Pavel Piatruk’ tech & personal blog

Psiphon: setting up own server & Linux client

Psiphon is obfuscated proxy, and its client & server are open-source.

The plan is:

  • setting up own Psiphon server
  • setting up Psiphon Client on Linux that connects to your own Psiphon server

Psiphon Server

Notes:

  • consider changing OSSH port from 9991 to something cool e.g. 22, 443 etc…
  • when you change server port or server IP, regenerate the token & update the clients.
  • multiple protocols, on different ports, they all will be tried by a client. List of available protocols :

“SSH”, “OSSH”, “UNFRONTED-MEEK-OSSH”, “UNFRONTED-MEEK-HTTPS-OSSH”, “UNFRONTED-MEEK-SESSION-TICKET-OSSH”, “FRONTED-MEEK-OSSH”, “FRONTED-MEEK-QUIC-OSSH”, “FRONTED-MEEK-HTTP-OSSH”, “QUIC-OSSH”, “TAPDANCE-OSSH”, abd “CONJURE-OSSH”.

mkdir -p /opt/psiphond-server/
cd /opt/psiphond-server/
curl https://github.com/Psiphon-Labs/psiphon-tunnel-core-binaries/raw/master/psiphond/psiphond -o psiphond -L
chmod 755 psiphond
MYIP=`curl -4 https://api.ipify.org -Ss`
echo $MYIP
./psiphond -ipaddress $MYIP  -protocol OSSH:9991 -protocol QUIC-OSSH:9996  -protocol UNFRONTED-MEEK-OSSH:9999 generate
cat server-entry.dat ; echo

Output: ~2500 letters and digits. It is the token for clients ; save it.

Run Psiphon server manually …

./psiphond  run

.. or stop & create Systemd unit:

vim /etc/systemd/system/psiphond.service 

[Unit]
After=network.target

[Service]
ExecStart=/opt/psiphond-server/psiphond run
Type=simple
WorkingDirectory=/opt/psiphond-server

[Install]
WantedBy=default.target

Enable the unit:

systemctl daemon-reload
systemctl start psiphond.service
systemctl enable psiphond.service
systemctl status  psiphond.service

Psiphon Client

rm -rf ~/psiphon.client.to.own.server
mkdir -p ~/psiphon.client.to.own.server
cd ~/psiphon.client.to.own.server
curl https://github.com/Psiphon-Labs/psiphon-tunnel-core-binaries/raw/master/linux/psiphon-tunnel-core-x86_64 -o psiphon-tunnel-core-x86_64 -L
chmod 755 psiphon-tunnel-core-x86_64
vim client.own.conf

paste text below but replace __TOKEN__ to the Token from step above.

{
    "LocalHttpProxyPort" : 8081,
    "LocalSocksProxyPort" : 1081,
    "PropagationChannelId" : "FFFFFFFFFFFFFFFF",
    "SponsorId" :            "FFFFFFFFFFFFFFFF",
    "TargetServerEntry" : "__TOKEN__"
}

echo './psiphon-tunnel-core-x86_64 -config client.own.conf' > run.client
chmod 755 run.client
./run.client

It will start Http proxy on local port 8081 and Socks proxy on port 1081. Test those proxies in another console.

curl -x localhost:8081 gmail.com -v

That gave me 700KB/s speed.

EDIT 2023-01-09

  • typos fixed