Yet another TCP-over-HTTP(S) tunnel
Project description
chunk-nordic
Yet another TCP-over-HTTP(S) tunnel.
Client component accepts TCP connections and forwards them to server component via pair of HTTP(S) connections in streaming mode (Content-Encoding: chunked). Server component forwards connections to target host and port (e.g. to VPN daemon).
:heart: :heart: :heart:
You can say thanks to the author by donations to these wallets:
- ETH:
0xB71250010e8beC90C5f9ddF408251eBA9dD7320e - BTC:
- Legacy:
1N89PRvG1CSsUk9sxKwBwudN6TjTPQ1N8a - Segwit:
bc1qc0hcyxc000qf0ketv4r44ld7dlgmmu73rtlntw
- Legacy:
Features
- Multi-link full asynchronous operation.
- Client support operation via proxy server (via HTTP_PROXY, HTTPS_PROXY environment variables and .netrc file).
- Advanced TLS support:
- Supports custom CAs for client and server.
- Supports mutual TLS authentication between client and server with certificates.
For TLS reference see "TLS options" group in invokation synopsis.
Requirements
- Python 3.5.3+
- aiohttp
Installation
With basic Python event loop:
pip3 install chunk-nordic
With high performance uvloop event loop:
pip3 install chunk-nordic[uvloop]
If you prefer distribution via Docker image see Docker Example section below.
Also chunk-nordic is available on Snap Store:
sudo snap install chunk-nordic
Note that binaries installed by snap are named chunk-nordic.client and chunk-nordic.server.
Synopsis
Server:
$ chunk-server --help
usage: chunk-server [-h] [-u URI] [-v {debug,info,warn,error,fatal}]
[--disable-uvloop] [-a BIND_ADDRESS] [-p BIND_PORT]
[-w TIMEOUT] [-c CERT] [-k KEY] [-C CAFILE]
dst_host dst_port
Yet another TCP-over-HTTP(S) tunnel. Server-side component.
positional arguments:
dst_host target hostname
dst_port target port
optional arguments:
-h, --help show this help message and exit
-u URI, --uri URI path where connections served (default: /chunk-nordic)
-v {debug,info,warn,error,fatal}, --verbosity {debug,info,warn,error,fatal}
logging verbosity (default: info)
--disable-uvloop do not use uvloop even if it is available (default:
False)
listen options:
-a BIND_ADDRESS, --bind-address BIND_ADDRESS
bind address (default: 127.0.0.1)
-p BIND_PORT, --bind-port BIND_PORT
bind port (default: 8080)
timing options:
-w TIMEOUT, --timeout TIMEOUT
backend connect timeout (default: 4)
TLS options:
-c CERT, --cert CERT enable TLS and use certificate (default: None)
-k KEY, --key KEY key for TLS certificate (default: None)
-C CAFILE, --cafile CAFILE
require client TLS auth using specified CA certs
(default: None)
Client:
$ chunk-client --help
usage: chunk-client [-h] [-v {debug,info,warn,error,fatal}] [--disable-uvloop]
[-a BIND_ADDRESS] [-p BIND_PORT] [-w TIMEOUT] [-c CERT]
[-k KEY] [-C CAFILE] [--no-hostname-check]
server_url
Yet another TCP-over-HTTP(S) tunnel. Client-side component.
positional arguments:
server_url target hostname
optional arguments:
-h, --help show this help message and exit
-v {debug,info,warn,error,fatal}, --verbosity {debug,info,warn,error,fatal}
logging verbosity (default: info)
--disable-uvloop do not use uvloop even if it is available (default:
False)
listen options:
-a BIND_ADDRESS, --bind-address BIND_ADDRESS
bind address (default: 127.0.0.1)
-p BIND_PORT, --bind-port BIND_PORT
bind port (default: 1940)
timing options:
-w TIMEOUT, --timeout TIMEOUT
server connect timeout (default: 4)
TLS options:
-c CERT, --cert CERT use certificate for client TLS auth (default: None)
-k KEY, --key KEY key for TLS certificate (default: None)
-C CAFILE, --cafile CAFILE
override default CA certs by set specified in file
(default: None)
--no-hostname-check do not check hostname in cert subject. This option is
useful for private PKI and available only together
with "--cafile" (default: False)
Example
Let's assume we have OpenVPN instance on TCP port 1194 at server gate.example.com.
Server command:
chunk-server 127.0.0.1 1194
Client command:
chunk-client http://gate.example.com:8080/chunk-nordic
Fragment of client's OpenVPN config:
<connection>
remote 127.0.0.1 1940 tcp
</connection>
Docker Example
For environment same as in example above:
Server:
docker run -dit \
-p 8080:8080 \
--restart unless-stopped \
--name chunk-nordic-server yarmak/chunk-nordic \
server 127.0.0.1 1194
Client:
docker run -dit \
-p 1940:1940 \
--restart unless-stopped \
--name chunk-nordic-server yarmak/chunk-nordic \
client http://gate.example.com:8080/chunk-nordic
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file chunk_nordic-0.4.2.tar.gz.
File metadata
- Download URL: chunk_nordic-0.4.2.tar.gz
- Upload date:
- Size: 15.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a186131f08d72ca0dde8d4b878c1f02e27442d26302756c7a80223413114e2e2 |
|
| MD5 | e95915babe28a927c9d07f2c891b39db |
|
| BLAKE2b-256 | 5479d26d38a0ac4d9bd94a1d5107db7b217a642c0866a0a6c91448399f6a7d07 |
File details
Details for the file chunk_nordic-0.4.2-py3-none-any.whl.
File metadata
- Download URL: chunk_nordic-0.4.2-py3-none-any.whl
- Upload date:
- Size: 13.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1152b8c2917b16ff50c5e09c85383161de14fcdd0aa1ee68c58f0f6ecc87f30e |
|
| MD5 | a15d8de8df8bde44cfea9266cbcfb969 |
|
| BLAKE2b-256 | e980dc6f994ef572266abc4fd28426c0095361f05682237035c390ed568450b2 |
