The highest tagged major version is v2.

tlstun

command module

v1.3.0 Latest Latest Go to latest Published: Jul 25, 2018 License: MIT Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/artyom/tlstun

Links

Open Source Insights

README ¶

Command tlstun implements basic VPN over TLS (both client and server).

Client part is expected to be run locally and used by local services as a
socks5 proxy. Client establishes TLS session to the server running on some
remote host that performs outgoing requests on behalf of requests made to
the client. Communication between client and server is multiplexed over a
single TLS session thus reducing TLS handshake overhead.

Client and server authenticate each other with certificates which can be
created with openssl or https://github.com/artyom/gencert


Usage example

Generate server and client side certificates, they should be signed by the
same CA and saved using PEM encoding into a single file with certificate
followed by CA. Certificate keys should also be saved as a separate
PEM-encoded files. With gencert tool from https://github.com/artyom/gencert
this can be done as:

    gencert -hosts my.domain.tld

This produces four files in the current directory: client certificate + key
pair and another pair for the server. Note that my.domain.tld should point
to the host you plan running server part of tlstun.

Now configure tlstun to run on the server that could be reached at
my.domain.tld like this:

    tlstun -addr=:9000 -cert=server-cert.pem -key=server-key.pem

The client part is expected to be running locally (on a laptop/workstation,
etc.):

    tlstun -addr=127.0.0.1:1080 -remote=my.domain.tld:9000 \
    	-cert=client-cert.pem -key=client-key.pem

The presence of -remote flag configures tlstun to run in client mode. It is
now listening on localhost port 1080 and local software can be configured to
use this endpoint as a socks5 proxy.

Note that -remote flag can be optionally set multiple times, then client
probes all servers and picks the one that replied first.

If connections multiplexing over a single TLS session is not needed (i.e.
because of the head-of-line blocking effect), -nomux flag can be set, which
disables multiplexing and uses one TLS session per connection. Note that use
of this flag must be synchronized on client and server.

You may force server side do all DNS lookups over Cloudflare's DNS over TLS
on 1.1.1.1 and 1.0.0.1 with -cfdns flag.

Documentation ¶

Overview ¶

Command tlstun implements basic VPN over TLS (both client and server).

Client part is expected to be run locally and used by local services as a socks5 proxy. Client establishes TLS session to the server running on some remote host that performs outgoing requests on behalf of requests made to the client. Communication between client and server is multiplexed over a single TLS session thus reducing TLS handshake overhead.

Client and server authenticate each other with certificates which can be created with openssl or https://github.com/artyom/gencert

Usage example ¶

Generate server and client side certificates, they should be signed by the same CA and saved using PEM encoding into a single file with certificate followed by CA. Certificate keys should also be saved as a separate PEM-encoded files. With gencert tool from https://github.com/artyom/gencert this can be done as:

gencert -hosts my.domain.tld

This produces four files in the current directory: client certificate + key pair and another pair for the server. Note that my.domain.tld should point to the host you plan running server part of tlstun.

Now configure tlstun to run on the server that could be reached at my.domain.tld like this:

tlstun -addr=:9000 -cert=server-cert.pem -key=server-key.pem

The client part is expected to be running locally (on a laptop/workstation, etc.):

tlstun -addr=127.0.0.1:1080 -remote=my.domain.tld:9000 \
	-cert=client-cert.pem -key=client-key.pem

The presence of -remote flag configures tlstun to run in client mode. It is now listening on localhost port 1080 and local software can be configured to use this endpoint as a socks5 proxy.

Note that -remote flag can be optionally set multiple times, then client probes all servers and picks the one that replied first.

If connections multiplexing over a single TLS session is not needed (i.e. because of the head-of-line blocking effect), -nomux flag can be set, which disables multiplexing and uses one TLS session per connection. Note that use of this flag must be synchronized on client and server.

You may force server side do all DNS lookups over Cloudflare's DNS over TLS on 1.1.1.1 and 1.0.0.1 with -cfdns flag.

Source Files ¶

View all Source files

tlstun.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL