A user-friendly script to set up Paqet tunnels between Iran and foreign servers, helping bypass internet censorship.
Download and run the script directly from GitHub:
# Download the script
wget https://raw.githubusercontent.com/AmiRCandy/CandyHole/main/CandyHole.sh
# Make it executable (Linux/Unix systems)
chmod +x CandyHole.sh
# Run as root
sudo ./CandyHole.shOr run directly without downloading:
sudo bash <(curl -Ls https://raw.githubusercontent.com/AmiRCandy/CandyHole/main/CandyHole.sh)
- 🎨 Colored Interface: Beautiful, easy-to-read colored output
- ✅ Input Validation: Validates IP addresses, ports, and user inputs
- 🔧 Automatic Configuration: Generates proper YAML configs for both client and server
- 🛡️ Firewall Setup: Automatically configures iptables and UFW
- 🔄 System Service: Creates and manages systemd service for Paqet
- 📝 Error Handling: Comprehensive error checking and recovery
- 📊 Progress Indicators: Shows progress during setup
- Ubuntu/Debian-based Linux system
- Root access (run with
sudo) - Internet connection
Download and run the script:
wget https://raw.githubusercontent.com/AmiRCandy/CandyHole/main/CandyHole.sh
chmod +x CandyHole.sh
sudo ./CandyHole.shOr run directly:
sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/AmiRCandy/CandyHole/main/CandyHole.sh)"- Choose option "1) Server (Foreign server outside Iran)"
- Enter your desired port (default: 8080)
- The script will automatically:
- Install Paqet and dependencies
- Generate a secret key
- Configure network settings
- Set up firewall rules
- Create systemd service
- Start the tunnel
Save the generated information:
- Server IP
- Server Port
- Secret Key
- Choose option "2) Client (Iran server)"
- Enter the foreign server IP address
- Enter the server port
- Enter the secret key from server setup
- The script will automatically configure everything
To completely remove Paqet and all its components:
- Choose option "3) Uninstall Paqet"
- The script will automatically:
- Stop and remove the Paqet service
- Remove configuration files
- Remove Paqet binary
- Clean up firewall rules
- Optionally remove installed system packages
- Installs Paqet tunneling software
- Generates unique secret key
- Creates server configuration with detected network settings
- Sets up firewall rules
- Creates systemd service for auto-start
- Provides SOCKS5 proxy at
127.0.0.1:1404
- Installs Paqet tunneling software
- Creates client configuration connecting to your server
- Sets up firewall rules
- Creates systemd service for auto-start
- Provides tunnel to bypass censorship
- Server:
/etc/paqet/server.yaml - Client:
/etc/paqet/client.yaml - Service:
/etc/systemd/system/paqet.service
# Check service status
sudo systemctl status paqet
# View real-time logs
sudo journalctl -u paqet -f
# Restart service
sudo systemctl restart paqet
# Stop service
sudo systemctl stop paqet
# Edit configuration
sudo nano /etc/paqet/server.yaml # or client.yaml- Service won't start: Check logs with
sudo journalctl -u paqet -f - Connection issues: Verify firewall settings and port accessibility
- Network detection failed: Check
ip routeoutput and network configuration - Permission issues: Make sure you're running as root
- The script generates a random secret key for authentication
- Firewall rules are configured to allow only necessary traffic
- SOCKS5 proxy uses default credentials (change them in config if needed)
After setup, you can edit the YAML configuration files to:
- Change KCP settings for better performance
- Modify logging levels
- Adjust network interface settings
- Configure additional SOCKS5 users
- CandyHole Repository: https://github.com/AmiRCandy/CandyHole
- Direct Script URL: https://raw.githubusercontent.com/AmiRCandy/CandyHole/master/CandyHole.sh
- CandyHole Issues: Create an issue in the CandyHole repository
- Paqet Issues: Check the official Paqet repository
Happy tunneling! 🌐