Help you to use gost.
gost is a very good tunnel tool.
But it's document is not very clear.
And gost itself is very very complicated, because it's powerful.

Here, I want to show some examples to help ordinary users to use gost.
It doesn't mean gost can only do this. Just because gost is too powerful for everyone to handle. A little sample is enough for we to surf internet.

version 2 is here https://github.com/ginuerzh/gost
version 3 is here https://github.com/go-gost/gost
version 3 is now under developing. Not for publishing. But gost v3 has some new features

Offical DOC site for version 2: https://v2.gost.run/
Offical DOC site for version 3: https://gost.run/

Open release page to down the binaries for your platform.
version 2: https://github.com/ginuerzh/gost/releases
version 3: https://github.com/go-gost/gost/releases

In version 3 release page,there is gost_amd64v3.tar.gz, It means the cpu support amd64v3, If you don't know what's amd64v3, use amd64.tar.gz.

On windows, if you don't want to see the black terminal, you can use gostGUI to run gost.exe in the background.
On Android, May be you can use ShadowsocksGostPlugin .
On IOS, May be you can use shadowrocket .

It can support socks5 and http proxy protocol at the same time.

# gost listen socks5 on :1080
gost -L :1080
gost -L admin:123456@:1080
gost -L :1080?auth=YWRtaW46MTIzNDU2
# you can use curl to test the proxy.
curl -x socks5://localhost:1080 https://google.com
curl -x http://localhost:1080   https://google.com

# auth is base64(user:pass). generation method: 
echo -n 'user:pass' | base64
echo YWRtaW46MTIzNDU2 | base64 -d

gost -L :1080   # socks5 listen on server.com
gost -L :1080   -F server.com:1080

A tunnel is basicly a port mapping

# port mapping :22 to local 192.168.0.100:22
gost -L tcp://:22/192.168.0.100:22

Add -F to forward port mapping to remote host.

# run gost on server
gost -L relay://:9000
# run gost on client
# here the 192.168.0.100 is server side host ip address
gost -L tcp://:22/192.168.0.100:22  -F  relay://server.com:9000

Protocals supported list by gost:
These application protocals work up on the transport protocols.
Application protocol is used to do proxy.
Transport protocol is used to do transport.

you can join them with "+", like this:

relay+kcp
relay+tls
relay+mtls

http+kcp
http+tls

1. Application Protocols

• http - HTTP
• http2 - HTTP2
• socks4 - SOCKS4 (2.4+)
• socks4a - SOCKS4A (2.4+)
• socks5 - SOCKS5
• ss - Shadowsocks
• ss2 - Shadowsocks with AEAD support (2.8+)
• sni - SNI (2.5+)
• forward - Forward (usually used to break down protocal, such as kcp+ss to kcp and ss). always work with tcp like this: "-L=tcp:// -F forward+kcp"
• relay - TCP/UDP relay (2.11+). relay is always used to do tcp relay or udp relay.

2. Transports Protocols
   Tunnel based on these transport protocals.
   You may change the transport protocal in examples to a kind protocal listed here.

• tcp - raw TCP
• tls - TLS
• mtls - Multiplex TLS, add multiplex on TLS (2.5+)
• ws - Websocket
• mws - Multiplex Websocket (2.5+)
• wss - Websocket Secure Websocket based on wss
• mwss - Multiplex Websocket Secure, multiplex on TLS secured Websocket (2.5+)
• kcp - KCP (2.3+)
• quic - QUIC (2.4+)
• ssh - SSH (2.4+)
• h2 - HTTP2 (2.4+)
• h2c - HTTP2 Cleartext (2.4+)
• obfs4 - OBFS4 (2.4+)
• ohttp - HTTP Obfuscation (2.7+)
• otls - TLS Obfuscation (2.11+)

3. How to choose a good transport protocol?
   kcp and quic are based on udp. If udp is OK you cannot use them.
   kcp support tcp mode. use like this: ./gost -L=kcp://:9000?tcp=true
   tls / mtls is widely used when use tcp.
   ws / wss / http is a little lower efficiency than tls.

gost is named from "GO Simple Tunnel", and it was always used as a tunnel.
Although gost can works as a proxy.

When gost works as tunnel, the network is like this.
Gost client and gost server set up a tunnel to serve for proxy server run on.

The first line is for gost server, running on VPS.
The second line is for gost client, running on your PC.

Suppose you are running SS(shadowsocks) or v2ray on 8388, on the client side, the gost tunnel works on 127.0.0.1:8083 links to SS or V2ray on your server.
You should modified the server_ip to your own domain name or ip address.
Gost supports many protocol. Such as quic, kcp, wss, tls etc. You may change the protocal to the one you need.
!!!caution!!!
In the example, I write "tcp://127.0.0.1:8083", gost only serve for this PC.
If you want to serve for other PC, you should write "tcp://:8083" .

• kcp tunnel
  I recommend you use kcp. kcp protocal is based on udp.
  kcp can speed up your connection and keep your connection secure.

# server,  ss or v2ray listen on 8083 
./gost -L kcp://:9000/:8083 
./gost -L tcp://127.0.0.1:8083  -F forward+kcp://server_ip:9000

If you want to change some parameter of kcp. you can write a file named "kcp.json" and append it into cmd.
like this:

./gost -L kcp://:9000/:8083?c=./kcp.json 
./gost -L tcp://127.0.0.1:8083  -F forward+kcp://server_ip:9000?c=./kcp.json

More info about kcp parameter. see: https://github.com/xtaci/kcptun
kcp.json default value:

{
    "key": "it's a secrect",
    "crypt": "aes",
    "mode": "fast",
    "mtu" : 1350,
    "sndwnd": 1024,
    "rcvwnd": 1024,
    "datashard": 10,
    "parityshard": 3,
    "dscp": 0,
    "nocomp": false,
    "acknodelay": false,
    "nodelay": 0,
    "interval": 40,
    "resend": 0,
    "nc": 0,
    "sockbuf": 4194304,
    "keepalive": 10,
    "snmplog": "",
    "snmpperiod": 60,
    "tcp": false
}

change the "key" or "crypt" to be more secure.
"crypt" can be: aes, aes-128, aes-192, salsa20, blowfish, twofish, cast5, 3des, tea, xtea, xor, sm4, none
change "rcvwnd" and "sndwnd" to 2048 to make kcp faster.
Other parameters doesn't need changed, if you don't know what it means.

• tls tunnel

./gost -L tls://:443/:8083
./gost -L=tcp://127.0.0.1:8083 -F relay+tls://server_ip:443

• quic tunnel

./gost -L quic://:1443/:8083
./gost -L tcp://127.0.0.1:8083  -F "relay+quic://server_ip:1443"

• dtls tunnel.
  dtls is only available in v3.

./gost -L dtls://:1443/:8083
./gost -L tcp://127.0.0.1:8083  -F "relay+dtls://server_ip:1443"

• icmp tunnel.
  icmp tunnel is only available in v3.

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
./gost -L icmp://:0
./gost -L :8080 -F "relay+icmp://server_ip:12345?keepAlive=true&ttl=10s"

When gost act as a socks5 proxy.
you can connect socks5://127.0.0.1:1080 to connect the internet. Use kcp or other different protocal to pass the wall.

• tls proxy

./gost -L tls://:443
./gost -L :1080 -F tls://server_ip:443

• mtls proxy

./gost -L mtls://:443
./gost -L :1080 -F mtls://server_ip:443

• kcp proxy

./gost -L=kcp://:9000
./gost -L=:1080 -F=kcp://server_ip:9000

• kcp proxy with fake tcp

./gost -L=kcp://:9000?tcp=true
./gost -L=:1080 -F=kcp://server_ip:9000?tcp=true

If You want to connect remote_ip and port. But you cann't for some reason.
So, You let the server do the port forward. client directly connect to gost client to connect target. client -> [gost client:port] -> [gost server] -> [target ip+port]

The cmd is like this, kcp can be replaced with tls,quic,socks,etc... client connect 127.0.0.1:9000 as connect to [remote_ip:port] This cmd only need change the para(remote_ip:port) on client.
It's very good for user.

# client easily change the remote_ip and port
./gost -L relay://:9000  
./gost -L=tcp://127.0.0.1:8388/remote_ip:port   -F relay://server_ip:9000   

using relay+tls to do the relay

./gost -L relay+tls://:9000 
./gost -L=tcp://127.0.0.1:8388/remote_ip:port  -F relay+tls://server_ip:9000

Another methods to do remote port forward.

# server do the port forward
./gost -L kcp://:9000/remote_ip:port  
./gost -L tcp://127.0.0.1:8388 -F forward+kcp://server_ip:9000


# set dest ip:port at client
./gost -L kcp://:9000   
./gost -L tcp://127.0.0.1:9000/remote_ip:port -F kcp://server_ip:9000

Use gost listen on 22 to connect 192.168.1.100:22. Other clients which cannot connect to 192.168.1.100 can connect gost to dest. client -> gost[:22] -> 192.168.1.100:22

gost -L tcp://:22/192.168.1.100:22
# ssh
ssh [email protected] -p 22   

"rtcp" means the dest is entry, it can reach your address.
The direction of rtcp is reverse to tcp port mapping.

Forward the port :2222 on the server to the host(192.168.1.1:22) in client side.

# server
./gost -L kcp://:9000
# client
./gost -L=rtcp://:2222/192.168.1.1:22  -F=kcp://server_ip:9000

# ssh cmd
ssh root@server_ip -p 2222

run gost and ss on server, SS client connect to 127.0.0.1:8838 as connect to remote server.

# server 
wget --no-check-certificate  https://github.com/ginuerzh/gost/releases/download/v2.11.5/gost-linux-amd64-2.11.5.gz
gzip -dk  gost-linux-amd64-2.11.5.gz
mv  gost-linux-amd64-2.11.5  gost
chmod +x  gost
./gost -L kcp://:9000/:8388  -L ss://aes-256-gcm:[email protected]:8388 

# client
./gost  -L tcp://:8388  -F "forward+kcp://server_ip:9000"

# ss param
ss://aes-256-gcm:[email protected]:8388 

ss cipher method contains:

1. AES-256-CFB  
2. AES-128-CFB  
3. CHACHA20  
4. CHACHA20-IETF  
5. AES-256-GCM  
6. AES-128-GCM  
7. RC4-MD5  

v2ray is a little complicated than ss.
but more popular.
If you want to run gost tunnel to support v2ray, please see v2ray dir in this repository.

• gost is a tunnel or proxy. gost support many protocol(such as tls,wss,quic,kcp...).
  quic with gost is slow.
• hysteria is based on quic(modified), tcp or udp, act as tunnel or proxy. It support obfs, so will not be blocked for using quic.
• tuic is based on standard quic, and is the most fast. But maybe blocked for quic.
• kcptun is a good kcp tunnel, but it is blocked now. Use kcp of gost is OK.
• xray or v2fly. It's used by many people. They are the main enemy of GFW. based on tcp.

hysteria: https://github.com/apernet/hysteria
tuic: https://github.com/EAimTY/tuic
kcptun: https://github.com/xtaci/kcptun
xray: https://github.com/XTLS/Xray-core

• run gost at background in Linux
  use nohup to run gost in background and the log redirect to gost.log

  nohup ./gost -L mtls://:443  >> gost.log  2>&1 &

• run gost as a service
  use systemd to install gost as a service.
  more info see gost service.

Some openwrt system has can install gost easily by opkg. https://github.com/SuLingGG/OpenWrt-Rpi
The gost build for openwrt info is here: https://github.com/kenzok8/openwrt-packages/tree/master/gost
luci-app-gost is the web page to admin gost. see: https://github.com/kenzok8/openwrt-packages/tree/master/luci-app-gost

Remember to add user and password autication, when you listen a socks5 server on 0.0.0.0
Or you just listen on 127.0.0.1 like this:

gost -L admin:123456@:1080  # default listen on 0.0.0.0
gost -L 127.0.0.1:1080      # only available on self

gost version 3 is different from v2.

when you use gost v3 to do rtcp, you need add bind=true to allow server bind operation.

gost -L relay://:9000?bind=true
gost -L rtcp://:80/:8080 -F relay://server.com:9000

gost v3 doesn't support tcp=true.

gost -L kcp://:9000?tcp=true   # no use
gost -L kcp://:9000?c=tcp.json # use tcp.json to set tcp protocol

tcp.json content

{
    "tcp": false
}

Oh, It's very easy. Buy one.

• bandwagonhost $49.9 for 1 year.
• vultr.com Easy to use.
• DMIT Many data center.
• racknerd.com It's very cheap. Click this link to buy is cheap BlackFriday. Only $10.28 for 1 year. If you want the net is fast, you should buy $24 vps, and select Location to Los Angeles.
• arvancloud.ir It's used by many Iran people. It support bitcoin and USDT.
• ApeWeb Cheap, accepts customers globally including Iran and takes crypto currency. Servers in Europe.
• PQ Hosting Europe vps provider, only 4.77€ per month. Very cheap.

If you have read this document and don't know how to use gost, maybe you don't need to waste some more time on it.
Please use some commercial mature VPN service.
Such as:

• 1.justMysocks.net
• 2.ExpressVPN
• 3.StrongVPN

You have read to here, why not click the star button for once?