hex/wstunnel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
714 commits 1 branch 0 tags 1.7 MiB
Commit graph

314 commits

Author SHA1 Message Date
Ramses
90d378e768
Do DNS queries for both A and AAAA simultaneously (#302) 
* Do DNS queries for both A and AAAA simultaneously

We implement a basic version of RFC8305 (happy eyeballs) to establish
the connection afterwards.

* Try to connect to UDP sockets simultaneously
 2024-07-10 21:14:20 +02:00
Σrebe - Romain GERARD
4f570dc48b
bump deps 2024-07-09 08:40:58 +02:00
Σrebe - Romain GERARD
d797fa135c
feat(sock5): Add login/passzord support 2024-07-09 08:22:39 +02:00
Σrebe - Romain GERARD
15db9358a0
feat(dns): Use HTTP proxy if configured for Dns over HTTPS/TLS 2024-06-26 13:27:36 +02:00
Σrebe - Romain GERARD
ef1ca16e4a
feat(dns): Add timeout for tcp handshake for Dns over HTTPS/TLS 2024-06-25 20:28:29 +02:00
Σrebe - Romain GERARD
f2404e79e1
bump deps 2024-06-24 20:37:14 +02:00
erebe
7165f328a8
fix dns over TLS and HTTPS 2024-06-24 20:07:24 +02:00
Σrebe - Romain GERARD
fb378d29d5
feat(linux): Add SO_MARK support for DNS request 2024-06-24 20:07:17 +02:00
Σrebe - Romain GERARD
8e4db44744
Bump version v9.6.3-rc1 2024-06-10 13:48:52 +02:00
Σrebe - Romain GERARD
880aa257a1
feat: Allow to specify DNS resolver on client too - fix #290 for windows 2024-06-09 14:57:54 +02:00
Σrebe - Romain GERARD
485a31c5a2
Bump version v9.6.2 2024-06-07 22:32:57 +02:00
Σrebe - Romain GERARD
bb266f6899
fix(#287): Clamp max websocket message size to 32MB 2024-06-07 21:25:05 +02:00
Σrebe - Romain GERARD
0da43e1643
fix(#289): crash due to invalid UDP socks5 packet received 2024-06-07 20:54:13 +02:00
Σrebe - Romain GERARD
2dd99130fa
lint 2024-05-29 19:19:03 +02:00
Σrebe - Romain GERARD
f53081291e
lint 2024-05-25 13:52:33 +02:00
erebe
7a99905793 Improve stdio tunnel on windows 2024-05-25 11:31:30 +02:00
Σrebe - Romain GERARD
689b16b736
Bump dependencies 2024-05-25 10:48:12 +02:00
Σrebe - Romain GERARD
e8a27ea4df
Cleanup exit wstunnel when stdio tunnel terminate 2024-05-25 10:32:30 +02:00
Σrebe - Romain GERARD
ad7d752f98
Exit wstunnel when stdio tunnel terminate 2024-05-24 20:50:30 +02:00
Jasper Siepkes
c09c349610
Add option to map (force) port use on the server for reverse tunnels. (#274) 
This change adds a `port_mapping` option to the `ReverseTunnel` definition in the (YAML) restriction file.

It maps ports on the server side from X to Y (X:Y). Where X is the originally requested port by the client and Y is the port which will be used to listen on server-side.

For example with `10001:8080` configured and a client which connects using `-R tcp://10001:localhost:80` the server will listen on port 8080 instead of 10001. The originally requested ports (NOT the mapped ports) still needs to be allowed via the `ports` directive.

This is for example useful when dealing with lots of clients and you don't want to coordinate port use on all the clients but centrally on the server.
 2024-05-22 16:13:58 +02:00
Siddhant Kameswar
29f989f71f
Fix logging in client mode (#278) 2024-05-20 09:45:26 +02:00
erebe
9b82006c6e
Improve stdio tunnel on windows 
- Handle CTRL+C to exit properly
- Restore terminal mode at exit
- Use logger to stderr
 2024-05-18 16:02:28 +02:00
Σrebe - Romain GERARD
0595e23050
lint 2024-05-16 10:49:39 +02:00
Jasper Siepkes
054460ad3e
Mark unsupported configurations as conflicting (#273) 
This change marks combining the yaml restrictions file together with arguments such as `--restrict-http-upgrade-path-prefix` as conflicting in clap. Since wstunnel will only use the yaml restrictions file when it is supplied and ignore the other arguments. This change makes this more obvious for users (since wstunnel will exit with an error).

The reason for still allowing the client `--http-upgrade-path-prefix` is that one could be using a proxy server in front of wstunnel which does mTLS. This is a pretty specific corner case though. A warning was added so it's clear to users that this will only work in specific scenarios.
 2024-05-16 10:48:24 +02:00
Σrebe - Romain GERARD
246862a6da
Reduce allocation when using client certificate 2024-05-16 09:05:04 +02:00
Jasper Siepkes
ddebdfd3d2
When mTLS is used force path to match client certificate CN (#272) 
This change makes the server verify the client's path prefix matches the common name (CN) in the certificate the client presented when mTLS is used. This makes it impossible for the client to spoof the path prefix specified in the `restrictions.yaml` file.
 2024-05-16 08:39:30 +02:00
Σrebe - Romain GERARD
562c78187b
Add flag to control max backoff time to connect to the server 2024-05-14 08:32:44 +02:00
Σrebe - Romain GERARD
bf9459b3fc
Bump dependencies 2024-05-09 14:18:38 +02:00
Σrebe - Romain GERARD
1eccb70aab
lint 2024-05-09 12:26:16 +02:00
Σrebe - Romain GERARD
d3476ce716
fix compilation for openbsd 2024-05-09 11:31:39 +02:00
Jasper Siepkes
88e42d3b9f
Allow client certificate CN to be used for upgrade path (#264) 
This change causes the wstunnel client to use the common name (CN) of the client's certificate for the upgrade path when mTLS is enabled.
 2024-05-06 10:00:08 +02:00
Σrebe - Romain GERARD
69c372490a
feat(server): Add tcp-keepalive on in-coming server connections 2024-05-01 15:13:00 +02:00
Σrebe - Romain GERARD
421a5a230c
feat(restriction): Avoid re-creating a config reload notifier each time 2024-05-01 15:00:46 +02:00
Σrebe - Romain GERARD
5ef14d1a8c
feat(restriction): Auto-reload restriction file 2024-05-01 12:07:18 +02:00
Σrebe - Romain GERARD
368f6657fd
Turn match in restriction config into a list 2024-05-01 09:17:37 +02:00
Σrebe - Romain GERARD
1e07eb7b2a
Add tcp-keepalive to help detect broken reverse tunnel 2024-04-29 18:16:38 +02:00
Σrebe - Romain GERARD
3c84c59a11
Allow multiple ports in restriction file 2024-04-29 08:43:08 +02:00
Σrebe - Romain GERARD
135fcb5127
Increase reverse tunnel timeout to 3min 2024-04-28 00:11:41 +02:00
Σrebe - Romain GERARD
8a228248d7
Add config file for restrictions 2024-04-28 00:07:57 +02:00
Σrebe - Romain GERARD
727e92902c
Add log when closing remote tunnel 2024-04-25 21:22:38 +02:00
Σrebe - Romain GERARD
70b5a216b0
Add support for mTLS 2024-04-19 09:36:14 +02:00
Σrebe - Romain GERARD
94d9a14c81
fix: Avoid stopping accepting new connection on error 2024-03-27 08:30:43 +01:00
Σrebe - Romain GERARD
833e1bc0d2
lint 2024-03-17 10:24:23 +01:00
Σrebe - Romain GERARD
c28fa6d2ff
fix(reverse-tunnel): avoid accumulating log span on error 2024-03-16 23:21:25 +01:00
Σrebe - Romain GERARD
c0f690f273
feat(tls): Support SSLKEYLOGFILE env variable 2024-03-16 22:21:40 +01:00
Σrebe - Romain GERARD
3129fe3219
feat(tls): Add flag to not send SNI during tls handshake 2024-03-16 22:21:35 +01:00
Erèbe - Romain Gerard
1c393afe4f
fix(tls): skip invalid system certificate 2024-03-08 09:00:21 +01:00
Σrebe - Romain GERARD
84d753fa25
fix: auto-reconnect to server after conect failure instead of exiting 2024-03-04 17:06:00 +01:00
Σrebe - Romain GERARD
f4f60efd47
Bump version v9.2.3 2024-02-21 09:22:58 +01:00
Σrebe - Romain GERARD
6354d8dde1
fix host header name 2024-02-16 08:33:31 +01:00
Σrebe - Romain GERARD
3d23cf61e4
fix(http2): correctly extract host/authority from headers file 
fix #230
 2024-02-15 20:33:01 +01:00
Σrebe - Romain GERARD
92bea1379f
chore: change flag from http-headers-file-path to http-headers-file 2024-01-27 13:31:46 +01:00
Σrebe - Romain GERARD
f0cb4ab671
Add flag to read http headers from a file 2024-01-25 19:16:45 +01:00
Σrebe - Romain GERARD
f51981ff15
feat(http2): Add documentation for using http2 as transport protocol 2024-01-23 13:47:59 +01:00
Σrebe - Romain GERARD
3b4c86bce2
fix(socks5 udp): correctly reserve enough space for new packets 2024-01-23 13:32:31 +01:00
Σrebe - Romain GERARD
782fbbc04d
fix(http2): reduce memory usage 2024-01-21 15:08:18 +01:00
Σrebe - Romain GERARD
b7dbd864c4
fix(unix): correctly delete sock in not already exist 2024-01-21 10:59:42 +01:00
Σrebe - Romain GERARD
0943a7e7b5
Improve UDP server buffer allocation 2024-01-20 11:34:11 +01:00
Σrebe - Romain GERARD
c06e4e4945
Improvements http2 transport protocol 2024-01-20 11:17:31 +01:00
Σrebe - Romain GERARD
cab43376e8
Fix #216 packets get mangled when handling multiple connections 2024-01-20 11:11:32 +01:00
Σrebe - Romain GERARD
365ddd7875
Add default content type 2024-01-17 09:16:35 +01:00
Σrebe - Romain GERARD
27df033448
Add more logs 2024-01-17 00:20:54 +01:00
Σrebe - Romain GERARD
81fb524059
fix http2 request 2024-01-16 22:42:56 +01:00
Σrebe - Romain GERARD
459a0667b1
Add suport for http2 as transport for tunnel 2024-01-16 22:25:36 +01:00
Σrebe - Romain GERARD
ebd7591b34
cleanup transport addr and scheme 2024-01-13 23:31:54 +01:00
Σrebe - Romain GERARD
3eef03d8c4
Add custom trait for tunnel transport 2024-01-13 21:06:57 +01:00
Σrebe - Romain GERARD
6375e14185
Prep work for new transport 2024-01-13 18:42:15 +01:00
Σrebe - Romain GERARD
56543696b7
fix imports for non unix target 2024-01-12 18:03:11 +01:00
Σrebe - Romain GERARD
c7645a8d9c
Add doc in CLI for unix socket 2024-01-12 17:49:52 +01:00
Σrebe - Romain GERARD
10f15d1225
Add support for unix socket 2024-01-12 17:42:24 +01:00
Σrebe - Romain GERARD
dc4eadb8f9
Support proxy protocol for tcp connection 2024-01-11 09:19:32 +01:00
Σrebe - Romain GERARD
db6f3ea3ce
Add typealias socks5 udp 2024-01-09 21:04:46 +01:00
Σrebe - Romain GERARD
5226360942
Improve log for htt-proxy 2024-01-09 13:04:13 +01:00
Σrebe - Romain GERARD
7d88446453
fix udp association. Use peer & destination for stream map 2024-01-08 20:52:34 +01:00
Σrebe - Romain GERARD
2a6bda3c80
http-proxy: Allow specifying login/password separatly & add env variable support 2024-01-08 13:19:29 +00:00
Σrebe - Romain GERARD
41a88beb8d
chore(tls-reload): Improve tls reloading & remove deps on rust 1.75 2024-01-08 15:24:40 +01:00
Σrebe - Romain GERARD
f373293ede
Add short flag for passing --http-upgrade-path-prefix 2024-01-08 13:34:05 +01:00
Σrebe - Romain GERARD
57e03a1e4c
Update readme 2024-01-08 13:23:00 +01:00
Σrebe - Romain GERARD
ade9a19315
improve logs 2024-01-07 21:47:29 +01:00
Σrebe - Romain GERARD
b9bf0f005d
cleanup 2024-01-07 21:27:59 +01:00
Σrebe - Romain GERARD
ac76f52f6d
fix reverse socks5 proxy for udp association 2024-01-07 17:04:45 +01:00
Σrebe - Romain GERARD
f97bdc7c84
clippy 2024-01-07 16:54:02 +01:00
Σrebe - Romain GERARD
bdf88d0e89
Add Socks5 Udp Associate 2024-01-07 16:52:23 +01:00
Σrebe - Romain GERARD
23a38fced0
preparation work for udp association 2024-01-07 16:52:22 +01:00
Σrebe - Romain GERARD
0001afc6af
Update supported format for private key 2024-01-04 08:28:26 +01:00
Σrebe - Romain GERARD
360cd8b8e8
Update certificate/key format in CLI 2024-01-03 09:39:03 +01:00
Σrebe - Romain GERARD
16368f4f61
fix test 2024-01-02 19:42:13 +01:00
Σrebe - Romain GERARD
b705484d9f
Dont use libc dns resolver by default 
+ By default libc dns resolution is blocking.
    Which force async runtime to spawn blocking thread for it
    which lead to heavy memory usage
 2024-01-02 19:38:16 +01:00
Σrebe - Romain GERARD
5ae552f713
Bump version v8.5.3 2024-01-02 13:44:20 +01:00
Σrebe - Romain GERARD
bffd2470e7
fix dns-resolver cmd line parsing 2024-01-02 13:15:04 +01:00
Σrebe - Romain GERARD
817571c907
Reduce memory footpring 2024-01-01 21:39:26 +01:00
Σrebe - Romain GERARD
ace649a8a1
TlsReloader cleanup 2023-12-30 23:38:05 +01:00
Σrebe - Romain GERARD
5c7bc03e5f
TlsReloader cleanup 2023-12-29 19:03:40 +01:00
Σrebe - Romain GERARD
7ad36709bc
cleanup tls reloader 2023-12-29 18:06:28 +01:00
Justin
0e05469fc7
main.rs: fix typo (#204) 
Thank you :)
 2023-12-29 13:50:28 +01:00
Σrebe - Romain GERARD
640102f82e
Support auto-reload of tls certificate 2023-12-29 09:56:47 +01:00
Σrebe - Romain GERARD
facdf2ad5a
Use less fingerprintable default upgrade path prefix 2023-12-26 21:41:21 +01:00
Σrebe - Romain GERARD
f31db8067f
Add command line for log level 2023-12-26 21:36:23 +01:00
Σrebe - Romain GERARD
259da14d4d
Pass tunnel info into sec-websocket-protocol header 2023-12-26 21:16:34 +01:00
Σrebe - Romain GERARD
f19efa37f1
cleanup code 2023-12-25 18:06:44 +01:00