知识图谱>> chunk-nordic>> 返回
项目作者: Snawoot

项目描述 :
Yet another TCP-over-HTTP(S) tunnel
高级语言: Python
项目地址: git://github.com/Snawoot/chunk-nordic.git
创建时间: 2019-04-11T19:58:09Z
项目社区:https://github.com/Snawoot/chunk-nordic
开源协议:MIT License
下载


chunk-nordic

Build Status Coverage PyPI - Downloads PyPI PyPI - Status PyPI - License chunk-nordic

Yet another TCP-over-HTTP(S) tunnel.

Client component accepts TCP connections and forwards them to server component via pair of HTTP(S) connections in streaming mode (Content-Encoding: chunked). Server component forwards connections to target host and port (e.g. to VPN daemon).

:heart: :heart: :heart:

You can say thanks to the author by donations to these wallets:

  • ETH: 0xB71250010e8beC90C5f9ddF408251eBA9dD7320e
  • BTC:
    • Legacy: 1N89PRvG1CSsUk9sxKwBwudN6TjTPQ1N8a
    • Segwit: bc1qc0hcyxc000qf0ketv4r44ld7dlgmmu73rtlntw

Features

  • Multi-link full asynchronous operation.
  • Client support operation via proxy server (via HTTP_PROXY, HTTPS_PROXY environment variables and .netrc file).
  • Advanced TLS support:
    • Supports custom CAs for client and server.
    • Supports mutual TLS authentication between client and server with certificates.

For TLS reference see “TLS options” group in invokation synopsis.

Requirements

  • Python 3.5.3+
  • aiohttp

Installation

With basic Python event loop:

  1. pip3 install chunk-nordic

With high performance uvloop event loop:

  1. pip3 install chunk-nordic[uvloop]

If you prefer distribution via Docker image see Docker Example section below.

Also chunk-nordic is available on Snap Store:

Get it from the Snap Store

  1. sudo snap install chunk-nordic

Note that binaries installed by snap are named chunk-nordic.client and chunk-nordic.server.

Synopsis

Server:

  1. $ chunk-server --help
  2. usage: chunk-server [-h] [-u URI] [-v {debug,info,warn,error,fatal}]
  3.                     [--disable-uvloop] [-a BIND_ADDRESS] [-p BIND_PORT]
  4.                     [-w TIMEOUT] [-c CERT] [-k KEY] [-C CAFILE]
  5.                     dst_host dst_port
  7. Yet another TCP-over-HTTP(S) tunnel. Server-side component.
  9. positional arguments:
  10.   dst_host              target hostname
  11.   dst_port              target port
  13. optional arguments:
  14.   -h, --help            show this help message and exit
  15.   -u URI, --uri URI     path where connections served (default: /chunk-nordic)
  16.   -v {debug,info,warn,error,fatal}, --verbosity {debug,info,warn,error,fatal}
  17.                         logging verbosity (default: info)
  18.   --disable-uvloop      do not use uvloop even if it is available (default:
  19.                         False)
  21. listen options:
  22.   -a BIND_ADDRESS, --bind-address BIND_ADDRESS
  23.                         bind address (default: 127.0.0.1)
  24.   -p BIND_PORT, --bind-port BIND_PORT
  25.                         bind port (default: 8080)
  27. timing options:
  28.   -w TIMEOUT, --timeout TIMEOUT
  29.                         backend connect timeout (default: 4)
  31. TLS options:
  32.   -c CERT, --cert CERT  enable TLS and use certificate (default: None)
  33.   -k KEY, --key KEY     key for TLS certificate (default: None)
  34.   -C CAFILE, --cafile CAFILE
  35.                         require client TLS auth using specified CA certs
  36.                         (default: None)

Client:

  1. $ chunk-client --help
  2. usage: chunk-client [-h] [-v {debug,info,warn,error,fatal}] [--disable-uvloop]
  3.                     [-a BIND_ADDRESS] [-p BIND_PORT] [-w TIMEOUT] [-c CERT]
  4.                     [-k KEY] [-C CAFILE] [--no-hostname-check]
  5.                     server_url
  7. Yet another TCP-over-HTTP(S) tunnel. Client-side component.
  9. positional arguments:
  10.   server_url            target hostname
  12. optional arguments:
  13.   -h, --help            show this help message and exit
  14.   -v {debug,info,warn,error,fatal}, --verbosity {debug,info,warn,error,fatal}
  15.                         logging verbosity (default: info)
  16.   --disable-uvloop      do not use uvloop even if it is available (default:
  17.                         False)
  19. listen options:
  20.   -a BIND_ADDRESS, --bind-address BIND_ADDRESS
  21.                         bind address (default: 127.0.0.1)
  22.   -p BIND_PORT, --bind-port BIND_PORT
  23.                         bind port (default: 1940)
  25. timing options:
  26.   -w TIMEOUT, --timeout TIMEOUT
  27.                         server connect timeout (default: 4)
  29. TLS options:
  30.   -c CERT, --cert CERT  use certificate for client TLS auth (default: None)
  31.   -k KEY, --key KEY     key for TLS certificate (default: None)
  32.   -C CAFILE, --cafile CAFILE
  33.                         override default CA certs by set specified in file
  34.                         (default: None)
  35.   --no-hostname-check   do not check hostname in cert subject. This option is
  36.                         useful for private PKI and available only together
  37.                         with "--cafile" (default: False)

Example

Let’s assume we have OpenVPN instance on TCP port 1194 at server gate.example.com.

Server command:

  1. chunk-server 127.0.0.1 1194

Client command:

  1. chunk-client http://gate.example.com:8080/chunk-nordic

Fragment of client’s OpenVPN config:

  1. <connection>
  2. remote 127.0.0.1 1940 tcp
  3. </connection>

Docker Example

For environment same as in example above:

Server:

  1. docker run -dit \
  2.     -p 8080:8080 \
  3.     --restart unless-stopped \
  4.     --name chunk-nordic-server yarmak/chunk-nordic \
  5.     server 127.0.0.1 1194

Client:

  1. docker run -dit \
  2.     -p 1940:1940 \
  3.     --restart unless-stopped \
  4.     --name chunk-nordic-server yarmak/chunk-nordic \
  5.     client http://gate.example.com:8080/chunk-nordic