# GOST — Versatile Go Tunnel with Multi-Protocol Support > A simple yet powerful tunnel and proxy written in Go, supporting HTTP/HTTPS/SOCKS5/Shadowsocks/SNI/SSH/KCP/QUIC protocols. Functions as a proxy chain, port forwarder, and encrypted tunnel with a YAML-based configuration system. ## Install Save as a script file and run: # GOST — Versatile Go Tunnel with Multi-Protocol Support ## Quick Use ```bash # Install via Go go install github.com/go-gost/gost/cmd/gost@latest # Or download binary from releases: # https://github.com/go-gost/gost/releases # Start a simple HTTP/SOCKS5 proxy on port 8080 gost -L :8080 # Forward local port 8080 to remote:80 via a SOCKS5 proxy gost -L tcp://:8080/remote:80 -F socks5://proxy:1080 ``` ## Introduction GOST (GO Simple Tunnel) is a security tunnel and proxy tool written in Go. It supports a wide array of protocols and can chain proxies, forward ports, and create encrypted tunnels. Its YAML configuration and REST API make it suitable for both quick command-line use and complex multi-hop deployments. ## What GOST Does - Creates encrypted tunnels over HTTP, SOCKS5, Shadowsocks, SSH, KCP, QUIC, and more - Chains multiple proxies together for multi-hop routing - Forwards TCP/UDP ports through encrypted channels - Provides TUN/TAP device support for VPN-like functionality - Exposes a REST API for dynamic runtime configuration ## Architecture Overview GOST v3 uses a pipeline architecture: listeners accept connections, handlers process them, and dialers establish outbound connections. Each component is pluggable — you can mix any listener (TCP, UDP, TUN, ICMP tunnel) with any handler (proxy, relay, tunnel) and dialer (direct, proxy chain, DNS). Configuration is hot-reloadable via YAML files or the REST API. ## Self-Hosting & Configuration - Download a single static binary for your platform (no dependencies) - Configure via command-line flags for simple setups - Use YAML configuration files for complex multi-service deployments - Enable the REST API for dynamic configuration changes at runtime - Deploy as a systemd service for persistent background operation ## Key Features - Multi-protocol: HTTP, SOCKS4/5, Shadowsocks, SSH, KCP, QUIC, WebSocket, gRPC - Proxy chaining: route traffic through multiple proxy hops - Dynamic configuration: REST API and hot-reload of YAML configs - TUN/TAP support: create virtual network interfaces for full VPN mode - ICMP tunnel: encapsulate traffic in ICMP packets for restricted networks ## Comparison with Similar Tools - **frp** — focuses on reverse proxying NAT traversal; GOST is a general-purpose tunnel - **Chisel** — SSH-based TCP tunnel; GOST supports many more transport protocols - **WireGuard** — kernel-level VPN; GOST operates in userspace with more protocol flexibility - **Shadowsocks** — single protocol; GOST supports Shadowsocks plus a dozen others - **ngrok** — cloud-based tunnel service; GOST is fully self-hosted ## FAQ **Q: What is the difference between GOST v2 and v3?** A: v3 (go-gost/gost) is a complete rewrite with a modular pipeline architecture, YAML config, and REST API. v2 (ginuerzh/gost) is the older version. **Q: Can GOST be used as a VPN?** A: Yes, with TUN mode enabled it can function as a VPN, routing all traffic through the tunnel. **Q: Does it support UDP forwarding?** A: Yes, GOST supports UDP relay and forwarding across supported protocols. **Q: Is traffic encrypted by default?** A: Encryption depends on the protocol chosen. TLS, SSH, Shadowsocks, and QUIC all provide encryption. ## Sources - https://github.com/go-gost/gost - https://gost.run --- Source: https://tokrepo.com/en/workflows/asset-7384d620 Author: Script Depot