之前在这发布过的,最近花了些时间给这个小工具写了份比较详细的文档了,请查阅
Github: https://github.com/threatexpert/gonc
自己平时使用的场景:
1 、公司的 VPN 好久不用了,家里 CGNAT 宽带和公司建立 P2P 的 HTTP+SOCKS5 代理隧道,自由访问公司网络。
2 、和分公司内网直接 P2P 快速(实时压缩)传输文件/目录。
3 、内置服务模块满足其他场景,例如 TCP/UDP 端口转发、类 frp 反向代理、甚至科学上网,一个工具都胜任了。
还真别说,通过打洞建立 P2P 的加密隧道,定期端口轮换的功能本来是针对运营商 Qos 的,在科学上网方面有独特的效果。
32 条回复 • 2026-01-10 23:39:17 +08:00
 |
1
ThirdFlame 2 天前
已 star 很多思路值得学习
|
 |
2
theend233 2 天前
之前我使用的命令是
服务端: gonc -p2p xxxx -socks5server 客户端: gonc -p2p xxxx -socks5local-port 3080 客户端访问 10.0.0.1-3389.gonc.cc:3080 就能直接远程桌面 现在 P2P 连接不再区分“服务端”和“客户端”,双方都是平等的对等端 (Peer)。 请问我该使用什么命令可以获得同样的效果? |
 |
4
listenerri 2 天前
之前找 windows 下的 netcat 时发现了这个项目,感谢 OP 分享开源
|
 |
5
EricYuan1 1 天前  1
你的头像,有点东西…
|
 |
6
cheng6563 1 天前
好好好
能用配置文件配置么 |
 |
7
hzsdr 1 天前
gonc -nat-checker 命令显示 failed: <nil>是不是没救了
 |
 |
10
chouvel 1 天前
这个太厉害了吧,和 tailscale 有啥区别?
|
 |
11
p2o521 1 天前
有没有公司电脑访问家里群晖 nas 的教程?小白不知道怎么安装在 DSM 上
|
 |
13
Valpha6 1 天前
受启发了,已素质三连。
|
 |
14
wymam 14 小时 2 分钟前
Mark 一下后续研究一下
|
 |
15
maninnet 12 小时 52 分钟前
没搞明白,电脑的远程桌面端口不是 3389 怎么指定?服务器用 gonc -p2p 0rZj85CEjRBABmofzALgUN -linkagent 这种方式启动。
|
 |
16
le4tim OP |
|
17
maninnet 12 小时 22 分钟前
@le4tim 不行,提示内部错误
我家里电脑的输出: 20260110-123313 [:mux] Waiting for linkagent handshake... 20260110-123313 [:mux] [link] Sending R-Config: none?peer_active=1 20260110-123313 [:mux] [link] Waiting for Remote ACK... 20260110-123313 [:mux] [link] Remote ready (OK:none). 20260110-123313 [:mux] [link-x] Listening on 0.0.0.0:1080 (TProxy=true) 20260110-123313 [:mux] TProxy Format: 127.1.13.61:1080 -> 1.1:3389 20260110-123313 [:mux] [link] Local service started. 20260110-123318 [:mux] New client connected from 127.0.0.1:34870 20260110-123318 [:mux] TCP: 127.0.0.1:34870->1.132:9172 connecting... 20260110-123318 [:mux] 127.0.0.1:34870->1.132:9172 failed: ERROR: DNS lookup failed for '1.132' on network 'ip': lookup 1.132: no such host 20260110-123318 [:mux] Proxy session 127.0.0.1:34870->1.132 (T-CONNECT) finished with error: tunnel TCP connect failed: ERROR: DNS lookup failed for '1.132' on network 'ip': lookup 1.132: no such host 公司电脑输出 20260110-123314 [:mux] [linkagent] Session established. OwnerID= 20260110-123316 [MQTT] Waiting for event on topic: nat-exchange/288b1baf89dc533d across 4 servers 20260110-123319 [:mux] TCP-Connect: 1.132:9172 |
|
18
le4tim OP @maninnet TProxy Format: 127.1.13.61:1080 -> 1.1:3389 这个提示似乎说明了你使用了-magicdns ,而且应该参数有问题?
|
|
19
le4tim OP @maninnet 感谢,我重现了,发现代码有个 bug ,trim 想删掉最后的一个.0 的逻辑错了,结果所有.0 的都删除了,如果是你指定 magicdns 是 10.0.0.0 ,b 和 c 段是.0 就有 bug 。这个 bug 有点傻。。。
|
|
21
le4tim OP @maninnet 刚修正 bug 发了新版了。但是默认不用-magicdns 不能透明代理的原因我有点好奇,客户端有什么报错吗,如果方便最好是在 github 发 issue
|
 |
22
abolast 8 小时 57 分钟前
大雅~已关注,持续窥视代码~
|
|
23
maninnet 4 小时 27 分钟前
@le4tim github 找不回账号了,注册过不了验证,算了。直接发日志吧,下面就是按你文档操作的日志
服务端: E:\Downloads>gonc -p2p 0rZj85CEjRBABmofzALgUN -link 1080 Generating ECDSA(PSK-derived) cert for secure communication...completed. 20260110-201517 [MQTT] Pushing Hello to topic nat-exchange/288b1fba89dc533d across 4 servers 20260110-201520 [MQTT] Hello operation completed (via tcp://guest:[email protected]:1883). tid: cdUDQYy91P;cs=tls === Checking NAT reachability === Getting local public IP info via 6 STUN servers...(7 answers)OK tcp4 : LAN=192.168.1.16:32126 | NAT=223.xxx.xxx.239:31910 (hard) udp4 : LAN=192.168.1.16:32126 | NAT=223.xxx.xxx.239:31984 (hard) Exchanging address info with peer ...OK (via tcp://guest:[email protected]:1883) tcp4 : LAN=10.100.62.128:7531 | NAT=112.xxx.xxx.127:7531 (easy) udp4 : LAN=10.100.62.128:7531 | NAT=112.xxx.xxx.127:7531 (easy) === Trying P2P Connection === Exchanging sync message for P2P round 1 ... OK - Network : tcp4 - Local Address : 192.168.1.16:32226 (LAN) / 223.xxx.xxx.239:32010 (NAT-hard) - Remote Address: 10.100.62.128:7631 (LAN) / 112.xxx.xxx.127:7631 (NAT-easy) - Best Route : 112.xxx.xxx.127:7631 (reason: different network) - Active Mode : connect start immediately ↑ Trying 600 Random Source Ports concurrently... P2P(TCP) connection established (RSP)! Performing TLS-C handshake (PSK-based mutual authentication)...completed. 20260110-201528 [gonc] Connected to: 112.xxx.xxx.127:7631 20260110-201528 [:mux] Waiting for linkagent handshake... 20260110-201528 [:mux] [link] Sending R-Config: none?peer_active=1 20260110-201528 [:mux] [link] Waiting for Remote ACK... 20260110-201528 [:mux] [link] Remote ready (OK:none). 20260110-201528 [:mux] [link-x] Listening on 0.0.0.0:1080 (TProxy=true) 20260110-201528 [:mux] TProxy Format: 10.0.0.1-3389.gonc.cc:1080 -> 10.0.0.1:3389 20260110-201528 [:mux] [link] Local service started. 20260110-201554 [:mux] New client connected from 127.0.0.1:32145 20260110-201554 [:mux] TCP: 127.0.0.1:32145->10.0.0.1:1289 connecting... 20260110-201615 [:mux] 127.0.0.1:32145->10.0.0.1:1289 failed: ERROR: dial tcp 10.0.0.1:1289: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 20260110-201615 [:mux] Proxy session 127.0.0.1:32145->10.0.0.1 (T-CONNECT) finished with error: tunnel TCP connect failed: ERROR: dial tcp 10.0.0.1:1289: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 客户端: C:\Users\Administrator\Desktop>gonc -p2p 0rZj85CEjRBABmofzALgUN -linkagent Generating ECDSA(PSK-derived) cert for secure communication...completed. 20260110-201413 [MQTT] Waiting for event on topic: nat-exchange/288b1fba89dc533d across 4 servers 20260110-201519 [MQTT] Received event: SYN@cdUDQYy91P;cs=tls, (via tcp://guest:[email protected]:1883) 20260110-201519 [MQTT] Waiting for message(SYN@cdUDQYy91P;cs=tls) on topic: nat-exchange/288b1fba89dc533d across 4 servers === Checking NAT reachability === Getting local public IP info via 6 STUN servers...(7 answers)OK tcp4 : LAN=10.100.62.128:7531 | NAT=112.xxx.xxx.127:7531 (easy) udp4 : LAN=10.100.62.128:7531 | NAT=112.xxx.xxx.127:7531 (easy) Exchanging address info with peer ...OK (via tcp://guest:[email protected]:1883) tcp4 : LAN=192.168.1.16:32126 | NAT=223.xxx.xxx.239:31910 (hard) udp4 : LAN=192.168.1.16:32126 | NAT=223.xxx.xxx.239:31984 (hard) === Trying P2P Connection === Exchanging sync message for P2P round 1 ... OK - Network : tcp4 - Local Address : 10.100.62.128:7631 (LAN) / 112.xxx.xxx.127:7631 (NAT-easy) - Remote Address: 192.168.1.16:32226 (LAN) / 223.xxx.xxx.239:32010 (NAT-hard) - Best Route : 223.xxx.xxx.239:32010 (reason: different network) - Passive Mode : connect start after 2s ↑ Trying 600 Random Destination Ports concurrently... P2P(TCP) connection established (RDP)! Performing TLS-S handshake (PSK-based mutual authentication)...completed. 20260110-201529 [gonc] Connected to: 223.xxx.xxx.239:25379 20260110-201529 [:mux] [linkagent] Session established. OwnerID= 20260110-201531 [MQTT] Waiting for event on topic: nat-exchange/288b1fba89dc533d across 4 servers 20260110-201555 [:mux] TCP-Connect: 10.0.0.1:1289 20260110-201616 [:mux] Failed to connect to target 10.0.0.1:1289: dial tcp 10.0.0.1:1289: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 使用 10.0.0.1-1289.gonc.cc:1080 远程桌面显示内部错误 |
|
24
maninnet 4 小时 26 分钟前
@maninnet 打反了,前面日志是客户端的,后面是服务端的。公司局域网段是 10.100.xxx.xxx
|
|
25
le4tim OP @maninnet 你确定你要连接公司的这个服务器 10.0.0.1:1289 吗?你公司的局域网段不是 10.100 的吗?我假如,你要连接的是 10.100.62.123:1289 ,
远程桌面就填写 10.100.62.123-1289.gonc.cc:1080 |
|
27
maninnet 3 小时 58 分钟前
@le4tim 口令都是做过处理的。现在成功了,我大概明白怎么用了,我现在用的 tailscale ,显示也是直连,但是 gonc 速度比它快多了!非常感谢!
|
|
28
le4tim OP @maninnet 有趣,我看你有一端是 NAT-easy ,所以会优先 tcp 打洞直连。由于我自己的体验是有的运营商跨运营商的宽带 tcp 晚上被 qos 限速的难受,所以你有时也可以试试在客户端连接时再加个参数-u 限制用 udp 协议,这样会用 kcp 作为稳定传输层。
|
|
29
maninnet 3 小时 39 分钟前
@le4tim
=== Trying P2P Connection === Exchanging sync message for P2P round 1 ... OK - Network : tcp4 - Local Address : 10.100.xxx.xxx:12551 (LAN) / 112.xxx.xxx.xxx:12551 (NAT-easy) - Remote Address: 192.168.xxx.xxx:40718 (LAN) / 223.xxx.xxx.xxx:31918 (NAT-hard) - Best Route : 223.xxx.xxx.xxx:31918 (reason: different network) - Passive Mode : connect start after 2s ↑ Trying 600 Random Destination Ports concurrently... P2P(TCP) connection established (RDP)! 这样看起来 TCP 建立的连接吗?很奇怪的是,我现在家里的网络是 NAT-hard ,公司的是 easy ,我老家的也是 easy ,但我现在的网络在 tailscale 跟各个节点都能直连,但其他的跟公司都是中转。而且我一般就是晚上 8-10 点这段特别卡,估计就是被 qos 了。 |
|
30
le4tim OP @maninnet P2P(TCP) connection established (RDP)!说明了是 tcp 打洞建立的。从技术上讲,easy 类型的,跟任何对端都能直连,而且 tcp 的可行性也不错。
|
 |
31
siesta 1 小时 56 分钟前
资质平平,愣是没实现,都是 EASY,不知道那里出问题了,
|
Select Language