#websocket #server-client #web #cli

bin+lib rusty-penguin

A fast TCP/UDP tunnel, transported over HTTP WebSocket

13 releases (4 breaking)

0.5.3 Oct 1, 2023
0.5.2 Feb 12, 2023
0.4.2 Feb 2, 2023
0.4.1 Jan 29, 2023
0.1.2 Dec 25, 2022

#393 in Network programming

Download history 4/week @ 2024-02-24 274/week @ 2024-03-02 32/week @ 2024-03-09

310 downloads per month

Apache-2.0 OR GPL-3.0-or-later

1.5MB
6K SLoC

Rusty Penguin

Logo

Rust Build and Test Crates.io Dependency Status Codecov License

About

A fast TCP/UDP tunnel, transported over HTTP WebSocket. You are right. This project is inspired by jpillora/chisel (and subsequently my fork myzhang1029/penguin), but completely rewritten in Rust without any linkage to chisel. The logo is generated by DALL-E with the prompt "a penguin standing behind a gear wheel, digital art, logo."

Basic Usage

Server

$ penguin server --host ::1 --port 443 --tls-cert cert.pem --tls-key key.pem --ws-psk some-secret

See penguin server --help for more options.

Client

$ penguin client --ws-psk some-secret wss://server 1080:socks 80:example.com:80

See penguin client --help for more options.

Comparison

Compared to the original penguin or chisel, this project stripped away some functionalities:

  • There is no internal SSH tunnels because it results in double encapsulation when used with HTTPS/WSS.

  • There is no user/password authentication because we do not have SSH. Instead, use PSK authentication.

  • There is no server keep-alive because client keep-alive is enough.

  • There is no reverse port forwarding because it is equivalent to spawning another server on the client side.

  • There is no support to acquire an ACME certificate on-the-fly.

Other than that, this project offers these functionalities compared to chisel:

  • Plausible deniability with WebSocket PSK and working backend.

  • TLS certificate hot-reload with SIGUSR1.

  • Higher performance: my crude testing on my machine reveals that penguin is approximately 2x faster than chisel on my machine.

$ iperf3 -c 127.0.0.1 # chisel without TLS
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.00  sec  6.62 GBytes  5.68 Gbits/sec                  sender
[  5]   0.00-10.00  sec  6.61 GBytes  5.68 Gbits/sec                  receiver

$ iperf3 -c 127.0.0.1 # penguin without TLS
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.00  sec  14.2 GBytes  12.2 Gbits/sec                  sender
[  5]   0.00-10.00  sec  14.2 GBytes  12.2 Gbits/sec                  receiver

$ iperf3 -c 127.0.0.1 # chisel with TLS
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.00  sec  5.59 GBytes  4.80 Gbits/sec                  sender
[  5]   0.00-10.00  sec  5.58 GBytes  4.80 Gbits/sec                  receiver

$ iperf3 -c 127.0.0.1 # penguin with TLS
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.00  sec  8.96 GBytes  7.70 Gbits/sec                  sender
[  5]   0.00-10.00  sec  8.95 GBytes  7.69 Gbits/sec                  receiver
  • All the safety Rust offers.

Protocol

Servers and clients with the same protocol version are compatible with each other. However, for the best performance, it is recommended to use the same version of penguin on both sides.

The current protocol version is penguin-v6. See PROTOCOL.md for details.

License

GPL v3.0 or later or Apache License 2.0.

Dependencies

~5–21MB
~282K SLoC