Skip to content

agnostic-t/Tau

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
assets
assets
 
 
client
client
 
 
config
config
 
 
docs
docs
 
 
internal
internal
 
 
server
server
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README_RU.md
README_RU.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

[logo]

English | Русский

Tau

A VPN project built on basic implementations of Neutrino core modules . Tau supports:

  • TCP and HTTP with Nginx mimcry as a data transport over the network
  • Null and xOBFS modes for traffic obfuscation
  • Plain and xOBFS handshake modes
  • Null and Yamux modes for multiplexing
  • Generation of ephemeral keys every N seconds without transferring any information between the client and the server (timeferal keys)

A description of how the algorithms work is on https://docs.worldfreeteam.org

Usage

Setting up and deploying Tau is as simple as possible. All together it takes ~5 minutes. On both the client and the server, you first need to install go (1.26.3)

Installation

Installation is reduced to downloading and compiling:

git clone https://github.com/agnostic-t/tau
cd tau

# For the client
sudo go build client -o /usr/local/bin/taucli ./client/main.go 

# For the server
sudo go build -o /usr/local/bin/tauhost ./server/main.go

Make sure that /usr/local/bin is in the PATH (or change the path where to put the binary)

Setting up

The setup also doesn't differ much between the client and the server. Server's configuration:

{
  "bindIP": "0.0.0.0",
  "externalIP": "1.2.3.4",
  "inbounds": {
    "name": {
      "port": 1234,
      "obfs": {},
      "handshake": {},
      "trans": {},
      "mux": {}
    }
  }
}

bindIP is an IP for binding server localy and externalIP is the IP that can be used to connect to the server from outside.

Detailed settings of the inbounds parameters will be provided below.

Client, it`s more interesting here.:

{
  "lproxy": {
    "socks5": "127.0.0.1:9005"
  },
  "tun": {
    "tun": "tunIF0",
    "main": "mainIF0",
    "gateway": "192.168.1.1",
    "enabled": true
  },
  "filter": {
    "direct": "/path/to/direct/list.txt",
    "block": "/path/to/block/list.txt"
  },
  "selcted": "name",
  "servers": {
    "name": {
      "addr": "1.2.3.4:1234",
      "obfs": {},
      "handshake": {},
      "trans": {},
      "mux": {}
    }
  }
}

As you might notice, the client and the server have 4 identical fields (obfs, handshake, trans and mux). These fields correspondingly determine which protocols will be used for: obfuscation, handshake, transport, and multiplexation.

Each of the 4 fields is filled in as follows:

"obfs": {
  "type": "...",
  "settings": {
    "arg": "value"
  }
}

It is possible to fill in only type, without settings at all. The following settings are currently available:

  1. obfs:

    • type: xobfs or null
      • xobfs obfuscates traffic, null does not. xobfs requires settings
    • settings: for xobfs it is specified:
      • psk: string, obfuscation key

  2. handshake:

    • type: xobfs or plain
      • xobfs changes the number of packets when connecting, has timeferal keys, and obfuscates the target.
      • plain transmits the connection target as plain text
    • settings: needed for xobfs:
      • psk: string, obfuscation key
      • startJunk: Boolean value, whether to use junk packets or not
      • rotateSeconds: the number of times in how many seconds to change the signature of the handshake
      • rotateJunkCount: Boolean value, use timeferal keys to change the number of junk packets or not
      • minJunkPacks: number, minimum number of junk packets
      • maxJunkPacks: number, maximum number of junk packets

  1. trans:

    • type:
      • tcp: basic network data transfering protocol
      • http: implements HTTP-requests mimicry for transfering data acros network. It has settings:
        • referer: valid URL of the server (for example http://127.0.0.1:9001 if inbound is on port 9001)
        • keyPath: path to simulate (for example /api/v1/upload)
        • userAgent: needed only on client, can be anything. For maximum security take it from your browser (for example Mozilla/5.0 (X11; Linux x86_64; rv:151.0) Gecko/20100101 Firefox/151.0)

  2. mux:

    • type: yamux and null are available. The first uses multiplexing (1 physical transport connection for multiple requests), the second does not use multiplexing, opens multiple connections to the server to transfer information.

Launch

Starting after building and configuration is trivial:

taucli /path/to/config.json
tauhost /path/to/config.json

You can wrap the command in nohup ... & for the application to work even with the ssh session closed or the terminal closed (at the client)

Created using neutrino-core

[logo]

About

Simple VPN, based on neutrino-core

Topics

tcp vpn socks5-proxy neutrino-core

Resources

Readme

License

GPL-3.0 license
Activity

Stars

6 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages