9 releases
| new 0.3.2 | Feb 17, 2025 |
|---|---|
| 0.3.1 | Feb 15, 2025 |
| 0.2.6 | Feb 8, 2025 |
| 0.2.5 | Jan 4, 2025 |
| 0.2.1 | Dec 21, 2024 |
#2163 in Network programming
395 downloads per month
105KB
2K
SLoC
Ombrac
Ombrac is a high-performance, Rust-based TCP tunneling solution designed for secure communication
Features
- High Performance: Leverages QUIC's multiplexing capabilities with bidirectional streams for efficient and low-latency transmission.
- Secure Communication: Encryption is ensured by the built-in TLS layer of QUIC, providing robust security for your data.
- Zero-RTT Support: Optional 0-RTT or 0.5-RTT connections for faster handshakes (at the cost of slightly weakened security).
Install
Releases
Download the latest release from the releases page.
crate.io
cargo install ombrac-client ombrac-server --features binary
Build
cargo build --bin ombrac-client --bin ombrac-server --features binary
NOTE: On linux systems, aws-lc-rs will be used for cryptographic operations. A C compiler and CMake may be required on these systems for installation.
Usage
Server
ombrac-server -l "[::]:443" -k "secret" --tls-cert "./cert.pem" --tls-key "./key.pem"
Starts the Ombrac server listening on port 443, using the provided TLS certificate and key for encrypted communication.
Client
ombrac-client -s "example.com:443" -k "secret"
Will sets up a SOCKS5 server on 127.0.0.1:1080, forwarding traffic to example.com:443.
When using a self-signed certificate, the client requires both the --server-name parameter and the --tls-cert path to be explicitly configured.
Alternatively, you can use the --tls-skip option to skip TLS verification. This is not recommended for production environments as it bypasses certificate validation, potentially exposing your communication to security risks.
Usage
Server
Usage: ombrac-server [OPTIONS] --secret <STR> --listen <ADDR>
Options:
-h, --help Print help
-V, --version Print version
Service Secret:
-k, --secret <STR> Protocol Secret
Transport QUIC:
-l, --listen <ADDR>
Transport server listening address
--tls-cert <FILE>
Path to the TLS certificate file for secure connections
--tls-key <FILE>
Path to the TLS private key file for secure connections
--tls-skip
When enabled, a self-signed certificate and key will be generated, the cert and key will be disregarded
--enable-zero-rtt
Whether to enable 0-RTT or 0.5-RTT connections at the cost of weakened security
--congestion-initial-window <NUM>
Initial congestion window in bytes
--max-idle-timeout <TIME>
Connection idle timeout in millisecond
--max-keep-alive-period <TIME>
Connection keep alive period in millisecond
--max-open-bidirectional-streams <NUM>
Connection max open bidirectional streams
Logging:
--tracing-level <TRACE> Logging level e.g., INFO, WARN, ERROR [default: WARN]
Client
Usage: ombrac-client [OPTIONS] --secret <STR> --server <ADDR>
Options:
-h, --help Print help
-V, --version Print version
Service Secret:
-k, --secret <STR> Protocol Secret
Endpoint SOCKS:
--socks <ADDR> Listening address for the SOCKS server [default: 127.0.0.1:1080]
Transport QUIC:
--bind <ADDR>
Bind address
-s, --server <ADDR>
Address of the server to connect
--server-name <STR>
Name of the server to connect
--tls-cert <FILE>
Path to the TLS certificate file for secure connections
--tls-skip
Skip TLS verification for connections
--enable-zero-rtt
Whether to enable 0-RTT or 0.5-RTT connections at the cost of weakened security
--enable-connection-multiplexing
Whether to enable connection multiplexing
--congestion-initial-window <NUM>
Initial congestion window in bytes
--max-idle-timeout <TIME>
Connection idle timeout in millisecond
--max-keep-alive-period <TIME>
Connection keep alive period in millisecond [default: 8000]
--max-open-bidirectional-streams <NUM>
Connection max open bidirectional streams
Logging:
--tracing-level <TRACE> Logging level e.g., INFO, WARN, ERROR [default: WARN]
License
This project is licensed under the Apache-2.0 License.
Dependencies
~3–29MB
~601K SLoC