PPP PRIVATE NETWORK™ 2
Enterprise-grade Virtual Ethernet VPN Solution
Next-generation security network access technology, providing high-performance Virtual Ethernet tunneling service.
简体中文
English
Core Technology Features
- Synchronous Hyper-threaded IO Technology
- Full Coroutine + Multithread Architecture
- Supports Printable Plain Text Transmission
- Full Duplex/Half Duplex Tunnels
- VPN Virtual Subnet
- Port Mapping to Public Network P-NAT2
- Forward Proxy Support
- Virtual Firewall
- Virtual BGP Multi-line Diversion
- Domain Name Query Diversion
- Native Support for Soft Routers
- PaperAirplane Layering Technology
- Dual Network Protocol Stack Support
- Broadcast Support (Non-Unicast)
- Support for Multiple Tunnel Protocols
- MUX Multiplexing
- DNS Caching
- Dedicated Virtual Memory
- CDN Forwarding Support
- VPN Turbo
- TCP Fast Open
- Fixed Window Size Setting
- VPN Server Proxy Forwarding
- UDP Multi-line Bandwidth Aggregation
Platform Support
- Windows
- Linux
- macOS
- Android
Supported CPU Architectures
-
x86 Series
i386 · x86_64 -
ARM Series
armv7l · armv7a · aarch64 -
Other Architectures
s390x · mipsel · ppc64el · riscv64
User License Agreement
✅ Authorized User Groups
Click to view authorized user categories
- ? Academic Researchers
- Software Engineers
- Network Engineers
- ? Enterprise Users
- ? Scientific and Technical Personnel
- ? Foreign Trade Users
- ?️ Government and Corporate Personnel
- ? Gamers
- ? Group Clients
- ? Public Organizations
- ➰ Communication Technology
- ☁️ IT and Internet Users
- Network Security Users
- Health Content Creators
- ? Users outside Mainland China
️Usage Restrictions Warning
Use by other users violates the agreement
Unauthorized use will bear legal responsibility
️ Eight Categories of Prohibited Behaviors and Legal Details
Classification and Legal Basis of Prohibited Behaviors
| Behavior Type | Specific Scenario | Legal Basis | Technical Features |
|---|---|---|---|
| Political Security | Subverting the government/splitting | Article 105 of the Criminal Law (Subversion of State Power) | Communication via Tor dark web nodes/encrypted political channels |
| Pornography Crimes | Child pornography/cross-border prostitution | Article 364 of the Criminal Law (Dissemination of Obscene Materials) + US FOSTA Act | Hash value matching/specific payment patterns |
| Gambling Operations | Virtual currency casinos/money laundering | Article 303 of the Criminal Law (Gambling Crime) + Seychelles Gambling Act Article 45 | High-frequency small transfers/fixed odds interfaces |
| Drug Trafficking | Dark web drug markets/poison tutorials | Article 347 of the Criminal Law (Drug Crime) + US Controlled Substances Act §841 | I2P network traffic/Bitcoin mixers |
| Human Trafficking | Trafficking of labor/sexual exploitation | Article 240 of the Criminal Law (Trafficking in Women and Children) + UN Palermo Protocol | Fake recruitment websites/transnational communication groups |
| Financial Crimes | Virtual currency laundering/selling \”Four Pieces\” | Article 191 of the Criminal Law (Money Laundering) + US Bank Secrecy Act | Dispersed aggregate transactions/Multilevel shell wallets |
| Telecom Fraud | Impersonation of police/legal officers/scams | Article 38 of the Anti-Telecommunications Fraud Law + US FCC 47 CFR §64.1200 | VOIP spoofing/phishing page fingerprints |
| Illegal Transactions | Forgery of KYC/user privacy sale | Article 66 of the Personal Information Protection Law + EU GDPR Article 83 | Database breaches/batch identity authentication requests |
⚖️ Cross-Region Legal Supervision and Accountability Mechanism (Cross-border Judicial Enforcement Framework)
| Jurisdiction | Law Enforcement Body | Core Legal Tools | Sentencing Standards | Cross-national Cooperation Mechanism |
|---|---|---|---|---|
| Mainland China | Public Security Department Cybersecurity Bureau | Article 191 of the Criminal Law (Money Laundering) | – Money Laundering: 10 years imprisonment + 5 times involved amount fine – Harm to State Security: Life imprisonment |
Via Interpol Red Notices for extradition |
| USA | FBI Cyber Crime Division | Computer Fraud and Abuse Act (CFAA 18 U.S.C. §1030) | – Financial Crimes: Up to 20 years imprisonment – Child Pornography: Minimum 25 years mandatory (mandatory sentencing) |
Under the CLOUD Act for cross-border data requests |
| Seychelles | FIU Financial Intelligence Unit | Anti-Money Laundering Law 2020, Article 15 | – Illegal gambling: 5 years imprisonment + $100,000 fine – Data crimes: Daily $10,000 progressive fines |
Commonwealth judicial mutual assistance treaties for automatic enforcement |
Cross-border Investigation and Evidence Collection Process (GitHub Compatible Version)
⏱️ Forensics Timeline
| Step | Initiator | Receiver | Action | Legal Basis | Time Limit |
|---|---|---|---|---|---|
| 1 | National Security Authority | FBI | Share crime evidence chain | MLAT judicial assistance agreement | 72 hours |
| 2 | FBI | Seychelles FIU | Issue freezing order for encrypted assets | Anti-Money Laundering Law 2020, Article 15 | Immediate |
| 3 | Seychelles FIU | Cloud Service Provider | Execute data seizure order | Seychelles Criminal Justice Mutual Assistance Law, Article 8 | 72 hours |
| 4 | Cloud Service Provider | Developer | Request judicial assistance (metadata only) | 18 U.S.C. § 2703(f) (Stored Communications Act) | 15 working days |
| 5 | Developer | Interpol | Submit GitHub commit logs | GPL-3.0 Articles 15-17 (No Warrant Clause) | Immediate |
| 6 | Interpol | Cross-border Courts | Submit joint blockchain evidence prosecution | United Nations Convention against Corruption, Article 46 | 30 days |
? Key Evidence Handover Nodes
! Evidence Chain 1: Encrypted Asset Flow Map + Submitted to: Seychelles FIU - Technical Means: Chainalysis on-chain tracing # Legal Validity: 《Anti-Money Laundering Law 2020》 Annex 3 ! Evidence Chain 2: GitHub Development Logs + Submitted to: INTERPOL Digital Crime Division - Technical Verification: GPG signatures + Timestamps # Legal Validity: The Hague Electronic Evidence Convention
️ User Legal Risk Tips
-
For Chinese Users:
- Under Article 38 of the Anti-Telecommunications Fraud Law, involved accounts are jointly frozen with family members\’ bank cards
- Actions harming national security fall under Article 113 of the Criminal Law, possible death penalty
- Illegal cross-border data transmission triggers Article 45 of the Data Security Law, up to 5 million RMB fine + license revocation
-
For US Users:
- The FBI initiates \”Unilateral Jurisdiction\” (based on USD settlement channels), no extradition needed for direct prosecution
- Child pornography cases invoke 18 U.S.C. §2251, minimum 25-year sentence
- Financial crimes apply the RICO Act, asset confiscation
-
For Seychelles Users:
- Offshore company controllers are personally unlimited liable (Pierce Corporate Veil principle)
- Violations of Article 7 of the Anti-Money Laundering Law 2020 result in $10,000 daily progressive fines
- Dark web transactions under Article 88 of the ICT Law, minimum 10-year sentence without parole
️ Real Cases of Consequences for Violations
Virtual Currency Money Laundering Cases
| Jurisdiction | Case Details | Penalty Results | Technical Evidence Methods |
|---|---|---|---|
| Mainland China | Zhao Dong Case (OTC merchant) | Fine ¥23 million + 7 years imprisonment | Chain analysis of mixer funds |
| USA | BitMEX Exchange Case | CEO 30 months imprisonment + $10 million personal fine | Analysis of Kraken exchange API logs |
| Seychelles | OneCoin (VICoin) Ponzi Scheme | Seized 35 offshore accounts + globally wanted principal | SWIFT cross-border payment records analysis |
? Cross-border Gambling Operations
| Jurisdiction | Case Details | Penalty Results | Evidence Methods |
|---|---|---|---|
| Mainland China | Yabo Sports Platform Case | Recovered ¥3.8 billion + Life imprisonment for main offenders | Alipay merchant transaction analysis |
| USA | Bovada Gambling Platform | Seized $100 million assets + domain suspension | Cloudflare logs matching DDoS attack patterns |
| Seychelles | Bet365 Seychelles Branch | License revoked + fine of $3 million | Server leasing contract tracing |
Data Selling and Privacy Crimes
| Jurisdiction | Case Details | Penalty Results | Evidence Methods |
|---|---|---|---|
| Mainland China | Koala Credit Investigation | CEO 3 years + company ¥50 million fine | Database access logs audit |
| USA | Equifax Data Breach | $700 million compensation + permanent cybersecurity oversight | Exploit traffic analysis |
| Seychelles | Seychelles Data Hub Case | Forced liquidation + executives extradited to US | AWS S3 access logs analysis |
️ Compound Punishment Cases of Eight Types of Crimes
| Case Name | Crime Composition | Punishment Results Across Three Countries |
|---|---|---|
| Galaxy International Case | Gambling + Money Laundering + Cross-border Payments | China: Death sentence with reprieve US: Seized NYC property Seychelles: Deregistered 378 shell companies |
| DarkScandals Case | Child Pornography + Bitcoin Money Laundering + VPN Obfuscation | US: 175 years imprisonment for the first offender China: Seized mining farms Seychelles: Frozen $120M in crypto assets |
Developer Disclaimer
/* Validated by cross-jurisdictional judicial practice */
-
Technology Neutral Principle
This tool is a network protocol pure technical implementation (RFC 8446 standard), developers:- Do not operate any servers
- Do not store user traffic logs
- Do not provide commercial support services
-
Illegal Responsibility Separation Mechanism
graph LR User_Actions-->ISP[Network Service Provider] Developer-->Code[GitHub Repository] Judicial_Forensics-->ISP Developer-.No_Access.->User_Actions
Loading
⚖️ Judicial Cooperation Limitation Statement
Developer Compliance Cooperation Framework
graph LR
A[Law Enforcement Request] --> B{Meets Legal Threshold}
B -->|Yes| C[Provide Limited Materials]
B -->|No| D[Written Rejection and Filing]
C --> E[Record Material Delivery]
D --> F[Judicial Remedy Procedures]
classDef green fill:#d6f5d6,stroke:#28a745
classDef red fill:#ffd6cc,stroke:#dc3545
class C,E green
class D,F red
Loading
⚖️ Cross-Jurisdiction Judicial Cooperation Details
| Jurisdiction | Legal Collection Threshold | Provided Materials | Delivery Time Limit | Refusal Basis |
|---|---|---|---|---|
| Mainland China | Provincial Cybersecurity Department \”Evidence Retrieval Notice\” + \”Assistance Investigation Letter\” | 1. GitHub commit history metadata 2. Code digital signature certificates 3. Open source license copies |
15 working days | Article 28 of the Cybersecurity Law |
| USA | FISA Court Section 702 directive + DOJ endorsement | 1. PGP-signed files 2. CI/CD build logs 3. Third-party audit reports |
72 hours | Fourth Amendment + DMCA 512(f) |
| Seychelles | Supreme Court Mutual Assistance Order + FIU Anti-Money Laundering Letter | 1. GPL-3.0 notarization 2. Contributor CLA agreement 3. Copyright registration |
30 calendar days | Article 41 of the Electronic Transactions Law |
️ Non-cooperation Situations
- No formal judicial documents, only oral/email requests
- Requests for user traffic logs or communication content
- Requests for non-public code design documents
- Cross-border requests without Hague certification
- Compliance Response: Immediately activate the \”Judicial Defense Plan\” Chapter 7 process
⚔️ Judicial Cooperation Emergency Plan
-
Judicial Freeze Response
Upon receiving forensic requests, execute immediately:# Freeze GitHub repository to prevent modification gh api repos/liulilittle/openppp2/actions/permissions --method PUT -f enabled=false # Activate legal protection branch git checkout -b legal_lockdown git push origin --force legal_lockdown
? Anti-Phishing Verification Process
+ Step1: Extract judicial document digital signature + Step2: Verify with CNNIC/GlobalSign root certificates - Step3: If verification fails, immediately trigger judicial alert ! Step4: Send violation report to EFF
Command Line Interface
General Commands
| Command | Function | Format | Default |
|---|---|---|---|
--dns |
Set DNS servers | --dns <IP list> |
8.8.8.8,8.8.4.4 |
--tun-flash |
Enable advanced QoS control | --tun-flash |
Disabled |
--pull-iplist |
Download country IP list | --pull-iplist [file]/[country] |
./ip.txt/CN |
--config |
Configuration file path | --config <file path> |
./appsettings.json |
--mode |
Run mode | --mode=[client|server] |
server |
? IP List Data Source: APNIC Official List
Server Commands
| Command | Function | Format | Default |
|---|---|---|---|
--firewall-rules |
Firewall rules file | --firewall-rules <file> |
./firewall-rules.txt |
Client Commands
Core Settings
| Command | Function | Format | Default |
|---|---|---|---|
--lwip |
Protocol stack selection | --lwip=[yes|no] |
Windows: yesOthers: no
|
--vbgp |
Intelligent routing diversion | --vbgp=[yes|no] |
yes |
--nic |
Specify physical network card | --nic <name> |
Auto |
--ngw |
Force gateway address | --ngw <IP> |
Auto |
Virtual Network Card
| Command | Function | Format | Default |
|---|---|---|---|
--tun |
Network card name | --tun <name> |
Platform related |
--tun-ip |
IP address | --tun-ip <IP> |
10.0.0.2 |
--tun-gw |
Gateway address | --tun-gw <IP> |
Platform related |
--tun-mask |
Subnet mask | --tun-mask <bits> |
30 |
Advanced Features
| Command | Function | Format | Default |
|---|---|---|---|
--tun-mux |
MUX connection count |
--tun-mux <connections>
|
0 |
--tun-mux-acceleration |
MUX acceleration |
--tun-mux-acceleration <mode>
|
0 |
--tun-vnet |
Subnet forwarding | --tun-vnet=[yes|no] |
yes |
--tun-ssmt |
Hyper-threading optimization |
--tun-ssmt=[thread count]/[mode]
|
4/st |
--tun-static |
Static Tunnel | --tun-static=[yes|no] |
no |
Routing Settings
| Command | Function | Format | Default |
|---|---|---|---|
--bypass-iplist |
Bypass list | --bypass-iplist <file> |
./ip.txt |
--auto-pull-iplist |
Auto-update | --auto-pull-iplist [file]/[country] |
Disabled |
--dns-rules |
DNS rules | --dns-rules <file> |
./dns-rules.txt |
Platform Specific
| Command | Platform | Function | Format | Default |
|---|---|---|---|---|
--tun-route |
Routing compatibility | --tun-route=[yes|no] |
no |
|
--tun-protect |
Routing protection | --tun-protect=[yes|no] |
yes |
|
--tun-promisc |
Promiscuous mode | --tun-promisc=[yes|no] |
yes |
? Windows Commands
| Command | Function | Format |
|---|---|---|
--system-network-reset |
Network reset | --system-network-reset |
--system-network-optimization |
Performance optimization | --system-network-optimization |
--system-network-preferred-ipv4 |
Set IPv4 priority | --system-network-preferred-ipv4 |
--system-network-preferred-ipv6 |
Set IPv6 priority | --system-network-preferred-ipv6 |
--no-lsp |
Disable LSP | --no-lsp |
Global Parameters
MUX Acceleration Mode
| Value | Mode | Suitable Scene |
|---|---|---|
| 0 | Standard | General use |
| 1 | Server Acceleration | Download-intensive |
| 2 | Client Acceleration | Upload-intensive |
| 3 | Bi-directional Acceleration | High-performance needs |
Virtual Network Card Default Values
| Platform | Default Value |
|---|---|
| Windows | PPP |
| Linux | ppp |
| macOS | utun0 |
Virtual Gateway Server Default Values
| Platform | Default Value | Rules |
|---|---|---|
| Windows | 10.0.0.0 |
(IP & MASK) |
| Linux | 10.0.0.1 |
(IP & MASK) + 1 |
| macOS | 10.0.0.1 |
(IP & MASK) + 1 |
SSMT Optimization Mode
| Mode | Optimization Direction |
|---|---|
| st | Single connection large flow |
| mq | Multi-connection high concurrency |
? Symbol Explanation
| Symbol | Description |
|---|---|
[ ] |
Optional parameter |
< > |
Required parameter |
| |
Option separator |
! |
Not available / Disabled |
Network Protocol Stack
| Type | Description |
|---|---|
lwip |
Suitable for Windows
|
ctcp |
Suitable for !Windows
|
Compilation Guide
Must use a compiler that supports C++17, no other special requirements. Install a C++17 development environment in the standard way.
Dependency Requirements
Minimum Dependencies
- Boost >= 1.70 and <= 1.8.6
- jemalloc >= 5.30 (Android excluded)
- OpenSSL >= 1.1.x
Full Dependencies
- Boost
- jemalloc
- OpenSSL
- cURL
Resource Addresses
- cURL: https://gi*t*hub.c*om/curl/curl
- jemalloc: https://git*hub.c*om*/jemalloc/jemalloc
- openssl: https://gi*th*ub*.com/openssl/openssl
- Boost: https://www.*b*oo*st.org/releases/latest
Platform Compilation Guide
| Platform | Toolchain | Recommended Method | Notes |
|---|---|---|---|
| Windows | Visual Studio 2022 | vcpkg | Use static compilation (/MT, /MTd) |
| Linux | GCC/Clang | Manual compilation | Reference script |
| macOS | LLVM-Clang | Manual compilation | Reference script |
| Android | NDK r20b | Cross-compilation | Reference script |
Precompiled Library Resources
- Linux: openppp2-ubuntu-3rd-environment
- macOS: openppp2-macos-amd64-environment
- Android: openppp2-android-ndk-r20b-3rd-environment
Environment Requirements
Must use a compiler supporting C++17, no other special requirements. Install a C++17 development environment in the standard way.
Compilation Commands
-
Set third-party library paths
ModifyCMakeLists.txtto specify dependency library directories:SET(THIRD_PARTY_LIBRARY_DIR /your/actual/path) -
Compile and run
# Linux/macOS compilation process mkdir build && cd build cmake .. -DCMAKE_BUILD_TYPE=Release make -j$(nproc) # Linux automatically detects cores cd ../bin && ./ppp # Run the program
Preprocessor Macros
ANCIL_FD_BUFFER_STRUCT
Enable sendfd/recvfd shared file descriptor parent fd protection mode
CURLINC_CURL
Access HTTP/HTTPS resources via cURL library
TRANSMISSION_O1
Force network transmission layer to use /O1 optimization
JEMALLOC
Use jemalloc memory allocator instead of default
BUDDY_ALLOC_IMPLEMENTATION
Use buddy allocator for virtual memory management
MUSL
Statically link musl-libc C++ standard library (detached from GNU/Linux libc)
_LARGEFILE64_SOURCE
Ensure musl-libc supports 64-bit file functions
IO_URING Version Compilation
- Download liburing source code and install
- Uncomment the following in
CMakeLists.txt:# IF(PLATFORM_SYSTEM_LINUX) # ADD_DEFINITIONS(-DBOOST_ASIO_HAS_IO_URING=1) # ADD_DEFINITIONS(-DBOOST_ASIO_DISABLE_EPOLL=1) # ENDIF()
- Uncomment the # liburing.a line in TARGET_LINK_LIBRARIES:
TARGET_LINK_LIBRARIES(${NAME} libc.a libssl.a libcrypto.a libjemalloc.a # liburing.a atomic dl pthread libboost_system.a libboost_coroutine.a libboost_thread.a libboost_context.a libboost_regex.a libboost_filesystem.a)
- Follow the standard Linux build process
SIMD + AES_NI Optimization Implementation
Optimization Algorithms
| Algorithm Name | Implementation File Path |
|---|---|
simd-aes-128-cfb |
simd_aes_128_cfb.cpp |
simd-aes-256-cfb |
simd_aes_256_cfb.cpp |
simd-aes-128-gcm |
simd_aes_128_gcm.cpp |
simd-aes-256-gcm |
simd_aes_256_gcm.cpp |
Prerequisites
- Only support i386/amd64 platforms
- CPU must support AES-NI instruction set
(PPP automatically detects CPU support via assembly instructions)
Compilation Steps
- Modify
CMakeLists.txt:SET(__AES_NI__ TRUE) # Original value FALSE
- Follow standard Linux build process:
mkdir build && cd build cmake .. -DCMAKE_BUILD_TYPE=Release make -j $(nproc)
Notes
- Only support i386/amd64; other platforms will fail to compile when enabled
- CPU must support AES-NI instructions (PPP auto-detects)
- Only optimize the following algorithms:
simd-aes-128-cfbsimd-aes-256-cfb
- After modifying
CMakeLists.txt, full recompile:rm -rf build && mkdir build && cd build cmake .. -DCMAKE_BUILD_TYPE=Release make clean && make -j $(nproc)
Configuration Files
? Global Settings
| Parameter Name | Type | Default Value | Description | Applicable |
|---|---|---|---|---|
| concurrent | int | 1 | Concurrency Thread Number | client|server |
| cdn | array | [80, 443] | List of CDN ports | server |
? Encryption Settings (key)
| Parameter Name | Type | Example Value | Description | Consistency | Applicable |
|---|---|---|---|---|---|
| kf | int | 154543927 | Key generation factor | Mandatory | client|server |
| kx | int | 128 | Interleaving factor | Optional | client|server |
| kl | int | 10 | Minimum NOP bits | Optional | client|server |
| kh | int | 12 | Maximum NOP bits | Optional | client|server |
| sb | int | 1000 | Dynamic sliding window size (bytes) | Optional | client|server |
| protocol | string | aes-128-cfb | Protocol layer encryption algorithm | Mandatory | client|server |
| protocol-key | string | N6HMzdUs7IUnYHwq | Protocol layer encryption key | Mandatory | client|server |
| transport | string | aes-256-cfb | Transport layer encryption algorithm | Mandatory | client|server |
| transport-key | string | HWFweXu2g5RVMEpy | Transport layer encryption key | Mandatory | client|server |
| masked | bool | false | Enable traffic obfuscation | Mandatory | client|server |
| plaintext | bool | false | Allow plaintext transmission | Mandatory | client|server |
| delta-encode | bool | false | Enable delta encoding | Mandatory | client|server |
| shuffle-data | bool | false | Enable data randomization | Mandatory | client|server |
? Network Interfaces (ip)
| Parameter Name | Type | Example Value | Description | Applicable |
|---|---|---|---|---|
| public | string | 192.168.0.24 | Public IP Address | server |
| interface | string | 192.168.0.24 | Local Listening Interface IP | server |
? Virtual Memory (vmem)
| Parameter | Type | Example Value | Description | Applicable | Platform |
|---|---|---|---|---|---|
| size | int | 4096 | Memory pool size (MB) | client|server |
all |
| path | string | \”./{}\” | Path for memory file storage | client|server |
!windows
|
? TCP Settings
| Parameter Name | Type | Example Value | Description | Applicable |
|---|---|---|---|---|
| inactive.timeout | int | 300 | Connection Idle Timeout (seconds) | client|server |
| connect.timeout | int | 5 | Connection Establishment Timeout (seconds) | client|server |
| listen.port | int | 20000 | Listening Port | client|server |
| cwnd | int | 0 | Congestion Window Size (Auto-adjusted) | client|server |
| rwnd | int | 0 | Receive Window Size (Auto-adjusted) | client|server |
| turbo | bool | true | Enable TCP Acceleration | client|server |
| backlog | int | 511 | Max Pending Connections | client|server |
| fast-open | bool | true | Enable TCP Fast Open | client|server |
? UDP Settings
| Parameter Name | Type | Example Value | Description | Applicable |
|---|---|---|---|---|
| cwnd | int | 0 | Congestion Window Size | client|server |
| rwnd | int | 0 | Receive Window Size | client|server |
| inactive.timeout | int | 72 | Connection Idle Timeout (seconds) | client|server |
| dns.timeout | int | 4 | DNS Query Timeout (seconds) | client|server |
| dns.ttl | int | 60 | DNS Cache TTL (seconds) | client|server |
| dns.cache | bool | true | Enable DNS Cache | client|server |
| dns.redirect | string | \”0.0.0.0\” | DNS Redirection Address | server |
| listen.port | int | 20000 | Listening Port | server |
| static.keep-alived | array | [1,5] | Keep-Alive Interval [Min, Max] (seconds) | client |
| static.dns | bool | true | Enable Static DNS Service | client |
| static.quic | bool | true | Enable QUIC Support | client |
| static.icmp | bool | true | Enable ICMP Support | client |
| static.aggligator | int | 4 | Bandwidth Aggregator Link Count | client |
| static.servers | array | [\”1.0.0.1:20000\”, …] | Static Server Address List | client |
Multiplexing (mux)
| Parameter Name | Type | Example Value | Description | Applicable |
|---|---|---|---|---|
| connect.timeout | int | 20 | Connection Establishment Timeout (seconds) | client|server |
| inactive.timeout | int | 60 | Idle Timeout (seconds) | client|server |
| congestions | int | 134217728 | Max Congestion Control Window (bytes) | client|server |
| keep-alived | array | [1,20] | Keep-Alive Interval [Min, Max] (seconds) | client|server |
WebSocket Settings
| Parameter Name | Type | Example Value | Description | Applicable |
|---|---|---|---|---|
| host | string | starrylink.net | Server Domain Name | server |
| path | string | /tun | WebSocket Path | server |
| listen.ws | int | 20080 | HTTP Listening Port | server |
| listen.wss | int | 20443 | HTTPS Listening Port | server |
| ssl.certificate-file | string | starrylink.net.pem | SSL Certificate File | server |
| ssl.certificate-chain-file | string | starrylink.net.pem | SSL Certificate Chain File | server |
| ssl.certificate-key-file | string | starrylink.net.key | SSL Private Key File | server |
| ssl.certificate-key-password | string | test | SSL Private Key Password | server |
| ssl.ciphersuites | string | TLS_AES_256_GCM_SHA384:… | Cipher Suites List | client|server |
| verify-peer | bool | true | Root Certificate Verification | client |
| http.error | string | Status Code: 404; Not Found | Custom HTTP Error Response Content | server |
| http.request | object | {Cache-Control: \”no-cache\”, …} | Custom HTTP Request Headers | client |
| http.response | object | {Server: \”Kestrel\”} | Custom HTTP Response Headers | server |
Server Configuration (server)
| Parameter Name | Type | Example Value | Description | Applicable |
|---|---|---|---|---|
| log | string | ./ppp.log | Log File Path | server |
| node | int | 1 | Server Node ID | server |
| subnet | bool | true | Enable Subnet Allocation | server |
| mapping | bool | true | Enable Port Mapping | server |
| backend | string | ws://192.168.0.24/ppp/webhook | Management Backend URL | server |
| backend-key | string | HaEkTB55VcHovKtUPHmU9zn0NjFmC6tff | Management Backend Authentication Key | server |
Client Configuration (client)
| Parameter Name | Type | Example Value | Description | Applicable |
|---|---|---|---|---|
| guid | string | {F4569208-BB45-4DEB-B115-0FEA1D91B85B} | Unique Client Identifier | client |
| server | string | ppp://192.168.0.24:20000/ | Server Connection Address | client |
| server-proxy | string | http://user:pass@192.*16*8.*0.18:8080/ | Proxy Address for Connecting to Server | client |
| bandwidth | int | 10000 | Bandwidth Limit (Kbp/s) | client |
| reconnections.timeout | int | 5 | Reconnection Wait Time (seconds) | client |
| paper-airplane.tcp | bool | true | Enable Paper Airplane TCP Acceleration | client |
| http-proxy.bind | string | 192.168.0.24 | HTTP Proxy Binding Address | client |
| http-proxy.port | int | 8080 | HTTP Proxy Port | client |
| socks-proxy.bind | string | 192.168.0.24 | SOCKS Proxy Binding Address | client |
| socks-proxy.port | int | 1080 | SOCKS Proxy Port | client |
| socks-proxy.username | string | test | SOCKS Authentication Username | client |
| socks-proxy.password | string | 123456 | SOCKS Authentication Password | client |
? Port Mappings
| Parameter Name | Type | Example Value | Description | Applicable |
|---|---|---|---|---|
| local-ip | string | 192.168.0.24 | Local IP Address | client |
| local-port | int | 80 | Local Port | client |
| protocol | string | tcp | Protocol Type (tcp/udp) | client |
| remote-ip | string | :: | Remote IP (:: indicates any) | client |
| remote-port | int | 10001 | Remote Port | client |
?️ Routing Rules
| Parameter Name | Type | Example Value | Description | Applicable |
|---|---|---|---|---|
| name | string | CMNET | Routing Rule Name | client |
| nic | string | eth1 | Network Interface Name | client |
| ngw | string | 192.168.1.1 | Gateway Address | client |
| path | string | ./cmcc_cidr.txt | Local CIDR File Path | client |
| vbgp | string | https://ispip.*cl*a*ng.cn/cmcc_cidr.txt |
Online CIDR Data Source URL | client |
Configuration Guide
MUX Connection Count
| Connections | Focus Area |
|---|---|
| 4 | Low latency |
| 8 | Medium latency |
| 12 | High latency |
| 16 | Extreme high latency |
VPN Thread Count
| Thread Count | Focus Area |
|---|---|
| 1 | Single-core optimization |
| CPU cores + 1 | Multi-core optimization |
SSMT Thread Count
| Thread Count | Focus Area |
|---|---|
| 1 | Single-core optimization |
| CPU cores | Multi-core optimization |
DNS Rules List
▶️Mainland China Domain Direct Connection Rules (Regularly Updated):
github.com/liulilittle/dns-rules.txtFunction: Bypass VPN for DNS queries, accelerating local domain resolution
HTTPS Certificate Configuration
Place the root certificate in the VPN runtime directory: cacert.pem
| Source | Download Link |
|---|---|
| Mirror Repository | github.com/liulilittle/cacert.pem |
| CURL Official | curl.se/docs/caextract.html |
Certificate purpose: Ensure secure validation for HTTPS access
Quick Start
Server Deployment
1. Ubuntu 18.04 LTS x86_64 Rapid Launch
sudo su screen -S openppp2 mkdir -p openppp2 && cd openppp2 wget https://*git*hub.co*m/liulilittle/openppp2/releases/latest/download/openppp2-linux-amd64-simd.zip unzip openppp2-linux-amd64-simd.zip chmod a+x ppp rm -rf *.txt *.key *.pem *.zip
1.1. Configure Backend
Edit appsettings.json, clear or remove the server.backend field:
\"server\": { \"backend\": \"\", // Ensure this is empty // Other configurations remain unchanged... \"backend-key\": \"HaEkTB55VcHovKtUPHmU9zn0NjFmC6tff\" }
1.2. Start Service
./ppp
