ospab
/
ostp
mirror of https://github.com/ospab/ostp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Page: Configuration
Pages
Building from Source Building from Source_ru Configuration Configuration_ru DNS Tunneling DNS Tunneling_ru FAQ FAQ_ru GUI Client GUI Client_ru Home Home_ru Installation Installation_ru Management API Management API_ru Protocol Design Protocol Design_ru Share Links Share Links_ru
7 Configuration
ospab edited this page 2026-06-19 15:02:57 +03:00
Table of Contents

Configuration

GitHub Release

Russian / Русский

Starting from version 0.3.1, OSTP uses a modular configuration system based on inbounds, outbounds, and routing rules. This applies to both the server and the client. The configuration is written in JSON (comments with // are supported).

# Generate a default configuration file
./ostp --init server
./ostp --init client

# Validate a configuration without running
./ostp --check --config config.json

Server Configuration

The server configuration defines how it listens for incoming connections (inbounds) and where it routes traffic (outbounds).

Modular Structure

Field Type Description
inbounds array List of incoming listeners (ostp, api, dns).
outbounds array List of outgoing proxies (socks, direct, block).
routing object Rules to map incoming traffic to outbounds based on domains or IP CIDRs.
dns object Built-in DNS server for AdBlocking and DoH forwarding (optional).
debug bool Enable verbose packet-level logging.

Server Inbounds

1. OSTP Inbound

The primary listener for OSTP connections.

{
  "type": "ostp",
  "tag": "ostp-in",
  "listen": "0.0.0.0",
  "port": 50000,
  "access_keys": ["YOUR_SECRET_KEY"], // Array of keys
  "transport": {
    "mode": "udp" // Optional. Modes: "udp", "uot" (UDP over TCP), or "wss" (WebSocket)
  },
  "fallback": {
    "enabled": false,
    "target": "127.0.0.1:8080" // Forward unauthenticated TCP probes to a real web server
  }
}

2. API Inbound

REST API listener for management panels.

{
  "type": "api",
  "tag": "api-in",
  "listen": "127.0.0.1",
  "port": 9090,
  "token": "your-secret-token" // Optional Bearer token
}

3. DNS Inbound (dnstt Tunneling)

A native dnstt server implementation that listens for DNS queries and extracts encapsulated OSTP traffic.

{
  "type": "dns",
  "tag": "dns-in",
  "listen": "0.0.0.0:53",
  "domain": "t.yourdomain.com",
  "pubkey": "DNSTT_PUBKEY",
  "privkey": "DNSTT_PRIVKEY"
}

Server Outbounds

Servers route traffic directly to the internet by default, but can use upstream SOCKS5 proxies.

"outbounds": [
  { "type": "direct", "tag": "direct" },
  { "type": "block", "tag": "block" },
  {
    "type": "socks",
    "tag": "tor-proxy",
    "server": "127.0.0.1",
    "port": 9050
  }
]

Server Routing

Routes traffic based on rules. If no rule matches, it falls back to default_outbound.

"routing": {
  "default_outbound": "direct",
  "rules": [
    { "domain_suffix": [".onion"], "outbound": "tor-proxy" },
    { "ip_cidr": ["10.0.0.0/8"], "outbound": "block" }
  ]
}

Internal DNS / AdBlock

The server can run a built-in DNS server for clients, parsing AdBlock lists and resolving via DoH.

"dns": {
  "enabled": true,
  "local_port": 50053,
  "doh_upstream": "https://cloudflare-dns.com/dns-query",
  "adblock_urls": [
    "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
  ]
}

Client Configuration

The client listens locally (e.g., SOCKS5 or TUN) and sends traffic outbound to an OSTP server.

Modular Structure

Field Type Description
version string Configuration version (e.g., "0.3.1").
inbounds array Local listeners (local_proxy, tun).
outbounds array Outgoing connections (ostp, direct, selector, urltest).
routing object Rules to map local traffic to outbounds.
log.level string "info", "debug", or "warn".

Client Inbounds

1. Local Proxy (SOCKS5 / HTTP)

{
  "type": "local_proxy",
  "tag": "socks-in",
  "protocol": "socks", // "socks" or "http"
  "listen": "127.0.0.1",
  "port": 1088
}

2. TUN Interface

Native system-level routing. Requires elevated privileges.

{
  "type": "tun",
  "tag": "tun-in",
  "auto_route": true,
  "mtu": 1140
}

Client Outbounds

1. OSTP Outbound

Connects to an OSTP server.

{
  "type": "ostp",
  "tag": "proxy",
  "server": "192.168.1.100",
  "port": 50000,
  "access_key": "YOUR_SECRET_KEY",
  "transport": {
    "type": "udp" // "udp", "uot" (UDP over TCP), or "dns"
  },
  "multiplex": {
    "enabled": true,
    "connections": 4
  }
}

DNS Transport (dnstt): If using DNS transport:

  "transport": {
    "type": "dns",
    "domain": "t.yourdomain.com",
    "resolver": "1.1.1.1",
    "pubkey": "DNSTT_PUBKEY"
  }

2. Direct / Block / Socks

Clients can also define direct (bypass proxy), block (drop traffic), or socks outbounds.

3. Selector / URLTest

For load balancing or manual switching between multiple ostp outbounds.

{
  "type": "selector",
  "tag": "select",
  "outbounds": ["server1", "server2"],
  "default": "server1"
}

{
  "type": "urltest",
  "tag": "auto-balancer",
  "outbounds": ["server1", "server2"],
  "url": "http://cp.cloudflare.com",
  "interval": "5m"
}

Client Routing

Identical to server routing.

"routing": {
  "default_outbound": "proxy",
  "rules": [
    { "domain_suffix": ["google.com", "youtube.com"], "outbound": "proxy" },
    { "ip_cidr": ["192.168.0.0/16"], "outbound": "direct" }
  ]
}

OSTP Wiki

English

Русский