Advanced Network Diagnostic & DPI Evasion Toolkit
Engineered for resilience in highly restrictive network environments (e.g., National Intranets).
OpenGate is a professional-grade, zero-trust network analysis and configuration tool designed by network security engineers. It focuses exclusively on mathematically proven methods to bypass Deep Packet Inspection (DPI), SNI filtering, and BGP route manipulation (National Information Networks).
Unlike generic VPN tools, OpenGate assumes a hostile network environment and provides the necessary diagnostics to establish secure, obfuscated tunnels using state-of-the-art protocols like XTLS-Reality, CDN Fronting, and Intranet Bridging.
- Intranet Bridge Configurator (National Internet Bypass): The only reliable method during severe filtering. Architect a domestic-to-international tunnel (Iran IP -> Global IP) using VLESS+TCP+XTLS-Reality or WireGuard Obfuscation.
- CDN Clean IP Scanner: Discover unblocked Cloudflare/Fastly edge IPs. Essential for WebSocket/gRPC CDN fronting when your server's direct IP is blocked.
- Reality Scanner & Camouflage: Analyze SNI domains and generate optimal camouflage destinations to perfectly mimic legitimate TLS traffic, rendering DPI ineffective.
- Built-in Secure DoH Resolver: Transform your OpenGate server into a private DNS over HTTPS (DoH) resolver to bypass DNS hijacking and poisoning.
Deploy OpenGate on your Linux server (Ubuntu/Debian) with a single command. This script automatically installs Node.js, clones the repository, builds the project, and sets it up as a systemd service.
bash <(curl -s https://raw.githubusercontent.com/ehsanking/OpenGate/main/install.sh)Once installed, OpenGate will be accessible at http://<YOUR_SERVER_IP>:3000.
Security Note: For production use, especially when utilizing the built-in DoH resolver, it is strongly recommended to place OpenGate behind a reverse proxy (like Nginx or Caddy) and secure it with a valid SSL/TLS certificate.
If you prefer to install manually or are setting up a development environment:
-
Clone the repository:
git clone https://github.com/ehsanking/OpenGate.git cd OpenGate -
Install dependencies:
npm install
-
Build the application:
npm run build
-
Run the server:
npm run dev
- Access the Dashboard: Open the OpenGate web interface.
- Assess the Network: Check the "System Logs" and "Security Intel" panels for real-time DPI status and active filtering methods.
- Choose Your Strategy:
- Direct Connection (Mild Filtering): Use the Reality Scanner to find a suitable SNI and configure your Xray client.
- IP Blocked (Moderate Filtering): Use the CDN Clean IP Scanner to find a working edge IP, then configure your client to use WebSocket/gRPC via that CDN.
- National Intranet (Severe Filtering): Use the Intranet Bridge Configurator. You will need two servers (one inside the restricted country, one outside). Generate the configuration to tunnel traffic between them.
- Secure DNS: Copy the Built-in DoH Resolver URL and configure it in your v2ray/Xray client's routing rules to prevent DNS leaks.
For Educational and Research Purposes Only.
OpenGate is developed strictly as a network diagnostic and security research tool. The authors and contributors:
- Do not endorse or promote illegal activities.
- Are not responsible for any misuse of this software, including but not limited to violating local laws, terms of service of ISPs, or corporate network policies.
- Provide no warranties. This software is provided "as is", without warranty of any kind, express or implied.
- Cannot guarantee absolute anonymity or security. Advanced adversaries may still employ traffic correlation or endpoint compromise techniques.
Users are solely responsible for ensuring their use of OpenGate complies with all applicable local, state, national, and international laws and regulations.
Built for Resilience & Freedom | © OpenSource