GOST relay — mihomo
mihomo can dial a GOST relay server as an outbound using GOST's relay protocol. The connection can be plaintext or wrapped in TLS, optionally with stream multiplexing, and authenticated with a username/password pair.
Outbound
Entry under proxies: with type: gost-relay. Embeds BasicOption (common outbound fields).
| Field | Type | Default | Allowed values | Description |
|---|---|---|---|---|
name | string | (required) | <string> | Unique proxy name. |
server | string | (required) | <host> | GOST relay server host/IP. |
port | int | (required) | <port> | GOST relay server port. |
forward | bool | false | true | false | Forward mode: send the relay request with an empty target address and let the server route to its own preconfigured upstream instead of the address mihomo requested. |
udp | bool | false | true | false | Enable UDP relaying. |
tls | bool | false | true | false | Wrap the relay connection in TLS. |
mux | bool | false | true | false | Multiplex multiple streams over one connection (smux). |
sni | string | (server name) | <SNI> | TLS SNI when `tls` is on. Defaults to `server`. |
username | string | (unset) | <string> | Relay authentication username. |
password | string | (unset) | <string> | Relay authentication password. |
skip-cert-verify | bool | false | true | false | Disable TLS verification (test only). |
fingerprint | string | (unset) | <SHA256 hex> | Pin the server's TLS certificate to this fingerprint. |
certificate | string | (unset) | <PEM file path> | Client certificate (mTLS). |
private-key | string | (unset) | <key file path> | Private key matching `certificate`. |
client-fingerprint | string | (global) | chrome | firefox | safari | ios | edge | random | randomized | uTLS client-hello fingerprint to mimic. |
Source: adapter/outbound/gost_relay.go:19-36 · pinned at v1.19.27 (5184081)
Examples
Outbound — plain relay with authentication:
yaml
proxies:
- name: gost-srv
type: gost-relay
server: relay.example.com
port: 8443
username: <username>
password: <password>
udp: trueOutbound — relay over TLS with multiplexing:
yaml
proxies:
- name: gost-tls
type: gost-relay
server: relay.example.com
port: 443
tls: true
sni: relay.example.com
mux: true
username: <username>
password: <password>
udp: trueNotes
- By default mihomo sends the requested destination to the relay server and the server connects there on its behalf. With
forward: truethe relay request carries an empty target address, so the server routes the connection to its own preconfigured upstream instead of the address mihomo asked for — useful when chaining to a relay that already has a fixed next hop. muxwraps the (optionally TLS) connection in an smux session and opens a stream per dial, multiplexing several logical connections over one underlying socket.tlsenables TLS for the relay connection.snioverrides the handshake server name (defaulting toserver);skip-cert-verify,fingerprint,certificate/private-key(mTLS), andclient-fingerprint(uTLS) tune the TLS layer. These have no effect unlesstlsis on.udp: trueenables UDP relaying through the server.
Cross-core notes
- GOST is a separate relay project with its own protocol. Neither Xray-core nor sing-box has a built-in GOST relay client, so this outbound is mihomo-specific — to reach a GOST endpoint from those cores you would front it with a protocol they both speak (e.g. a Shadowsocks or SOCKS hop).
Source: adapter/outbound/gost_relay.go:19-36 · v1.19.27 (5184081)