Encapsulate TCP connections inside HTTP WebSockets
Pierre HUBERT
add3dcefae
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: #171 |
||
---|---|---|
src | ||
.drone.yml | ||
.gitignore | ||
Cargo.lock | ||
Cargo.toml | ||
README.MD | ||
renovate.json |
TCP over HTTP
This project aims to provide an easy-to-setup TCP forwarding solution:
|--------| |--------| |--------| | -------|
| | | Client | | Server | | |
| Client | -- TCP xx -- | | -- HTTP 80 / 443 -- | | -- TCP xx -- | Server |
| | | Relay | | Relay | | |
|--------| |--------| |--------| |--------|
This project can be used especially to bypass firewalls that blocks traffics from ports others than the HTTP / HTTPS ports. The TCP traffic is encapsulated inside an HTTP WebSocket between the client and the server relays.
Authentication
The client can authenticate against the server relays through two different means:
- Using a token (the server relay can have several tokens at the same time)
- Using a client TLS certificate. In this case, the server relay must act as a HTTPS server, and you must provide the server the required certificates / key files in PEM format. It is also possible to provide the server a CRL file.
Binary
This repository contains a single binary which can be used as a server or a client, depending of command line arguments:
- Server mode: Act as a server relay. In case of token authentication (NOT TLS authentication), it can be put behind a reverse proxy.
- Client mode: Act as a client relay. It basically does three things:
- Fetch the list of forwared ports configuration from the server
- Listen to these port locally
- When a connection occurs on one of these ports, it forward the data exchanged by the socket to and from the server.
A single server - client relay pair can relay multiple ports simultaneously from the same machine.