hex/wstunnel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update README.md

Browse source
This commit is contained in:
Σrebe - Romain GERARD 2023-12-06 20:43:22 +01:00
parent f6d3daa25d
commit 17b01902b4
No known key found for this signature in database
GPG key ID: 7A42B4B97E0332F4
1 changed files with 41 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
README.md
View file

@ -156,7 +156,15 @@ docker pull ghcr.io/erebe/wstunnel:latest
``` ```
## Examples ## Examples
### Simplest one
* [Simplest one with socks5 - Good for browsing internet](#simple)
* [Proxy SSH](#ssh)
* [Bypass a corporate proxy](#corporate)
* [Proxy Wireguard traffic](#wireguard)
* [Proxy easily any traffic with transparent proxy (linux only)](#tproxy)
* [How to secure access of your wstunnel server](#secure)
### Simplest one <a name="simple"></a>
On your remote host, start the wstunnel's server by typing this command in your terminal On your remote host, start the wstunnel's server by typing this command in your terminal
```bash ```bash
wstunnel server ws://[::]:8080 wstunnel server ws://[::]:8080
@ -164,7 +172,7 @@ wstunnel server ws://[::]:8080
This will create a websocket server listening on any interface on port 8080. This will create a websocket server listening on any interface on port 8080.
On the client side use this command to forward traffic through the websocket tunnel On the client side use this command to forward traffic through the websocket tunnel
```bash ```bash
wstunnel client -L socks5://127.0.0.1:8888 --connection-min-idle 10 ws://myRemoteHost:8080 wstunnel client -L socks5://127.0.0.1:8888 --connection-min-idle 5 ws://myRemoteHost:8080
``` ```
This command will create a socks5 server listening on port 8888 of the loopback interface and will forward traffic dynamically. This command will create a socks5 server listening on port 8888 of the loopback interface and will forward traffic dynamically.
`connection-min-idle 10` is going an optimization to create a pool of 10 connection connected to the server, to speed-up the establishement of new tunnels. `connection-min-idle 10` is going an optimization to create a pool of 10 connection connected to the server, to speed-up the establishement of new tunnels.
@ -179,13 +187,13 @@ curl -x socks5h://127.0.0.1:8888 http://google.com/
#Please note h after the 5, it is to avoid curl resolving DNS name locally #Please note h after the 5, it is to avoid curl resolving DNS name locally
``` ```
### As proxy command for SSH ### As proxy command for SSH <a name="ssh"></a>
You can specify `stdio` as source port on the client side if you wish to use wstunnel as part of a proxy command for ssh You can specify `stdio` as source port on the client side if you wish to use wstunnel as part of a proxy command for ssh
```bash ```bash
ssh -o ProxyCommand="wstunnel client -L stdio://%h:%p ws://localhost:8080" my-server ssh -o ProxyCommand="wstunnel client -L stdio://%h:%p ws://localhost:8080" my-server
``` ```
### When behind a corporate proxy ### When behind a corporate proxy <a name="corporate"></a>
An other useful example is when you want to bypass an http proxy (a corporate proxy for example) An other useful example is when you want to bypass an http proxy (a corporate proxy for example)
The most reliable way to do it is to use wstunnel as described below The most reliable way to do it is to use wstunnel as described below
@ -211,23 +219,8 @@ You may now access your server from your local machine on ssh by using
ssh -p 9999 login@127.0.0.1 ssh -p 9999 login@127.0.0.1
``` ```
### How to secure the access of your wstunnel server
Generate a secret, let's say `h3GywpDrP6gJEdZ6xbJbZZVFmvFZDCa4KcRd` ### Wireguard and wstunnel <a name="wireguard"></a>
Now start you server with the following command
```bash
wstunnel server --restrict-http-upgrade-path-prefix h3GywpDrP6gJEdZ6xbJbZZVFmvFZDCa4KcRd wss://[::]:443
```
And start your client with
```bash
wstunnel client --http-upgrade-path-prefix h3GywpDrP6gJEdZ6xbJbZZVFmvFZDCa4KcRd ... wss://myRemoteHost
```
Now your wstunnel server, will only accept connection if the client specify the correct path prefix during the upgrade request.
### Wireguard and wstunnel
You have a working wireguard client configuration called `wg0.conf`. Let's say You have a working wireguard client configuration called `wg0.conf`. Let's say
``` ```
@ -288,6 +281,34 @@ FAQ
- If wstunnel cannot connect to server while wireguard is on, be sure you have added a static route via your main gateway for the ip of wstunnel server. - If wstunnel cannot connect to server while wireguard is on, be sure you have added a static route via your main gateway for the ip of wstunnel server.
Else if you forward all the traffic without putting a static route, you will endup looping your traffic wireguard interface -> wstunnel client -> wireguard interface Else if you forward all the traffic without putting a static route, you will endup looping your traffic wireguard interface -> wstunnel client -> wireguard interface
### Transparent proxy (linux only) <a name="tproxy"></a>
Start wstunnel with
```
sudo wstunnel client -L 'tproxy+tcp://1080' -L 'tproxy+udp://1080' wss://my.server.com:443
```
use this project to route traffic seamlessly https://github.com/NOBLES5E/cproxy. It works with any prgram
```
cproxy --port 1080 --mode tproxy -- curl https://google.com
```
### How to secure the access of your wstunnel server <a name="secure"></a>
Generate a secret, let's say `h3GywpDrP6gJEdZ6xbJbZZVFmvFZDCa4KcRd`
Now start you server with the following command
```bash
wstunnel server --restrict-http-upgrade-path-prefix h3GywpDrP6gJEdZ6xbJbZZVFmvFZDCa4KcRd wss://[::]:443
```
And start your client with
```bash
wstunnel client --http-upgrade-path-prefix h3GywpDrP6gJEdZ6xbJbZZVFmvFZDCa4KcRd ... wss://myRemoteHost
```
Now your wstunnel server, will only accept connection if the client specify the correct path prefix during the upgrade request.
## How to Build ## How to Build
Install the Rust https://www.rust-lang.org/tools/install or if you are a believer Install the Rust https://www.rust-lang.org/tools/install or if you are a believer