server.example.toml

# Asport Server Configuration

# Listen address.
# Format: <ip>:<port>
# Note: We recommend use [::] for public servers. If you want to listen on IPv4 only, use 0.0.0.0.
server = "[::]:443"

# Congestion control algorithm.
# Default: "cubic"
# Options: "cubic", "reno", "bbr"
# Note: BBR may incrase transmission rate.
congestion_control = "cubic"

# Listen on IPv6 only.
# Default: NOT SET
# Note: Even if you set it to false, and the IP in `server` is an IPv4, software will PANIC.
# It's recommended to NOT SET this option.
only_v6 = false

# Handshake timeout.
# Default: "3s"
# Note: Connection will be closed if the handshake is not completed in this timeout.
handshake_timeout = "3s"

# Authentication failed reply.
# Default: true
# Note: If set to true, server will send reply to client when authentication failed. Otherwise, server will close the connection.
# If you want to hide your server from probing, you can set it to false.
authentication_failed_reply = true

# Task negotiation timeout.
# Default: "3s"
# Note: Accepting stream tasks timeout.
task_negotiation_timeout = "3s"

# Maximum idle time.
# Default: "10s"
# Note: Connection will be closed if it's idle for this time.
max_idle_time = "10s"

# Maximum packet size.
# Default: 1350
# Note: It just make impact on Native mode. This value should be less than the MTU of the network.
# Default value (1350) is conservative and should work in most cases. If you want to get better performance, you can
# increase this value. In most cases, 1500 is a good choice. If you use PPPoE, you can set it to 1492. And 9000 is the
# common value for Ethernet jumbo frame.
max_packet_size = 1350

# Buffer pool size.
# Default: 32
# Note: The maximum number of buffers to keep in the memory pool for UDP packet receiving.
# Higher values can reduce memory allocation overhead but consume more memory.
buffer_pool_size = 32

# UDP session timeout.
# Default: "5m"
# Note: Inactive UDP sessions will be automatically cleaned up after this timeout. This helps prevent memory leaks
# and ensures proper resource management. The session timeout should be balanced between performance and resource usage.
# Shorter timeouts free up resources faster but may cause more frequent reconnections for intermittent connections.
udp_session_timeout = "5m"

# Send window size.
# Default: 16_777_216
send_window = 16_777_216

# Receive window size.
# Default: 8_388_608
receive_window = 8_388_608

# Log level.
# Default: "warn"
# Options: "trace", "debug", "info", "warn", "error", "off"
# Note: If you want sumbit a bug report, you should set this to "trace" or "debug"
log_level = "warn"

# Security configuration.
[security]
# Security layer for QUIC.
# Default: "tls"
# Options: "tls", "noise"
# Note: "noise" is not recommended for production use.
type = "tls"

# Enable 0-RTT handshake.
# Default: false
# Note: 0-RTT handshake is not supported with Noise currently.
zero_rtt_handshake = false

# TLS configuration for security layer.
[security.tls]
# Path to the certificate file or the certificate in PEM format.
# Note: DER and PEM format are supported for file.
certificate = "path/to/cert.pem"

# Path to the private key file or the private key in PEM format.
# Note: DER and PEM format are supported for file.
private_key = "path/to/key.pem"

# ALPN for QUIC handshake.
# Default: ["asport"]
# Format: ["<protocol-1>", "<protocol-2>", ...]
# Note: If you want to bypass some DPI, you can change this to ["h3"]. And you should also change the client's ALPN to ["h3"].
alpn = ["asport"]

# Noise configuration for security layer.
[security.noise]
# Noise protocol pattern for handshake.
# Default: "Noise_NK_25519_ChaChaPoly_BLAKE2s"
# Options: "Noise_NK_25519_ChaChaPoly_BLAKE2s", "Noise_KN_25519_ChaChaPoly_BLAKE2s", "Noise_NN_25519_ChaChaPoly_BLAKE2s", etc.
pattern = "Noise_NK_25519_ChaChaPoly_BLAKE2s"

# Local static private key for Noise.
# Note: This private key is only an example. You should replace it with your own private key.
# You can use `asport-server x25519` command to generate a key pair including a private key and a public key.
local_private_key = "VyAiUGOv3aRV9FopncH4NOu10bDEPpWBio3lEDoDCUQ="

# Remote public key for Noise.
# Note: This public key is only an example. You should replace it with your own public key.
remote_public_key = "C9UaWUuTjX5h2J8sC9sltj6msQwBkX59YIEy84ZfyWU="

# Reverse proxies configuration.
# Note: Multiple proxies are supported.
[[proxies]]
# Bind address for reverse proxy.
# Format: <ip>
# Note: We recommend use [::] for public servers. If you want to listen on IPv4 only, use 0.0.0.0.
bind_ip = "[::]"

# Allow ports.
# Default:
# Linux and Android: software will get ephemeral ports range from system. If failed, it will use 32768-60999.
# macOS, iOS and FreeBSD: software will get ephemeral ports range from system. If failed, it will use 49152-65535.
# Windows and other systems: software will use 49152-65535.
# Format 1: <port>
# Format 2: { start = <start-port>, end = <end-port> }
# Format 3: [<port-1>, <port-2>, { start = <start-port-3>, end = <end-port-3> }, ...]
allow_ports = { start = 49152, end = 65535 }

# Listen on IPv6 only.
# Default: NOT SET
# Note: Even if you set it to false, and `bind_ip` is an IPv4, software will PANIC.
# It's recommended to NOT SET this option.
only_v6 = false

# Allow network.
# Default: "both"
# Options: "tcp", "udp", "both"
# Note: ["tcp", "udp"] is also supported, it's equivalent to "both".
allow_network = "both"

# Users configuration.
# Format: <uuid> = "<password>"
# Note: UUID must be unique in all proxies.
# You can use `asport-server uuid` command to generate a UUID.
# The example UUID and password are only examples. You MUST replace them with your own UUID and password.
[proxies.users]
00000000-0000-0000-0000-000000000000 = "password"
00000000-0000-0000-0000-000000000001 = "password"