Skip to content

jlandowner/go-tcp-tunnel

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

205 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
hack
hack
 
 
id
id
 
 
kubernetes
kubernetes
 
 
log
log
 
 
proto
proto
 
 
testdata
testdata
 
 
tunnelmock
tunnelmock
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
backoff.go
backoff.go
 
 
client.go
client.go
 
 
client_test.go
client_test.go
 
 
doc.go
doc.go
 
 
errors.go
errors.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
integration_test.go
integration_test.go
 
 
keepalive.go
keepalive.go
 
 
pool.go
pool.go
 
 
proxy.go
proxy.go
 
 
registry.go
registry.go
 
 
server.go
server.go
 
 
tcpproxy.go
tcpproxy.go
 
 
tunnel.go
tunnel.go
 
 
utils.go
utils.go
 
 
utils_test.go
utils_test.go
 
 

Repository files navigation

Go TCP tunnel

GoDoc Go Report Card Container

Go TCP tunnel is a TCP reverse tunnel proxy to expose your local backends behind a firewall to the public. The reverse tunnel is based on HTTP/2 with mutual TLS (mTLS). It enables you to share your localhost when you don't have a public IP.

Features:

  • Easily expose a local server to the public
  • Secure TCP tunnel
  • Dynamic listeners on server by client commands

Common use cases:

  • Exposing your local server behind a firewall to the public
  • Hosting a game server from home
  • Developing webhook integrations

NOTE:

This project is forked from https://github.com/mmatczuk/go-http-tunnel

Here are some of the updates from the original

  • Focus on TCP proxy
  • Package as Docker image and support Kubernetes
  • Update Go version
  • Remove some old dependencies

This repository is activly maintained

Getting started

TODO

Client configuration

The tunnel Client requires configuration file, by default it will try reading tunnel.yml in your current working directory. If you want to specify other file use -config flag.

Server do not have any configurations without TLS. But Client configuration is propagated to the Server and it configures the server to create TCP listeners and proxies dynamically.

Here is a sample configuration:

server_addr: SERVER_IP:5223
tunnels:
  ssh:
    proto: tcp
    addr: 192.168.0.5:22
  www:
    proto: tcp
    addr: localhost:8080
    remote_addr: 80

This creates 2 tunnels:

  • Server exposes port 22, which proxies to the Client local address 192.168.0.5:22
  • Server exposes port 80, which proxies to the Client local address localhost:8080

Configuration options:

  • server_addr: server's tunnel listener TCP address, i.e. 54.12.12.45:5223. default port is 5223
  • tunnels / [name]
    • proto: proxy listener protocol, currently only tcp can be set
    • addr: forward traffic to this local port number or network address, i.e. localhost:22
    • remote_addr: server listener TCP address, default: same as local port
  • backoff
    • interval: how long client would wait before redialing the server if connection was lost, exponential backoff initial interval, default: 500ms
    • multiplier: interval multiplier if reconnect failed, default: 1.5
    • max_interval: maximal time client would wait before redialing the server, default: 1m
    • max_time: maximal time client would try to reconnect to the server if connection was lost, set 0 to never stop trying, default: 15m

How it works

A client opens TLS connection to a server. The server accepts connections from known clients only. The client is recognized by its TLS certificate ID. The server is publicly available and proxies incoming connections to the client. Then the connection is further proxied in the client's network.

The tunnel is based HTTP/2 for speed and security. There is a single TCP connection between client and server and all the proxied connections are multiplexed using HTTP/2.

License

Copyright (C) 2017 Michał Matczuk

Copyright (C) 2022 jlandowner

This project is distributed under the AGPL-3 license. See the LICENSE file for details. If you need an enterprice license contact me directly.

About

Fast and secure TCP tunnels over HTTP/2

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

v0.0.1 Latest
Mar 26, 2022

Packages

 
 
 

Languages

  • Go 90.5%
  • Shell 5.5%
  • Smarty 2.3%
  • Makefile 1.3%
  • Dockerfile 0.4%