-
Notifications
You must be signed in to change notification settings - Fork 0
Pisiphon3 on Linux Family
License
aldyl/psiphon3-linux-client
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
# psi-client-linux Psiphon Tunnel Core README For Linux amd64 debian debs as demon ================================================================================ Overview -------------------------------------------------------------------------------- Psiphon is an Internet censorship circumvention system. The tunnel core project includes a tunneling client and server, which together implement key aspects of evading blocking and relaying client traffic through Psiphon and beyond censorship. All Psiphon open source projects, including the complete open source code for Android, iOS, and Windows clients may be found at [www.github.com/Psiphon-Inc/psiphon](https://www.github.com/Psiphon-Inc/psiphon). For more information about Psiphon Inc., please visit our web site at [www.psiphon.ca](https://www.psiphon.ca). psi-client cli for manage service psi-client@Human applet for cinnamon Restart Cinnamon on Ctrol+Alt+F3 DISPLAY=:0 cinnamon --replace Install on Linux cd psi-client**** sudo dpkg-buildpackage -us -uc -tc sudo dpkg -i ../psi-client*.deb Gets you where you want to go... Censored by your country, corporation, or campus? After dealing with repressive regimes around the world, we are uniquely suited to help you get to the content you want, whenever and wherever you want it. ...and gets you there safely. Want to surf securely when using public WiFi? Free internet is nice, but stolen cookies and accounts are not. Psiphon gives you a safe path to the Internet, no matter what network you're using to connect. Trust, Speed, Simplicity: pick three Since 2008, Psiphon has helped millions of people in freedom-restricted countries around the world safely access censored knowledge and ideas. Now Psiphon can do the same for you. What is Psiphon? Psiphon is a circumvention tool from Psiphon Inc. that utilizes VPN, SSH and HTTP Proxy technology to provide you with uncensored access to Internet content. Your Psiphon client will automatically learn about new access points to maximize your chances of bypassing censorship. Add this for local proxy "UpstreamProxyUrl":"http://localhost:3128", { // DataRootDirectory is the directory in which to store persistent files, // which contain information such as server entries. By default, current // working directory. // // Psiphon will assume full control of files under this directory. They may // be deleted, moved or overwritten. //DataRootDirectory string // UseNoticeFiles configures notice files for writing. If set, homepages // will be written to a file created at config.GetHomePageFilename() // and notices will be written to a file created at // config.GetNoticesFilename(). // // The homepage file may be read after the Tunnels notice with count of 1. // // The value of UseNoticeFiles sets the size and frequency at which the // notices file, config.GetNoticesFilename(), will be rotated. See the // comment for UseNoticeFiles for more details. One rotated older file, // config.GetOldNoticesFilename(), is retained. // // The notice files may be may be read at any time; and should be opened // read-only for reading. Diagnostic notices are omitted from the notice // files. // // See comment for setNoticeFiles in notice.go for further details. //UseNoticeFiles *UseNoticeFiles // PropagationChannelId is a string identifier which indicates how the // Psiphon client was distributed. This parameter is required. This value // is supplied by and depends on the Psiphon Network, and is typically // embedded in the client binary. //PropagationChannelId string // SponsorId is a string identifier which indicates who is sponsoring this // Psiphon client. One purpose of this value is to determine the home // pages for display. This parameter is required. This value is supplied // by and depends on the Psiphon Network, and is typically embedded in the // client binary. //SponsorId string // ClientVersion is the client version number that the client reports to // the server. The version number refers to the host client application, // not the core tunnel library. One purpose of this value is to enable // automatic updates. This value is supplied by and depends on the Psiphon // Network, and is typically embedded in the client binary. // // Note that sending a ClientPlatform string which includes "windows" // (case insensitive) and a ClientVersion of <= 44 will cause an error in // processing the response to DoConnectedRequest calls. //ClientVersion string // ClientPlatform is the client platform ("Windows", "Android", etc.) that // the client reports to the server. //ClientPlatform string // ClientFeatures is a list of feature names denoting enabled application // features. Clients report enabled features to the server for stats // purposes. //ClientFeatures []string // EgressRegion is a ISO 3166-1 alpha-2 country code which indicates which // country to egress from. For the default, "", the best performing server // in any country is selected. //EgressRegion string // SplitTunnelOwnRegion enables split tunnel mode for the client's own // country. When enabled, TCP port forward destinations that resolve to // the same GeoIP country as the client are connected to directly, // untunneled. //SplitTunnelOwnRegion bool // SplitTunnelRegions enables selected split tunnel mode in which the // client specifies a list of ISO 3166-1 alpha-2 country codes for which // traffic should be untunneled. TCP port forwards destined to any // country specified in SplitTunnelRegions will be untunneled, regardless // of whether SplitTunnelOwnRegion is on or off. //SplitTunnelRegions []string // ListenInterface specifies which interface to listen on. If no // interface is provided then listen on 127.0.0.1. If 'any' is provided // then use 0.0.0.0. If there are multiple IP addresses on an interface // use the first IPv4 address. //ListenInterface string // DisableLocalSocksProxy disables running the local SOCKS proxy. //DisableLocalSocksProxy bool // LocalSocksProxyPort specifies a port number for the local SOCKS proxy // running at 127.0.0.1. For the default value, 0, the system selects a // free port (a notice reporting the selected port is emitted). //LocalSocksProxyPort int // LocalHttpProxyPort specifies a port number for the local HTTP proxy // running at 127.0.0.1. For the default value, 0, the system selects a // free port (a notice reporting the selected port is emitted). //LocalHttpProxyPort int // DisableLocalHTTPProxy disables running the local HTTP proxy. //DisableLocalHTTPProxy bool // NetworkLatencyMultiplier is a multiplier that is to be applied to // default network event timeouts. Set this to tune performance for // slow networks. // When set, must be >= 1.0. //NetworkLatencyMultiplier float64 // LimitTunnelProtocols indicates which protocols to use. Valid values // include: "SSH", "OSSH", "UNFRONTED-MEEK-OSSH", // "UNFRONTED-MEEK-HTTPS-OSSH", "UNFRONTED-MEEK-SESSION-TICKET-OSSH", // "FRONTED-MEEK-OSSH", "FRONTED-MEEK-HTTP-OSSH", "QUIC-OSSH", // "FRONTED-MEEK-QUIC-OSSH", "TAPDANCE-OSSH", and "CONJURE-OSSH". // For the default, an empty list, all protocols are used. //LimitTunnelProtocols []string // InitialLimitTunnelProtocols is an optional initial phase of limited // protocols for the first InitialLimitTunnelProtocolsCandidateCount // candidates; after these candidates, LimitTunnelProtocols applies. // // For the default, an empty list, InitialLimitTunnelProtocols is off. //InitialLimitTunnelProtocols []string // InitialLimitTunnelProtocolsCandidateCount is the number of candidates // to which InitialLimitTunnelProtocols is applied instead of // LimitTunnelProtocols. // // For the default, 0, InitialLimitTunnelProtocols is off. //InitialLimitTunnelProtocolsCandidateCount int // LimitTLSProfiles indicates which TLS profiles to select from. Valid // values are listed in protocols.SupportedTLSProfiles. // For the default, an empty list, all profiles are candidates for // selection. //LimitTLSProfiles []string // LimitQUICVersions indicates which QUIC versions to select from. Valid // values are listed in protocols.SupportedQUICVersions. // For the default, an empty list, all versions are candidates for // selection. //LimitQUICVersions []string // EstablishTunnelTimeoutSeconds specifies a time limit after which to // halt the core tunnel controller if no tunnel has been established. The // default is parameters.EstablishTunnelTimeout. //EstablishTunnelTimeoutSeconds *int // EstablishTunnelPausePeriodSeconds specifies the delay between attempts // to establish tunnels. Briefly pausing allows for network conditions to // improve and for asynchronous operations such as fetch remote server // list to complete. If omitted, a default value is used. This value is // typical overridden for testing. //EstablishTunnelPausePeriodSeconds *int // EstablishTunnelPausePeriodSeconds specifies the grace period, or head // start, provided to the affinity server candidate when establishing. The // affinity server is the server used for the last established tunnel. //EstablishTunnelServerAffinityGracePeriodMilliseconds *int // ConnectionWorkerPoolSize specifies how many connection attempts to // attempt in parallel. If omitted of when 0, a default is used; this is // recommended. //ConnectionWorkerPoolSize int // TunnelPoolSize specifies how many tunnels to run in parallel. Port // forwards are multiplexed over multiple tunnels. If omitted or when 0, // the default is TUNNEL_POOL_SIZE, which is recommended. Any value over // MAX_TUNNEL_POOL_SIZE is treated as MAX_TUNNEL_POOL_SIZE. //TunnelPoolSize int // StaggerConnectionWorkersMilliseconds adds a specified delay before // making each server candidate available to connection workers. This // option is enabled when StaggerConnectionWorkersMilliseconds > 0. //StaggerConnectionWorkersMilliseconds int // LimitIntensiveConnectionWorkers limits the number of concurrent // connection workers attempting connections with resource intensive // protocols. This option is enabled when LimitIntensiveConnectionWorkers // > 0. //LimitIntensiveConnectionWorkers int // LimitMeekBufferSizes selects smaller buffers for meek protocols. //LimitMeekBufferSizes bool // LimitCPUThreads minimizes the number of CPU threads -- and associated // overhead -- the are used. //LimitCPUThreads bool // LimitRelayBufferSizes selects smaller buffers for port forward relaying. //LimitRelayBufferSizes bool // IgnoreHandshakeStatsRegexps skips compiling and using stats regexes. //IgnoreHandshakeStatsRegexps bool // UpstreamProxyURL is a URL specifying an upstream proxy to use for all // outbound connections. The URL should include proxy type and // authentication information, as required. See example URLs here: // https://github.com/Psiphon-Labs/psiphon-tunnel-core/tree/master/psiphon/upstreamproxy //UpstreamProxyURL string // CustomHeaders is a set of additional arbitrary HTTP headers that are // added to all plaintext HTTP requests and requests made through an HTTP // upstream proxy when specified by UpstreamProxyURL. //CustomHeaders http.Header // NetworkConnectivityChecker is an interface that enables tunnel-core to // call into the host application to check for network connectivity. See: // NetworkConnectivityChecker doc. //NetworkConnectivityChecker NetworkConnectivityChecker // DeviceBinder is an interface that enables tunnel-core to call into the // host application to bind sockets to specific devices. See: DeviceBinder // doc. // // When DeviceBinder is set, the "VPN" feature name is automatically added // when reporting ClientFeatures. //DeviceBinder DeviceBinder // AllowDefaultDNSResolverWithBindToDevice indicates that it's safe to use // the default resolver when DeviceBinder is configured, as the host OS // will automatically exclude DNS requests from the VPN. //AllowDefaultDNSResolverWithBindToDevice bool // IPv6Synthesizer is an interface that allows tunnel-core to call into // the host application to synthesize IPv6 addresses. See: IPv6Synthesizer // doc. //IPv6Synthesizer IPv6Synthesizer // HasIPv6RouteGetter is an interface that allows tunnel-core to call into // the host application to determine if the host has an IPv6 route. See: // HasIPv6RouteGetter doc. //HasIPv6RouteGetter HasIPv6RouteGetter // DNSServerGetter is an interface that enables tunnel-core to call into // the host application to discover the native network DNS server // settings. See: DNSServerGetter doc. //DNSServerGetter DNSServerGetter // NetworkIDGetter in an interface that enables tunnel-core to call into // the host application to get an identifier for the host's current active // network. See: NetworkIDGetter doc. //NetworkIDGetter NetworkIDGetter // NetworkID, when not blank, is used as the identifier for the host's // current active network. // NetworkID is ignored when NetworkIDGetter is set. //NetworkID string // DisableTactics disables tactics operations including requests, payload // handling, and application of parameters. //DisableTactics bool // DisableReplay causes any persisted dial parameters to be ignored when // they would otherwise be used for replay. //DisableReplay bool // TargetServerEntry is an encoded server entry. When specified, this // server entry is used exclusively and all other known servers are // ignored; also, when set, ConnectionWorkerPoolSize is ignored and // the pool size is 1. //TargetServerEntry string // DisableApi disables Psiphon server API calls including handshake, // connected, status, etc. This is used for special case temporary tunnels // (Windows VPN mode). //DisableApi bool // TargetApiProtocol specifies whether to force use of "ssh" or "web" API // protocol. When blank, the default, the optimal API protocol is used. // Note that this capability check is not applied before the // "CandidateServers" count is emitted. // // This parameter is intended for testing and debugging only. Not all // parameters are supported in the legacy "web" API protocol, including // speed test samples. //TargetApiProtocol string // RemoteServerListURLs is list of URLs which specify locations to fetch // out-of-band server entries. This facility is used when a tunnel cannot // be established to known servers. This value is supplied by and depends // on the Psiphon Network, and is typically embedded in the client binary. // All URLs must point to the same entity with the same ETag. At least one // TransferURL must have OnlyAfterAttempts = 0. //RemoteServerListURLs parameters.TransferURLs // RemoteServerListSignaturePublicKey specifies a public key that's used // to authenticate the remote server list payload. This value is supplied // by and depends on the Psiphon Network, and is typically embedded in the // client binary. //RemoteServerListSignaturePublicKey string // DisableRemoteServerListFetcher disables fetching remote server lists. // This is used for special case temporary tunnels. //DisableRemoteServerListFetcher bool // FetchRemoteServerListRetryPeriodMilliseconds specifies the delay before // resuming a remote server list download after a failure. If omitted, a // default value is used. This value is typical overridden for testing. //FetchRemoteServerListRetryPeriodMilliseconds *int // ObfuscatedServerListRootURLs is a list of URLs which specify root // locations from which to fetch obfuscated server list files. This value // is supplied by and depends on the Psiphon Network, and is typically // embedded in the client binary. All URLs must point to the same entity // with the same ETag. At least one DownloadURL must have // OnlyAfterAttempts = 0. //ObfuscatedServerListRootURLs parameters.TransferURLs // UpgradeDownloadURLs is list of URLs which specify locations from which // to download a host client upgrade file, when one is available. The core // tunnel controller provides a resumable download facility which // downloads this resource and emits a notice when complete. This value is // supplied by and depends on the Psiphon Network, and is typically // embedded in the client binary. All URLs must point to the same entity // with the same ETag. At least one DownloadURL must have // OnlyAfterAttempts = 0. //UpgradeDownloadURLs parameters.TransferURLs // UpgradeDownloadClientVersionHeader specifies the HTTP header name for // the entity at UpgradeDownloadURLs which specifies the client version // (an integer value). A HEAD request may be made to check the version // number available at UpgradeDownloadURLs. // UpgradeDownloadClientVersionHeader is required when UpgradeDownloadURLs // is specified. //UpgradeDownloadClientVersionHeader string // FetchUpgradeRetryPeriodMilliseconds specifies the delay before resuming // a client upgrade download after a failure. If omitted, a default value // is used. This value is typical overridden for testing. //FetchUpgradeRetryPeriodMilliseconds *int // FeedbackUploadURLs is a list of SecureTransferURLs which specify // locations where feedback data can be uploaded, pairing with each // location a public key with which to encrypt the feedback data. This // value is supplied by and depends on the Psiphon Network, and is // typically embedded in the client binary. At least one TransferURL must // have OnlyAfterAttempts = 0. //FeedbackUploadURLs parameters.TransferURLs // FeedbackEncryptionPublicKey is a default base64-encoded, RSA public key // value used to encrypt feedback data. Used when uploading feedback with a // TransferURL which has no public key value configured, i.e. // B64EncodedPublicKey = "". //FeedbackEncryptionPublicKey string // TrustedCACertificatesFilename specifies a file containing trusted CA // certs. When set, this toggles use of the trusted CA certs, specified in // TrustedCACertificatesFilename, for tunneled TLS connections that expect // server certificates signed with public certificate authorities // (currently, only upgrade downloads). This option is used with stock Go // TLS in cases where Go may fail to obtain a list of root CAs from the // operating system. //TrustedCACertificatesFilename string // DisablePeriodicSshKeepAlive indicates whether to send an SSH keepalive // every 1-2 minutes, when the tunnel is idle. If the SSH keepalive times // out, the tunnel is considered to have failed. //DisablePeriodicSshKeepAlive bool // DeviceRegion is the optional, reported region the host device is // running in. This input value should be a ISO 3166-1 alpha-2 country // code. The device region is reported to the server in the connected // request and recorded for Psiphon stats. // // When provided, this value may be used, pre-connection, to select // performance or circumvention optimization strategies for the given // region. //DeviceRegion string // EmitDiagnosticNotices indicates whether to output notices containing // detailed information about the Psiphon session. As these notices may // contain sensitive information, they should not be insecurely distributed // or displayed to users. Default is off. //EmitDiagnosticNotices bool // EmitDiagnosticNetworkParameters indicates whether to include network // parameters in diagnostic notices. As these parameters are sensitive // circumvention network information, they should not be insecurely // distributed or displayed to users. Default is off. //EmitDiagnosticNetworkParameters bool // EmitBytesTransferred indicates whether to emit periodic notices showing // bytes sent and received. //EmitBytesTransferred bool // EmitSLOKs indicates whether to emit notices for each seeded SLOK. As // this could reveal user browsing activity, it's intended for debugging // and testing only. //EmitSLOKs bool // EmitRefractionNetworkingLogs indicates whether to emit gotapdance log // messages to stdout. Note that gotapdance log messages do not conform to // the Notice format standard. Default is off. //EmitRefractionNetworkingLogs bool // EmitServerAlerts indicates whether to emit notices for server alerts. //EmitServerAlerts bool // EmitClientAddress indicates whether to emit the client's public network // address, IP and port, as seen by the server. //EmitClientAddress bool // RateLimits specify throttling configuration for the tunnel. //RateLimits common.RateLimits // PacketTunnelTunDeviceFileDescriptor specifies a tun device file // descriptor to use for running a packet tunnel. When this value is > 0, // a packet tunnel is established through the server and packets are // relayed via the tun device file descriptor. The file descriptor is // duped in NewController. When PacketTunnelTunDeviceFileDescriptor is // set, TunnelPoolSize must be 1. //PacketTunnelTunFileDescriptor int // SessionID specifies a client session ID to use in the Psiphon API. The // session ID should be a randomly generated value that is used only for a // single session, which is defined as the period between a user starting // a Psiphon client and stopping the client. // // A session ID must be 32 hex digits (lower case). When blank, a random // session ID is automatically generated. Supply a session ID when a // single client session will cross multiple Controller instances. //SessionID string // Authorizations is a list of encoded, signed access control // authorizations that the client has obtained and will present to the // server. //Authorizations []string // ServerEntrySignaturePublicKey is a base64-encoded, ed25519 public // key value used to verify individual server entry signatures. This value // is supplied by and depends on the Psiphon Network, and is typically // embedded in the client binary. //ServerEntrySignaturePublicKey string // ExchangeObfuscationKey is a base64-encoded, NaCl secretbox key used to // obfuscate server info exchanges between clients. // Required for the exchange functionality. //ExchangeObfuscationKey string // MigrateHomepageNoticesFilename migrates a homepage file from the path // previously configured with setNoticeFiles to the new path for homepage // files under the data root directory. The file specified by this config // value will be moved to config.GetHomePageFilename(). // // Note: see comment for config.Commit() for a description of how file // migrations are performed. // // If not set, no migration operation will be performed. //MigrateHomepageNoticesFilename string // MigrateRotatingNoticesFilename migrates notice files from the path // previously configured with setNoticeFiles to the new path for notice // files under the data root directory. // // MigrateRotatingNoticesFilename will be moved to // config.GetNoticesFilename(). // // MigrateRotatingNoticesFilename.1 will be moved to // config.GetOldNoticesFilename(). // // Note: see comment for config.Commit() for a description of how file // migrations are performed. // // If not set, no migration operation will be performed. //MigrateRotatingNoticesFilename string // MigrateDataStoreDirectory indicates the location of the datastore // directory, as previously configured with the deprecated // DataStoreDirectory config field. Datastore files found in the specified // directory will be moved under the data root directory. // // Note: see comment for config.Commit() for a description of how file // migrations are performed. //MigrateDataStoreDirectory string // MigrateRemoteServerListDownloadFilename indicates the location of // remote server list download files. The remote server list files found at // the specified path will be moved under the data root directory. // // Note: see comment for config.Commit() for a description of how file // migrations are performed. //MigrateRemoteServerListDownloadFilename string // MigrateObfuscatedServerListDownloadDirectory indicates the location of // the obfuscated server list downloads directory, as previously configured // with ObfuscatedServerListDownloadDirectory. Obfuscated server list // download files found in the specified directory will be moved under the // data root directory. // // Warning: if the directory is empty after obfuscated server // list files are moved, then it will be deleted. // // Note: see comment for config.Commit() for a description of how file // migrations are performed. //MigrateObfuscatedServerListDownloadDirectory string // MigrateUpgradeDownloadFilename indicates the location of downloaded // application upgrade files. Downloaded upgrade files found at the // specified path will be moved under the data root directory. // // Note: see comment for config.Commit() for a description of how file // migrations are performed. //MigrateUpgradeDownloadFilename string } Usage of /usr/sbin/psi-client daemon: -config string configuration input file -dataRootDirectory string directory where persistent files will be stored -feedbackUpload Run in feedback upload mode to send a feedback package to Psiphon Inc. The feedback package will be read as a UTF-8 encoded string from stdin. Informational notices will be written to stdout. If the upload succeeds, the process will exit with status code 0; otherwise, the process will exit with status code 1. A feedback compatible config must be specified with the "-config" flag. Config must be provided by Psiphon Inc. -feedbackUploadPath string The path at which to upload the feedback package when the "-feedbackUpload" flag is provided. Must be provided by Psiphon Inc. -formatNotices emit notices in human-readable format -listenInterface string bind local proxies to specified interface -notices string notices output file (defaults to stderr) -rotatingFileSize int rotating notices file size (default 1048576) -rotatingSyncFrequency int rotating notices file sync frequency (default 100) -serverList string embedded server entry list input file -tunBindInterface string bypass tun device via specified interface (default "eth0") -tunDNSServers string Comma-delimited list of tun bypass DNS server IP addresses (default "8.8.8.8,8.8.4.4") -tunDevice string run packet tunnel for specified tun device -useNoticeFiles output homepage notices and rotating notices to <dataRootDirectory>/homepage and <dataRootDirectory>/notices respectively -v print build information and exit -version print build information and exit
About
Pisiphon3 on Linux Family
Topics
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published