Skip to content

iPmartNetwork/RatholePro

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
.github/workflows
.github/workflows
 
 
examples
examples
 
 
go-core
go-core
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 

Repository files navigation

RatholePro

By iPmart Network (Ali Hassanzadeh)

RatholePro — Next-generation high-performance reverse proxy tunnel built in Go with real yamux multiplexing, multi-transport encryption (TLS / Noise / WebSocket / wss), auto-TLS, and UDP forwarding. Single binary, zero config headache.

GitHub Stars License Release

Features

Category Features
Core Real yamux multiplexing (single TCP, many streams)
Transports TCP, TLS (auto-cert!), Noise (X25519 + AES-256-GCM), WebSocket, WebSocket-over-TLS (wss)
Protocols TCP forwarding, UDP forwarding
Security SHA-256 token auth, TLS 1.2+ (auto-generated cert), authenticated X25519/AES-256-GCM "Noise" transport
Networking IPv6
Operations Auto reconnect, yamux keepalive, Systemd service, Menu-driven installer

Quick Install (Linux)

bash <(curl -Ls https://raw.githubusercontent.com/iPmartNetwork/RatholePro/master/install.sh)

Manual Download

Download from Releases:

Platform Architecture File
Linux x86_64 (AMD/Intel) rathole-pro-linux-amd64
Linux ARM64 (aarch64) rathole-pro-linux-arm64
Linux ARMv7 (32-bit) rathole-pro-linux-armv7
Linux MIPS64 rathole-pro-linux-mips64
Linux MIPS rathole-pro-linux-mips
Windows x86_64 rathole-pro-windows-amd64.exe
macOS x86_64 (Intel) rathole-pro-darwin-amd64
macOS ARM64 (Apple Silicon) rathole-pro-darwin-arm64 
wget https://github.com/iPmartNetwork/RatholePro/releases/latest/download/rathole-pro-linux-amd64
chmod +x rathole-pro-linux-amd64
sudo mv rathole-pro-linux-amd64 /usr/local/bin/rathole-pro

Build from Source

Requires Go 1.22+:

git clone https://github.com/iPmartNetwork/RatholePro.git
cd RatholePro/go-core
go build -ldflags="-s -w" -o rathole-pro .
sudo mv rathole-pro /usr/local/bin/

Usage

# Server mode
rathole-pro server.toml

# Client mode
rathole-pro client.toml

# Validate config
rathole-pro --validate server.toml

# Generate Noise keypair
rathole-pro --gen-key

# Show version
rathole-pro --version

Configuration Examples

Basic TCP Tunnel

Server (public IP — Iran):

[server]
bind_addr = "0.0.0.0:2333"
default_token = "my_secret_token"

[server.services.web]
bind_addr = "0.0.0.0:8080"

Client (behind NAT — Kharej):

[client]
remote_addr = "IRAN_IP:2333"
default_token = "my_secret_token"
retry_interval = 3
mux_connections = 4

[client.services.web]
local_addr = "127.0.0.1:8080"
mux_streams = 8

TLS with Auto-Cert (no domain needed!)

Server:

[server.transport]
type = "tls"

[server.transport.tls]
auto_cert = true

Client:

[client.transport]
type = "tls"

[client.transport.tls]
# Nothing needed! Encryption active, no cert file required.

Certificate is auto-generated on first run. No domain, no manual setup.

TLS with Custom Cert

[server.transport]
type = "tls"

[server.transport.tls]
trusted_root = "/etc/certs/cert.pem"
pkcs12 = "/etc/certs/key.pem"

Noise Protocol (no certificates!)

# Server
[server.transport]
type = "noise"

[server.transport.noise]
local_private_key = "BASE64_PRIVATE_KEY"

# Client
[client.transport]
type = "noise"

[client.transport.noise]
remote_public_key = "BASE64_PUBLIC_KEY"

Generate keys: rathole-pro --gen-key

WebSocket (bypass firewalls)

[server.transport]
type = "ws"

[server.transport.websocket]
path = "/tunnel"

WebSocket over TLS / wss (CDN bypass: Cloudflare, ArvanCloud)

# Server
[server.transport]
type = "wss"

[server.transport.tls]
auto_cert = true

[server.transport.websocket]
path = "/tunnel"

# Client
[client.transport]
type = "wss"

[client.transport.tls]
hostname = "your-server.com"

[client.transport.websocket]
path = "/tunnel"

UDP Forwarding (WireGuard, games, DNS)

# Server
[server.services.wireguard]
type = "udp"
bind_addr = "0.0.0.0:51820"

# Client
[client.services.wireguard]
type = "udp"
local_addr = "127.0.0.1:51820"

Architecture

                     Transport Layer
              (TCP / TLS / Noise / WebSocket)
                           │
                      ┌────┴────┐
                      │  yamux  │  ← single TCP connection, many streams
                      └────┬────┘
                           │
Visitor ─► [Server:8080] ──┼──► stream 1 ──► [Client] ──► [127.0.0.1:8080]
Visitor ─► [Server:8080] ──┼──► stream 2 ──► [Client] ──► [127.0.0.1:8080]
Visitor ─► [Server:5022] ──┼──► stream 3 ──► [Client] ──► [127.0.0.1:22]
UDP pkt ─► [Server:51820] ─┼──► stream 4 ──► [Client] ──► [127.0.0.1:51820]

Install Script Menu

╔═══════════════════════════════════════════════════════════╗
║         Rathole Pro v0.4.0 (Go + Yamux)                  ║
║  Transports: TCP │ TLS (auto-cert) │ Noise │ WebSocket  ║
║  Developer: iPmart Network (Ali Hassanzadeh)             ║
╚═══════════════════════════════════════════════════════════╝

  1) Install Binary
  2) Configure IRAN Server (users connect here)
  3) Configure KHAREJ Server (services run here)
  4) Start / 5) Stop / 6) Restart
  7) Status / 8) Logs / 9) View Config
 10) Update / 11) Uninstall
  0) Exit

Comparison

Feature rathole frp Backhaul RatholePro
Yamux Multiplexing
TLS Auto-Cert
Noise Protocol
WebSocket / wss
UDP Forward
IPv6 Partial
Install Script
Single Binary

License

Apache-2.0 — iPmart Network (Ali Hassanzadeh)

About

Next-generation high-performance reverse proxy tunnel with built-in multiplexing, multi-transport encryption, UDP forwarding, load balancing, P2P NAT traversal, and HTTP proxy support. Engineered for raw speed, zero-compromise security, and dead-simple deployment.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 5

RatholePro v0.4.4 Latest
Jun 13, 2026
+ 4 releases

Packages

 
 
 

Contributors

Languages