GreenTunnel
GreenTunnel is an anti-censorship utility designed to bypass the DPI system that is put in place by various ISPs to block access to certain websites.
Top Related Projects
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
Peer-to-peer VPN
Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available
A fast TCP/UDP tunnel over HTTP
GO Simple Tunnel - a simple tunnel written in golang
Quick Overview
GreenTunnel is an anti-censorship utility designed to bypass Deep Packet Inspection (DPI). It works by circumventing Internet censorship and online restrictions through various techniques, including DNS-over-HTTPS and SNI manipulation. GreenTunnel is particularly useful in regions where internet access is limited or monitored.
Pros
- Easy to use with a simple command-line interface
- Cross-platform support (Windows, macOS, Linux)
- Implements multiple bypass techniques for improved effectiveness
- Open-source and actively maintained
Cons
- May slow down internet connection due to additional processing
- Not as comprehensive as some VPN solutions
- Requires some technical knowledge to set up and use effectively
- May not work against all types of censorship or blocking methods
Code Examples
// Example 1: Starting GreenTunnel from the command line
greentunnel
// Example 2: Starting GreenTunnel with a custom port
greentunnel --port 8080
// Example 3: Running GreenTunnel with verbose logging
greentunnel --verbose
Getting Started
- Install Node.js (version 10 or higher)
- Install GreenTunnel globally:
npm install -g green-tunnel - Run GreenTunnel:
greentunnel - Configure your system or browser to use the proxy:
- Proxy Address: 127.0.0.1
- Proxy Port: 8000 (default)
For more advanced usage and configuration options, refer to the project's GitHub repository.
Competitor Comparisons
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
Pros of sslh
- Multi-protocol support: Handles various protocols (SSH, HTTP, TLS, etc.) on a single port
- Flexible configuration: Allows fine-tuning of protocol detection and forwarding rules
- Active development: Regularly updated with new features and bug fixes
Cons of sslh
- More complex setup: Requires more configuration compared to GreenTunnel's simpler approach
- Higher resource usage: May consume more system resources due to its multi-protocol handling
- Less focused on censorship circumvention: Primarily designed for port multiplexing rather than anti-censorship
Code Comparison
GreenTunnel (JavaScript):
const dns = require('dns');
const net = require('net');
const http = require('http');
const https = require('https');
sslh (C):
#include <sys/types.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
GreenTunnel focuses on DNS-over-HTTPS and HTTP/HTTPS proxying for censorship circumvention, while sslh is a versatile protocol multiplexer. GreenTunnel is written in JavaScript, making it more accessible for web developers, whereas sslh is implemented in C for better performance and lower-level system integration.
Peer-to-peer VPN
Pros of n2n
- Provides a full peer-to-peer VPN solution, allowing for more complex network topologies
- Supports encryption and compression of network traffic
- Has a longer development history and larger community
Cons of n2n
- More complex setup and configuration compared to GreenTunnel
- Requires superuser privileges to create virtual network interfaces
- May have higher resource usage due to its comprehensive VPN functionality
Code Comparison
n2n (edge node configuration):
edge_conf_t conf;
conf.community_name = "mycommunity";
conf.encrypt_key = "myencryptionkey";
conf.supernode_addr = "1.2.3.4";
conf.supernode_port = 1234;
GreenTunnel (client configuration):
const greenTunnel = new GreenTunnel({
dns: {
server: '1.1.1.1',
port: 853,
},
proxy: {
port: 8080,
},
});
While both projects aim to bypass internet censorship, n2n provides a more comprehensive VPN solution with peer-to-peer capabilities, whereas GreenTunnel focuses on a simpler DNS-over-HTTPS and HTTP proxy approach. n2n offers more flexibility but requires more setup, while GreenTunnel is easier to use but may be less versatile for complex networking scenarios.
Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available
Pros of wstunnel
- Supports multiple protocols (WebSocket, HTTP2, SOCKS5)
- Offers both client and server components
- More actively maintained with recent updates
Cons of wstunnel
- Less focused on censorship circumvention
- Requires more technical knowledge to set up and use
- May be more complex for basic tunneling needs
Code Comparison
GreenTunnel (JavaScript):
const httpMitmProxy = require('./httpMitmProxy');
const httpProxy = require('./httpProxy');
const dnsOverHttps = require('./dnsOverHttps');
wstunnel (Rust):
use tokio::net::TcpListener;
use tokio_tungstenite::accept_async;
use futures_util::StreamExt;
GreenTunnel focuses on HTTP and DNS manipulation for bypassing censorship, while wstunnel provides a more general-purpose tunneling solution using WebSockets and other protocols. GreenTunnel is written in JavaScript, making it potentially easier for web developers to understand and modify. wstunnel, written in Rust, may offer better performance but requires knowledge of a systems programming language.
Both projects serve different use cases, with GreenTunnel being more specialized for censorship circumvention and wstunnel offering a broader range of tunneling options for various networking scenarios.
A fast TCP/UDP tunnel over HTTP
Pros of Chisel
- More versatile, supporting various protocols (HTTP, SOCKS5, TCP) and tunneling options
- Cross-platform compatibility (Windows, macOS, Linux)
- Active development and larger community support
Cons of Chisel
- More complex setup and configuration
- Requires both client and server components
- Not specifically designed for anti-censorship, unlike GreenTunnel
Code Comparison
GreenTunnel (JavaScript):
const dns = require('dns');
const net = require('net');
const dnsResolve = (hostname) => {
return new Promise((resolve, reject) => {
dns.resolve(hostname, (err, addresses) => {
if (err) reject(err);
else resolve(addresses[0]);
});
});
};
Chisel (Go):
func (c *Client) Start() error {
if err := c.Connect(); err != nil {
return err
}
return c.run()
}
While both projects serve networking purposes, GreenTunnel focuses on DNS manipulation for bypassing censorship, whereas Chisel provides a more general-purpose tunneling solution with a broader range of features and protocols.
GO Simple Tunnel - a simple tunnel written in golang
Pros of gost
- Multi-protocol support (HTTP, SOCKS4, SOCKS5, Shadowsocks)
- Flexible chain proxying and forwarding capabilities
- Cross-platform compatibility (Windows, macOS, Linux, Android, iOS)
Cons of gost
- More complex setup and configuration
- Larger codebase and potentially higher resource usage
- Less focused on specific censorship circumvention techniques
Code Comparison
GreenTunnel (JavaScript):
const net = require('net');
const http = require('http');
const https = require('https');
const url = require('url');
const dns = require('dns');
gost (Go):
import (
"crypto/tls"
"net"
"net/http"
"net/url"
)
Summary
GreenTunnel is a lightweight, focused tool for bypassing Deep Packet Inspection (DPI), primarily targeting HTTP/HTTPS traffic. It's easier to set up and use for specific censorship circumvention scenarios.
gost, on the other hand, is a more comprehensive and versatile proxy solution, supporting multiple protocols and offering advanced features like chain proxying. It's better suited for users who need flexibility and diverse proxy capabilities beyond simple censorship bypass.
The code comparison shows that both projects use similar networking libraries, but gost's implementation in Go may offer performance advantages for certain use cases.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Green Tunnel
GreenTunnel bypasses DPI (Deep Packet Inspection) systems found in many ISPs (Internet Service Providers) which block access to certain websites.
How to use
Graphical user interface (GUI)
You can simply choose the suitable installation for your OS in the releases section.
Command-line interface (CLI)
You can install GreenTunnel using npm:
$ npm i -g green-tunnel
or using snap (edge version):
sudo snap install --edge green-tunnel --devmode
after installation you can run it using gt or green-tunnel commands.
$ gt --help
Usage: green-tunnel [options]
Usage: gt [options]
Options:
--help, -h Show help [boolean]
--version, -V Show version number [boolean]
--ip ip address to bind proxy server[string] [default: "127.0.0.1"]
--https-only Block insecure HTTP requests [boolean] [default: false]
--port port address to bind proxy server [number] [default: 8000]
--dns-type [string] [choices: "https", "tls"] [default: "https"]
--dns-server [string] [default: "https://cloudflare-dns.com/dns-query"]
--dns-ip IP address for unencrypted DNS [string][default: "127.0.0.1"]
--dns-port Port for unencrypted DNS [number] [default: 53]
--silent, -s run in silent mode [boolean] [default: false]
--verbose, -v debug mode [string] [default: ""]
--system-proxy automatic set system-proxy [boolean] [default: true]
Examples:
gt
gt --ip 127.0.0.1 --port 8000 --https-only
gt --dns-server https://doh.securedns.eu/dns-query
gt --verbose 'green-tunnel:proxy*'
ISSUES: https://github.com/SadeghHayeri/GreenTunnel/issues
for debug use verbose option:
$ green-tunnel --verbose 'green-tunnel:*'
Docker
$ docker run -p 8000:8000 sadeghhayeri/green-tunnel
envs
- PORT
- HTTPS-ONLY
- VERBOSE
- SILENT
- DNS_TYPE
- DNS_SERVER
usage:
$ docker run -e 'PORT=1000' -p 8000:1000 sadeghhayeri/green-tunnel
On Raspberry Pi
$ docker run -p 8000:8000 sadeghhayeri/green-tunnel:arm
If you want to make container keep running when reboot:
$ docker run -d --restart unless-stopped -p 8000:8000 sadeghhayeri/green-tunnel:arm
Please make sure port 8000 is not blocked on Raspberry Pi firewall. (sudo ufw allow 8000 comment Green-Tunnel)
To use it on your other device, set http proxy to <Raspberry Pi IP Address>:<PORT>. (PORT = 8000)
Tested on
- MacOS Catalina with node 12
- Ubuntu 18.04 with node 8
- Windows 10 with node 8
FAQ
How does it work?
HTTP
There are gaps in providers in DPI. They happen from what the DPI rules write for ordinary user programs, omitting all possible cases that are permissible by standards. This is done for simplicity and speed. Some DPIs cannot recognize the HTTP request if it is divided into TCP segments. For example, a request of the form
GET / HTTP/1.0`
Host: www.youtube.com
...
we send it in 2 parts: first comes GET / HTTP/1.0 \n Host: www.you and second sends as tube.com \n .... In this example, ISP cannot find blocked word youtube in packets and you can bypass it!
HTTPS
Server Name Indication (SNI) is an extension to TLS (Transport Layer Security) that indicates the actual destination hostname a client is attempting to access over HTTPS. For this Web Filter feature, SNI hostname information is used for blocking access to specific sites over HTTPS. For example, if the administrator chooses to block the hostname youtube using this feature, all Website access attempts over HTTPS that contain youtube like www.youtube.com in the SNI would be blocked. However, access to the same hostname over HTTP would not be blocked by this feature. GreenTunnel tries to split first CLIENT-HELLO packet into small chunks and ISPs can't parse packet and found SNI field so bypass traffic!
DNS
When you enter a URL in a Web browser, the first thing the Web browser does is to ask a DNS (Domain Name System) server, at a known numeric address, to look up the domain name referenced in the URL and supply the corresponding IP address. If the DNS server is configured to block access, it consults a blacklist of banned domain names. When a browser requests the IP address for one of these domain names, the DNS server gives a wrong answer or no answer at all. GreenTunnel use DNS over HTTPS and DNS over TLS to get real IP address and bypass DNS Spoofing.
Development notes
GreenTunnel is an open-source app and I really appreciate other developers adding new features and/or helping fix bugs. If you want to contribute to GreenTunnel, you can fork this repository, make the changes and create a pull request.
However, please make sure you follow a few rules listed below to ensure that your changes get merged into the main repo. The rules listed below are enforced to make sure the changes made are well-documented and can be easily kept track of.
- â Pull requests and â Stars are always welcome.
- For bugs and feature requests, please create an issue.
- Make sure your pull request has an informative title. You should use prefixes like
ADD:,FIX:, etc at the start of the title which describes the changes followed by a one-line description of the changes. Example: ADD: Added a new feature to GreenTunnel - Commits in your fork should be informative, as well. Make sure you don't combine too many changes into a single commit.
TODO List
- enable/disable proxy on windows
- HTTPHandler
- add CLI arguments
- catch all exceptions
- add preferences menu
- fix close button
Donation
Love GreenTunnel? Please consider donating to sustain our activities.
DOGECOIN!: DTGjx8KKDCUkSEbtVHgQx1GYEnNaVVuXLa
BITCOIN: bc1qknjsmsa98lljwxjwl4pmjh48s8su8r8ajkqd8w
ETHEREUM: 0x018fbf3fAC7165b2c85f856cC90E2d9410415150
LITECOIN: ltc1q5tfprazpkzjvzf5shgprkpkhnnku3p72feutxt
RIPPLE/XRP: rt6ZTkKdBVYzBee9CpQsDTsewnTbAoV13
License
Licensed under the MIT license. See LICENSE.
Top Related Projects
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
Peer-to-peer VPN
Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available
A fast TCP/UDP tunnel over HTTP
GO Simple Tunnel - a simple tunnel written in golang
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot