• Proxy services with TCP-traffic redirection to external Socks4/5, HTTPS and SSH2* proxy servers

  • Transparent firewall-based traffic redirector
  • Internal Socks and HTTPS proxy server

  * Requires libssh2 library

• Supported platforms:

  OS	PF	ip/nftables
  macOS	✅	⬜
  FreeBSD	✅	⬜
  OpenBSD	✅	⬜
  Linux	⬜	✅
  Windows WSL2	⬜	✅

• Main features

  Transparent proxy	Socks5	Socks4	HTTPS	SSH2
  Proxy protocol	✅	✅	✅	✅
  Proxy chains	✅	✅	✅	⬜*
  Proxy workload balancer	✅	✅	✅	✅
  Authentication	✅	⬜	✅	✅
  IPv6 stack support	✅	⬜	✅	✅
  Remote names resolution: NS-Warp	✅	⬜	✅	✅

  * Only one SSH2 proxy server allowed per chain

  Internal proxy	Socks5	HTTPS
  Proxy protocol	✅	✅
  Proxy chains	✅	✅
  Proxy workload balancer	✅	✅
  Authentication	⬜	⬜
  IPv6 stack support	✅	✅
  Remote names resolution	✅	✅

• Miscellaneous features

  • Simple configuration structure as INI-like file
  • Password encoding (obfuscation) in configuration files
  • Daemon mode
  • Front-end UI
  • Installation script (via Makefile)

• TODO

  • UDP support
  • Internal Socks4 proxy support
  • Socks4a protocol support
  • OS specific select alternatives: epol / kqueue
  • Faster NS-Warp
  • Documentation

Attention! To incorporate HTTP proxy service, socks_* variables in ts-warp.ini are replaced by proxy_* ones. The deprecated variables will be eventually removed in the further releases

See it here

# If SSH2 proxy support is required, install https://libssh2.org library first, then download ts-warp:

git clone https://github.com/mezantrop/ts-warp && cd ts-warp

# `configure` script understands a number of environmental variables. You can force setting values to:
# `PREFIX`, `WITH_TCP_NODELAY`, `WITH_LIBSSH2`, `USER`, otherwise they will be auto-detected.

./configure && make && sudo make install clean

# Copy and edit configuration files
sudo cp /usr/local/etc/ts-warp.ini.sample /usr/local/etc/ts-warp.ini && sudo vi /usr/local/etc/ts-warp.ini

# on *BSD and macOS
sudo cp /usr/local/etc/ts-warp_pf.conf.sample /usr/local/etc/ts-warp_pf.conf
sudo vi /usr/local/etc/ts-warp_pf.conf

# on Linux with nftables
sudo cp /usr/local/etc/ts-warp_nftables.sh.sample /usr/local/etc/ts-warp_nftables.sh
sudo vi /usr/local/etc/ts-warp_nftables.sh

# on Linux with iptables
sudo cp /usr/local/etc/ts-warp_iptables.sh.sample /usr/local/etc/ts-warp_iptables.sh
sudo vi /usr/local/etc/ts-warp_iptables.sh

# on Windows WSL2 (Ubuntu) with iptables; Required packages for CLI: clang/gcc, make. For GUI-Warp: python3-tk
wsl --set-default-version 2

sudo cp /usr/local/etc/ts-warp_iptables.sh.sample /usr/local/etc/ts-warp_iptables.sh
sudo vi /usr/local/etc/ts-warp_iptables.sh

You can control, e.g. start, stop ts-warp daemon using ts-warp.sh script. Under root privileges or sudo run:

# <PREFIX>/etc/ts-warp.sh start|stop|reload|restart [options]
# <PREFIX>/etc/ts-warp.sh status

For example:

sudo /usr/local/etc/ts-warp.sh start
sudo /usr/local/etc/ts-warp.sh stop

After succesfull start, TS-Warp transparently redirects traffic according to the configuration specified in ts-warp.ini and firewall rules. Also, TS-Warp spawns Socks5 proxy server at localhost:10800 and HTTPS proxy (CONNECT method) at localhost:8080.

All the ts-warp command-line options can be listed using $ ts-warp -h:

Usage:
  ts-warp -T IP:Port -S IP:Port -H IP:Port -c file.ini -l file.log -v 0-4 -t file.act -d -p file.pid -f -u user -h

Version:
  TS-Warp-X.Y.Z

All parameters are optional:
  -T IP:Port      Local IP address and port for incoming Transparent requests
  -S IP:Port      Local IP address and port for internal Socks server
  -H IP:Port      Local IP address and port for internal HTTP server

  -l file.log     Main log filename
  -v 0..4         Log verbosity level: 0 - off, default: 3
  -t file.act     Active connections and traffic log

  -d              Daemon mode
  -p file.pid     PID filename
  -f              Force start

  -u user         A user to run ts-warp, default: nobody

  -h              This message

ts-warp.sh respects ts-warp daemon options. For example, to temporary enable more verbose logs, restart ts-warp with -v 4 option:

sudo /usr/local/etc/ts-warp.sh restart -v 4

ts-warp understands several signals:

• SIGHUP signal as the command to reload configuration
• SIGUSR1 to display current configuration state. Note, load balancer can dynamically reorder configuration sections
• SIGUSR2 to show active clients connection status and traffic stats
• SIGINT to stop the daemon.

Use ts-pass to encode passwords if requred. See examples in ts-warp.ini

The GUI front-end application to control ts-warp daemon can be installed from the gui directory:

cd gui
sudo make install

Optionally. Set PREFIX, to use a different installation target in the make command above:

sudo make install PREFIX=/path/to/install

To start the GUI run:

sudo -b <PREFIX>/bin/gui-warp.py

Note, Python 3 interpreter with tkinter support is required to run the GUI frontend.

Check releases and download macOS standalone precompiled application. Read related README.md for information and instructions.

Not so early stage of development, yet don't expect everything to work properly. If you have an idea, a question, or have found a problem, do not hesitate to open an issue or mail me: Mikhail Zakharov [email protected]

Many thanks to contributors of the project