Skip to content

vargha1/vrech-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
build
build
 
 
cmd/vrech-cli
cmd/vrech-cli
 
 
frontend
frontend
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.go
app.go
 
 
build-cli.bat
build-cli.bat
 
 
build-cli.sh
build-cli.sh
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
wails.json
wails.json
 
 

Repository files navigation

VRECH Proxy

A powerful, cross-platform DNS-over-HTTPS (DoH) proxy with advanced censorship circumvention features including ECH (Encrypted Client Hello), SNI Fragmentation, and TUN mode support.

Features

  • DNS-over-HTTPS (DoH): Bypass DNS poisoning and censorship
  • HTTP/3 Support: Optional HTTP/3 for DoH queries for better performance
  • Encrypted Client Hello (ECH): Enhanced privacy by encrypting SNI
  • SNI Fragmentation: Bypass DPI-based censorship
  • TUN Mode: System-wide traffic interception (requires admin/root privileges)
  • Cross-Platform: Works on Windows, macOS, and Linux
  • Modern UI: Built with Wails for a native desktop experience
  • Real-time Logging: Monitor proxy activity in real-time

Installation

Option 1: CLI Version (Recommended for Linux/macOS)

The CLI version is a standalone binary that works on all platforms without GUI dependencies.

Download Pre-built Binaries

Download the appropriate binary for your platform from the releases page, or build from source:

# Clone the repository
git clone https://github.com/vargha1/vrech-proxy.git
cd vrech-proxy

# Build CLI for all platforms (Windows)
build-cli.bat

# Or on Linux/macOS
chmod +x build-cli.sh
./build-cli.sh

# Binaries will be in build/cli/

Running the CLI Version

# Linux
./build/cli/vrech-proxy-linux-amd64 -addr 127.0.0.1:8080

# macOS (Intel)
./build/cli/vrech-proxy-darwin-amd64 -addr 127.0.0.1:8080

# macOS (Apple Silicon)
./build/cli/vrech-proxy-darwin-arm64 -addr 127.0.0.1:8080

# Windows
build\cli\vrech-proxy-windows-amd64.exe -addr 127.0.0.1:8080

Option 2: GUI Version (Windows/macOS only)

The GUI version uses Wails and provides a desktop interface. Note: Cross-compilation to Linux is not supported by Wails.

Prerequisites

  • Go 1.24 or later
  • Node.js and npm (for frontend development)
  • Wails CLI: go install github.com/wailsapp/wails/v2/cmd/wails@latest

Building from Source

# Clone the repository
git clone https://github.com/vargha1/vrech-proxy.git
cd vrech-proxy

# Install dependencies
go mod download
cd frontend && npm install && cd ..

# Build the GUI application (Windows/macOS only)
wails build

# The executable will be in ./build/bin/

Usage

Running the Application

# Run in development mode
wails dev

# Or run the built executable
./build/bin/vrech-proxy

Configuration Options

The proxy can be configured via command-line flags or environment variables:

Command-Line Flags

vrech-proxy [options]

Options:
  -addr string
        Proxy listen address (default "0.0.0.0:8080")
  -doh string
        DoH server URL (default "https://cloudflare-dns.com/dns-query")
  -h3
        Use HTTP/3 for DoH (default true)
  -ech
        Enable ECH support (default true)
  -snif
        Enable SNI Fragmentation (default true)
  -tun
        Enable TUN mode (default false)
  -tun-if string
        TUN interface name (default "vdech0")
  -log string
        Log level (default "info")

Environment Variables

  • VRECH_PROXY_ADDR: Proxy listen address
  • VRECH_DOH_SERVER: DoH server URL
  • VRECH_ENABLE_TUN: Enable TUN mode (set to "true")

Using the Proxy

HTTP/HTTPS Proxy Mode

Configure your browser or system to use the proxy:

  • Proxy Address: 127.0.0.1:8080 (or your configured address)
  • Proxy Type: HTTP/HTTPS

TUN Mode

⚠️ Warning: TUN mode requires Administrator/Root privileges!

TUN mode creates a virtual network interface that intercepts DNS traffic system-wide.

Windows:

# Run as Administrator
.\vrech-proxy.exe -tun

macOS/Linux:

# Run with sudo
sudo ./vrech-proxy -tun

Architecture

Components

  • DoH Resolver (pkg/resolver/doh.go): Handles DNS-over-HTTPS queries with caching
  • Proxy Server (pkg/proxy/proxy.go): HTTP/HTTPS proxy with ECH and SNI fragmentation
  • TUN Interface (pkg/proxy/tun.go): System-wide traffic interception
  • Configuration (pkg/config/config.go): Centralized configuration management
  • Frontend: Svelte-based UI for easy configuration and monitoring

How It Works

  1. DNS Resolution: All DNS queries are resolved via DoH, bypassing local DNS servers
  2. ECH Support: For supported domains, ECH configs are fetched via HTTPS records
  3. SNI Fragmentation: TLS ClientHello packets are fragmented to bypass DPI
  4. TUN Mode: Creates a virtual network interface to intercept DNS traffic at the system level

DoH Providers

You can use any DoH provider. Popular options include:

  • Cloudflare: https://cloudflare-dns.com/dns-query
  • Google: https://dns.google/dns-query
  • Quad9: https://dns.quad9.net/dns-query
  • AdGuard: https://dns.adguard.com/dns-query

Platform-Specific Notes

Windows

  • TUN mode requires Administrator privileges
  • The TUN interface name is auto-generated (cannot be customized)
  • Wintun driver is recommended for better performance

macOS

  • TUN mode requires root privileges (sudo)
  • Use ifconfig to verify the TUN interface

Linux

  • TUN mode requires root privileges (sudo)
  • Uses ip command for interface configuration
  • Ensure /dev/net/tun is available

Development

Project Structure

vrech-proxy/
├── app.go                 # Wails application entry point (GUI)
├── main.go               # Main entry point (GUI)
├── cmd/
│   └── vrech-cli/        # CLI version (no GUI dependencies)
│       └── main.go       # CLI entry point
├── pkg/
│   ├── config/          # Configuration management
│   ├── proxy/           # Proxy server and TUN implementation
│   └── resolver/        # DoH resolver
├── frontend/            # Svelte frontend (GUI only)
│   └── src/
│       └── App.svelte   # Main UI component
├── build/               # Build artifacts
│   ├── bin/            # GUI builds (Wails)
│   └── cli/            # CLI builds (cross-platform)
├── build-cli.sh        # Build script for Linux/macOS
└── build-cli.bat       # Build script for Windows

Running Tests

# Run Go tests
go test ./...

# Run with coverage
go test -cover ./...

Building for Different Platforms

# Windows
wails build -platform windows/amd64

# macOS
wails build -platform darwin/amd64

# Linux
wails build -platform linux/amd64

Troubleshooting

TUN Mode Issues

"Failed to create TUN interface":

  • Ensure you're running with Administrator/root privileges
  • On Linux, check if /dev/net/tun exists
  • On Windows, ensure TAP/Wintun drivers are installed

"Failed to configure interface":

  • Check if the IP address 10.0.0.1 is already in use
  • Verify network configuration commands are available (netsh, ifconfig, ip)

DoH Resolution Failures

  • Check your internet connection
  • Try a different DoH provider
  • Disable HTTP/3 if experiencing issues: -h3=false

Proxy Connection Issues

  • Verify the proxy is listening on the correct address
  • Check firewall settings
  • Ensure the port is not already in use

Security Considerations

  • TUN Mode: Requires elevated privileges - use with caution
  • ECH: Only works with domains that support ECH
  • DoH: Encrypts DNS queries but doesn't hide the fact that you're using DoH
  • SNI Fragmentation: May not work against all DPI systems

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

[Your License Here]

Acknowledgments

Disclaimer

This tool is provided for educational and research purposes. Users are responsible for complying with local laws and regulations regarding internet usage and censorship circumvention.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

VRECH Proxy v1.0 – Initial Public Release Latest
Feb 10, 2026

Packages

 
 
 

Contributors

Languages