Home

Awesome

udig

Build Status Go Report Card

udig is a public-key addressed TCP tunnel software. It allows anybody to expose a local network service through a public stable ingress, even if the local service is behind a NAT or firewall.

This project is still under heavy work in progress

Background

There are things like ngrok and other commercial software. udig is suitable for automation because users don't need to create any account.

How it works

architecture

It has of two logical endpoints:

Tunnel IDs are base32 encoded hashes of the public key (technically a multihash encoded as a base32 multibase).

Tunnel ingress addresses look like this: bahwqcerazdp76ea6rpuwvbbwxkjtypdntmw4bohi6amkzkfz2kswpxlpgykq.udig.io

Install

$ go get -u github.com/mkmik/udig/...

Client usage

Shell 1:

$ udiglink -R 443:localhost:8080
https://bahwqcerazdp76ea6rpuwvbbwxkjtypdntmw4bohi6amkzkfz2kswpxlpgykq

Shell 2:

$ python3 -m http.server 8080
Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:8080/) ...

Shell 3:

$ curl https://bahwqcerazdp76ea6rpuwvbbwxkjtypdntmw4bohi6amkzkfz2kswpxlpgykq.udig.io/README.md
# udig
...

Run locally

Shell 1:

$ (cd cmd/udiglink && go build && ./udiglink -alsologtostderr -addr localhost:4000 -http :8081 -R 8443:localhost:1234)

Shell 2:

$ (cd cmd/udigd && go build && ./udigd -alsologtostderr -http :8001 -port 8080 -port 8443 -cert ../../pkg/ingress/testdata/cert.pem -key ../../pkg/ingress/testdata/key.pem)

Shell 3:

$ python3 -m http.server 1234

Shell 4:

$ curl --connect-to ::127.0.0.1:8443 -k https://bahwqcerazdp76ea6rpuwvbbwxkjtypdntmw4bohi6amkzkfz2kswpxlpgykq.udig.io/README.md

(use the actual hostname you get in tunnel ingress addresses: ["bahw.... in Shell 1 for ^^^)

NOTE: This command requires curl version 7.49.0 or above.

For earlier versions of curl this can be tested by adding the host to /etc/hosts file as 127.0.0.1 (or C:\Windows\System32\drivers\etc\hosts on Windows) - like:

127.0.0.1 bahwqcerazdp76ea6rpuwvbbwxkjtypdntmw4bohi6amkzkfz2kswpxlpgykq.udig.io

And then running the curl command with port 8443:

curl https://bahwqcerazdp76ea6rpuwvbbwxkjtypdntmw4bohi6amkzkfz2kswpxlpgykq.udig.io:8443/README.md

Off-the-shelf tunnel client example

Udig forces you to use a TLS client and one that supports SNI nonetheless! If you have a plaintext TCP client on one side that needs to talk to a plaintext TCP server on the other side of the tunnel, this is an example of how you can setup the client side of the tunnel with standard off the-shelf-tools:

$ echo "openssl s_client -quiet -connect $DST:$PORT -servername $DST" >/tmp/cmd.sh
$ chmod +x /tmp/cmd.sh
$ socat TCP-LISTEN:1234,reuseaddr,fork 'SYSTEM:/tmp/cmd.sh' &

Contributing

PRs accepted