diff --git a/README.md b/README.md index 3705856..a9ca009 100644 --- a/README.md +++ b/README.md @@ -178,147 +178,21 @@ then Ctrl+X -> Y -> Enter to save ```toml # === General Settings === [general] -fast_mode = true -use_middle_proxy = true # ad_tag = "00000000000000000000000000000000" -# Path to proxy-secret binary (auto-downloaded if missing). -proxy_secret_path = "proxy-secret" -# disable_colors = false # Disable colored output in logs (useful for files/systemd) - -# === Log Level === -# Log level: debug | verbose | normal | silent -# Can be overridden with --silent or --log-level CLI flags -# RUST_LOG env var takes absolute priority over all of these -log_level = "normal" - -# === Middle Proxy - ME === -# Public IP override for ME KDF when behind NAT; leave unset to auto-detect. -# middle_proxy_nat_ip = "203.0.113.10" -# Enable STUN probing to discover public IP:port for ME. -middle_proxy_nat_probe = true -# Primary STUN server (host:port); defaults to Telegram STUN when empty. -middle_proxy_nat_stun = "stun.l.google.com:19302" -# Optional fallback STUN servers list. -middle_proxy_nat_stun_servers = ["stun1.l.google.com:19302", "stun2.l.google.com:19302"] -# Desired number of concurrent ME writers in pool. -middle_proxy_pool_size = 16 -# Pre-initialized warm-standby ME connections kept idle. -middle_proxy_warm_standby = 8 -# Ignore STUN/interface mismatch and keep ME enabled even if IP differs. -stun_iface_mismatch_ignore = false -# Keepalive padding frames - fl==4 -me_keepalive_enabled = true -me_keepalive_interval_secs = 25 # Period between keepalives -me_keepalive_jitter_secs = 5 # Jitter added to interval -me_keepalive_payload_random = true # Randomize 4-byte payload (vs zeros) -# Stagger extra ME connections on warmup to de-phase lifecycles. -me_warmup_stagger_enabled = true -me_warmup_step_delay_ms = 500 # Base delay between extra connects -me_warmup_step_jitter_ms = 300 # Jitter for warmup delay -# Reconnect policy knobs. -me_reconnect_max_concurrent_per_dc = 1 # Parallel reconnects per DC - EXPERIMENTAL! UNSTABLE! -me_reconnect_backoff_base_ms = 500 # Backoff start -me_reconnect_backoff_cap_ms = 30000 # Backoff cap -me_reconnect_fast_retry_count = 11 # Quick retries before backoff [general.modes] classic = false secure = false tls = true -[general.links] -show = "*" -# show = ["alice", "bob"] # Only show links for alice and bob -# show = "*" # Show links for all users -# public_host = "proxy.example.com" # Host (IP or domain) for tg:// links -# public_port = 443 # Port for tg:// links (default: server.port) - -# === Network Parameters === -[network] -# Enable/disable families: true/false/auto(None) -ipv4 = true -ipv6 = false # UNSTABLE WITH ME -# prefer = 4 or 6 -prefer = 4 -multipath = false # EXPERIMENTAL! - -# === Server Binding === -[server] -port = 443 -listen_addr_ipv4 = "0.0.0.0" -listen_addr_ipv6 = "::" -# listen_unix_sock = "/var/run/telemt.sock" # Unix socket -# listen_unix_sock_perm = "0666" # Socket file permissions -# metrics_port = 9090 -# metrics_whitelist = [ -# "192.168.0.0/24", -# "172.16.0.0/12", -# "127.0.0.1/32", -# "::1/128" -#] - -# Listen on multiple interfaces/IPs - IPv4 -[[server.listeners]] -ip = "0.0.0.0" - -# Listen on multiple interfaces/IPs - IPv6 -[[server.listeners]] -ip = "::" - -# === Timeouts (in seconds) === -[timeouts] -client_handshake = 30 -tg_connect = 10 -client_keepalive = 60 -client_ack = 300 -# Quick ME reconnects for single-address DCs (count and per-attempt timeout, ms). -me_one_retry = 12 -me_one_timeout_ms = 1200 - # === Anti-Censorship & Masking === [censorship] tls_domain = "petrovich.ru" -mask = true -mask_port = 443 -# mask_host = "petrovich.ru" # Defaults to tls_domain if not set -# mask_unix_sock = "/var/run/nginx.sock" # Unix socket (mutually exclusive with mask_host) -fake_cert_len = 2048 - -# === Access Control & Users === -[access] -replay_check_len = 65536 -replay_window_secs = 1800 -ignore_time_skew = false [access.users] # format: "username" = "32_hex_chars_secret" hello = "00000000000000000000000000000000" -# [access.user_max_tcp_conns] -# hello = 50 - -# [access.user_max_unique_ips] -# hello = 5 - -# [access.user_data_quota] -# hello = 1073741824 # 1 GB - -# === Upstreams & Routing === -[[upstreams]] -type = "direct" -enabled = true -weight = 10 - -# [[upstreams]] -# type = "socks5" -# address = "127.0.0.1:1080" -# enabled = false -# weight = 1 - -# === DC Address Overrides === -# [dc_overrides] -# "203" = "91.105.192.100:443" - ``` ### Advanced #### Adtag diff --git a/src/config/defaults.rs b/src/config/defaults.rs index 2dee3e0..f4180c9 100644 --- a/src/config/defaults.rs +++ b/src/config/defaults.rs @@ -37,7 +37,7 @@ pub(crate) fn default_replay_window_secs() -> u64 { } pub(crate) fn default_handshake_timeout() -> u64 { - 15 + 30 } pub(crate) fn default_connect_timeout() -> u64 { @@ -52,11 +52,11 @@ pub(crate) fn default_ack_timeout() -> u64 { 300 } pub(crate) fn default_me_one_retry() -> u8 { - 3 + 12 } pub(crate) fn default_me_one_timeout() -> u64 { - 1500 + 1200 } pub(crate) fn default_listen_addr() -> String { @@ -83,7 +83,7 @@ pub(crate) fn default_unknown_dc_log_path() -> Option { } pub(crate) fn default_pool_size() -> usize { - 2 + 16 } pub(crate) fn default_keepalive_interval() -> u64 { @@ -207,4 +207,4 @@ where } } Ok(out) -} +} \ No newline at end of file diff --git a/src/config/types.rs b/src/config/types.rs index 6c54598..1983433 100644 --- a/src/config/types.rs +++ b/src/config/types.rs @@ -118,7 +118,7 @@ impl Default for NetworkConfig { fn default() -> Self { Self { ipv4: true, - ipv6: None, + ipv6: Some(false), prefer: 4, multipath: false, stun_servers: default_stun_servers(), @@ -140,7 +140,7 @@ pub struct GeneralConfig { #[serde(default = "default_true")] pub fast_mode: bool, - #[serde(default)] + #[serde(default = "default_true")] pub use_middle_proxy: bool, #[serde(default)] @@ -157,7 +157,7 @@ pub struct GeneralConfig { pub middle_proxy_nat_ip: Option, /// Enable STUN-based NAT probing to discover public IP:port for ME KDF. - #[serde(default)] + #[serde(default = "default_true")] pub middle_proxy_nat_probe: bool, /// Optional STUN server address (host:port) for NAT probing. @@ -283,15 +283,15 @@ impl Default for GeneralConfig { modes: ProxyModes::default(), prefer_ipv6: false, fast_mode: true, - use_middle_proxy: false, + use_middle_proxy: true, ad_tag: None, proxy_secret_path: None, middle_proxy_nat_ip: None, - middle_proxy_nat_probe: false, + middle_proxy_nat_probe: true, middle_proxy_nat_stun: None, middle_proxy_nat_stun_servers: Vec::new(), middle_proxy_pool_size: default_pool_size(), - middle_proxy_warm_standby: 0, + middle_proxy_warm_standby: 8, me_keepalive_enabled: true, me_keepalive_interval_secs: default_keepalive_interval(), me_keepalive_jitter_secs: default_keepalive_jitter(), @@ -302,7 +302,7 @@ impl Default for GeneralConfig { me_reconnect_max_concurrent_per_dc: 1, me_reconnect_backoff_base_ms: default_reconnect_backoff_base_ms(), me_reconnect_backoff_cap_ms: default_reconnect_backoff_cap_ms(), - me_reconnect_fast_retry_count: 1, + me_reconnect_fast_retry_count: 11, stun_iface_mismatch_ignore: false, unknown_dc_log_path: default_unknown_dc_log_path(), log_level: LogLevel::Normal, @@ -455,7 +455,7 @@ pub struct AntiCensorshipConfig { pub fake_cert_len: usize, /// Enable TLS certificate emulation using cached real certificates. - #[serde(default)] + #[serde(default = "default_true")] pub tls_emulation: bool, /// Directory to store TLS front cache (on disk). @@ -489,7 +489,7 @@ impl Default for AntiCensorshipConfig { mask_port: default_mask_port(), mask_unix_sock: None, fake_cert_len: default_fake_cert_len(), - tls_emulation: false, + tls_emulation: true, tls_front_dir: default_tls_front_dir(), server_hello_delay_min_ms: default_server_hello_delay_min_ms(), server_hello_delay_max_ms: default_server_hello_delay_max_ms(), @@ -615,9 +615,9 @@ pub struct ListenerConfig { /// - omitted — show no links (default) #[derive(Debug, Clone)] pub enum ShowLink { - /// Don't show any links (default when omitted). + /// Don't show any links. None, - /// Show links for all configured users. + /// Show links for all configured users (default). All, /// Show links for specific users. Specific(Vec), @@ -625,7 +625,7 @@ pub enum ShowLink { impl Default for ShowLink { fn default() -> Self { - ShowLink::None + ShowLink::All } }