2 unstable releases

0.2.0 Oct 13, 2024
0.1.0 Nov 21, 2023

#1383 in Network programming

MIT license

62KB
1.5K SLoC

Icmptunnel-rs

A rust implementation of an icmp tunnel, complete with authentication and encryption. Inspired by https://github.com/DhavalKapil/icmptunnel

Quickstart

git clone https://github.com/fabi321/icmptunnel-rs.git
cd icmptunnel-rs
cargo build --release

or

cargo install icmptunnel-rs

running the server

sudo ./target/release/icmptunnel-rs server --password <password>

running the client

sudo ./target/release/icmptunnel-rs client --password <password> --server-address <server ip>

Features

  • Authentication
  • Transparent server (if packet is not a tunnel packet, will reply with normal icmp echo reply)
  • Encryption
  • Automatic IP allocation for connecting clients (up to 253 clients per server)
  • Session handling with timeouts
  • Session key renewal

Known limitations

  • MTU of transfer medium is hardcoded (no support if MTU between server and client are below hardcoded MTU)
  • IPv4 only, both for transmitted packets and encapsulating ICMP packets
  • Only tested on linux

Known security issues

  • Passwords are exposed as they are visible in process list
  • It is possible to reuse the hashed password. However, sessions created this way are effectively useless as the attacker would need the private dh-key in order to actually use it
  • Timing side channels allow for server discovery (at least in theory)

Dependencies

~8–18MB
~231K SLoC