rexpose

A reverse proxy to expose TCP and UDP services behind any NAT via a public server.

Install

Mac & Linux

You can use Homebrew to install rexpose:

brew install rexpose/tap/rexpose

Windows

You can use WinGet:

winget install rexpose.rexpose

Download binary

You can use any precompiled binary from the release section.

From sources

• install rust and cargo
• run cargo install rexpose

Usage

To start a client exposing a TCP service on port 80 run following command: rexpose -P <password> -a <hostname or IP of the server>

If a self signed certificate is used, the path to the trusted certificate has to be provided: -c <certificate path>

To start a server accepting and forwarding TCP connections on port 80 to the client, run following command: rexpose -s -P <password> -c <certificate path> -k <key path>

The server needs access to a valid certificate and the associated private key to communicate with the client over TLS. An example for the generation of a self signed certificate for the hostname 'localhost' is provided as following: openssl req -nodes -new -x509 -days 7 -keyout /etc/ssl/private/key.key -out /etc/ssl/certs/cert.cert -addext "subjectAltName = DNS:localhost" -subj "/CN=localhost" -addext "extendedKeyUsage = serverAuth, clientAuth" -addext "keyUsage = digitalSignature,keyAgreement"

Argument list

rexpose.app

If you don't want to host a rexpose server by yourself, you can use the SaaS solution rexpose.app.

Architecture

For the first connection, the client opens a TLS connection to the server and sends the provided password to the server. If the server accepts the connection, UDP/TCP traffic on the configured port is forwarded to the client via TCP. With the optional argument -e, the forwarded traffic is enrypted using TLS.