An stunnel like program that utilizes the Noise protocol.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
John-Mark Gurney 5ee76cbbef fix issue where tcp default string wasn't supported.. 3 months ago
ntunnel fix issue where tcp default string wasn't supported.. 3 months ago
.gitignore first code that implements a simple echo server for noise in twisted 11 months ago
LICENSE.txt add license text.. 11 months ago
Makefile add more complete docs on running tests... add target for systems w/o 11 months ago
NOTES.md add instructions on compiling OpenSSL if needed.. 3 months ago
README.md with the clientkey authentication, forgot to update the example... 6 months ago
makemessagelengths.py include the program used to generate the handshake message lengths 11 months ago
requirements.txt Turn this into a proper python module using setup.py... 11 months ago
setup.py fix problem where if you don't have things installed, it'll 9 months ago
twistednoise.py last bit of work on the twisted version before I stopped... 11 months ago

README.md

ntunnel

The ntunnel program is designed to tunnel Unix domain sockets over TCP, using the Noise Protocol. The goal is to be secure and simple to use and setup. Due to the flexibility, it can forward any standard stream socket to another stream socket, including TCP sockets.

Example

Note: If you have installed the package, there is also the program ntunnel that can be used instead of python -m ntunnel.

Generate the keys:

python -m ntunnel genkey serverkey
python -m ntunnel genkey clientkey

Create the target for the pass through:

nc -lU finalsock

Start the server and client:

python -m ntunnel server serverkey --clientkey clientkey.pub unix:$(pwd)/servsock unix:$(pwd)/finalsock
python -m ntunnel client clientkey serverkey.pub unix:$(pwd)/clientsock unix:$(pwd)/servsock

Attach to the client:

nc -U clientsock

Now when you type text into either of the nc windows, you should see the same text come out the other side.

Running Tests

Currently ntunnel requires Python 3.7 or later. If the default virtualenv is not 3.7 or later, you can set the VIRTUALENV variable to specify which one to use, such as:

make env VIRTUALENV=virtualenv-3.7

If you want to use an alternate version of python, you can specify VIRTUALENVARGS, such as:

make env VIRTUALENV=virtualenv-3.7 VIRTUALENVARGS="-p $(which pypy3)"

Once you have the environment setup, you can source the development environment:

. ./p/bin/activate

and then run the tests:

make test-noentr

If you have the program entr (used for watching files, and running a command) installed, you can use the command:

make test

to run the tests, and whenever ntunnel/init.py gets modified, the tests will automatically run. This is useful for running in another window (such a tmux), and being able to quickly see the results of your tests.

Note that I have not been able to test this w/ pypy3, as when compiling the cryptography libraries, it would pick the wrong ones, despite setting CFLAGS and LDFLAGS.

Known Issues

  • Code coverage appears to be worse than it is. When launching the subprocesses, their coverage does not get measured. Patches to fix this would be greatly appreciated.
  • Possible memory leak for each connection Error message is: Task exception was never retrieved See the commented out assertion at the end of test_clientkeymismatch

TODO/Future Features

  • DoS protection. Limiting number of connections. Limit resource consumption by opening connection and starting negotiation but not completing it, etc.
  • Select forwarding destination based upon client key.