Encapsulate TCP connections inside HTTP WebSockets
Go to file
Pierre HUBERT 44851be0c0
All checks were successful
continuous-integration/drone/push Build is passing
Merge pull request 'Update Rust crate clap to v4.5.7' (#153) from renovate/clap-4.x-lockfile into master
Reviewed-on: #153
2024-06-14 17:51:37 +00:00
src Fix cargo clippy issue 2024-01-17 19:53:13 +01:00
.drone.yml Forbid cargo clippy warnings 2022-09-02 15:55:42 +02:00
.gitignore Add new test based on token auth with TLS 2022-09-02 09:43:07 +02:00
Cargo.lock Update Rust crate clap to v4.5.7 2024-06-11 00:14:15 +00:00
Cargo.toml Update Rust crate serde to 1.0.200 2024-05-02 00:05:46 +00:00
README.MD Fix README 2022-09-02 15:45:09 +02:00
renovate.json Allow Renovate to perform major updates 2024-01-03 10:04:48 +00:00


Build Status

This project aims to provide an easy-to-setup TCP forwarding solution:

|--------|              |--------|                     |--------|              | -------|
|        |              | Client |                     | Server |              |        |
| Client | -- TCP xx -- |        | -- HTTP 80 / 443 -- |        | -- TCP xx -- | Server |
|        |              |  Relay |                     |  Relay |              |        |
|--------|              |--------|                     |--------|              |--------|

This project can be used especially to bypass firewalls that blocks traffics from ports others than the HTTP / HTTPS ports. The TCP traffic is encapsulated inside an HTTP WebSocket between the client and the server relays.


The client can authenticate against the server relays through two different means:

  • Using a token (the server relay can have several tokens at the same time)
  • Using a client TLS certificate. In this case, the server relay must act as a HTTPS server, and you must provide the server the required certificates / key files in PEM format. It is also possible to provide the server a CRL file.


This repository contains a single binary which can be used as a server or a client, depending of command line arguments:

  • Server mode: Act as a server relay. In case of token authentication (NOT TLS authentication), it can be put behind a reverse proxy.
  • Client mode: Act as a client relay. It basically does three things:
    • Fetch the list of forwared ports configuration from the server
    • Listen to these port locally
    • When a connection occurs on one of these ports, it forward the data exchanged by the socket to and from the server.

A single server - client relay pair can relay multiple ports simultaneously from the same machine.