Gost Tutorial 1: Websocket Tunnel


This series of tutorials aims to let you master the basic usage of Gost, thus ignoring the barriers of the Internet.

The first part of the series is about using a tunnel to go over the wall.

What is Gost

Gost, or Go Simple Tunnel, is a simple security tunnel written in Golang.

Why Gost

The current international Internet situation is grim, and traditional protocol cross-region communication is easily hindered, and the Gost tunnel can transmit completely normal and the most common communication traffic on the Internet, thereby secretly and efficiently transmitting data.

Install Gost

Get the latest version of Gost on github release

Or, if your server runs in Mainland China, you can download Gost 2.11.0 Linux AMD64 version here.

wget https://ddch.site:9001/public-tools/gost_2.11.gz

After you downloaded the binary files of Gost, unzip it

gunzip filename.gz

And rename it as Gost

mv filename gost

Give it permission to run

chmod +x gost

How to

before doing all these following, enter your Gost path first

cd yourpath


Assuming that your server is running a service on port 9000, we will set up a tunnel on port 8000

./gost -L ws://:8000/

Parameter -L means you are creating a local agent

-L ws://:8000 means you are creating a local agent of WebSocket protocol

-L ws://:8000/ means you are creating a local agents of WebSocket and forwarding the traffic to local port 9000

If you are not running a service, you can do the work above while creating a local service

./gost -L ws://:8000/ -L ss://rc4-md5:password@:9000

It means while you’ve done the work above, you also created a ss service on port 9000

After the work above, keep port 8000 open and port 9000 closed


Assuming that your server IP is

./gost -L tcp://:7000 -F forward+ws://

Parameter -F means you are forwarding your traffic

Protocol forward means it is a tunnel rather than a simple forwarding

So the whole command means that you are running a local tcp proxy on prot 7000 and forwarding your traffic through a WebSocket tunnel to on port 8000

Keep port 7000 open

No need to open port 8000


Test your configuration, after confirming the config is valid, use nohup to keep the service running

nohup yourcommand &