internet censorship for a long time. Many chinese developers have developed a lot of ways to pass it, like shadowsocks, v2ray, trojan and so on. My "Httpproxy" is one of them.
I want to explain how my HttpProxy pass the censorship: encrypt any traffic over TLS. We know https is "Http over TLS". My HttpProxy is "Http proxy over TLS".
httpproxy has a request called CONNECT。 http proxy over CONNECT encrypts every traffic over TLS, and when seeing inside, it looks like normal https requst to the SNI host。
For a long time, I want to write a android app which can pass china Internet censorship. Maybe we can Cooperate to do this.
My telegram is https://t.me/popstarya. I wait for your reply.
sorry for my poor English
В билде 1.14 появился дубликат опции "port". Там была другая опция или это просто дубликат ?
pem
to /etc/pki/ca-trust/source/anchors
cp mycert.pem /etc/pki/ca-trust/source/anchors/mycert.pem
/etc/pki/ca-trust/source/anchors/
, then run update-ca-trust
This will reload all of the trusted certificates, including the one you added.
Currently there is no startup service. If program is left running, on restart we need to either start server manually or disable configured proxy for internet to work.
To solve this issue you can create a service which when enabled:
Another improvement would be to create an option to not minimize on close. For permanent setup, service will be registered in Windows 10 which will be more convenient.
Hi, I've been using its mobile version since 4~ months and it works flawlessly, but I can not make it work on Linux desktop even though I am using the same settings that I use on phone.
I might have messed with some settings that made it just not work on any network.
I reset the powertunnel settings made sure Java is up to date and everything so its probably my computer but I'm not sure how to fix it.
The proxy server is inresponsive when I ping it with cmd ping 127.0.0.1:8085
I don't know if thats normal.
For the first time it was able to to bypass DPI easily and there was nothing wrong with it what so ever but now its just not working.
I tried 2 other DPI blockers and they also seem to not work.
If you have any clue as to what happened it would be very cool if you help out, thx.
PS. I tested it on internet explorer its working fine, but chrome doesnt.
Starting the server gives the error -
Failed to load data store: government-blacklist.txt(access is denied).
I have opened with java and the options button doesnt open the option menu. its powertunnel v 1.1.4.
Hello there, I have created a docker container for PowerTunnel so that people can deploy it onto their NAS/Home server so that whole network can get PowerTunnel proxy. I would suggest adding a link to docker hub so it would be easy for anyone to deploy.
Links:
Docker Hub
Source
Немного не понял, что подразумевается под "Installable Root CA (.cer) now generates automatically on Windows" - теперь сертификат будет ставиться автоматом ? А ранее сгенерированные сертификаты будут валидны ?
i tried running power tunnel v2.0 Preview 2 on ubuntu 20.04 but nothing happens, no UI pops up, i haven't tried with command line, but it doesn't seem to work, i use use java 11
I'm hoping to run on Linux headless. Does the jar support CLI mode?
It would really Awsome if we can use PowerTunnel with OpenWRT since this will allow the whole network to bypass DPI. This way many smart home device like Smart TV etc will able to access DPI blocked sites. An OpenWRT Web Version App would be really nice.
when i dont use powertunnel, the internet isnt working
it says :
No internetThere is something wrong with the proxy server, or the address is incorrect.
Try:
Contacting the system admin
Checking the proxy address
Running Windows Network Diagnostics
ERR_PROXY_CONNECTION_FAILED
so i have to start powertunnel everytime.. can someone help me?
I guess in v2.0 monitor already has been deleted, so having mentions of it in wiki is useless
https://github.com/krlvm/PowerTunnel/wiki
https://github.com/krlvm/PowerTunnel/wiki/PowerTunnel-Monitor
Hello,
I have no problem with the DPI, I am using this tool for the "Fake SNI" feature. Without it, it's working fine. But when I enable Fake SNI, internet doesn't work at all, both on my Windows PC and Android 11 Phone.
On Windows it keeps saying ERR_TOO_MANY_REDIRECTS
, while on Android it says that [all websites] are unsafe, with that "continue anyway" option that doesn't work too.
I think it has to do with the CA certificates, but I am not sure where is it going wrong, I am following the steps from the Wiki page on installing those certificates, and it won't work still.
Any idea what should I do? Thanks in advance.
Not working for me anymore. For multiple sites which are confirmed to be censored, chrome shows ERR_TUNNEL_CONNECTION_FAILED
on default powertunnel settings.
Is it possible to add IPv6 support to powertunnel, as the web is moving towards it and IPv4 addresses are already reaching their limit afaik goodbyedpi doesn't support ipv6.
After compiling libertytunnel, I ran the jar file and met this error:
LibertyTunnel version 1.0
Simple, scalable, cross-platform and effective solution against government censorship
https://github.com/krlvm/PowerTunnel/tree/libertytunnel
Base PowerTunnel version: 1.7.2 | https://github.com/krlvm/PowerTunnel
(c) krlvm, 2019-2020
[#] Loaded '0' patches
Exception in thread "main" java.lang.NullPointerException
at java.util.AbstractCollection.addAll(AbstractCollection.java:343)
at ru.krlvm.powertunnel.PowerTunnel.bootstrap(PowerTunnel.java:173)
at ru.krlvm.powertunnel.PowerTunnel.safeBootstrap(PowerTunnel.java:156)
at ru.krlvm.powertunnel.PowerTunnel.main(PowerTunnel.java:151)
Process finished with exit code 1
Could you check it? Thanks.
Edit: turns out I have to put something to the txt file.
App bar name is invalid in GNOME
Originally posted by @msekmfb in #12 (comment)
С английским у меня туговато, так что лучше я буду на русском писать.
Решил потестить PowerTunnel под win, раз тулза под андроидом оказалась вполне работоспособным способом обхода, но почему-то по http до рутрекера достучаться не удалось, как не игрался с настройками и не перезапускал сервер. По https сайт без проблем открывается, а по http в консоль сыпется вот такое :
[i] GET / rutracker.org
[+] Trying to bypass DPI: rutracker.org
1375797 [LittleProxy-4-ProxyToServerWorker-0] INFO org.littleshoot.proxy.impl.ProxyToServerConnection - (AWAITING_INITIAL) [id: 0xc3bac531, L:/192.168.1.230:20841 - R:rutracker.org/195.82.146.214:80]: An IOException occurred on org.littleshoot.proxy.impl.ProxyToServerConnection: Удаленный хост принудительно разорвал существующее подключение
1375803 [LittleProxy-4-ProxyToServerWorker-0] INFO org.littleshoot.proxy.impl.ProxyToServerConnection - (AWAITING_INITIAL) [id: 0xc3bac531, L:/192.168.1.230:20841 - R:rutracker.org/195.82.146.214:80]: Disconnecting open connection to server
1389639 [LittleProxy-4-ClientToProxyWorker-0] INFO org.littleshoot.proxy.impl.ClientToProxyConnection - (AWAITING_INITIAL) [id: 0xb6cc1cba, L:/127.0.0.1:8085 - R:/127.0.0.1:20840]: An IOException occurred on ClientToProxyConnection: Удаленный хост принудительно разорвал существующее подключение
с PowerTunnel под Android проблем с обходом блокировки http на том же провайдере и втой же сети не было.
I updated PowerTunnel from v1 to v2.2.1. I'm trying to launch PowerTunnel on my Pi 4 with some parameters to bind the IP port. However it always displays the help message:
dietpi@DietPi:~/PowerTunnel$ java -jar PowerTunnel.jar --console --start --ip 192.168.1.7
PowerTunnel version 2.2.1
Powerful and extensible proxy server
(c) krlvm, 2019-2022
usage: PowerTunnel
--auth-password <arg> set proxy authorization password
--auth-username <arg> set proxy authorization username
--cfg <arg> set preference value
--disable-updater disable Update Notifier
--enable-logging enable logging to file
--help display help
--ip <arg> set proxy server IP address
--port <arg> set proxy server port
--start start proxy server after load
--upstream-auth-username <arg> set upstream proxy password
--upstream-proxy-host <arg> set upstream proxy host
--upstream-proxy-port <arg> set upstream proxy port
--version print version details
Another example:
dietpi@DietPi:~/PowerTunnel$ java -jar PowerTunnel.jar --console
PowerTunnel version 2.2.1
Powerful and extensible proxy server
(c) krlvm, 2019-2022
usage: PowerTunnel
--auth-password <arg> set proxy authorization password
--auth-username <arg> set proxy authorization username
--cfg <arg> set preference value
--disable-updater disable Update Notifier
--enable-logging enable logging to file
--help display help
--ip <arg> set proxy server IP address
--port <arg> set proxy server port
--start start proxy server after load
--upstream-auth-username <arg> set upstream proxy password
--upstream-proxy-host <arg> set upstream proxy host
--upstream-proxy-port <arg> set upstream proxy port
--version print version details
If I run it without any parameters, PowerTunnel runs (but it doesn't accept traffic from other LAN devices):
dietpi@DietPi:~/PowerTunnel$ java -jar PowerTunnel.jar
PowerTunnel version 2.2.1
Powerful and extensible proxy server
(c) krlvm, 2019-2022
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
> 17:19:01.511 [main] INFO i.g.k.p.PowerTunnel - Registered plugin 'LibertyTunnel' [libertytunnel] v1.0.2 (3) by krlvm
17:19:01.528 [main] INFO i.g.k.p.PowerTunnel - Registered plugin 'DNS' [dns] v1.0.2 (3) by krlvm
17:19:01.562 [main] INFO i.g.k.p.p.l.LibertyTunnel - Loading local blacklist...
17:19:01.564 [main] INFO i.g.k.p.p.l.LibertyTunnel - Loaded 10 blocked websites
17:19:01.576 [main] INFO i.g.k.p.LittleProxyServer - Starting LittleProxy Server...
17:19:01.912 [main] INFO o.l.p.i.DefaultHttpProxyServer - Starting proxy at address: /127.0.0.1:8085
17:19:02.002 [main] INFO o.l.p.i.DefaultHttpProxyServer - Proxy listening with TCP transport
17:19:02.321 [main] INFO o.l.p.i.DefaultHttpProxyServer - Proxy started at address: /127.0.0.1:8085
17:19:02.322 [main] INFO i.g.k.p.LittleProxyServer - LittleProxy Server is listening at 127.0.0.1:8085
17:19:02.323 [main] INFO i.g.k.p.d.a.DesktopApp - Serving at 127.0.0.1:8085
If a blocked site (mostly iptv sites using that) has a main site in 80 port but iptv (or playlist) server on 8000 or 8080 port powertunnel works good on 80 port site/dashboard but " Hmmm… can't reach this page / The connection was reset ." error happens on port 8000 (or 8080) site.
I have same issue on windows goodbyedpi. I hope it can be implemented somehow because It would also solve some internet radio streams not opening when powertunnel on...
Не хотят грузиться изображения с лостфильма. Сам сайт через PowerTunnel грузится, а пикчи - нет. http://sendpic.org/view/1/i/3v22k73aeU6YJNmTviEdLPxMvVp.jpg
Пикчи расположены на хосте static.lostfilm.tv, например https://static.lostfilm.tv/Images/407/Posters/icon.jpg
Вот что говорит curl :
curl -A "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0" -svkL -x 127.0.0.1:8085 "https://static.lostfilm.tv/Images/407/Posters/icon.jpg"
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8085 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to static.lostfilm.tv:443
> CONNECT static.lostfilm.tv:443 HTTP/1.1
> Host: static.lostfilm.tv:443
> User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Connection: keep-alive
< Via: 1.1 HostPC
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [216 bytes data]
* CONNECT phase completed!
* CONNECT phase completed!
{ [5 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [104 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2806 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [365 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [102 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to static.lostfilm.tv:443
* stopped the pause stream!
* Closing connection 0
настройки использовал базовые
javaw -jar PowerTunnel.jar -start -console -disable-updater
http.mix-host-case.bool=true
powertunnel.government-blacklist-mirror=
server.auto-setup.bool=false
https.chunking.size.int=2
http.payload.length.int=0
server.ip=127.0.0.1
https.chunking.full.bool=true
dns.doh.address=
server.port.int=8085
dns.dnssec.enabled.bool=false
powertunnel.journal.enabled=false
http.invalid-packets.allow=true
I am using Chromium on Linux, so I set proxy system-wide, it PowerTunnel works good but whenever I am afk I have to reset proxy server, if I dont it wont work.
What about giving an option to circumventDPI without filling government-blacklist.txt. Thank you
hi,
i have tried every possible setting but not able to bypass FortiGuard firewall.
if anybody know what could be the correct settings please comment on this issue.
thanks
При запуске PowerTonnel при активации опций SNI из консоли не создаёт сертификаты в директории программы. Только после активации этих опций из GUI.
Можно добавить ключ запуска, чтобы PowerTunnel запускался сразу свернутым в трэй?
В принципе можно перенаправить stdout/stderr в файлы (или всё вместе) для логгирования, но если бы лог(и) писались включением отдельной опции было бы намного проще.
Лучше всего, имхо, сделать отдельный лог на сессию с датой и временем в подпапке типа "logs" в директории программы :)
Could you implement --wrong-chksum mode from GoodByeDPI? I believe this feature will resolve many "not working in " issues
Thanks for developing this awesome app. I have JDK14+JDK8+JRE installed. When i run Powertunnel, javaw.exe increases to 400mb (enabled), 85mb (disabled). Is there any way to reduce this or choose to use JRE instead of JDK?
https://ntc.party/t/http-headers-tls-padding-as-a-censorship-circumvention-method/168/2
The idea is to fill TLS ClientHello with lots of padding (14+ kB), adding SNI extension only after the padding. This method, compared to strip-sni or replace-sni, correctly works with ~all servers.
DPI systems usually have limited reassembly buffer which rarely exceed 8 kB, that's why it's effective to overflow it.
When I disable "allow ignoring DNS server on failure", no matter what settings of DNS I use not a single site works, chrome returns with "This page isn’t working".
When I enable "allow ignoring DNS server on failure", no matter what DNS settings I chose, this application uses my default ISP DNS.
tl;dr this application either uses my default ISP DNS or it fails to resolve any domain
Hello, i try to follow the setup instructions but it doesnt work in my laptop. I dont really understand about the step. Maybe u can make a tutorial vid or step by step with screenshoot image? This is awesome! Thanks for the power tunnel idea. It really works in android phone. But i start to implement it to my laptop and android tv too, it still doesnt work. 👍
Недавно обнаружил, что PT на Android позволяет обходить блокировку по http с опцией "inserts a line break before 'GET' method (перенос перед GET)", решил перепроверить эту опцию на десктопе (хотя я там ранее уже всё перепробовал) и как и следовало ожидать, продолжил напарываться на заглушку провайдера (почему - хз).
В итоге в PT на Android у меня работает обход по http, а на десктопе по https :D
Что делают ключи disable-native-lf и disable-ui-scaling ?
Первый вроде как должен отключать перевод строки (хотя я таки не понял где), а второй масштабирование. Вот только изменений в исходнике страницы UI (сливал через curl в файл), что с disable-native-lf и disable-ui-scaling, что без них не обнаружил. В браузере соотвественно изменений тоже не обнаружил.
p.s.
Пока разбирался с UI, в один из перезапусков, переключаясь с ключей -disable-ui-scaling и -disable-updater словил в UI при их отключении
"Bad Gateway: http://powertunnelmonitorabc111.info/"
и так повторялось несколько раз перезапуская.
Когда включил с disable-ui-scaling (кажется это был он, хотя это мог быть и disable-native-lf), всё заработало нормально, а потом после очередного рестарта PowerTunnel'я его UI стало работать номально без этого ключа.
Это наверное надо было в отдельное issue выделить ?
Собственно сабж.
А т.к. у меня там фейк - заглушка с несуществующим прокси, я получаю вот такую ошибку :
23:54:24.053 [Main App Update Checking Thread] WARN io.github.krlvm.powertunnel.desktop.updater.UpdateNotifier - Failed to check for updates: https://raw.githubusercontent.com/krlvm/PowerTunnel/tree/next/master/VERSION
ну и огромный выхлоп jav'ы в довесок
As soon as I turn off the server, my internet stops working. I reboot the modem - the internet still doesn't work. I close the program, restart the server - it doesn't matter. As soon as I turn off the server, the Internet does not work.
Обратил внимание, что в консоль сыпется куда больше полезной информации, которой нет во встроенном логе. А это оказывается stderr. А в лог отправляется лишь stdout, который в консоли тоже есть. Мб стоит stderr во встроенном логе тоже писать ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.