ospab
/
ostp
mirror of https://github.com/ospab/ostp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Page: FAQ
Pages
Building from Source Building from Source_ru Configuration Configuration_ru DNS Tunneling DNS Tunneling_ru FAQ FAQ_ru GUI Client GUI Client_ru Home Home_ru Installation Installation_ru Management API Management API_ru Protocol Design Protocol Design_ru Share Links Share Links_ru
2 FAQ
ospab edited this page 2026-05-17 17:19:45 +03:00
Table of Contents

FAQ

Russian / Русский

General

What is the difference between OSTP and other proxy protocols?

OSTP is designed specifically for DPI/TSPU resistance. Unlike Shadowsocks, VMess, or VLESS, OSTP:

  • Has no protocol-specific magic bytes or version fields
  • Derives all obfuscation parameters from the access key
  • Uses UDP with Noise protocol for key exchange
  • Cannot be identified by binary analysis

Is OSTP compatible with xray-core or sing-box?

No. OSTP is a standalone protocol with its own transport and encryption. It is not a plugin for existing proxy frameworks.

Does OSTP support multiple users?

Yes. The server accepts multiple access keys in the access_keys array. Each key creates an independent encrypted session.

Connection

Why does the handshake fail?

  1. Wrong access key — Keys must match exactly between client and server
  2. UDP blocked — Some networks block UDP entirely. Try enabling TURN relay
  3. Port blocked — Try using port 443 or 8443
  4. Version mismatch — Client and server must be the same version

What ports does OSTP use?

Default: UDP port 50000. This is configurable.

Does OSTP work over TCP?

No. OSTP is UDP-only by design. For networks that block UDP, use the built-in TURN relay feature.

Performance

What is the expected overhead?

Approximately 50-100 bytes per packet for AEAD encryption, nonce, and session header. On high-bandwidth connections, overhead is negligible (<1%).

How does multiplexing work?

When enabled, the client creates multiple OSTP sessions to the server simultaneously. This can improve throughput on lossy networks by distributing traffic across sessions.

Security

What cryptography does OSTP use?

  • Key Exchange: Noise_NNpsk0 (X25519 + ChaChaPoly + BLAKE2s)
  • Key Derivation: HKDF-SHA256 (RFC 5869)
  • Transport Encryption: ChaCha20-Poly1305 AEAD
  • Obfuscation Masks: HMAC-SHA256

Can my ISP detect OSTP traffic?

OSTP is designed to make detection as difficult as possible:

  • All bytes on the wire are indistinguishable from random
  • No static signatures or patterns
  • Padding ranges vary per access key
  • The binary contains no protocol-specific strings

However, traffic analysis (timing, volume patterns) may still reveal tunnel usage. OSTP includes adaptive padding to mitigate this.

What does Kerckhoffs's principle mean for OSTP?

It means that even with full access to the source code and binary, an adversary cannot build a DPI filter without knowing a valid access key. The protocol's security depends solely on the secrecy of the key.

← Building from Source | Home

OSTP Wiki

English

Русский