wingetCollections
  • Auto
  • Search
  • Awesome Collections
  • Awesome Programs
  • My Favorite Collections
  • My Collections
  • Account / Settings
  • Terms of Service
  • Privacy
  • About

© 2026 winget.ragerworks.com

Loading...
Install GreenTunnel using Winget - wingetCollections
  1. Go back
  2. Packages
  3. GreenTunnel
GreenTunnel logo

GreenTunnel Sadegh Hayeri

anti-censorship bypass dpi network privacy proxy tunnel
Use this command to install GreenTunnel:
winget install --id=SadeghHayeri.GreenTunnel -e

GreenTunnel is an anti-censorship utility designed to bypass Deep Packet Inspection (DPI) systems implemented by Internet Service Providers (ISPs) to block access to certain websites. It enables users to circumvent content restrictions while maintaining a focus on privacy and network transparency.

Key Features:

  • Bypasses DPI-based censorship for both HTTPS and HTTP traffic.
  • Supports encrypted DNS (DoH/DoT) to prevent DNS-level blocking.
  • Offers optional TLS record fragmentation to evade stricter DPI systems.
  • Includes a graphical user interface (GUI) for ease of use across multiple platforms.
  • Operates in silent mode to minimize system noise.
  • Works seamlessly with modern browsers and applications.

Audience & Benefit: Ideal for users facing internet censorship or restrictive ISP policies, GreenTunnel empowers individuals to access blocked content without hiding their IP address. It is particularly beneficial for those who need a lightweight solution that integrates smoothly with existing workflows, ensuring privacy and connectivity in regions with heavy online restrictions.

README

Green Tunnel

GreenTunnel bypasses DPI (Deep Packet Inspection) systems found in many ISPs (Internet Service Providers) which block access to certain websites.

> Note: GreenTunnel does not hide your IP address. It only bypasses DPI-based censorship.

GreenTunnel v2 is out now.

The entire codebase has been rebuilt from the ground up: native ESM, Node.js 20+, a brand new dark UI, and a clean dependency tree with zero known vulnerabilities.

Open-source tools that help people reach the free internet shouldn't die — and with AI-assisted development, they don't have to. We'll keep doing our best to help people access the open internet, one packet at a time.

Installation

Requirements

  • Node.js 20+

npm (recommended)

npm install -g green-tunnel

After installation, run with gt or green-tunnel.

Docker

docker run -p 8000:8000 sadeghhayeri/greentunnel

Usage

CLI

Usage: green-tunnel [options]
Usage: gt [options]

Options:
  --ip                   IP address to bind proxy server     [string]  [default: "127.0.0.1"]
  --port                 Port to bind proxy server           [number]  [default: 8000]
  --https-only           Block insecure HTTP requests        [boolean] [default: false]
  --dns-type             DNS resolver type                   [string]  [choices: "https", "tls", "unencrypted"] [default: "https"]
  --dns-server           DNS server URL                      [string]  [default: "https://cloudflare-dns.com/dns-query"]
  --dns-ip               IP for unencrypted DNS              [string]  [default: "127.0.0.1"]
  --dns-port             Port for unencrypted DNS            [number]  [default: 53]
  --tls-record-frag...   Enable TLS record fragmentation     [boolean] [default: false]
  --silent, -s           Run in silent mode                  [boolean] [default: false]
  --verbose, -v          Debug mode (e.g. 'green-tunnel:*')  [string]
  --system-proxy         Auto-set system proxy               [boolean] [default: true]
  --help, -h             Show help
  --version, -V          Show version number
Versions
2.0.2
Website
github.com
License
Last updated
3/25/2026
Download latest version

Examples:

# Basic usage (auto-sets system proxy)
gt

# Custom port
gt --port 9000

# Use a different DoH server
gt --dns-server https://doh.securedns.eu/dns-query

# Enable TLS record fragmentation (for stricter DPI)
gt --tls-record-fragmentation

# Debug mode
gt --verbose 'green-tunnel:*'

Docker

# Basic
docker run -p 8000:8000 sadeghhayeri/greentunnel

# Custom port
docker run -e PORT=9000 -p 9000:9000 sadeghhayeri/greentunnel

# Run in background, restart on reboot
docker run -d --restart unless-stopped -p 8000:8000 sadeghhayeri/greentunnel

Environment variables:

VariableDescriptionDefault
PORTProxy port8000
HTTPS_ONLYBlock HTTP trafficfalse
DNS_TYPEhttps, tls, or unencryptedhttps
DNS_SERVERDNS server URLCloudflare DoH
SILENTSuppress outputfalse
VERBOSEDebug namespace—

Graphical Interface (GUI)

Download the pre-built installer for your OS from the releases page.

How It Works

HTTP

Some DPI systems fail to detect blocked content when an HTTP request is split across multiple TCP segments. GreenTunnel splits the request so the Host header straddles a segment boundary, preventing the DPI from matching the blocked hostname.

HTTPS / SNI Fragmentation

TLS's Server Name Indication (SNI) extension sends the target hostname in plaintext during the handshake. DPI systems use this to block HTTPS connections. GreenTunnel splits the initial ClientHello TLS record into small fragments so the DPI cannot reassemble and inspect the SNI field.

Optionally, --tls-record-fragmentation breaks the TLS record at a lower level for stricter DPI environments.

Encrypted DNS

Standard DNS lookups can be intercepted or spoofed by ISPs to block domains at the DNS level. GreenTunnel uses DNS over HTTPS (DoH) or DNS over TLS (DoT) to get the real IP address, bypassing DNS-based blocking.

Contributing

Pull requests and issues are always welcome.

  • Use FIX:, ADD:, UPDATE: prefixes in PR titles.
  • Keep commits focused and descriptive.
  • Make sure npm install passes and node -e "import('./src/index.js')" works.

Donation

> Love GreenTunnel? Please consider donating to sustain development.

Ethereum / USDT (ERC-20): 0xB116a6AE50c38a455944A65f9cEE4D54CEceF080

License

Licensed under the MIT License.