4 releases

0.2.5	Jan 4, 2025
0.2.4	Jan 4, 2025
0.2.3	Jan 4, 2025
0.2.1	Dec 21, 2024

#2122 in Network programming

506 downloads per month
Used in 2 crates

Apache-2.0

78KB
1.5K SLoC

Ombrac

Ombrac is a high-performance, Rust-based TCP tunneling solution designed for secure communication between clients and servers.

Features

Optionally pass through SOCKS
Encryption is ensured by the built-in TLS layer of QUIC
Employs QUIC multiplexing with bidirectional streams for efficient transmission

Install

From Binary Releases

Download the latest release from the releases page.

From Source

cargo build --bin ombrac-client --bin ombrac-server --features binary

NOTE: On linux systems, aws-lc-rs will be used for cryptographic operations. A C compiler and CMake may be required on these systems for installation.

Quick Start

ServerSetup

ombrac-server --listen "[::]:443" --tls-cert "./cert.pem" --tls-key "./key.pem"

Starts the Ombrac server listening on port 443, using the provided TLS certificate and key for encrypted communication.

ClientSetup

ombrac-client --socks "127.0.0.1:1080" --server-address "example.com:443"

Will sets up a SOCKS5 server on 127.0.0.1:1080, forwarding traffic to example.com:443.

When using a self-signed certificate, the client requires both the --server-name parameter and the --tls-cert path to be explicitly configured.

Usage

Server

Usage: ombrac-server [OPTIONS] --listen <ADDR> --tls-cert <FILE> --tls-key <FILE>

Options:
  -h, --help     Print help
  -V, --version  Print version

Transport QUIC:
      --listen <ADDR>
          Transport server listening address
      --tls-cert <FILE>
          Path to the TLS certificate file for secure connections
      --tls-key <FILE>
          Path to the TLS private key file for secure connections
      --enable-zero-rtt <BOOL>
          Whether to enable 0-RTT or 0.5-RTT connections at the cost of weakened security [default: false]
      --congestion-initial-window <NUM>
          Initial congestion window in bytes
      --max-idle-timeout <TIME>
          Connection idle timeout in millisecond
      --max-keep-alive-period <TIME>
          Connection keep alive period in millisecond
      --max-open-bidirectional-streams <NUM>
          Connection max open bidirectional streams

Logging:
      --tracing-level <TRACE>  Logging level e.g., INFO, WARN, ERROR [default: WARN]

Client

Usage: ombrac-client [OPTIONS] --server-address <ADDR>

Options:
  -h, --help     Print help
  -V, --version  Print version

Endpoint SOCKS:
      --socks <ADDR>  Listening address for the SOCKS server [default: 127.0.0.1:1080]

Transport QUIC:
      --bind <ADDR>
          Bind address
      --server-name <STR>
          Name of the server to connect
      --server-address <ADDR>
          Address of the server to connect
      --tls-cert <FILE>
          Path to the TLS certificate file for secure connections
      --enable-zero-rtt <BOOL>
          Whether to enable 0-RTT or 0.5-RTT connections at the cost of weakened security [default: false]
      --enable-connection-multiplexing <BOOL>
          Whether to enable connection multiplexing [default: false]
      --congestion-initial-window <NUM>
          Initial congestion window in bytes
      --max-idle-timeout <TIME>
          Connection idle timeout in millisecond
      --max-keep-alive-period <TIME>
          Connection keep alive period in millisecond [default: 8000]
      --max-open-bidirectional-streams <NUM>
          Connection max open bidirectional streams

Logging:
      --tracing-level <TRACE>  Logging level e.g., INFO, WARN, ERROR [default: WARN]

Contributing

Contributions are welcome! Feel free to fork the repository, submit issues, or send pull requests to help improve Ombrac.

License

This project is licensed under the Apache-2.0 License.

Dependencies

~2–27MB
~572K SLoC