This PR adds support for Let's Encrypt by setting two new flags

  -letsEncrypt (bool) to enable lets encrypt autocert generation
  -letsEncryptCacheDir (string) path to store cached certificates

For lets encrypt port 80 and 443 are mandatory so httpAddr and httpsAddr will ignore the port but will still be able to bind to a specific host.

I'm having issues with long lived connections:

• the server sometimes receives connection requests from clients that are reportedly already connected, and reject them.
• when the server restarts, some clients do not try to connect again.

I debugged the issue and found out that once the client is connected to the server this connection is kept open waiting for a user to connect to the server. If the connection dies without notifying the client or server, they would keep listening to dead connections.

If the server believes that a dead connection belonging to an id is open it would reject new (valid) connections from that id.

A client may keep listening to a dead connection forever, effectively preventing the client to retry and open a fresh connection.

My workaround was to turn on TCP keepalive for the client connection, and to let the server ping (http ping) the existing client connection when a connection request with an already connected id is received.

@mmatczuk I want to ssh on system(172.16.209.145) from client using this tunnel solution tool. so i am not able to do that. getting timeout error.(attached screenshot of that) added my architecture diagram screenshot and also i have added my tunnel.yml file content in that screenshot

i am trying to execute below command from client

ssh -p 2222 [email protected]

let me know what things are wrong so i can fix it.

Thanks

Hello I can't connect to tunneld. I have error: "msg certificate error err ptls: expecting 1 peer certificate, got 0" Both client and server are on Windows. Both have certs files and files looks ok (I also tried files from tunnel\testdata directory). Any idea what can cause the problem?

In a client TCP Proxy, when a local connection is closed the function call transfer(local, r, ...) does not return, effectively preventing the local connection to be properly closed.

To reproduce:

1. Create a TCP tunnel
2. Connect to the tunnel
3. Close the tunnel connection
4. invoke:

lsof -i -a -p `pidof tunnel`

At least one connection marked CLOSED_WAIT is present.

A quick and dirty solution would be to close the response reader after the local connection dies:

From 736802f154da59e23b4f1d89baafa49a1f579815 Mon Sep 17 00:00:00 2001
From: Riccardo Gori <[email protected]>
Date: Tue, 14 Nov 2017 16:07:31 +0100
Subject: [PATCH] Properly close proxy connection

---
 tcpproxy.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tcpproxy.go b/tcpproxy.go
index f7dc199..d72bb76 100644
--- a/tcpproxy.go
+++ b/tcpproxy.go
@@ -104,6 +104,7 @@ func (p *TCPProxy) Proxy(w io.Writer, r io.ReadCloser, msg *proto.ControlMessage
 			"dst", msg.ForwardedBy,
 			"src", target,
 		))
+		r.Close()
 		close(done)
 	}()
 
-- 
2.9.5

Update and explicitly set the go-http-tunnel dependency. A raw clone and dep ensure fails to build as the dependency on the project's own files fails to resolve to the latest version containing SNI protocol.

Hello, I have been playing around with this and it seems to be working well and easy to set up, maybe to easy. Then it occurred to me that my server isn't only allowing "known" clients to connect, but just anybody who happens to know the server IP.

How does one restrict what clients are allowed to connect to a server?

Thanks!

Would it be an idea to allow https traffic to pass trough the proxy. This way the "operator" can't see the traffic. And you could still find the host from the handshake.

configuration error: failed to parse file ".tunnel/tunnel.yml": yaml: line 1: did not find expected key with config server_addr: "185.2.2.137:4443" insecure_skip_verify: true tunnels: ...

./tunnel -version 3d03804

Hi, thanks for the repo!

I am using v1.1 release. This is what I set in the tunnel.xml:

  interval: 100ms
  multiplier: 1
  max_interval: 100ms
  max_time: 0

This is what the program prints:

  interval: 100ms
  multiplier: 1
  max_interval: 100ms
  max_time: 15m0s

I have to workaround it with:

  interval: 100ms
  multiplier: 1
  max_interval: 100ms
  max_time: 999999h

Wonder how to set the max time to 0?

First off: awesome project. Really cool to see an open-source alternative to ngrok.

I'm running into #26 on MacOS, which can be solved by building from master. Since the build process is not documented and I'm not that familiar with Go, I cannot build the app myself.

This issue is really blocking, because I cannot use the application. When will there be a new release so I can use it?

Cheers.

EDIT: I added the fake ssh config from the README.md to make it work.

self signed certificate error: "http: proxy error: x509: certificate signed by unknown authority"

my config: proto: http addr: https://192.168.1.1:443

how to fix

Hello,

because I think it's a very good software and, with just a few adjustments / additions (like the ones in my pull request), it can be a great library too, would it be a good idea for you to change the license to a more permissive one? It may be something like Apache License 2.0 or any other license not forcing to distribute it in open source software only, would be ok.

At the moment I've integrated it in a software that cannot be open source at the moment, even if it will be distributed for free. The new license may highly increase the use of this software as a library.

What do you think about it? Would it be possible?

Thank you :)

I have about 30 clients connected to a tunneld server. Sometimes, when I restart one of the clients with a hard power reset, it freezes up the tunneld for all the clients.

unfortunately, I haven't been able to isolate any logs for this but the only resolution is to restart tunneld and wait for all the clients to reconnect. Not ideal at all as sometimes I don't catch on until I get a phone call.

Has anyone else had this issue?

Hello Community!

Unfortunately this project has become a little rusty. If you would like to see this project brought back to life upvote 👍. Do not hesitate to share feature ideas in the comments. Thanks!

Hello,

I'm running this tunnel to serve a python notebook service.

I run the tunnel and tunneld as the Readme.md, But I find all the GET response works great,

But the POST, PATCH request returns 404 not found, I debug this with chrome web tools, log:

Request URL: XXX
Request Method: POST
Status Code: 404 Not Found
Remote Address: 127.0.0.1:7890
Referrer Policy: strict-origin-when-cross-origin

tunnel client version : 75a30ab tunned version: 75a30ab

Thanks so much!