
v2.0.4+incompatible Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jun 29, 2019 License: GPL-3.0


Build Status Coverage Status

Psiphon 3 Tunnel Core README


Psiphon client and server components implemented in Go. These components provides core tunnel functionality, handling all aspects of evading blocking and relaying traffic through Psiphon. In the client, local proxies provide an interface for routing traffic through the tunnel.

The client component does not include a UI and does not handle capturing or routing local traffic. These major aspects are handled by other parts of Psiphon client applications.


This project is in production and used as the tunneling engine in our Windows and Android clients, which are available at our Psiphon 3 repository.

Client Setup

  • Go 1.9 (or higher) is required.
  • This project builds and runs on recent versions of Windows, Linux, and Mac OS X.
  • Note that the psiphon package is imported using the absolute path github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon; without further local configuration, go will use this version of the code and not the local copy in the repository.
  • In this repository, run go build in ConsoleClient to make the ConsoleClient binary, a console Psiphon client application.
    • Build versioning info may be configured as follows, and passed to go build in the -ldflags argument:

      BUILDDATE=$(date --iso-8601=seconds)
      BUILDREPO=$(git config --get remote.origin.url)
      BUILDREV=$(git rev-parse --short HEAD)
      GOVERSION=$(go version | perl -ne '/go version (.*?) / && print $1')
      DEPENDENCIES=$(echo -n "{" && go list -f '{{range $dep := .Deps}}{{printf "%s\n" $dep}}{{end}}' | xargs go list -f '{{if not .Standard}}{{.ImportPath}}{{end}}' | xargs -I pkg bash -c 'cd $GOPATH/src/pkg && echo -n "\"pkg\":\"$(git rev-parse --short HEAD)\","' | sed 's/,$/}/')
      -X github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common.buildDate=$BUILDDATE \
      -X github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common.buildRepo=$BUILDREPO \
      -X github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common.buildRev=$BUILDREV \
      -X github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common.goVersion=$GOVERSION \
      -X github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common.dependencies=$DEPENDENCIES \
  • Configuration files are standard text files containing a valid JSON object. Example:
    "PropagationChannelId" : "<placeholder>",
    "SponsorId" : "<placeholder>",
    "LocalHttpProxyPort" : 8080,
    "LocalSocksProxyPort" : 1080

Note: The lines <!--BEGIN-SAMPLE-CONFIG--> and <--END-SAMPLE-CONFIG--> (visible in the raw Markdown) are used by the config test. Do not remove them.

  • All config file parameters are documented here.
  • Replace each <placeholder> with a value from your Psiphon server. The Psiphon server-side stack is open source and can be found in our Psiphon 3 repository.
  • Run ./ConsoleClient --config psiphon.config where psiphon.config is created as described in the Configure section above

Other Platforms


Psiphon Tunnel Core uses:


Please see the LICENSE file.


We maintain a developer mailing list at psiphon3-developers@googlegroups.com. For more information about Psiphon Inc., please visit our web site at www.psiphon.ca.


Path Synopsis
Package analysis implements heuristical frequency analysis of Psiphon Tunnel Core server logs.
Package analysis implements heuristical frequency analysis of Psiphon Tunnel Core server logs.
Package psiphon implements the core tunnel functionality of a Psiphon client.
Package psiphon implements the core tunnel functionality of a Psiphon client.
Package accesscontrol implements an access control authorization scheme based on digital signatures.
Package accesscontrol implements an access control authorization scheme based on digital signatures.
Package acme provides an implementation of the Automatic Certificate Management Environment (ACME) spec.
Package acme provides an implementation of the Automatic Certificate Management Environment (ACME) spec.
Package acmetest provides types for testing acme and autocert packages.
Package acmetest provides types for testing acme and autocert packages.
Package argon2 implements the key derivation function Argon2.
Package argon2 implements the key derivation function Argon2.
Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm.
Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm.
Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xb.
Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xb.
Package blake2s implements the BLAKE2s hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xs.
Package blake2s implements the BLAKE2s hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xs.
Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
Package bn256 implements a particular bilinear group.
Package bn256 implements a particular bilinear group.
Package cast5 implements CAST5, as defined in RFC 2144.
Package cast5 implements CAST5, as defined in RFC 2144.
Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD as specified in RFC 7539, and its extended nonce variant XChaCha20-Poly1305.
Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD as specified in RFC 7539, and its extended nonce variant XChaCha20-Poly1305.
Package cryptobyte contains types that help with parsing and constructing length-prefixed, binary messages, including ASN.1 DER.
Package cryptobyte contains types that help with parsing and constructing length-prefixed, binary messages, including ASN.1 DER.
Package asn1 contains supporting types for parsing and building ASN.1 messages with the cryptobyte package.
Package asn1 contains supporting types for parsing and building ASN.1 messages with the cryptobyte package.
Package curve25519 provides an implementation of scalar multiplication on the elliptic curve known as curve25519.
Package curve25519 provides an implementation of scalar multiplication on the elliptic curve known as curve25519.
Package ed25519 implements the Ed25519 signature algorithm.
Package ed25519 implements the Ed25519 signature algorithm.
Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869.
Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869.
Package ChaCha20 implements the core ChaCha20 function as specified in https://tools.ietf.org/html/rfc7539#section-2.3.
Package ChaCha20 implements the core ChaCha20 function as specified in https://tools.ietf.org/html/rfc7539#section-2.3.
Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly.
Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly.
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
Package auth authenticates a message using a secret key.
Package auth authenticates a message using a secret key.
Package box authenticates and encrypts small messages using public-key cryptography.
Package box authenticates and encrypts small messages using public-key cryptography.
Package secretbox encrypts and authenticates small messages.
Package secretbox encrypts and authenticates small messages.
Package sign signs small messages using public-key cryptography.
Package sign signs small messages using public-key cryptography.
Package ocsp parses OCSP responses as specified in RFC 2560.
Package ocsp parses OCSP responses as specified in RFC 2560.
Package openpgp implements high level operations on OpenPGP messages.
Package openpgp implements high level operations on OpenPGP messages.
Package armor implements OpenPGP ASCII Armor, see RFC 4880.
Package armor implements OpenPGP ASCII Armor, see RFC 4880.
Package clearsign generates and processes OpenPGP, clear-signed data.
Package clearsign generates and processes OpenPGP, clear-signed data.
Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.
Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.
Package errors contains common error types for the OpenPGP packages.
Package errors contains common error types for the OpenPGP packages.
Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.
Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.
Package otr implements the Off The Record protocol as specified in http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html
Package otr implements the Off The Record protocol as specified in http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html
Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.
Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.
Package pkcs12 implements some of PKCS#12.
Package pkcs12 implements some of PKCS#12.
Package rc2 implements the RC2 cipher
Package rc2 implements the RC2 cipher
Package poly1305 implements Poly1305 one-time message authentication code as specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
Package poly1305 implements Poly1305 one-time message authentication code as specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
Package ripemd160 implements the RIPEMD-160 hash algorithm.
Package ripemd160 implements the RIPEMD-160 hash algorithm.
Package salsa20 implements the Salsa20 stream cipher as specified in https://cr.yp.to/snuffle/spec.pdf.
Package salsa20 implements the Salsa20 stream cipher as specified in https://cr.yp.to/snuffle/spec.pdf.
Package salsa provides low-level access to functions in the Salsa family.
Package salsa provides low-level access to functions in the Salsa family.
Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (https://www.tarsnap.com/scrypt/scrypt.pdf).
Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (https://www.tarsnap.com/scrypt/scrypt.pdf).
Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length hash functions defined by FIPS-202.
Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length hash functions defined by FIPS-202.
Package ssh implements an SSH client and server.
Package ssh implements an SSH client and server.
Package agent implements the ssh-agent protocol, and provides both a client and a server.
Package agent implements the ssh-agent protocol, and provides both a client and a server.
Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.
Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
Package test contains integration tests for the github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/crypto/ssh package.
Package test contains integration tests for the github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/crypto/ssh package.
Package tea implements the TEA algorithm, as defined in Needham and Wheeler's 1994 technical report, “TEA, a Tiny Encryption Algorithm”.
Package tea implements the TEA algorithm, as defined in Needham and Wheeler's 1994 technical report, “TEA, a Tiny Encryption Algorithm”.
Package twofish implements Bruce Schneier's Twofish encryption algorithm.
Package twofish implements Bruce Schneier's Twofish encryption algorithm.
Package xtea implements XTEA encryption, as defined in Needham and Wheeler's 1997 technical report, "Tea extensions."
Package xtea implements XTEA encryption, as defined in Needham and Wheeler's 1997 technical report, "Tea extensions."
Package xts implements the XTS cipher mode as specified in IEEE P1619/D16.
Package xts implements the XTS cipher mode as specified in IEEE P1619/D16.
Package osl implements the Obfuscated Server List (OSL) mechanism.
Package osl implements the Obfuscated Server List (OSL) mechanism.
Package parameters implements dynamic, concurrency-safe parameters that determine Psiphon client behavior.
Package parameters implements dynamic, concurrency-safe parameters that determine Psiphon client behavior.
Package prng implements a seeded, unbiased PRNG that is suitable for use cases including obfuscation, network jitter, load balancing.
Package prng implements a seeded, unbiased PRNG that is suitable for use cases including obfuscation, network jitter, load balancing.
Package quic wraps github.com/lucas-clemente/quic-go with net.Listener and net.Conn types that provide a drop-in replacement for net.TCPConn.
Package quic wraps github.com/lucas-clemente/quic-go with net.Listener and net.Conn types that provide a drop-in replacement for net.TCPConn.
Package sss implements Shamir's Secret Sharing algorithm over GF(2^8).
Package sss implements Shamir's Secret Sharing algorithm over GF(2^8).
Package tactics provides dynamic Psiphon client configuration based on GeoIP attributes, API parameters, and speed test data.
Package tactics provides dynamic Psiphon client configuration based on GeoIP attributes, API parameters, and speed test data.
Package tun is an IP packet tunnel server and client.
Package tun is an IP packet tunnel server and client.
Package wildcard implements a very simple wildcard matcher which supports only the term '*', which matches any sequence of characters.
Package wildcard implements a very simple wildcard matcher which supports only the term '*', which matches any sequence of characters.
Package server implements the core tunnel functionality of a Psiphon server.
Package server implements the core tunnel functionality of a Psiphon server.
Package psinet implements psinet database services.
Package psinet implements psinet database services.
Package transferstats counts and keeps track of session stats.
Package transferstats counts and keeps track of session stats.
Package NTLM implements the interfaces used for interacting with NTLMv1 and NTLMv2.
Package NTLM implements the interfaces used for interacting with NTLMv1 and NTLMv2.
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL