All Projects → eycorsican → Leaf

eycorsican / Leaf

Licence: apache-2.0
A lightweight and fast proxy utility tries to include any useful features.

Programming Languages

rust
11053 projects

Projects that are alternatives of or similar to Leaf

Blinksocks
A framework for building composable proxy protocol stack.
Stars: ✭ 587 (+10.75%)
Mutual labels:  proxy, tcp, shadowsocks, udp, vmess, tls
V2ray Core
A platform for building proxies to bypass network restrictions.
Stars: ✭ 13,438 (+2435.47%)
Mutual labels:  proxy, vpn, shadowsocks, vmess, trojan
New Pac
翻墙-科学上网、免费翻墙、免费科学上网、免费自由上网、fanqiang、翻墙梯子、免费软件/方法,一键翻墙浏览器,免费shadowsocks/ss/ssr/v2ray/goflyway账号/节点分享,vps一键搭建翻墙服务器脚本/教程,电脑、手机、iOS、安卓、windows、Mac、Linux、路由器翻墙
Stars: ✭ 31,869 (+5913.02%)
Mutual labels:  proxy, vpn, shadowsocks, vmess, trojan
Dosvpn
🚀 极速、简单、开源的 VPN 访问外网学习先进科学技术的必备工具
Stars: ✭ 485 (-8.49%)
Mutual labels:  proxy, vpn, shadowsocks, vmess, trojan
Kuhero
websocket proxy on heroku
Stars: ✭ 192 (-63.77%)
Mutual labels:  shadowsocks, socks, vmess, trojan
Free
翻墙、免费翻墙、免费科学上网、免费节点、免费梯子、免费ss/v2ray/trojan节点、蓝灯、谷歌商店、翻墙梯子
Stars: ✭ 16,689 (+3048.87%)
Mutual labels:  vpn, vmess, trojan, shadowsocks
Gobetween
☁️ Modern & minimalistic load balancer for the Сloud era
Stars: ✭ 1,631 (+207.74%)
Mutual labels:  proxy, tcp, udp, tls
Gap Proxy
gap-proxy 是一个加速网络的 SOCKS5 安全代理工具。
Stars: ✭ 144 (-72.83%)
Mutual labels:  proxy, tcp, udp, socks
V2ray Core
A platform for building proxies to bypass network restrictions.
Stars: ✭ 38,782 (+7217.36%)
Mutual labels:  proxy, shadowsocks, socks, vmess
Brook
Brook is a cross-platform strong encryption and not detectable proxy. Zero-Configuration. Brook 是一个跨平台的强加密无特征的代理软件. 零配置.
Stars: ✭ 12,694 (+2295.09%)
Mutual labels:  proxy, vpn, shadowsocks, socks
Proxysu
Xray,V2ray,Trojan,NaiveProxy, Trojan-Go, ShadowsocksR(SSR),Shadowsocks-libev及相关插件,MTProto+TLS 一键安装工具,windows下用(一键科学上网)
Stars: ✭ 3,309 (+524.34%)
Mutual labels:  proxy, vpn, shadowsocks, trojan
Integrated Examples
以Xray或v2ray为主、caddy或nginx为辅,结合trojan或trojan-go及naiveproxy等打造科学上网的优化配置及最优组合示例,分享给大家食用及备份。
Stars: ✭ 249 (-53.02%)
Mutual labels:  shadowsocks, socks, vmess, trojan
Netch
A simple proxy client
Stars: ✭ 10,297 (+1842.83%)
Mutual labels:  shadowsocks, vmess, trojan, socks
Awesome Vpn
Free VPN/proxy,server,account,link list.,实时更新免费的代理,科学上网,翻墙,梯子,服务器,客户端,账号
Stars: ✭ 2,691 (+407.74%)
Mutual labels:  proxy, vpn, shadowsocks, trojan
Winxray
Xray / V2Ray( vmess/vless )、Shadowsocks、Trojan 通用客户端(Windows),可自动维持稳定上网 - 代理服务器异常自动切换,并提供一键部署代理服务端工具,使用 aardio 编写,绿色便携版免安装仅740KB、不需要.Net等外部运行库。
Stars: ✭ 241 (-54.53%)
Mutual labels:  proxy, shadowsocks, vmess, trojan
Fq Book
📖《这本书能让你连接互联网》详细阐述代理、隧道、VPN运作过程,并对GFW策略如:地址端口封锁、服务器缓存投毒、数字验证攻击、SSL连接阻断做相关的原理说明
Stars: ✭ 2,393 (+351.51%)
Mutual labels:  proxy, vpn, tcp, shadowsocks
v2ray-free
Fuck gfw,免费翻墙,每天更新
Stars: ✭ 221 (-58.3%)
Mutual labels:  shadowsocks, vpn, trojan, vmess
Proxy admin free
Proxy是高性能全功能的http代理、https代理、socks5代理、内网穿透、内网穿透p2p、内网穿透代理、内网穿透反向代理、内网穿透服务器、Websocket代理、TCP代理、UDP代理、DNS代理、DNS加密代理,代理API认证,全能跨平台代理服务器。
Stars: ✭ 487 (-8.11%)
Mutual labels:  proxy, tcp, shadowsocks, udp
gost
GO Simple Tunnel - a simple tunnel written in golang
Stars: ✭ 8,395 (+1483.96%)
Mutual labels:  tls, udp, shadowsocks
Nps
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
Stars: ✭ 19,537 (+3586.23%)
Mutual labels:  tcp, udp, socks

releases ci

Leaf

A lightweight and fast proxy utility tries to include any useful features.

Features

Inbounds are proxy servers and outbounds are clients.

  • HTTP inbound supports CONNECT method

  • SOCKS 5 inbound and outbound with UDP ASSOCIATE support

  • TUN inbound

  • Trojan inbound and outbound

  • Direct outbound sends a proxy request directly to it's destination

  • Drop outbound rejects a proxy request

  • Shadowsocks outbound

  • VMess outbound

  • WebSocket inbound and outbound

  • TLS outbound

  • H2 outbound

  • Chain inbound and outbound for chaining other inbounds and outbounds

  • Failover outbound tries a proxy request on a group of outbounds one by one

  • Random outbound sends a proxy request to one of the outbounds randomly

  • Tryall outbound tries a proxy request on a group of outbounds simultaneously

  • A router routes requests from inbounds to outbounds base on domain or IP rules

  • Full cone NAT

  • TUN-based transport proxy

  • Fake DNS

  • Load balancing / high availability through failover/random/tryall outbounds

Getting Started

A local HTTP server redirects accepted requests to a SOCKS 5 server:

{
    "inbounds": [
        {
            "address": "127.0.0.1",
            "port": 1087,
            "protocol": "http"
        }
    ],
    "log": {
        "level": "trace"
    },
    "outbounds": [
        {
            "protocol": "socks",
            "settings": {
                "address": "127.0.0.1",
                "port": 1080
            }
        }
    ]
}

A SOCKS 5 server sends out accepted requests directly:

{
    "inbounds": [
        {
            "address": "127.0.0.1",
            "port": 1080,
            "protocol": "socks"
        }
    ],
    "log": {
        "level": "trace"
    },
    "outbounds": [
        {
            "protocol": "direct"
        }
    ]
}

Tests the setup:

https_proxy=127.0.0.1:1087 curl "https://example.org"

Usage

You may find some configuration samples here, it also serves as a reference for the JSON config format.

Build

Install Rust: https://www.rust-lang.org/tools/install

Install nightly toolchain:

rustup default nightly

Install a C compiler, e.g. GCC:

apt update && apt install gcc

# Or clang on macOS
# brew update && brew install clang

Clone & Build:

git clone https://github.com/eycorsican/leaf.git
cd leaf
git submodule init
git submodule update
cargo build -p leaf-bin

Run:

./target/debug/leaf -h

Customizing Build

You may build leaf with a selected set of features.

By including only the demanded features, you will get an optimized artifact with smaller binary size and lower runtime memory footprint.

For example, this build command,

cargo build --release --manifest-path leaf-bin/Cargo.toml --no-default-features --features "leaf/config-json leaf/inbound-socks leaf/outbound-direct leaf/outbound-shadowsocks leaf/ring-aead"

will result in an executable supports only the JSON config format, socks inbound, direct and shadowsocks outbounds.

Note that for proxy protocols with AEAD crypto functions, one of the leaf/ring-aead and leaf/openssl-aead features must be included. Similarly, one of the leaf/rustls-tls and leaf/openssl-tls must be included for leaf/outbound-tls feature.

Refer to leaf/Cargo.toml for a full list of available features.

iOS

App Store: https://apps.apple.com/us/app/leaf-lightweight-proxy/id1534109007

TestFlight: https://testflight.apple.com/join/std0FFCS

Demo for Developer: https://github.com/eycorsican/ileaf

OpenWrt

Running as transparent proxy on OpenWrt:

# Install the TUN package.
opkg update && opkg install kmod-tun

# Install certificates if you use TLS outbounds.
opkg update && opkg install ca-certificates

# Get the default interface address.
ADDRESS=`ip route get 1 | awk '{print $7;exit}'`

# Get the default gateway address.
GATEWAY=`ip route get 1 | awk '{print $3;exit}'`

TUN_NAME=tun8
TUN_ADDRESS=172.16.0.2
TUN_GATEWAY=172.16.0.1

# Properly configure the config file.
cat <<EOF > cfg.conf
[General]
loglevel = debug
dns-server = 223.5.5.5, 1.1.1.1
dns-interface = $ADDRESS
always-fake-ip = *
tun = $TUN_NAME, $TUN_ADDRESS, 255.255.255.0, $TUN_GATEWAY, 1500

[Proxy]
Direct = direct, interface=$ADDRESS
Proxy = ss, 1.2.3.4, 9999, encrypt-method=chacha20-ietf-poly1305, password=9999, interface=$ADDRESS

[Rule]
DOMAIN-SUFFIX, google.com, Proxy
FINAL, Direct
EOF

# Open another SSH session to run leaf with the config.
# It's important to run in a seperate window since we still need
# the variables defined above to continue our setup process.
# I suggest you use `screen`: opkg update && opkg install screen
leaf -c cfg.conf

# Route traffic initiated from leaf to the original gateway.
ip route add default via $GATEWAY table default
ip rule add from $ADDRESS table default

# Route local traffic to TUN.
ip route del default table main
ip route add default via $TUN_GATEWAY

# Route traffic from other deivces to TUN.
iptables -I FORWARD -o $TUN_NAME -j ACCEPT

Re-run:

# Stop leaf via ctrl+c.

# Make some changes to your `cfg.conf`.

# Re-run leaf.
leaf -c cfg.conf

# Re-add the default route to TUN.
ip route add default via $TUN_GATEWAY

Recover the original network:

# Stop leaf via ctrl+c.

# Remove iptables rules.
iptables -D FORWARD -o $TUN_NAME -j ACCEPT

# Cleanup the routing table.
ip rule del from $ADDRESS
ip route del default table default

# Recover the original default route.
ip route add default via $GATEWAY

Check if everything looks fine:

iptables -L FORWARD -n
ip route show table main
ip route show table default
ip rule show
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].