[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-80719":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":17,"stars30d":17,"stars90d":16,"forks30d":16,"starsTrendScore":18,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":31,"readmeContent":32,"aiSummary":33,"trendingCount":16,"starSnapshotCount":16,"syncStatus":17,"lastSyncTime":34,"discoverSource":35},80719,"OpenStream","Amir-A664\u002FOpenStream","Amir-A664","🔒 Run OpenVPN inside an isolated network and expose it as a secure local or LAN SOCKS5 proxy - without routing your entire host machine through the VPN.","https:\u002F\u002Fgithub.com\u002FAmir-A664\u002FOpenStream",null,"Python",44,3,43,1,0,2,6,1.81,"MIT License",false,"main",true,[25,26,27,28,29,30],"iran","namespace","openvpn","openvpn-client","proxy","socks5-proxy","2026-06-12 02:04:05","# 🔒 OpenStream (`opst`)\n\n> OpenStream is a small Linux tool that runs OpenVPN inside an isolated network namespace and exposes the VPN connection as a SOCKS5 proxy.\n\n[![Latest release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002FAmir-A664\u002FOpenStream?display_name=tag&logo=github&label=release&color=blue&cacheSeconds=300)](https:\u002F\u002Fgithub.com\u002FAmir-A664\u002FOpenStream\u002Freleases\u002Flatest)\n[![Downloads](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fdownloads\u002FAmir-A664\u002FOpenStream\u002Ftotal.svg?label=downloads&logo=github&cacheSeconds=300)](https:\u002F\u002Fgithub.com\u002FAmir-A664\u002FOpenStream\u002Freleases)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flicense\u002FAmir-A664\u002FOpenStream?color=blue)](LICENSE)\n[![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FAmir-A664\u002FOpenStream?style=flat&logo=github)](https:\u002F\u002Fgithub.com\u002FAmir-A664\u002FOpenStream\u002Fstargazers)\n[![Issues](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002FAmir-A664\u002FOpenStream?logo=github)](https:\u002F\u002Fgithub.com\u002FAmir-A664\u002FOpenStream\u002Fissues)\n[![Pull Requests](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues-pr\u002FAmir-A664\u002FOpenStream?logo=github)](https:\u002F\u002Fgithub.com\u002FAmir-A664\u002FOpenStream\u002Fpulls)\n[![Platform](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fplatform-Linux-blue?logo=linux)](#)\n[![OpenVPN](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FOpenVPN-supported-brightgreen)](#)\n[![SOCKS5](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSOCKS5-local%20%7C%20LAN-purple)](#)\n\nThe point is simple: your host keeps its normal internet route. Only applications configured to use the SOCKS5 endpoint go through the VPN.\n\n🌍 **Language:** English | [برای خوندن راهنمای فارسی اینجارو کلیک کنید](README-fa.md)\n\n---\n\n## ✨ What it does\n\nOpenStream creates a dedicated Linux network namespace named `opstns`, starts OpenVPN inside it, starts `microsocks` inside the same namespace, then forwards a local or LAN-facing TCP listener to that namespace SOCKS server using `socat`.\n\nDefault endpoint after install:\n\n```text\nsocks5h:\u002F\u002F127.0.0.1:2086\n```\n\nThe port is not fixed. The installer asks you which SOCKS5 port to use and saves it in `\u002Fetc\u002Fopst\u002Fconfig.toml`. You can also change your selected port again after installation with the `opst changeport` command.\n\n---\n\n## 🚫 What it does not do\n\nOpenStream is not a VPN provider, does not ship VPN credentials, does not hide all traffic automatically, and does not modify the default route of your host. Apps must explicitly use the SOCKS5 proxy.\n\nIt is currently aimed at Debian\u002FUbuntu-style Linux systems using `systemd`, `iproute2`, `iptables`, OpenVPN, `microsocks`, and `socat`.\n\n---\n\n## 📦 Install\n\nRun the following commands in order: (Naturally, for the initial installation from GitHub and for installing the required packages, unrestricted internet access is needed the first time.)\n\n```sh\ngit clone https:\u002F\u002Fgithub.com\u002FAmir-A664\u002FOpenStream.git\ncd OpenStream\nsudo .\u002Finstall.sh\n```\n\nThe installer will:\n\n1. ask for the SOCKS5 port;\n2. check runtime dependencies;\n3. if something is missing, offer to install the required packages using `apt` (naturally, if this project is going to be used on Linux distributions that do not use the `apt` package manager, the dependencies should be installed manually);\n4. create the following directory for storing `.ovpn` files:\n\nRequired runtime commands:\n\n```text\nopenvpn, ip, iptables, socat, microsocks, curl, systemctl\n```\n\nTypical packages:\n\n```sh\nsudo apt install openvpn iproute2 iptables socat microsocks curl systemd\n```\n\n---\n\n## 📁 Add OpenVPN profiles\n\nPut one or more `.ovpn` files here:\n\n```text\n\u002Fhome\u002F\u003Cusername>\u002FDesktop\u002Fopst\u002F\n```\n\nThen run:\n\n```sh\nopst on\n```\n\nOpenStream scans that folder, copies profiles into `\u002Fvar\u002Flib\u002Fopst\u002Fprofiles\u002F`, detects the authentication method, asks for credentials only when needed, patches the `.ovpn` safely for OpenVPN 2.6.x compatibility, and lets you choose the active profile.\n\nSupported profile types in v1.0.0:\n\n```text\nusername\u002Fpassword\ncertificate-based\nhybrid username\u002Fpassword + certificate\nstatic key \u002F tls-auth \u002F tls-crypt\n```\n\n---\n\n## 🖥️ Start local mode\n\n```sh\nopst on\n```\n\nThis binds the host listener to:\n\n```text\n127.0.0.1:\u003Cconfigured-port>\n```\n\nExample:\n\n```sh\ncurl --proxy socks5h:\u002F\u002F127.0.0.1:2086 https:\u002F\u002Fifconfig.me\n```\n\nUse the port you selected during install. You can also change your selected port again after installation with the `opst changeport` command.\n\n---\n\n## 🌐 Start LAN mode\n\n```sh\nopst on --lan\n```\n\nLAN mode binds the host listener to:\n\n```text\n0.0.0.0:\u003Cconfigured-port>\n```\n\nOpenStream prints a warning like this:\n\n```text\nWARNING: LAN mode exposes SOCKS5 on 0.0.0.0:2086\nOnly use this on trusted networks.\n```\n\n> [!WARNING]\n> Do not enable LAN mode on public networks, dormitories, cafés, airports, or any network you do not trust.\n\nNow, by simply keeping OpenStream running on your laptop or desktop, you can create a SOCKS5 proxy inside Telegram on your phone using your computer’s IP address and your chosen port, then connect Telegram through it. (The same thing can also be done with apps like V2rayNG on Android (or other apps on IOS) if you want your entire phone to access the internet through the proxy.)\n\nDo not enable LAN mode on public networks, dormitories, cafés, airports, or any network you do not trust. In practice, this mode exposes a gateway into your VPN profile and should not be left open carelessly.\n\n---\n\n## 🛠 Commands\n\n```sh\nopst on\nopst on --lan\nopst off\nopst restart\nopst restart --lan\nopst status\nopst changeport\nopst current\nopst use\nopst profiles\nopst add\nopst remove\nopst test\nopst logs\nopst logs openvpn\nsudo opst uninstall\n```\n\n---\n\n## ✅ Test\n\n```sh\nopst test\n```\n\nThis runs:\n\n```sh\ncurl --proxy socks5h:\u002F\u002F127.0.0.1:\u003Cconfigured-port> https:\u002F\u002Fifconfig.me\n```\n\n---\n\n## 📜 Logs\n\n```sh\nopst logs\nopst logs setup\nopst logs openvpn\nopst logs socks\nopst logs localproxy\n```\n\n---\n\n## 🧹 Uninstall\n\n```sh\nsudo opst uninstall\n```\n\nor from the repository:\n\n```sh\nsudo .\u002Funinstall.sh\n```\n\nThe uninstaller removes system files, systemd units, runtime state, cached profiles, and namespaces. It does not delete your original `.ovpn` drop folder by default.\n\n---\n\n## ❤️ Support \u002F Donate\n\nIf OpenStream saves you time, crypto donations are welcome!\n\n```text\nBitcoin (BTC): bc1ql05zalkxftmrxwp2d6y9u97e3ypg6n8yfzpp2g\n\nEthereum \u002F ERC-20 \u002F (Ethereum mainnet, Binance Smart Chain, Arbitrum, Optimism, Base, Polygon, and other ERC-20\u002FL2 networks):\n0x920986fee228a8d62b58a9a25fece7aafb469e70\n\nSolana (SOL \u002F SPL): D6sFh8xjgnfLe2p3w55m68ERwt8gaMYDcNZaqfhUrvQ8\n\nLitecoin (LTC): ltc1qzl3lyaz83xnnurr2rwge5smgg8e3nma5fwk632\n\nZcash (ZEC): t1QX9A83h4GxnZsXbqWbx8SCbprkwductoA\n\nTon (TON): UQBoXYOLS8sn4YBO0ojc042uhGnHyyFuuwJPI7ArBZjOhoq9\n```\n\n---\n\n## 🔐 Security notes\n\nNever commit real `.ovpn` files if they include private keys, certificates, provider hostnames, usernames, or passwords. Do not commit `\u002Fetc\u002Fopenvpn\u002Fopst\u002Fauth\u002F*.txt` under any circumstances.\n\nOpenStream writes profile-specific auth files to:\n\n```text\n\u002Fetc\u002Fopenvpn\u002Fopst\u002Fauth\u002F\u003Cprofile-id>.txt\n```\n\nwith `root:root` ownership and `0600` permissions.\n","OpenStream 是一个小型 Linux 工具，它在隔离的网络命名空间中运行 OpenVPN，并将 VPN 连接作为 SOCKS5 代理暴露出来。该项目使用 Python 编写，通过创建一个名为 `opstns` 的专用网络命名空间来启动 OpenVPN 和 microsocks，并利用 socat 将本地或局域网 TCP 监听器转发到该命名空间中的 SOCKS 服务器。适用于需要为特定应用程序提供安全代理连接而不改变主机默认路由的场景，特别适合那些希望仅让部分流量通过 VPN 的用户。项目遵循 MIT 许可协议，主要面向 Debian\u002FUbuntu 风格且使用 systemd、iproute2、iptables 等工具的 Linux 系统。","2026-06-11 04:01:46","CREATED_QUERY"]