snsinfu/reverse-tunnel snsinfu/reverse-tunnel

  • Stars
    star
    171
  • Rank 222,266 (Top 5 %)
  • Language
    Go
  • License
    MIT License
  • Created over 6 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
snsinfu/reverse-tunnel
github

snsinfu

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Reverse tunnel TCP and UDP

Reverse tunnel TCP and UDP

Build Status Release MIT License

rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.

Build

Compiled binaries are available in the release page. To build your own ones, clone the repository and make:

$ git clone https://github.com/snsinfu/reverse-tunnel
$ cd reverse-tunnel
$ make

Or,

$ go build -o rtun github.com/snsinfu/reverse-tunnel/agent/cmd
$ go build -o rtun-server github.com/snsinfu/reverse-tunnel/server/cmd

Docker

Docker images are available:

Quick usage:

$ docker run -it \
  -p 8080:8080 -p 9000:9000 \
  -e RTUN_AGENT="8080/tcp @ samplebfeeb1356a458eabef49e7e7" \
  snsinfu/rtun-server

$ docker run -it --network host \
  -e RTUN_GATEWAY="ws://0.1.2.3:9000" \
  -e RTUN_KEY="samplebfeeb1356a458eabef49e7e7" \
  -e RTUN_FORWARD="8080/tcp:localhost:8080" \
  snsinfu/rtun

See docker image readme.

Usage

Gateway server

Create a configuration file named rtun-server.yml:

# Gateway server binds to this address to communicate with agents.
control_address: 0.0.0.0:9000

# List of authorized agents follows.
agents:
  - auth_key: a79a4c3ae4ecd33b7c078631d3424137ff332d7897ecd6e9ddee28df138a0064
    ports: [10022/tcp, 60000/udp]

You may want to generate auth_key with openssl rand -hex 32. Agents are identified by their keys and the agents may only use the whitelisted ports listed in the configuration file.

Then, start gateway server:

$ ./rtun-server

Now agents can connect to the gateway server and start reverse tunneling. The server and agent uses WebSocket for communication, so the gateway server may be placed behind an HTTPS reverse proxy like caddy. This way the tunnel can be secured by TLS.

Standalone TLS

rtun-server supports automatic acquisition and renewal of TLS certificate. Set control address to :443 and domain to the domain name of the public gateway server.

control_address: :443

lets_encrypt:
  domain: rtun.example.com

Non-root user can not use port 443 by default. You may probably want to allow rtun-server bind to privileged port using setcap on Linux:

sudo setcap cap_net_bind_service=+ep rtun-server

Agent

Create a configuration file named rtun.yml:

# Specify the gateway server.
gateway_url: ws://the-gateway-server.example.com:9000

# A key registered in the gateway server configuration file.
auth_key: a79a4c3ae4ecd33b7c078631d3424137ff332d7897ecd6e9ddee28df138a0064

forwards:
  # Forward 10022/tcp on the gateway server to localhost:22 (tcp)
  - port: 10022/tcp
    destination: 127.0.0.1:22

  # Forward 60000/udp on the gateway server to localhost:60000 (udp)
  - port: 60000/udp
    destination: 127.0.0.1:60000

And run agent:

$ ./rtun

Note: When you are using TLS on the server the gateway URL should start with wss:// instead of ws://. In this case, the port number should most likely be the default:

gateway_url: wss://the-gateway-server.example.com

License

MIT License.

More Repositories

1

terraform-lambda-example

Hello World example of AWS Lambda
HCL
40
star
2

mac-wireguard-setup

Setup multiple wireguard tunnels on macOS as launchd services
Makefile
20
star
3

cxx-spline

Header-only cubic spline interpolator for C++
C++
17
star
4

cxx-ziggurat

Ziggurat normal random number generator
C++
4
star
5

hetzner-zfs-image

Scripts to create a reusable Hetzner cloud image that boots Debian on ZFS root
Shell
4
star
6

bit4

Random experiments in various languages
C++
3
star
7

2022a-genome-dynamics

C++
3
star
8

dotenv

ZSH/Bash shell function for loading environment variables from .env file. Supports gpg-encrypted files.
Shell
2
star
9

deno-oauth-1.0a

OAuth 1.0a Request Authorization for deno
TypeScript
2
star
10

frag

Stateful GLSL fragment shader runner
Go
2
star
11

xpipe

Split stdin and pipe each part to other command
C
1
star
12

hetzner-dokku-image

Packer template for a Debian Dokku image on Hetzner cloud
Shell
1
star
13

rainbow-tmux

Animate tmux in rainbow colors
Shell
1
star
14

envx

Set environment and execute a command
Shell
1
star
15

3dview

Python
1
star
16

torque-qtop

CUI job monitoring program for the torque resource manager
Go
1
star
17

femtomail

Fork of https://git.lekensteyn.nl/femtomail/ with FreeBSD support
C
1
star
18

dpll-sat

NaΓ―ve SAT solver implementing the classic DPLL algorithm
Rust
1
star
19

uenv

Set environment from file and execute a command
C
1
star
20

3dpile

Abelian sandpile in 3D graphics
JavaScript
1
star
21

reconf

Generate config file and run command
Go
1
star
22

pseudoword

Generate random pseudowords with n-gram MCMC
Python
1
star
23

web-wordgen

MCMC pseudoword generator.
Python
1
star
24

cxx-getopt

Header-only POSIX getopt workalike for C++
C++
1
star
25

vim-autocommit

Git auto-commit plugin for vim
Vim Script
1
star
26

acol

Styles standard input in a tabular format like ls
Go
1
star
27

cxx14_range_algorithms

A single-file, header-only library of C++14 standard algorithms adapted to ranges
C++
1
star
28

cxx-distr

Efficient discrete random distribution for C++. The implementation uses array-based sum tree to allow fast sampling and updates of weighted events.
C++
1
star
29

f95-replica-exchange

Simple replica-exchange Langevin dynamics in Fortran 95 that samples from a one-dimensional multi-stable potential surface.
Jupyter Notebook
1
star