The client and server of goflyway are combined into a single executable goflyway, the tutorial below is based on v1.0.11a and it assumes the server is listening on 1.2.3.4:8100.

goflyway is written in golang, so install the lastest version of golang and export $GOPATH and $GOROOT, then:

go get -u github.com/coyove/goflyway/cmd/goflyway

when finished, goflyway will be compiled into $GOPATH/bin, you can add $GOPATH/bin into $PATH to invoke it directly from the shell.

If you are running it as the client, copy $GOPATH/src/github.com/coyove/goflyway/chinalist.txt into the same directory goflyway is running at.

Launch the server by ./goflyway -k=KEY where KEY is your password, launch the client by ./goflyway -k=KEY -up="1.2.3.4:8100" to connect.

Once client is launched, you can set your local proxy to 127.0.0.1:8100 (HTTP or SOCKS5), 8100 is also by default, use -l=ip:port or -p=ip:port to alter. These two commands are also used by the server to change its own listening address.

Use -a username:password to enable user authenitication (don't forget the colon), then you must provide the username and password to connect to the goflyway client.

Use -b=MODE to set the mode, which can be:

1. none (no proxy)
2. iplist (omit Chinese IP)
3. iplist_l (omit Chinese IP based on local DNS responses)
4. global (global proxy)

Use -partial to partially encrypt the traffic, first 18kb to be exactly, the rest will be transfered as is. This flag should be turned on at both sides if you tend to use this function.

goflyway is just an HTTP server with special proxy functions, to make it more like a 'real server', you can use -proxy-pass http://ip:port to forward the traffic that are not proxy requests to ip:port, and obviously, you should have an actual HTTP server listening on ip:port.

Import ca.pem into the trusted root certificates store of your system, then use -up=mitm@1.2.3.4:8100 to enable MITM.

MITM doesn't support HTTP2, Websocket and the progess of downloading files (due to Transfer-Encoding: chunked), all HTTPS and HTTP data will be sent in plain HTTP requests with some important headers encrypted (like Cookie).

Since MITM uses plain HTTP requests, you can use another HTTP proxy in front of it to accelerate, or, to hide your server's IP. Here we assume example.com is pointing to 1.2.3.4, at client, use:

-up="[http_username:http_password@]mitm@http_ip:http_port;example.com:8100"

If you are using cloudflare, the server has to run on certain ports like 80 or 8080, at client, use:

-up="mitm@example.com:80;example.com"

If you have an HTTPS proxy which supports CONNECT method, you can utilize it using:

-up="[https_username:https_password@]https_ip:https_port@1.2.3.4:8100"

note this does not work with MITM.

Use -udp port to turn on UDP relay (both at client and server side). It is an experimental function which has been only tested under Discord, Chrome (QUIC) using SocksCap64/SSTap.

goflyway transfers UDP over TCP connections, -udp-tcp N will allow using N TCP conns to relay all UDP packets with the same destination (default N = 1), increase this number progressively to tweak the performance.

Any TCP connections going idle for more than 20 seconds will be closed, use -close-after N to set this number.

Leaving connections open may cause too many open files errors, but Windows and Linux both have quite large max open files/handles limit so opening connections shouldn't be an issue, and they will be naturally closed as the target servers disconnect.

However on macOS, the number of max open files is 256, which means there is a high chance you would encounter errno 24 frequently. If you don't want to spend great effort on ulimit -n, try using command (at client) -200: It will keep connections under 200 by closing 'less active' connections, it's an aggressive strategy so use with caution.