[GH-ISSUE #175] Socks5代理不支持UDP么？ #108

New issue

Closed

opened 2026-02-27 23:15:28 +03:00 by kerem · 6 comments

kerem commented 2026-02-27 23:15:28 +03:00

Owner

Copy link

Originally created by @duod4o on GitHub (Nov 8, 2018).
Original GitHub issue: https://github.com/snail007/goproxy/issues/175

按照文档，开启socks代理：

proxy socks -t tcp -p "0.0.0.0:38080"
Proxy Enterprise Version v6.5_20181101132810 by snail , blog : http://www.host900.com/
2018/11/08 20:47:54 tcp socks proxy on [::]:38080

通过查看端口，确实开启了38080的tcp端口

netstat -ano | find "38080"
  TCP    0.0.0.0:38080          0.0.0.0:0              LISTENING       10852
  TCP    [::]:38080             [::]:0                 LISTENING       10852

但是说好支持的UDP呢？运行proxy help socks，并没有找到和udp有关的设置，能否给一个示例呢？还是说，socks5代理仅仅支持tcp协议？？

usage: proxy socks [<flags>]

proxy on ssh mode

Flags:
      --help                     Show context-sensitive help (also try
                                 --help-long and --help-man).
      --version                  Show application version.
      --debug                    debug log output
      --daemon                   run proxy in background
      --forever                  run proxy in forever,fail and retry
      --log=""                   log file path
      --nolog                    turn off logging
      --kcp-key="secrect"        pre-shared secret between client and server
      --kcp-method=aes           encrypt/decrypt method, can be: aes, aes-128,
                                 aes-192, salsa20, blowfish, twofish, cast5,
                                 3des, tea, xtea, xor, sm4, none
      --kcp-mode=fast            profiles: fast3, fast2, fast, normal, manual
      --kcp-mtu=450              set maximum transmission unit for UDP packets
      --kcp-sndwnd=1024          set send window size(num of packets)
      --kcp-rcvwnd=1024          set receive window size(num of packets)
      --kcp-ds=10                set reed-solomon erasure coding - datashard
      --kcp-ps=3                 set reed-solomon erasure coding - parityshard
      --kcp-dscp=0               set DSCP(6bit)
      --kcp-nocomp               disable compression
      --kcp-acknodelay           be carefull! flush ack immediately when a
                                 packet is received
      --kcp-nodelay=0            be carefull!
      --kcp-interval=50          be carefull!
      --kcp-resend=0             be carefull!
      --kcp-nc=0                 be carefull! no congestion
      --kcp-sockbuf=4194304      be carefull!
      --kcp-keepalive=10         be carefull!
  -P, --parent= ...              parent ssh address, such as: "23.32.32.19:22"
  -T, --parent-type=tcp          parent protocol type <tls|tcp|kcp|ssh>
  -t, --local-type=tcp           local protocol type <tls|tcp|kcp>
  -p, --local=":33080"           local ip:port to listen
  -C, --cert="proxy.crt"         cert file for tls
      --ca=""                    ca cert file for tls
  -K, --key="proxy.key"          key file for tls
  -u, --ssh-user=""              user for ssh
  -S, --ssh-key=""               private key file for ssh
  -s, --ssh-keysalt=""           salt of ssh private key
  -D, --ssh-password=""          password for ssh
      --always                   always use parent proxy
      --timeout=5000             tcp timeout milliseconds when connect to real
                                 server or parent proxy
      --interval=10              check domain if blocked every interval seconds
  -b, --blocked="blocked"        blocked domain file , one domain each line
  -d, --direct="direct"          direct domain file , one domain each line
  -F, --auth-file=AUTH-FILE      http basic auth file,"username:password" each
                                 line in file
  -a, --auth=AUTH ...            socks auth username and password, mutiple user
                                 repeat -a ,such as: -a user1:pass1 -a
                                 user2:pass2
  -g, --local-bind-ips=LOCAL-BIND-IPS ...
                                 if your host behind a nat,set your public ip
                                 here avoid dead loop
      --auth-url=""              auth username and password will send to this
                                 url,response http code equal to 'auth-code'
                                 means ok,others means fail.
      --auth-timeout=3000        access 'auth-url' timeout milliseconds
      --auth-code=204            access 'auth-url' success http code
      --auth-retry=0             access 'auth-url' fail and retry count
  -A, --parent-auth=PARENT-AUTH  parent socks auth username and password, such
                                 as: -A user1:pass1
  -q, --dns-address=""           if set this, proxy will use this dns for
                                 resolve doamin
  -e, --dns-ttl=300              caching seconds of dns query result
  -z, --local-key=""             the password for auto encrypt/decrypt local
                                 connection data
  -Z, --parent-key=""            the password for auto encrypt/decrypt parent
                                 connection data
  -m, --local-compress           auto compress/decompress data on local
                                 connection
  -M, --parent-compress          auto compress/decompress data on parent
                                 connection
      --lb-method=roundrobin     load balance method when use multiple
                                 parent,can be
                                 <roundrobin|leastconn|leasttime|hash|weight>
      --lb-timeout=500           tcp milliseconds timeout of connecting to
                                 parent
      --lb-retrytime=1000        sleep time milliseconds after checking
      --lb-hashtarget            use target address to choose parent for LB
      --lb-onlyha                use only `high availability mode` to choose
                                 parent for LB
  -l, --rate-limit="0"           rate limit (bytes/second) of each connection,
                                 such as: 100K 1.5M . 0 means no limitation
  -B, --bind-listen              using listener binding IP when connect to
                                 target

Originally created by @duod4o on GitHub (Nov 8, 2018). Original GitHub issue: https://github.com/snail007/goproxy/issues/175 按照文档，开启socks代理： ``` proxy socks -t tcp -p "0.0.0.0:38080" Proxy Enterprise Version v6.5_20181101132810 by snail , blog : http://www.host900.com/ 2018/11/08 20:47:54 tcp socks proxy on [::]:38080 ``` 通过查看端口，确实开启了38080的tcp端口 ``` netstat -ano | find "38080" TCP 0.0.0.0:38080 0.0.0.0:0 LISTENING 10852 TCP [::]:38080 [::]:0 LISTENING 10852 ``` 但是说好支持的UDP呢？运行proxy help socks，并没有找到和udp有关的设置，能否给一个示例呢？还是说，socks5代理仅仅支持tcp协议？？ ``` usage: proxy socks [<flags>] proxy on ssh mode Flags: --help Show context-sensitive help (also try --help-long and --help-man). --version Show application version. --debug debug log output --daemon run proxy in background --forever run proxy in forever,fail and retry --log="" log file path --nolog turn off logging --kcp-key="secrect" pre-shared secret between client and server --kcp-method=aes encrypt/decrypt method, can be: aes, aes-128, aes-192, salsa20, blowfish, twofish, cast5, 3des, tea, xtea, xor, sm4, none --kcp-mode=fast profiles: fast3, fast2, fast, normal, manual --kcp-mtu=450 set maximum transmission unit for UDP packets --kcp-sndwnd=1024 set send window size(num of packets) --kcp-rcvwnd=1024 set receive window size(num of packets) --kcp-ds=10 set reed-solomon erasure coding - datashard --kcp-ps=3 set reed-solomon erasure coding - parityshard --kcp-dscp=0 set DSCP(6bit) --kcp-nocomp disable compression --kcp-acknodelay be carefull! flush ack immediately when a packet is received --kcp-nodelay=0 be carefull! --kcp-interval=50 be carefull! --kcp-resend=0 be carefull! --kcp-nc=0 be carefull! no congestion --kcp-sockbuf=4194304 be carefull! --kcp-keepalive=10 be carefull! -P, --parent= ... parent ssh address, such as: "23.32.32.19:22" -T, --parent-type=tcp parent protocol type <tls|tcp|kcp|ssh> -t, --local-type=tcp local protocol type <tls|tcp|kcp> -p, --local=":33080" local ip:port to listen -C, --cert="proxy.crt" cert file for tls --ca="" ca cert file for tls -K, --key="proxy.key" key file for tls -u, --ssh-user="" user for ssh -S, --ssh-key="" private key file for ssh -s, --ssh-keysalt="" salt of ssh private key -D, --ssh-password="" password for ssh --always always use parent proxy --timeout=5000 tcp timeout milliseconds when connect to real server or parent proxy --interval=10 check domain if blocked every interval seconds -b, --blocked="blocked" blocked domain file , one domain each line -d, --direct="direct" direct domain file , one domain each line -F, --auth-file=AUTH-FILE http basic auth file,"username:password" each line in file -a, --auth=AUTH ... socks auth username and password, mutiple user repeat -a ,such as: -a user1:pass1 -a user2:pass2 -g, --local-bind-ips=LOCAL-BIND-IPS ... if your host behind a nat,set your public ip here avoid dead loop --auth-url="" auth username and password will send to this url,response http code equal to 'auth-code' means ok,others means fail. --auth-timeout=3000 access 'auth-url' timeout milliseconds --auth-code=204 access 'auth-url' success http code --auth-retry=0 access 'auth-url' fail and retry count -A, --parent-auth=PARENT-AUTH parent socks auth username and password, such as: -A user1:pass1 -q, --dns-address="" if set this, proxy will use this dns for resolve doamin -e, --dns-ttl=300 caching seconds of dns query result -z, --local-key="" the password for auto encrypt/decrypt local connection data -Z, --parent-key="" the password for auto encrypt/decrypt parent connection data -m, --local-compress auto compress/decompress data on local connection -M, --parent-compress auto compress/decompress data on parent connection --lb-method=roundrobin load balance method when use multiple parent,can be <roundrobin|leastconn|leasttime|hash|weight> --lb-timeout=500 tcp milliseconds timeout of connecting to parent --lb-retrytime=1000 sleep time milliseconds after checking --lb-hashtarget use target address to choose parent for LB --lb-onlyha use only `high availability mode` to choose parent for LB -l, --rate-limit="0" rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation -B, --bind-listen using listener binding IP when connect to target

kerem closed this issue 2026-02-27 23:15:28 +03:00

kerem commented 2026-02-27 23:15:29 +03:00

Author

Owner

Copy link

@XYDsoft commented on GitHub (Nov 8, 2018):

SOCKS5代理,支持CONNECT,UDP协议,不支持BIND,支持用户名密码认证.
如果你的VPS是阿里云，腾讯云这种VPS，就是ifconfig看不见你的公网IP，只能看见内网IP，
那么需要加上-g VPS公网IP参数，SOCKS5代理的UDP功能才能正常工作。

<!-- gh-comment-id:437129575 --> @XYDsoft commented on GitHub (Nov 8, 2018): SOCKS5代理,支持CONNECT,UDP协议,不支持BIND,支持用户名密码认证. 如果你的VPS是阿里云，腾讯云这种VPS，就是ifconfig看不见你的公网IP，只能看见内网IP， 那么需要加上-g VPS公网IP参数，SOCKS5代理的UDP功能才能正常工作。

kerem commented 2026-02-27 23:15:29 +03:00

Author

Owner

Copy link

@xmdmk commented on GitHub (Jan 30, 2019):

-g VPS公网IP参数 加了也没用，udp就是不通

<!-- gh-comment-id:459030985 --> @xmdmk commented on GitHub (Jan 30, 2019): -g VPS公网IP参数 加了也没用，udp就是不通

kerem commented 2026-02-27 23:15:29 +03:00

Author

Owner

Copy link

@snail007 commented on GitHub (Jan 31, 2019):

防火墙

<!-- gh-comment-id:459215073 --> @snail007 commented on GitHub (Jan 31, 2019): 防火墙

kerem commented 2026-02-27 23:15:29 +03:00

Author

Owner

Copy link

@xmdmk commented on GitHub (Feb 1, 2019):

防火墙都关了呀

<!-- gh-comment-id:459710346 --> @xmdmk commented on GitHub (Feb 1, 2019): 防火墙都关了呀

kerem commented 2026-02-27 23:15:29 +03:00

Author

Owner

Copy link

@ykfq commented on GitHub (Mar 5, 2019):

用了 kcp 协议，已经6飞起了，下面是我今天用到的命令

• VPS

proxy socks -t kcp -p :38080 --daemon --log goproxy.log --kcp-key your_password

• 局域网 linux

proxy socks -t tcp -p :8080 -T kcp -P 1.2.3.4:38080 --daemon --log goproxy.log --kcp-key your_password

• SwitchyOmega 配置
  使用 socks5 协议

<!-- gh-comment-id:469644552 --> @ykfq commented on GitHub (Mar 5, 2019): 用了 kcp 协议，已经6飞起了，下面是我今天用到的命令 - VPS ``` proxy socks -t kcp -p :38080 --daemon --log goproxy.log --kcp-key your_password ``` - 局域网 linux ``` proxy socks -t tcp -p :8080 -T kcp -P 1.2.3.4:38080 --daemon --log goproxy.log --kcp-key your_password ``` - SwitchyOmega 配置 使用 socks5 协议

kerem commented 2026-02-27 23:15:29 +03:00

Author

Owner

Copy link

@ykfq commented on GitHub (Mar 6, 2019):

用了 kcp 协议，已经6飞起了，下面是我今天用到的命令

• VPS

proxy socks -t kcp -p :38080 --daemon --log goproxy.log --kcp-key your_password

• 局域网 linux

proxy socks -t tcp -p :8080 -T kcp -P 1.2.3.4:38080 --daemon --log goproxy.log --kcp-key your_password

• SwitchyOmega 配置
  使用 socks5 协议

happy 了不到5分钟，就被掐断了，看来还是要想办法突破 UDP封锁和 QoS 限制

<!-- gh-comment-id:470017981 --> @ykfq commented on GitHub (Mar 6, 2019): > 用了 kcp 协议，已经6飞起了，下面是我今天用到的命令 > > * VPS > > ``` > proxy socks -t kcp -p :38080 --daemon --log goproxy.log --kcp-key your_password > ``` > * 局域网 linux > > ``` > proxy socks -t tcp -p :8080 -T kcp -P 1.2.3.4:38080 --daemon --log goproxy.log --kcp-key your_password > ``` > * SwitchyOmega 配置 > 使用 socks5 协议 happy 了不到5分钟，就被掐断了，看来还是要想办法突破 UDP封锁和 QoS 限制

kerem referenced this issue 2026-02-27 23:17:19 +03:00

[PR #108] [MERGED] docs #526

kerem referenced this issue 2026-02-27 23:17:19 +03:00

[PR #109] [MERGED] net.LookupIP may cause deadlock in windows #527

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v15.2

v15.1

v15.0

Labels

Clear labels   

TODO

  

bug

  

duplicate

  

enhancement

  

good first issue

  

help wanted

  

helpful

  

invalid

  

need-confirm

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

TODO

bug

duplicate

enhancement

good first issue

help wanted

helpful

invalid

need-confirm

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/goproxy#108

No description provided.