heiher/hev-socks5-tunnel

GitHub: heiher/hev-socks5-tunnel

轻量级、跨平台的高性能 tun2socks 实现，可将 TUN 设备流量透明转发至 SOCKS5 代理。

Stars: 1712 | Forks: 306

# HevSocks5Tunnel [![状态](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/a00c4a6334125436.svg)](https://github.com/heiher/hev-socks5-tunnel) 一个基于 Socks5 代理的简单、轻量级隧道 (tun2socks)。 ## 功能特性 * IPv4/IPv6。（双栈） * 重定向 TCP 连接。 * 重定向 UDP 数据包。（Fullcone NAT，UDP-in-UDP 和 UDP-in-TCP [^1]） * 支持 Linux/Android/FreeBSD/macOS/iOS/Windows。 ## 基准测试更多详情请见[此处](https://github.com/heiher/hev-socks5-tunnel/wiki/Benchmarks)。 ### 速度 ![](https://github.com/heiher/hev-socks5-tunnel/wiki/res/upload-speed.png) ![](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/1baba6b5e4125509.png) ### CPU 占用 ![](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/c8096dfd3d125511.png) ![](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/b9d97f48bf125515.png) ### 内存占用 ![](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/a81d817c99125516.png) ![](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/aba33b9f91125520.png) ## 如何构建 ### Unix ``` git clone --recursive https://github.com/heiher/hev-socks5-tunnel cd hev-socks5-tunnel make ``` ### Android ``` mkdir hev-socks5-tunnel cd hev-socks5-tunnel git clone --recursive https://github.com/heiher/hev-socks5-tunnel jni ndk-build ``` ### iOS 和 macOS ``` git clone --recursive https://github.com/heiher/hev-socks5-tunnel cd hev-socks5-tunnel # 将生成 HevSocks5Tunnel.xcframework ./build-apple.sh ``` ### Windows (MSYS2) ``` export MSYS=winsymlinks:native git clone --recursive https://github.com/heiher/hev-socks5-tunnel cd hev-socks5-tunnel make ``` ### 库 ``` git clone --recursive https://github.com/heiher/hev-socks5-tunnel cd hev-socks5-tunnel # 静态库 make static # 动态库 make shared ``` ## 如何使用 ### 配置 ``` tunnel: # Interface name name: tun0 # Interface MTU mtu: 8500 # Multi-queue multi-queue: false # IPv4 address ipv4: 198.18.0.1 # IPv6 address ipv6: 'fc00::1' # Post up script # post-up-script: up.sh # Pre down script # pre-down-script: down.sh socks5: # Socks5 server port port: 1080 # Socks5 server address (ipv4/ipv6) address: 127.0.0.1 # Socks5 UDP relay mode (tcp|udp) udp: 'udp' # Override the UDP address provided by the Socks5 server (ipv4/ipv6) # udp-address: '' # Socks5 handshake using pipeline mode # pipeline: false # Socks5 server username # username: 'username' # Socks5 server password # password: 'password' # Socket mark # mark: 0 #mapdns: # Mapped DNS address # address: 198.18.0.2 # Mapped DNS port # port: 53 # Mapped IP network base # network: 100.64.0.0 # Mapped IP network mask # netmask: 255.192.0.0 # Mapped DNS cache size # cache-size: 10000 #misc: # task stack size (bytes) # task-stack-size: 86016 # tcp buffer size (bytes) # tcp-buffer-size: 65536 # udp socket recv buffer (SO_RCVBUF) size (bytes) # udp-recv-buffer-size: 524288 # number of udp buffers in splice, 1500 bytes per buffer. # udp-copy-buffer-nums: 10 # maximum session count (0: unlimited) # max-session-count: 0 # connect timeout (ms) # connect-timeout: 10000 # TCP read-write timeout (ms) # tcp-read-write-timeout: 300000 # UDP read-write timeout (ms) # udp-read-write-timeout: 60000 # stdout, stderr or file-path # log-file: stderr # debug, info, warn or error # log-level: warn # If present, run as a daemon with this pid file # pid-file: /run/hev-socks5-tunnel.pid # If present, set rlimit nofile; else use default value # limit-nofile: 65535 ``` ### 运行 #### Linux ``` # 设置 socks5.mark = 438 bin/hev-socks5-tunnel conf/main.yml # 禁用反向路径过滤 sudo sysctl -w net.ipv4.conf.all.rp_filter=0 sudo sysctl -w net.ipv4.conf.tun0.rp_filter=0 # 绕过上游 socks5 服务器 sudo ip rule add fwmark 438 lookup main pref 10 sudo ip -6 rule add fwmark 438 lookup main pref 10 # 路由其他 sudo ip route add default dev tun0 table 20 sudo ip rule add lookup 20 pref 20 sudo ip -6 route add default dev tun0 table 20 sudo ip -6 rule add lookup 20 pref 20 ``` #### FreeBSD/macOS ``` # 绕过上游 socks5 服务器 # 10.0.0.1: socks5 服务器 # 10.0.2.2: 默认网关 sudo route add -net 10.0.0.1/32 10.0.2.2 # 路由其他 sudo route change -inet default -interface tun0 sudo route change -inet6 default -interface tun0 ``` #### Windows ``` # 绕过上游 socks5 服务器 # 10.0.0.1: socks5 服务器 # 10.0.2.2: 默认网关 route add 10.0.0.1/32 10.0.2.2 # 路由其他 route change 0.0.0.0/0 0.0.0.0 if tun-index route change ::/0 :: if tun-index ``` #### OpenWrt 24.10+ 仓库：https://github.com/openwrt/packages/tree/master/net/hev-socks5-tunnel ``` # 安装软件包 opkg install hev-socks5-tunnel # 编辑 /etc/config/hev-socks5-tunnel # 重启服务 /etc/init.d/hev-socks5-tunnel restart ``` #### 低内存占用在 iOS 等低内存系统上，减小 TCP 缓冲区和任务栈的大小，以及限制最大会话数，有助于防止内存溢出 (OOM) 问题。 ``` misc: # task stack size (bytes) task-stack-size: 24576 # 20480 + tcp-buffer-size # tcp buffer size (bytes) tcp-buffer-size: 4096 # maximum session count max-session-count: 1200 ``` #### Docker Compose ``` version: "3.9" services: client: image: alpine:latest # just for network testing tty: true # you can test network in terminal depends_on: tun: condition: service_healthy network_mode: "service:tun" tun: image: ghcr.io/heiher/hev-socks5-tunnel:latest # `latest` for the latest published version; `nightly` for the latest source build; `vX.Y.Z` for the specific version cap_add: - NET_ADMIN # needed devices: - /dev/net/tun:/dev/net/tun # needed environment: TUN: tun0 # optional, tun interface name, default `tun0` MTU: 8500 # optional, MTU is MTU, default `8500` IPV4: 198.18.0.1 # optional, tun interface ip, default `198.18.0.1` TABLE: 20 # optional, ip route table id, default `20` MARK: 438 # optional, ip route rule mark, dec or hex format, default `438` SOCKS5_ADDR: a.b.c.d # socks5 proxy server address SOCKS5_PORT: 1080 # socks5 proxy server port SOCKS5_USERNAME: user # optional, socks5 proxy username, only set when need to auth SOCKS5_PASSWORD: pass # optional, socks5 proxy password, only set when need to auth SOCKS5_UDP_MODE: udp # optional, UDP relay mode, default `udp`, other option `tcp` SOCKS5_UDP_ADDR: a.b.c.d # optional, override the UDP address provided by the Socks5 server CONFIG_ROUTES: 1 # optional, set 0 to ignore TABLE, IPV4_INCLUDED_ROUTES and IPV4_EXCLUDED_ROUTES, with MARK defaults to 0 IPV4_INCLUDED_ROUTES: 0.0.0.0/0 # optional, demo means proxy all traffic. for multiple network segments, join with `,` or `\n` IPV4_EXCLUDED_ROUTES: a.b.c.d # optional, demo means exclude traffic from the proxy itself. for multiple network segments, join with `,` or `\n` LOG_LEVEL: warn # optional, default `warn`, other option `debug`/`info`/`error` dns: - 8.8.8.8 ``` 您也可以设置包含多个网段的路由规则，例如： ``` environment: IPV4_INCLUDED_ROUTES: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 IPV4_EXCLUDED_ROUTES: |- a.b.c.d/24 a.b.c.f/24 ``` ## API ``` /** * hev_socks5_tunnel_main: * @config_path: config file path * @tun_fd: tunnel file descriptor * * Start and run the socks5 tunnel, this function will blocks until the * hev_socks5_tunnel_quit is called or an error occurs. * * Alias of hev_socks5_tunnel_main_from_file * * Returns: returns zero on successful, otherwise returns -1. * * Since: 2.4.6 */ int hev_socks5_tunnel_main (const char *config_path, int tun_fd); /** * hev_socks5_tunnel_main_from_file: * @config_path: config file path * @tun_fd: tunnel file descriptor * * Start and run the socks5 tunnel, this function will blocks until the * hev_socks5_tunnel_quit is called or an error occurs. * * Returns: returns zero on successful, otherwise returns -1. * * Since: 2.6.7 */ int hev_socks5_tunnel_main_from_file (const char *config_path, int tun_fd); /** * hev_socks5_tunnel_main_from_str: * @config_str: string config * @config_len: the byte length of string config * @tun_fd: tunnel file descriptor * * Start and run the socks5 tunnel, this function will blocks until the * hev_socks5_tunnel_quit is called or an error occurs. * * Returns: returns zero on successful, otherwise returns -1. * * Since: 2.6.7 */ int hev_socks5_tunnel_main_from_str (const unsigned char *config_str, unsigned int config_len, int tun_fd); /** * hev_socks5_tunnel_quit: * * Stop the socks5 tunnel. * * Since: 2.4.6 */ void hev_socks5_tunnel_quit (void); /** * hev_socks5_tunnel_stats: * @tx_packets (out): transmitted packets * @tx_bytes (out): transmitted bytes * @rx_packets (out): received packets * @rx_bytes (out): received bytes * * Retrieve tunnel interface traffic statistics. * * Since: 2.6.5 */ void hev_socks5_tunnel_stats (size_t *tx_packets, size_t *tx_bytes, size_t *rx_packets, size_t *rx_bytes); ``` ## 使用案例 ### Android VPN * [SocksTun](https://github.com/heiher/sockstun) ### iOS * [Tun2SocksKit](https://github.com/EbrahimTahernejad/Tun2SocksKit) ## 贡献者 * **arror** - https://github.com/arror * **bazuchan** - https://github.com/bazuchan * **codewithtamim** - https://github.com/codewithtamim * **dovecoteescapee** - https://github.com/dovecoteescapee * **ebrahimtahernejad** - https://github.com/ebrahimtahernejad * **heiby** - https://github.com/heiby * **hev** - https://hev.cc * **katana** - https://github.com/officialkatana * **pronebird** - https://github.com/pronebird * **saeeddev94** - https://github.com/saeeddev94 * **sskaje** - https://github.com/sskaje * **wankkoree** - https://github.com/wankkoree * **xz-dev** - https://github.com/xz-dev * **yiguous** - https://github.com/yiguous * **yujinpan** - https://github.com/yujinpan * **zheshinicheng** - https://github.com/zheshinicheng ## 许可证 MIT [^1]: 参见[协议规范](https://github.com/heiher/hev-socks5-core/tree/main?tab=readme-ov-file#udp-in-tcp)。[hev-socks5-server](https://github.com/heiher/hev-socks5-server) 支持通过 TCP 进行 UDP 中继。

标签：Android工具, IT运维, LangChain, Linux网络, Socks5代理, TCP重定向, Tun2socks, UDP中继, VPN替代, 代理客户端, 全局代理, 全锥NAT, 协议转换, 反向代理, 客户端加密, 客户端加密, 开源, 流量代理, 流量劫持, 流量转发, 端口转发, 网络安全, 网络工具, 网络编程, 网络隧道, 虚拟网卡, 请求拦截, 轻量级, 透明代理, 隐私保护