Skip to content

Sudoku

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
proxies:
  - name: sudoku
    type: sudoku
    server: 1.2.3.4
    port: 443 
    key: "<client_key>"
    aead-method: chacha20-poly1305
    padding-min: 2
    padding-max: 7
    table-type: prefer_ascii
    # custom-table: xpxvvpvv
    # custom-tables: ["xpxvvpvv", "vxpvxvvp"]
    httpmask:
      disable: false
      mode: legacy
      tls: true
      mask-host: ""
      path-root: ""
      multiplex: off
    enable-pure-downlink: false

Common fields

key

If you use an ED25519 key pair generated by sudoku, fill in the private key from that key pair. Otherwise, fill in the same UUID as the server.

aead-method

Available values: chacha20-poly1305, aes-128-gcm, none. Even when none is used, the sudoku obfuscation layer still ensures security.

padding-min

Minimum number of padding bytes.

padding-max

Maximum number of padding bytes.

table-type

Available values: prefer_ascii, prefer_entropy, up_ascii_down_entropy, up_entropy_down_ascii.

custom-table

Optional custom byte layout. It must contain 2 x, 2 p, and 4 v characters in any order. It only takes effect for the entropy direction.

custom-tables

Optional list of custom byte layouts (x/v/p). If non-empty, it overrides custom-table.

httpmask.disable

Whether to disable all HTTP masking/tunneling.

httpmask.mode

Optional: legacy (default), stream, poll, auto, ws. stream/poll/auto/ws support CDN or reverse proxy usage.

httpmask.tls

Optional. Only takes effect when mode is stream/poll/auto/ws. true forces HTTPS; false forces HTTP and does not infer from the port.

httpmask.host

Optional. Overrides Host/SNI and supports example.com or example.com:443. Only takes effect when mode is stream/poll/auto/ws.

httpmask.path-root

Optional. First-level path prefix for the HTTP tunnel endpoint. Both sides must match. For example, aabbcc maps to /aabbcc/session, /aabbcc/stream, and /aabbcc/api/v1/upload.

httpmask.multiplex

Optional: off (default), auto (reuse h1.1 keep-alive / h2 connections to reduce RTT for each connection setup), on (multiplex multiple target connections in a single tunnel; only takes effect when mode is stream/poll/auto; ws forces off).

Whether to enable obfuscated downlink. When false, download speed can be greatly improved while preserving data security. It must match the server. If this is false, aead cannot be none.