5 releases
| 0.2.5 | Jan 4, 2025 |
|---|---|
| 0.2.4 | Jan 4, 2025 |
| 0.2.3 | Jan 4, 2025 |
| 0.2.1 | Dec 21, 2024 |
| 0.2.0 | Dec 16, 2024 |
#2193 in Network programming
539 downloads per month
96KB
1.5K
SLoC
Ombrac
Ombrac is a high-performance, Rust-based TCP tunneling solution designed for secure communication between clients and servers.
Features
- Optionally pass through SOCKS
- Encryption is ensured by the built-in TLS layer of QUIC
- Employs QUIC multiplexing with bidirectional streams for efficient transmission
Install
From Binary Releases
Download the latest release from the releases page.
From Source
cargo build --bin ombrac-client --bin ombrac-server --features binary
NOTE: On linux systems, aws-lc-rs will be used for cryptographic operations. A C compiler and CMake may be required on these systems for installation.
Quick Start
ServerSetup
ombrac-server --listen "[::]:443" --tls-cert "./cert.pem" --tls-key "./key.pem"
Starts the Ombrac server listening on port 443, using the provided TLS certificate and key for encrypted communication.
ClientSetup
ombrac-client --socks "127.0.0.1:1080" --server-address "example.com:443"
Will sets up a SOCKS5 server on 127.0.0.1:1080, forwarding traffic to example.com:443.
When using a self-signed certificate, the client requires both the --server-name parameter and the --tls-cert path to be explicitly configured.
Usage
Server
Usage: ombrac-server [OPTIONS] --listen <ADDR> --tls-cert <FILE> --tls-key <FILE>
Options:
-h, --help Print help
-V, --version Print version
Transport QUIC:
--listen <ADDR>
Transport server listening address
--tls-cert <FILE>
Path to the TLS certificate file for secure connections
--tls-key <FILE>
Path to the TLS private key file for secure connections
--enable-zero-rtt <BOOL>
Whether to enable 0-RTT or 0.5-RTT connections at the cost of weakened security [default: false]
--congestion-initial-window <NUM>
Initial congestion window in bytes
--max-idle-timeout <TIME>
Connection idle timeout in millisecond
--max-keep-alive-period <TIME>
Connection keep alive period in millisecond
--max-open-bidirectional-streams <NUM>
Connection max open bidirectional streams
Logging:
--tracing-level <TRACE> Logging level e.g., INFO, WARN, ERROR [default: WARN]
Client
Usage: ombrac-client [OPTIONS] --server-address <ADDR>
Options:
-h, --help Print help
-V, --version Print version
Endpoint SOCKS:
--socks <ADDR> Listening address for the SOCKS server [default: 127.0.0.1:1080]
Transport QUIC:
--bind <ADDR>
Bind address
--server-name <STR>
Name of the server to connect
--server-address <ADDR>
Address of the server to connect
--tls-cert <FILE>
Path to the TLS certificate file for secure connections
--enable-zero-rtt <BOOL>
Whether to enable 0-RTT or 0.5-RTT connections at the cost of weakened security [default: false]
--enable-connection-multiplexing <BOOL>
Whether to enable connection multiplexing [default: false]
--congestion-initial-window <NUM>
Initial congestion window in bytes
--max-idle-timeout <TIME>
Connection idle timeout in millisecond
--max-keep-alive-period <TIME>
Connection keep alive period in millisecond [default: 8000]
--max-open-bidirectional-streams <NUM>
Connection max open bidirectional streams
Logging:
--tracing-level <TRACE> Logging level e.g., INFO, WARN, ERROR [default: WARN]
Contributing
Contributions are welcome! Feel free to fork the repository, submit issues, or send pull requests to help improve Ombrac.
License
This project is licensed under the Apache-2.0 License.
Dependencies
~19–46MB
~1M SLoC