1 unstable release
new 0.2.1 | Dec 21, 2024 |
---|
#20 in #firewall
73KB
1.5K
SLoC
Ombrac
Ombrac is a high-performance, Rust-based TCP tunneling solution designed for secure communication between clients and servers.
Features
- Optionally pass through SOCKS
- Encryption is ensured by the built-in TLS layer of QUIC
- Employs QUIC multiplexing with bidirectional streams for efficient transmission
Architecture
Ombrac is organized into three main crates
ombrac
: Core library implementing the tunnel protocolombrac-client
: Ombrac client implementationombrac-server
: Ombrac server implementation
Install
From Binary Releases
Download the latest release from the releases page.
From Source
cargo build --bin ombrac-client --bin ombrac-server --features binary
NOTE: On linux systems, aws-lc-rs
will be used for cryptographic operations. A C compiler and CMake may be required on these systems for installation.
Quick Start
ServerSetup
ombrac-server --listen "[::]:443" --tls-cert "./cert.pem" --tls-key "./key.pem"
This command starts the Ombrac server listening on port 443, using the provided TLS certificate and key for encrypted communication.
ClientSetup
ombrac-client --socks "127.0.0.1:1080" --server-address "example.com:443"
Will sets up a SOCKS5 server on 127.0.0.1:1080, forwarding traffic to example.com:443.
When using a self-signed certificate, the client requires both the --server-name
parameter and the --tls-cert
path to be explicitly configured.
Usage
Server
Usage: ombrac-server [OPTIONS] --listen <ADDR> --tls-cert <FILE> --tls-key <FILE>
Options:
-h, --help Print help
-V, --version Print version
Transport QUIC:
--listen <ADDR>
Transport server listening address
--tls-cert <FILE>
Path to the TLS certificate file for secure connections
--tls-key <FILE>
Path to the TLS private key file for secure connections
--initial-congestion-window <NUM>
Initial congestion window in bytes
--max-handshake-duration <TIME>
Handshake timeout in millisecond
--max-idle-timeout <TIME>
Connection idle timeout in millisecond
--max-keep-alive-period <TIME>
Connection keep alive period in millisecond
--max-open-bidirectional-streams <NUM>
Connection max open bidirectional streams
--bidirectional-local-data-window <NUM>
Bidirectional stream local data window
--bidirectional-remote-data-window <NUM>
Bidirectional stream remote data window
Logging:
--tracing-level <TRACE> Logging level e.g., INFO, WARN, ERROR [default: WARN]
Client
Usage: ombrac-client [OPTIONS] --server-address <ADDR>
Options:
-h, --help Print help
-V, --version Print version
Endpoint SOCKS:
--socks <ADDR> Listening address for the SOCKS server [default: 127.0.0.1:1080]
Transport QUIC:
--bind <ADDR>
Bind local address
--server-name <STR>
Name of the server to connect
--server-address <ADDR>
Address of the server to connect
--tls-cert <FILE>
Path to the TLS certificate file for secure connections
--initial-congestion-window <NUM>
Initial congestion window in bytes
--max-handshake-duration <TIME>
Handshake timeout in millisecond
--max-idle-timeout <TIME>
Connection idle timeout in millisecond
--max-keep-alive-period <TIME>
Connection keep alive period in millisecond
--max-open-bidirectional-streams <NUM>
Connection max open bidirectional streams
--bidirectional-local-data-window <NUM>
Bidirectional stream local data window
--bidirectional-remote-data-window <NUM>
Bidirectional stream remote data window
Logging:
--tracing-level <TRACE> Logging level e.g., INFO, WARN, ERROR [default: WARN]
Contributing
Contributions are welcome! Feel free to fork the repository, submit issues, or send pull requests to help improve Ombrac.
License
This project is licensed under the Apache-2.0 License.
Dependencies
~2–27MB
~567K SLoC