A lightweight network proxy tool write by c++20 for low-end boxes or embedded devices.
- Forward Proxy(tcp)
- Reverse Proxy(tcp)
- DNS Proxy(DoT/DoH)
Full command options:
[snova-asio]# ./bazel-bin/snova/app/snova -h
SNOVA:A private proxy tool for low-end boxes.
Usage: ./bazel-bin/snova/app/snova [OPTIONS]
Options:
-h,--help Print this help message and exit
--version Display program version information and exit
--config Config file path, all cli options can be set into a toml file as the config.
--log_file TEXT Log file, default is stdout
--max_log_file_size INT Max log file size
--max_log_file_num INT Max log file number
--alsologtostderr BOOLEAN Also log to stderr
--listen TEXT ... Listen address
--user TEXT Auth user name
--proxy TEXT The proxy server to connect remote mux server.
--remote TEXT Remote server address
--conn_num_per_server UINT Remote server connection number per server.
--conn_expire_secs UINT Remote server connection expire seconds, default 1800s.
--conn_max_inactive_secs UINT
Close connection if it's inactive 'conn_max_inactive_secs' ago.
--max_iobuf_pool_size UINT IOBuf pool max size
--stream_io_timeout_secs UINT
Proxy stream IO timeout secs, default 300s
--stat_log_period_secs UINT Print stat log every 'stat_log_period_secs', set it to 0 to disable stat log.
--client_cipher_method TEXT Client cipher method
--client_cipher_key TEXT Client cipher key
--server_cipher_method TEXT Server cipher method
--server_cipher_key TEXT Server cipher key
--entry BOOLEAN Run as entry node.
--middle BOOLEAN Run as middle node.
--exit BOOLEAN Run as exit node.
--redirect BOOLEAN Run as redirect server for entry node.
--entry_socket_send_buffer_size UINT
Entry server socket send buffer size.
--entry_socket_recv_buffer_size UINT
Entry server socket recv buffer size.
-L TEXT ... Local tunnel options, foramt <local port>:<remote host>:<remote port>, only works with entry node.
-R TEXT ... Remote tunnel options, foramt <remote port>:<local host>:<local port>, only works with exit node.
First, start exit server on remote machine:
./snova --exit 1 --listen :48100 --server_cipher_key my_test_cipher_key
Second, start entry server on local machine:
./snova --entry 1 --listen :48100 --client_cipher_key my_test_cipher_key --remote <exit_node_ip>:<exit_node_port>
This step would launch a socks5 proxy server on port 48100.
This tool can also run in a router with redirect mode, eg:
./snova --entry 1 --redirect 1 --listen 0.0.0.0:48100 --client_cipher_key my_test_cipher_key --remote <exit_node_ip>:<exit_node_port>
Now you can config local entry server as the iptables redirect target.
If you want use server E as the proxy exit server, but server E has no right to listen on a public IP; and there is a server M which has a public IP;
First, start middle server on server M:
./snova --middle 1 --listen :48100 --server_cipher_key my_test_cipher_key
Second, start exit server on server E:
./snova --exit 1 --listen :48100 --client_cipher_key my_test_cipher_key --remote <M IP>:48100 --user bob
Finally, start entry server on local machine to connect middle server M:
./snova --entry 1 --listen :48100 --client_cipher_key my_test_cipher_key --remote <M IP>:48100 --user bob
This step would launch a socks5 proxy server on port 48100.
First, start exit server on remote machine C:
./snova --exit 1 --listen :48100 --server_cipher_key my_test_cipher_key
Second, start middle server on remote machine B:
# the remote address can be set to middle server ip:port
./snova --middle 1 --listen :48100 --server_cipher_key my_test_cipher_key --client_cipher_key my_test_cipher_key --remote <exit_node_ip>:<exit_node_port>
You can repeate this step if you want more middle servers.
Finally, start entry server on local machine:
./snova --entry 1 --listen :48100 --client_cipher_key my_test_cipher_key --remote <middle_node_ip>:<middle_node_port>
This step would launch a socks5 proxy server on port 48100.
This is an example to expose ssh service on server C to server A via server B by local tunnel mode;
First, start exit server on server B:
./snova --exit 1 --listen :48100 --server_cipher_key my_test_cipher_key
Second, start entry server on server A to connect server B with local tunnel options to ssh service on server C:
./snova --entry 1 --client_cipher_key my_test_cipher_key --remote <B ip>:48100 -L 48100:<C ip>:22
Now u can connect the ssh service on server C from server A's port 48100:
ssh username@<A ip> -p 48100
This is an example to expose ssh service on server C to server A via server B by remote tunnel mode; First, start entry server on server A:
./snova --entry 1 --listen mux://:48100 --server_cipher_key my_test_cipher_key
Second, start exit server on server B connect entry server with remote tunnel options to ssh service on server C:
./snova --exit 1 --client_cipher_key my_test_cipher_key --remote <A ip>:48100 -R 48100:<C ip>:22
Now u can connect the ssh service on server C from server A's port 48100:
ssh username@<A ip> -p 48100
First, start middle server on server M:
./snova --middle 1 --listen :48100 --server_cipher_key my_test_cipher_key
Second, start exit server on server B connect middle server:
./snova --exit 1 --client_cipher_key my_test_cipher_key --remote <M ip>:48100
Finally, start entry server on on server A to connect server M with local tunnel options to ssh service on server C:
./snova --entry 1 --client_cipher_key my_test_cipher_key --remote <M ip>:48100 -L 48100:<C ip>:22
Now u can connect the ssh service on server C from server A's port 48100:
ssh username@<A ip> -p 48100