Skip to content

snsinfu/reverse-tunnel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

75 Commits

.github/workflows

.github/workflows

 
 

agent

agent

 
 

config

config

 
 

docker

docker

 
 

examples

examples

 
 

hexid

hexid

 
 

ports

ports

 
 

server

server

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE.txt

LICENSE.txt

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

lint.sh

lint.sh

 
 

Repository files navigation

Reverse tunnel TCP and UDP

Build Status Release MIT License

rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.

Build

Compiled binaries are available in the release page. To build your own ones, clone the repository and make:

$ git clone https://github.com/snsinfu/reverse-tunnel
$ cd reverse-tunnel
$ make

Or,

$ go build -o rtun github.com/snsinfu/reverse-tunnel/agent/cmd
$ go build -o rtun-server github.com/snsinfu/reverse-tunnel/server/cmd

Docker

Docker images are available:

Quick usage:

$ docker run -it \
  -p 8080:8080 -p 9000:9000 \
  -e RTUN_AGENT="8080/tcp @ samplebfeeb1356a458eabef49e7e7" \
  snsinfu/rtun-server

$ docker run -it --network host \
  -e RTUN_GATEWAY="ws://0.1.2.3:9000" \
  -e RTUN_KEY="samplebfeeb1356a458eabef49e7e7" \
  -e RTUN_FORWARD="8080/tcp:localhost:8080" \
  snsinfu/rtun

See docker image readme.

Usage

Gateway server

Create a configuration file named rtun-server.yml:

# Gateway server binds to this address to communicate with agents.
control_address: 0.0.0.0:9000

# List of authorized agents follows.
agents:
  - auth_key: a79a4c3ae4ecd33b7c078631d3424137ff332d7897ecd6e9ddee28df138a0064
    ports: [10022/tcp, 60000/udp]

You may want to generate auth_key with openssl rand -hex 32. Agents are identified by their keys and the agents may only use the whitelisted ports listed in the configuration file.

Then, start gateway server:

$ ./rtun-server

Now agents can connect to the gateway server and start reverse tunneling. The server and agent uses WebSocket for communication, so the gateway server may be placed behind an HTTPS reverse proxy like caddy. This way the tunnel can be secured by TLS.

Standalone TLS

rtun-server supports automatic acquisition and renewal of TLS certificate. Set control address to :443 and domain to the domain name of the public gateway server.

control_address: :443

lets_encrypt:
  domain: rtun.example.com

Non-root user can not use port 443 by default. You may probably want to allow rtun-server bind to privileged port using setcap on Linux:

sudo setcap cap_net_bind_service=+ep rtun-server

Agent

Create a configuration file named rtun.yml:

# Specify the gateway server.
gateway_url: ws://the-gateway-server.example.com:9000

# A key registered in the gateway server configuration file.
auth_key: a79a4c3ae4ecd33b7c078631d3424137ff332d7897ecd6e9ddee28df138a0064

forwards:
  # Forward 10022/tcp on the gateway server to localhost:22 (tcp)
  - port: 10022/tcp
    destination: 127.0.0.1:22

  # Forward 60000/udp on the gateway server to localhost:60000 (udp)
  - port: 60000/udp
    destination: 127.0.0.1:60000

And run agent:

$ ./rtun

Note: When you are using TLS on the server the gateway URL should start with wss:// instead of ws://. In this case, the port number should most likely be the default:

gateway_url: wss://the-gateway-server.example.com

License

MIT License.

About

Reverse tunnel TCP and UDP

Topics

tcp udp tunneling

Resources

Readme

License

MIT license
Activity

Stars

162 stars

Watchers

12 watching

Forks

33 forks
Report repository

Releases 8

Release v1.3.2 Latest
Jul 31, 2021
+ 7 releases

Contributors 2

Languages