dsnet/udptunnel dsnet/udptunnel

  • Stars
    star
    173
  • Rank 218,923 (Top 5 %)
  • Language
    Go
  • License
    BSD 3-Clause "New...
  • Created over 7 years ago
  • Updated over 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
dsnet/udptunnel
github

dsnet

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Daemon for creating a simple VPN over UDP.

UDP virtual private tunnel daemon

Introduction

This repository contains a simple implementation of a point-to-point virtual private network by opening a TUN device and transferring raw traffic over UDP. This VPN was designed to create a tunnel between two hosts:

  1. A client host operating behind an obtrusive NAT which drops TCP connections frequently, but happens to pass UDP traffic reliably.
  2. A server host that is internet-accessible.

TUN traffic is sent ad-verbatim between the two endpoints via unencrypted UDP packets. Thus, this should only be used if a more secure protocol (like SSH; see github.com/dsnet/sshtunnel) is running on top of this VPN. In order to prevent attackers from connecting to other locally binded sockets on the endpoints, a simple port filter is built-in to restrict IP traffic to only the specified ports. Users of udptunnel should also setup iptable rules as a secondary measure to restrict malicious traffic.

This only supports Linux.

Usage

Build the daemon:

go get -u github.com/dsnet/udptunnel

Create a server configuration file:

{
	"TunnelAddress": "10.0.0.1",
	"NetworkAddress": ":8000",
	"AllowedPorts": [22],
}

The NetworkAddress with an empty host indicates that the daemon is operating in server mode.

Create a client configuration file:

{
	"TunnelAddress": "10.0.0.2",
	"NetworkAddress": "server.example.com:8000",
	"AllowedPorts": [22],
}

The host server.example.com is assumed to resolve to some address where the client can reach the server.

Start the daemon on both the client and server (assuming $GOPATH/bin is in your $PATH):

[email protected] $ udptunnel /path/to/config.json
[email protected] $ udptunnel /path/to/config.json

Try accessing the other endpoint (example is for client to server):

[email protected] $ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_req=1 ttl=64 time=56.7 ms
64 bytes from 10.0.0.1: icmp_req=2 ttl=64 time=58.7 ms
64 bytes from 10.0.0.1: icmp_req=3 ttl=64 time=50.1 ms
64 bytes from 10.0.0.1: icmp_req=4 ttl=64 time=51.6 ms


[email protected] $ nmap 10.0.0.1
Host is up (0.063s latency).
PORT   STATE SERVICE
22/tcp open  ssh


[email protected] $ ssh 10.0.0.1
Password: ...

The above example shows the client trying to communicate with the server, which is addressable at 10.0.0.1. The example commands can be done from the server by dialing the client at 10.0.0.2, instead.

More Repositories

1

compress

Collection of compression related Go packages.
Go
399
star
2

termijack

TermiJack surreptitiously hijacks standard streams (stdin, stdout, and/or stderr) from an already running process.
Python
171
star
3

try

Simplified error handling in Go
Go
167
star
4

sshtunnel

SSH daemon for creating forward and reverse tunnels.
Go
72
star
5

motd-generator

Custom message-of-the-day (MOTD) generator intended to be informative about the system you are logging in to.
Python
44
star
6

golib

Collection of mostly unrelated helper Go packages.
Go
30
star
7

playground

Locally hosted Go playground for more advanced functionality.
Go
20
star
8

gotab

Simple bash tab completion for the go command.
Go
10
star
9

tri-approx

Experiments in fixed-point approximation of trigonometric functions.
C
9
star
10

zsync

Daemon for replicating ZFS datasets.
Go
7
star
11

matrix-transpose

Experiments in the efficient transpose of bit-matrices.
C
7
star
12

mario-doorbell

Custom doorbell design that plays the Mario coin sounds upon every press.
C
5
star
13

generate-gallery

Tool for generating static .html files with thumbnails for all images and videos in a directory
Go
5
star
14

codebreaker

Solver for Codenames, a boardgame by Vladimír Chvátil
HTML
5
star
15

godoc

Go
5
star
16

crypto

Collection of crypto related Go packages.
Go
4
star
17

file-server

Simple HTTP file server.
JavaScript
2
star
18

dns-updater

Dynamically updates DNS records on Rackspace if it differs from the currently assigned external IP address.
Python
1
star
19

remote-keyless-system

Wireless remote keyless system to unlock the dorm door.
C
1
star