Download
This repository is a hands-on, longform guide for building and operating your own “scientific” Internet access setup — i.e., self-hosted proxies, VPNs, and transparent gateways — so you can reach blocked resources, protect privacy, and learn the underlying networking principles. It walks through buying and evaluating VPSes (regions, bandwidth, CN2/GIA lines), enabling kernel/network optimizations (BBR), and applying production practices like TLS certificates with Let’s Encrypt and using Cloudflare safely. The guide provides multiple deployment patterns (Dockerized gost / Shadowsocks / L2TP-IPSec, IKEv2 suggestions, and Cloudflare WARP integration), plus client configuration instructions for desktop and mobile (Clash, SwitchyOmega, Shadowrocket, etc.). Several transparent gateway patterns are explained: router/OpenWRT (Clash on the router), Raspberry Pi gateway, and a data-center NAT/EC2 NAT instance design with Clash for whole-VPC routing.
Features
- Guidance for selecting VPS providers, regions, bandwidth, and CN2/GIA routing considerations
- Step-by-step Docker deployments: gost HTTPS proxy, Shadowsocks, L2TP/IPSec examples and startup scripts
- Client configuration examples for desktop and mobile: Clash (rule sets), SwitchyOmega, Shadowrocket, and Clash for routers
- Transparent gateway designs: OpenWRT router, Raspberry Pi gateway, and AWS VPC/EC2 NAT instance + Clash for private subnets
- Anti-detection and traffic camouflage methods: TLS/HTTP disguise, probe_resist, Cloudflare WARP integration and selective routing
- Operational tasks and tooling: Let’s Encrypt certbot automation, enabling TCP BBR, iptables rules, and handling Cloudflare WARP nuances
Project Samples
