You want a TCP tunnel, no matter what. You know your packet will go through dangerous places. Therefore, the best bet is to take the Universal Travel TCP Adapter to make sure your packets will have a safe journey to destination.
UTTA is capable of
- listening to a TCP port, potentially requiring (m)TLS,
- opening a TCP connection to the destination when it receives a connection,
- sending this connection through HTTP proxy,
- set up a tunnel through an SSH connection,
- set up TLS for the outgoing connection,
- or, building up a TCP connection to a SSH endpoint, and provide remote proxy
The application has two modes of running: local and remote. Local provides a local listening port, which connects to remote TCP / TLS / SSH service. Remote keeps a SSH connection up, listens at the remote server, forwarding all connections to a local service.
NAME:
utta - Universal Travel TCP Adapter
USAGE:
utta [global options] command [command options] [arguments...]
COMMANDS:
local create locally listening tunnel
remote create remotely listening tunnel
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help (default: false)
--log-level value, -l value Log level (default: info; values: debug, info, warn, error, panic, fatal) [$UTTA_LOG_LEVEL]
--version, -v print the version (default: false)
Options for local operations:
NAME:
utta local - create locally listening tunnel
USAGE:
utta local [command options] [arguments...]
OPTIONS:
--ccert value Client TLS cert for connect [$UTTA_CONNECT_CERT]
--ckey value Client TLS private key for connect [$UTTA_CONNECT_KEY]
--connect value Connect port [$UTTA_CONNECT]
--lca value Server TLS CA cert bundle [$UTTA_LISTEN_CA]
--lcert value Server TLS cert for listen [$UTTA_LISTEN_CERT]
--listen value Listen port (default: ":8080") [$UTTA_LISTEN]
--lkey value Server TLS private key for listen [$UTTA_LISTEN_KEY]
--proxy value HTTP proxy host:port (default: no proxy) [$UTTA_PROXY]
--servername value Server name for TLS connect with SNI [$UTTA_CONNECT_SERVERNAME]
--sshkey value SSH key for tunnel [$UTTA_SSH_KEY]
--sshtunnel value SSH server host:port (default: no tunnel through SSH) [$UTTA_SSH_TUNNEL]
--sshuser value SSH username for tunnel [$UTTA_SSH_USER]
--tls Connect with TLS (default: false) [$UTTA_CONNECT_TLS]
In this mode, UTTA listens on a local port (TLS/mTLS is optional), which builds up a connection on demand. It connects to a remote port (TLS is optional), traversing a HTTP proxy if needed (no proxy authentication implemented). Then, if sshtunnel is provided, it treats remote connect port as an SSH server, and connects to it with provided SSH user and key. Lastly, it establishes a forwarding connection on top of SSH.
Options for remote operations:
NAME:
utta remote - create remotely listening tunnel
USAGE:
utta remote [command options] [arguments...]
OPTIONS:
--breaker value Circuit breaker: taking a break after # attempts (default: 3) [$UTTA_BREAKER]
--ccert value Client TLS cert for connect [$UTTA_CONNECT_CERT]
--ckey value Client TLS private key for connect [$UTTA_CONNECT_KEY]
--connect value Connect port [$UTTA_CONNECT]
--proxy value HTTP proxy host:port (default: no proxy) [$UTTA_PROXY]
--servername value Server name for TLS connect with SNI [$UTTA_CONNECT_SERVERNAME]
--sleep value Sleep between circuit breaks (default: 30m0s) [$UTTA_SLEEP]
--sshconnect value SSH local target port [$UTTA_SSH_CONNECT]
--sshkey value SSH key for tunnel [$UTTA_SSH_KEY]
--sshlisten value SSH remote listening port [$UTTA_SSH_LISTEN]
--sshuser value SSH username for tunnel [$UTTA_SSH_USER]
--tls Connect with TLS (default: false) [$UTTA_CONNECT_TLS]
In this mode, UTTA establishes (and restarts, if needed) a connection to a remote port (TLS is optional), traversing a HTTP proxy if needed (as with local mode, proxy authentication is not implemented). Then, it establishes an SSH connection with provided SSH user and key. Lastly, it establishes a remote port forwarding, listening at SSH endpoint, forwarding all connections to sshconnect host/port.
This mode has a circuit breaker. By default, it sleeps 5 seconds between connections. However, if a TCP (or the internal SSH) connection returns within 30 seconds three times in a row (configurable with --breaker
), it will take a longer sleep (30 minutes by default, configurable with --sleep
).
Open a ticket, perhaps a pull request. We support GitHub Flow