Skip to content

Paqet Protocol Support - Raw Packet Proxy #47

Open
shayanb wants to merge 1 commit intomainfrom
paqet-updated
Open

Paqet Protocol Support - Raw Packet Proxy #47
shayanb wants to merge 1 commit intomainfrom
paqet-updated

Conversation

@shayanb
Copy link
Copy Markdown
Owner

@shayanb shayanb commented Feb 17, 2026

This PR is porting the old Paqet integration (#16) to the new MoaV structure and replacing the old PR.

Adds Paqet as an optional "last resort" protocol. Paqet bypasses the OS TCP/IP stack using pcap for raw packet capture/injection, making it effective when deep packet inspection defeats all standard protocols.

Note: This is a full rewrite of the original paqet branch, ported onto current main to match the restructured codebase
(dockerfiles moved, moav.sh rewritten, TrustTunnel pattern, monitoring stack, etc).

What's included

  • Docker service (dockerfiles/Dockerfile.paqet) - Built from source, multi-stage golang + alpine
  • Auto-configuration entrypoint - Detects network interface, server IP, gateway MAC, sets iptables rules
  • Profile integration - moav start paqet, menu option 9, ENABLE_PAQET flag
  • Per-user config generation - paqet-client.yaml + paqet-instructions.txt in bundles
  • Client container support - paqet binary built into Dockerfile.client
  • Test & connect - moav test USER validates paqet config, moav client connect USER --protocol paqet
  • Documentation - CLIENTS.md setup guide, TROUBLESHOOTING.md, SETUP.md profile list

Requirements

  • KVM, Xen, or bare metal - Does NOT work on OpenVZ/LXC
  • Host network + privileged - Required for raw socket access
  • Disabled by default (ENABLE_PAQET=false)

How to run

  1. Enable paqet in .env
    echo "ENABLE_PAQET=true" >> .env

  2. Bootstrap (generates encryption key)
    moav bootstrap

  3. Start with paqet profile
    moav start paqet proxy admin

  4. Verify container is running
    docker ps | grep paqet

  5. Check logs
    moav logs paqet

How to test

Server side:

  • Check paqet container health
    docker logs moav-paqet
  # Expected output:
  # [paqet] Checking VPS compatibility...
  # [paqet] VPS compatibility check passed
  # [paqet] Auto-detecting network configuration...
  # [paqet]   Interface: eth0
  # [paqet]   Server IP: x.x.x.x
  # [paqet]   Gateway MAC: aa:bb:cc:dd:ee:ff
  # [paqet] iptables rules configured
  # [paqet] Configuration generated: /etc/paqet/server.yaml
  # [paqet] Starting paqet server on port 9999...
  • Verify iptables rules were set
  docker exec moav-paqet iptables -t raw -L -n | grep 9999
  docker exec moav-paqet iptables -t mangle -L -n | grep RST
  • Client side (user bundle):
  # Check bundle contains paqet configs
  ls outputs/bundles/demouser/paqet-*
  # → paqet-client.yaml, paqet-instructions.txt

  # Test config validation via moav test
  moav test demouser
  # → paqet: ⚠ Config valid, but needs network details (interface, router_mac)

Manual client test (on a separate machine with root):

  1. Copy paqet-client.yaml to client machine
  2. Edit CHANGE_ME values (interface, local IP, gateway MAC)
  3. sudo paqet run -c paqet-client.yaml
  4. curl --socks5 127.0.0.1:1080 https://ifconfig.me

Profile integration:

  # Verify profile appears in menu
  moav profiles
  # → Option 9: paqet (disabled by default, shown as dimmed)

  # Verify moav.sh syntax
  bash -n moav.sh

  # Verify docker-compose config
  docker compose --profile paqet config --services | grep paqet

Configuration

┌──────────────────┬─────────┬────────────────────────────────────┐
│     Variable     │ Default │            Description             │
├──────────────────┼─────────┼────────────────────────────────────┤
│ ENABLE_PAQET     │ false   │ Enable/disable paqet               │
├──────────────────┼─────────┼────────────────────────────────────┤
│ PORT_PAQET       │ 9999    │ Server listen port                 │
├──────────────────┼─────────┼────────────────────────────────────┤
│ PAQET_LOG_LEVEL  │ info    │ Log level (debug/info/warn/error)  │
├──────────────────┼─────────┼────────────────────────────────────┤
│ PAQET_KCP_MODE   │ fast    │ KCP mode (fast/normal/fast2/fast3) │
├──────────────────┼─────────┼────────────────────────────────────┤
│ PAQET_ENCRYPTION │ aes     │ Encryption (aes/tea/xor/none)      │
└──────────────────┴─────────┴────────────────────────────────────┘

Files changed

  • New: dockerfiles/Dockerfile.paqet, scripts/paqet-entrypoint.sh, configs/paqet/.gitkeep
  • Modified: docker-compose.yml, .env.example, moav.sh, scripts/bootstrap.sh, scripts/generate-user.sh, scripts/generate-single-user.sh, dockerfiles/Dockerfile.client, scripts/client-connect.sh, scripts/client-test.sh, README.md, README-fa.md, docs/CLIENTS.md, docs/SETUP.md, docs/TROUBLESHOOTING.md

@shayanb shayanb mentioned this pull request Feb 17, 2026
Closed
@shayanb
Copy link
Copy Markdown
Owner Author

shayanb commented Feb 18, 2026

Some Discussions here: #10

@shayanb shayanb added the Won't Merge Decided not to merge, read comments for more info label Mar 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Won't Merge Decided not to merge, read comments for more info

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shayanb