Encapsulate TCP connections inside HTTP WebSockets
tcp
Go to file
Pierre Hubert 512009b179
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
Update Rust crate hyper-rustls to 0.24.1
2023-08-26 00:36:04 +00:00
src Update a few dependencies (#40) 2023-04-11 12:37:48 +00:00
.drone.yml Forbid cargo clippy warnings 2022-09-02 15:55:42 +02:00
.gitignore Add new test based on token auth with TLS 2022-09-02 09:43:07 +02:00
Cargo.lock Update Rust crate hyper-rustls to 0.24.1 2023-08-26 00:36:04 +00:00
Cargo.toml Update Rust crate hyper-rustls to 0.24.1 2023-08-26 00:36:04 +00:00
README.MD Fix README 2022-09-02 15:45:09 +02:00
renovate.json Enable auto-merge of Renovate PR 2023-07-07 15:49:36 +00:00

TCP over HTTP

Build Status

This project aims to provide an easy-to-setup TCP forwarding solution:

|--------|              |--------|                     |--------|              | -------|
|        |              | Client |                     | Server |              |        |
| Client | -- TCP xx -- |        | -- HTTP 80 / 443 -- |        | -- TCP xx -- | Server |
|        |              |  Relay |                     |  Relay |              |        |
|--------|              |--------|                     |--------|              |--------|

This project can be used especially to bypass firewalls that blocks traffics from ports others than the HTTP / HTTPS ports. The TCP traffic is encapsulated inside an HTTP WebSocket between the client and the server relays.

Authentication

The client can authenticate against the server relays through two different means:

  • Using a token (the server relay can have several tokens at the same time)
  • Using a client TLS certificate. In this case, the server relay must act as a HTTPS server, and you must provide the server the required certificates / key files in PEM format. It is also possible to provide the server a CRL file.

Binary

This repository contains a single binary which can be used as a server or a client, depending of command line arguments:

  • Server mode: Act as a server relay. In case of token authentication (NOT TLS authentication), it can be put behind a reverse proxy.
  • Client mode: Act as a client relay. It basically does three things:
    • Fetch the list of forwared ports configuration from the server
    • Listen to these port locally
    • When a connection occurs on one of these ports, it forward the data exchanged by the socket to and from the server.

A single server - client relay pair can relay multiple ports simultaneously from the same machine.