-
Proxy services with TCP-traffic redirection to external Socks4/5, HTTP (CONNECT) and SSH2* proxy servers
- Transparent firewall-based traffic redirector
- Internal Socks and HTTP proxy server
* Requires libssh2 library
-
Supported platforms:
OS PF ip/nftables macOS ✅ ⬜ FreeBSD ✅ ⬜ OpenBSD ✅ ⬜ Linux ⬜ ✅ Windows WSL2 ⬜ ✅ -
Main features
Transparent proxy Socks5 Socks4 HTTP* SSH2 Proxy protocol ✅ ✅ ✅ ✅ Proxy chains ✅ ✅ ✅ ⬜** Proxy workload balancer ✅ ✅ ✅ ✅ Authentication ✅ ⬜ ✅ ✅ IPv6 stack support ✅ ⬜ ✅ ✅ Remote names resolution: NS-Warp ✅ ⬜ ✅ ✅ * HTTP Connect method is implemented
** Only one SSH2 proxy server allowed per chainInternal proxy Socks5 HTTP* Proxy protocol ✅ ✅ Proxy chains ✅ ✅ Proxy workload balancer ✅ ✅ Authentication ⬜ ⬜ IPv6 stack support ✅ ✅ Remote names resolution ✅ ✅ * HTTP Connect method is implemented
-
Miscellaneous features
- Deep Packet Inspections bypass (обход замедления/блокировки, например, YouTube)
- Simple configuration structure as INI-like file
- Password encoding (obfuscation) in configuration files
- Daemon mode
- Front-end UI
- Installation script (via Makefile)
-
TODO
- UDP support
- Socks4a protocol support (?)
- OS specific
select
alternatives:epol
/kqueue
- Faster NS-Warp
- Documentation
Attention! To incorporate HTTP proxy service, socks_*
variables in ts-warp.ini
are replaced by proxy_*
ones.
The deprecated variables will be eventually removed in the further releases
See it here
# If SSH2 proxy support is required, install https://libssh2.org library first, then download ts-warp:
git clone https://github.com/mezantrop/ts-warp ts-warp.src && cd ts-warp.src
# `configure` script understands a number of environmental variables. You can force setting values to:
# `PREFIX`, `WITH_TCP_NODELAY`, `WITH_LIBSSH2`, `USER`, otherwise they will be auto-detected.
./configure && make && sudo make install clean
# Copy and edit configuration files
sudo cp /usr/local/etc/ts-warp.ini.sample /usr/local/etc/ts-warp.ini && sudo vi /usr/local/etc/ts-warp.ini
# on *BSD and macOS
sudo cp /usr/local/etc/ts-warp_pf.conf.sample /usr/local/etc/ts-warp_pf.conf
sudo vi /usr/local/etc/ts-warp_pf.conf
# on Linux with nftables
sudo cp /usr/local/etc/ts-warp_nftables.sh.sample /usr/local/etc/ts-warp_nftables.sh
sudo vi /usr/local/etc/ts-warp_nftables.sh
# on Linux with iptables
sudo cp /usr/local/etc/ts-warp_iptables.sh.sample /usr/local/etc/ts-warp_iptables.sh
sudo vi /usr/local/etc/ts-warp_iptables.sh
# on Windows WSL2 (Ubuntu) with iptables; Required packages for CLI: clang/gcc, make. For GUI-Warp: python3-tk
wsl --set-default-version 2
sudo cp /usr/local/etc/ts-warp_iptables.sh.sample /usr/local/etc/ts-warp_iptables.sh
sudo vi /usr/local/etc/ts-warp_iptables.sh
You can control, e.g. start, stop ts-warp
daemon using ts-warp.sh
script. Under root privileges or sudo
run:
# <PREFIX>/etc/ts-warp.sh start|stop|reload|restart [options]
# <PREFIX>/etc/ts-warp.sh status
For example:
sudo /usr/local/etc/ts-warp.sh start
sudo /usr/local/etc/ts-warp.sh stop
After succesfull start, TS-Warp transparently redirects traffic according to the configuration specified in
ts-warp.ini
and firewall rules. Also, TS-Warp spawns Socks5 proxy server at localhost:10800
and HTTPS proxy
(CONNECT method) at localhost:8080
.
All the ts-warp command-line options can be listed using $ ts-warp -h
:
Usage:
ts-warp -T IP:Port -S IP:Port -H IP:Port -c file.ini -l file.log -v 0-4 -t file.act -d -p file.pid -f -u user -h
Version:
TS-Warp-X.Y.Z
All parameters are optional:
-T IP:Port Local IP address and port for incoming Transparent requests
-S IP:Port Local IP address and port for internal Socks server
-H IP:Port Local IP address and port for internal HTTP server
-l file.log Main log filename
-v 0..4 Log verbosity level: 0 - off, default: 3
-t file.act Active connections and traffic log
-d Daemon mode
-p file.pid PID filename
-f Force start
-u user A user to run ts-warp, default: nobody
-h This message
ts-warp.sh
respects ts-warp
daemon options. For example, to temporary enable more verbose logs, restart ts-warp
with -v 4
option:
sudo /usr/local/etc/ts-warp.sh restart -v 4
ts-warp
understands several signals:
SIGHUP
signal as the command to reload configurationSIGUSR1
to display current configuration state. Note, load balancer can dynamically reorder configuration sectionsSIGUSR2
to show active clients connection status and traffic statsSIGINT
to stop the daemon.
Use ts-pass
to encode passwords if requred. See examples in ts-warp.ini
The GUI front-end application to control ts-warp
daemon can be installed from the gui
directory:
cd gui
sudo make install
Optionally. Set PREFIX
, to use a different installation target in the make
command above:
sudo make install PREFIX=/path/to/install
To start the GUI run:
sudo -b <PREFIX>/bin/gui-warp.py
Note, Python 3 interpreter with tkinter
support is required to run the GUI frontend.
Check releases and download macOS standalone precompiled application. Read related README.md for information and instructions.
According to SpoofDPI project, sending the first 1 byte of a request to the server, and then sending the rest of the data can help to bypass Deep Packet Inspections of HTTPS.
To bypass DPI, start TS-Warp with -D 0..512
flag, e.g., sudo /usr/local/etc/ts-warp.sh start -D 2
to enable packet
fragmentation.
For the GUI-warp
, edit ~/ts-warp/etc/gui-warp.ini
to add -D
to daemon_options
variable, e.g: daemon_options = -D 2
Then use TS-Warp
normally in Transparent
mode, or point your browser to TS-Warp
Internal HTTP(S)
proxy at
127.0.0.1:8080
or SOCKS5
proxy at 127.0.0.1:7080
.
Not so early stage of development, yet don't expect everything to work properly. If you have an idea, a question, or have found a problem, do not hesitate to open an issue or mail me: Mikhail Zakharov [email protected]
Many thanks to contributors of the project