Encapsulate TCP connections inside HTTP WebSockets
tcp
Go to file
Pierre Hubert e37cb74d0f
All checks were successful
continuous-integration/drone/push Build is passing
Update Rust crate env_logger to 0.11.3
2024-03-06 00:26:50 +00:00
src Fix cargo clippy issue 2024-01-17 19:53:13 +01:00
.drone.yml Forbid cargo clippy warnings 2022-09-02 15:55:42 +02:00
.gitignore Add new test based on token auth with TLS 2022-09-02 09:43:07 +02:00
Cargo.lock Update Rust crate env_logger to 0.11.3 2024-03-06 00:26:50 +00:00
Cargo.toml Update Rust crate env_logger to 0.11.3 2024-03-06 00:26:50 +00:00
README.MD Fix README 2022-09-02 15:45:09 +02:00
renovate.json Allow Renovate to perform major updates 2024-01-03 10:04:48 +00:00

TCP over HTTP

Build Status

This project aims to provide an easy-to-setup TCP forwarding solution:

|--------|              |--------|                     |--------|              | -------|
|        |              | Client |                     | Server |              |        |
| Client | -- TCP xx -- |        | -- HTTP 80 / 443 -- |        | -- TCP xx -- | Server |
|        |              |  Relay |                     |  Relay |              |        |
|--------|              |--------|                     |--------|              |--------|

This project can be used especially to bypass firewalls that blocks traffics from ports others than the HTTP / HTTPS ports. The TCP traffic is encapsulated inside an HTTP WebSocket between the client and the server relays.

Authentication

The client can authenticate against the server relays through two different means:

  • Using a token (the server relay can have several tokens at the same time)
  • Using a client TLS certificate. In this case, the server relay must act as a HTTPS server, and you must provide the server the required certificates / key files in PEM format. It is also possible to provide the server a CRL file.

Binary

This repository contains a single binary which can be used as a server or a client, depending of command line arguments:

  • Server mode: Act as a server relay. In case of token authentication (NOT TLS authentication), it can be put behind a reverse proxy.
  • Client mode: Act as a client relay. It basically does three things:
    • Fetch the list of forwared ports configuration from the server
    • Listen to these port locally
    • When a connection occurs on one of these ports, it forward the data exchanged by the socket to and from the server.

A single server - client relay pair can relay multiple ports simultaneously from the same machine.