mdslab / wstun Goto Github PK

View Code? Open in Web Editor NEW

This project forked from mhzed/wstunnel

114.0 14.0 44.0 144 KB

Tunnels and reverse tunnels over WebSocket

License: Apache License 2.0

JavaScript 94.12% Shell 4.95% Dockerfile 0.93%

wstun's Introduction

WSTUN - Tunnels and Reverse Tunnels over WebSocket for Node.js

Overview

A set of Node.js tools to establish TCP tunnels (or TCP reverse tunnels) over WebSocket connections for circumventing the problem of directly connect to hosts behind a strict firewall or without public IP. It also supports WebSocket Secure (wss) connections.

Installation

npm install @mdslab/wstun

Usage (from a Node.js application)

Instantiation of a tunnel server

var wstun = require("@mdslab/wstun");

// without security
server = new wstun.server();

// or with security (<PRIVATE-KEY-PATH> and <PUBLIC-KEY-PATH> are the paths of the private and public keys in .pem formats)
server = new wstun.server({ssl:true, key:"<PRIVATE-KEY-PATH>", cert:"<PUBLIC-KEY-PATH>"});

//start the server (<PORT> is the listening port)
server.start(<PORT>)

Implementation of a tunnel client

var wstun = require("@mdslab/wstun");

client = new wstun.client();

// without security
wstunHost = 'ws://wstunServerIP:wstunPort';

// or with security 
wstunHost = 'wss://wstunServerIP:wstunPort';

// <localPort> is the port on the localhost on which the tunneled service will be reachable
// <remoteHost>:<remotePort> is the endpoint of the service to be tunneled
client.start(<localPort>, wstunHost, '<remoteHost>:<remotePort>');

Instantiation of a reverse tunnel server

var wstun = require("@mdslab/wstun");

// without security
reverse_server = new wstun.server_reverse();

// or with security (<PRIVATE-KEY-PATH> and <PUBLIC-KEY-PATH> are the paths of the private and public keys in .pem formats)
reverse_server = new wstun.server_reverse({ssl:true, key:"<PRIVATE-KEY-PATH>", cert:"<PUBLIC-KEY-PATH>"});

//start the server (<PORT> is the listening port)
reverse_server.start(<PORT>);

Implementation of a reverse tunnel client

var wstun = require("reverse-wstunnel");

reverse_client = new wstun.client_reverse();

// without security
wstunHost = 'ws://wstunServerIP:wstunPort';

// or with security 
wstunHost = 'wss://wstunServerIP:wstunPort';

// <publicPort> is the port on the reverse tunnel server on which the tunneled service will be reachable
// <remoteHost>:<remotePort> is the endpoint of the service to be reverse tunneled
reverse_client.start(<publicPort>, wstunHost, '<remoteHost>:<remotePort>');

Usage (from command line)

A command line tool (wstun.js) is also available in the bin directory.

Examples about how to run a tunnel server:

//without security
./wstun.js -s 8080

//with security
./wstun.js -s 8080 --ssl=true --key="<PRIVATE-KEY-PATH>" --cert="<PUBLIC-KEY-PATH>"

Examples about how to run a tunnel client:

//without security
./wstun.js -t 33:2.2.2.2:33 ws://wstunServerIP:8080 

//with security
./wstun.js -t 33:2.2.2.2:33 wss://wstunServerIP:8080

In both examples, connections to localhost:33 on the client will be tunneled to 2.2.2.2:33 through the Websocket connection with the server. Note that the decision about the final destination of the tunnel is up to the client. Alternatively, it is possible to lock the final destination of the tunnel on the server side.

Examples about how to run a tunnel server locking the final tunnel destination:

//without security 
./wstun.js -s 8080 -t 2.2.2.2:33

//with security
./wstun.js -s 8080 -t 2.2.2.2:33 --ssl=true --key="<PRIVATE-KEY-PATH>" --cert="<PUBLIC-KEY-PATH>"

Examples about how to run a tunnel client when the final tunnel destination has been locked by the server:

//without security
./wstun.js -t 33 ws://wstunServerIP:8080 

//with security
./wstun.js -t 33 wss://wstunServerIP:8080

Examples about how to run a reverse tunnel server:

//without security
./wstun.js -r -s 8080

//with security
./wstun.js -r -s 8080 --ssl=true --key="<PRIVATE-KEY-PATH>" --cert="<PUBLIC-KEY-PATH>"

Examples about how to run a reverse tunnel client:

//without security
./wstun.js -r6666:2.2.2.2:33 ws://server:8080

//with security 
./wstun.js -r6666:2.2.2.2:33 wss://server:8080

In the above examples, the client asks the server to open a TCP server on port 6666 and all connections on this port are tunneled to the client that is directely connected to 2.2.2.2:33.

Logging system

WSTUN uses Log4js library to manage its logs in /var/log/wstun/

wstun's People

Contributors

Stargazers

Watchers

wstun's Issues

Reverse Client+Server Pair - Server Crashing

Client is giving the Server access to a HTTP Proxy so that the Server can Send HTTP(s) Requests using the Client's IP Address.
After a while of running this is the output, ignore the fact that my IP is in there, it has cycled since these logs.

root@ChromiumVNC-Base:~/ClientTunnel/node_modules/node-reverse-wstunnel/bin# ./wstt.js -r -s 12345
Thu Jun 02 2016 19:58:49 GMT+0000 (UTC) Server is listening on port 12345
Created TCP server on port 12121
WS Connectio for Control Created
Request for Data WS Socket
Request for Data WS Socket
Thu Jun 02 2016 20:01:41 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:01:41 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:01:41 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:01:41 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
(node:2893) Warning: Possible EventEmitter memory leak detected. 11 created listeners added. Use emitter.setMaxListeners() to increase limit
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Request for Data WS Socket
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:02 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)tcp Error Error: read ECONNRESET
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)tcp Error Error: read ECONNRESET
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)tcp Error Error: read ECONNRESET
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)tcp Error Error: read ECONNRESET
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)tcp Error Error: read ECONNRESET
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)tcp Error Error: read ECONNRESET
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)TCP connection Close
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Thu Jun 02 2016 20:03:32 GMT+0000 (UTC)WebSocket Peer ::ffff:79.66.225.8 disconnected for:"Normal connection closure"
Request for Data WS Socket
/root/ClientTunnel/node_modules/websocket/lib/WebSocketRequest.js:509
        throw new Error('WebSocketRequest may only be accepted or rejected one time.');
        ^

Error: WebSocketRequest may only be accepted or rejected one time.
    at WebSocketRequest._verifyResolution (/root/ClientTunnel/node_modules/websocket/lib/WebSocketRequest.js:509:15)
    at WebSocketRequest.accept (/root/ClientTunnel/node_modules/websocket/lib/WebSocketRequest.js:250:10)
    at EventEmitter.<anonymous> (/root/ClientTunnel/node_modules/node-reverse-wstunnel/lib/wst_server_reverse.js:111:46)
    at emitOne (events.js:101:20)
    at EventEmitter.emit (events.js:188:7)
    at WebSocketServer.<anonymous> (/root/ClientTunnel/node_modules/node-reverse-wstunnel/lib/wst_server_reverse.js:84:23)
    at emitOne (events.js:96:13)
    at WebSocketServer.emit (events.js:188:7)
    at WebSocketServer.handleUpgrade (/root/ClientTunnel/node_modules/websocket/lib/WebSocketServer.js:213:14)
    at emitThree (events.js:116:13)

Any insight is appreciated.
Thanks

Can this work as a load balancer?

I have built something similar before with socket.io but this seems way better then what i built.

I have currently 3 servers (slaves) that are connected to one master that handels all request and distributes them over to all slaves throught socket.io

Can something similar be done with this package?

Error: read ECONNRESET

Nov 15 07:00:34 earth wstun[30783]: [2018-11-15 07:00:34.651] [INFO] wstun - [SYSTEM] --> WebSocket Request for Data
Nov 15 07:00:34 earth wstun[30783]: [2018-11-15 07:00:34.672] [INFO] wstun - [SYSTEM] --> WebSocket Request for Data
Nov 15 07:00:38 earth wstun[30783]: events.js:183
Nov 15 07:00:38 earth wstun[30783]: throw er; // Unhandled 'error' event
Nov 15 07:00:38 earth wstun[30783]: ^
Nov 15 07:00:38 earth wstun[30783]: Error: read ECONNRESET
Nov 15 07:00:38 earth wstun[30783]: at TCP.onread (net.js:622:25)
Nov 15 07:00:38 earth systemd[1]: wstun.service: Main process exited, code=exited, status=1/FAILURE
Nov 15 07:00:38 earth systemd[1]: wstun.service: Unit entered failed state.
Nov 15 07:00:38 earth systemd[1]: wstun.service: Failed with result 'exit-code'.

Feature Request-> add additional path information to websocket

Is there any way that this can be enhanced to allow for the path in the websocket instead of just the root?
I see today I can specify the port only and the web request goest to ws(s)://hostname:port/?dst=xxxx
but I would like to see a path option available so I can put it through additional proxies along the way
so it could look like .ws(s)://hostname:port/additionalpath/?dst=xxxx

thank you

TypeError: this._reject is not a function

Hello,

Using crome browser
When going to http://localhost:3333
I was expecting to get website hosted at http://10.216.5.47:8000
Instead server crashed:

CLIENT
[winMachine]$ node wstt.js -t 3333 ws://10.216.5.47:8888
Connection detected

SERVER
[root@partedmagic bin]$ ./wstt.js -s 8888 -t 127.0.0.1:8000
Tue Dec 13 2016 14:08:27 GMT+0100 (CET) Server is listening on port 8888
/home/user/node_modules/node-reverse-wstunnel/lib/wst_server.js:78
return this._reject(request, "Tunnel connect error to " + remoteAddr + ": " + err);
^

TypeError: this._reject is not a function
at Socket. (/home/user/node_modules/node-reverse-wstunnel/lib/wst_server.js:78:25)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at emitErrorNT (net.js:1276:8)
at _combinedTickCallback (internal/process/next_tick.js:74:11)
at process._tickCallback (internal/process/next_tick.js:98:9)
[root@partedmagic bin]$ ./wstt.js -s 8888 -t 127.0.0.1:8000
Tue Dec 13 2016 14:09:20 GMT+0100 (CET) Server is listening on port 8888
/home/user/node_modules/node-reverse-wstunnel/lib/wst_server.js:78
return this._reject(request, "Tunnel connect error to " + remoteAddr + ": " + err);

npm install error

npm WARN deprecated [email protected]: Use uuid module instead > [email protected] install E:\project\javascripts\tunnel\tunn\node_modules\webso cket > (node-gyp rebuild 2> builderror.log) || (exit 0) E:\project\javascripts\tunnel\tunn\node_modules\websocket>if not defined npm_con fig_node_gyp (node "C:\Program Files\nodejs\node_modules\npm\node_modules\npm-li fecycle\node-gyp-bin\....\node_modules\node-gyp\bin\node-gyp.js" rebuild ) el se (node "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\nod e-gyp.js" rebuild ) > @mdslab/[email protected] postinstall E:\project\javascripts\tunnel\tunn\node_modul es@mdslab\wstun > ./scripts/postinst '.' is not recognized as an internal or external command, operable program or batch file. npm WARN enoent ENOENT: no such file or directory, open 'E:\project\javascripts\ tunnel\tunn\package.json' npm WARN tunn No description npm WARN tunn No repository field. npm WARN tunn No README data npm WARN tunn No license field. npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! @mdslab/[email protected] postinstall: `./scripts/postinst` npm ERR! Exit status 1 npm ERR! npm ERR! Failed at the @mdslab/[email protected] postinstall script. npm ERR! This is probably not a problem with npm. There is likely additional log ging output above. npm ERR! A complete log of this run can be found in: npm ERR! C:\Users\ideeps\AppData\Roaming\npm-cache_logs\2020-03-08T04_51_14 _066Z-debug.log

On reverse tunnel the problem of managing multiple conncetions TCP on server at the same time, using id for TCP connections.

Manage the TCP connections with unique ID, this ID is used in server an in client to solve the problem

Please add HTTP headers injection & proxy support :D

Your script is awesome, please add these important features:

HTTP header injection
support for proxy

Thanks

Usage on Heroku

Is this possible to use on Heroku? Could you provide a simple server & client example to do so?

Only one client is managed by reverse wstunnel server

Modify the reverse wstunnel server to be able to management more than one reverse wstunnel client.

Unable to bind server to a specific IP

$ ./wstt.js -s 2222
Thu Aug 06 2015 14:41:27 GMT+0000 (UTC) Server is listening on port 2222

# lsof -ni|grep node
node      5857   wstunnel   10u  IPv4 25660001      0t0  TCP *:2222 (LISTEN)

[...]

$ ./wstt.js -s 127.0.0.1:2222 
Thu Aug 06 2015 14:40:43 GMT+0000 (UTC) Server is listening on port 127.0.0.1:2222

# lsof -ni|grep node
#

It also creates the -s target as a socket in .:

srwxrwxr-x 1 wstunnel wstunnel     0 Aug  6 14:40 127.0.0.1:2222

It doesn't seem to create the socket when just the port is specified.

If it's listening to external traffic then most of the purpose of putting it behind an HTTPS proxy is defeated.

Error log4js is not defined

Hi, I am not sure I use this module correctly.

I installed it by npm then try to create new server in my JS application. But I got "log4js is not defined error". Did I miss something?

To fix it, I manually add var log4js = require('log4js'); to the source code.

Expose a local server behind NAT to internet

Looks like the reverse proxy mode can be used to expose a local server behind NAT to be exposed to internet

Eg. a server running on wsclient can be exposed to internet using reverse proxy.

Examples about how to run a reverse tunnel client:

//without security
./wstun.js -r6666:2.2.2.2:33 ws://server:8080

//with security 
./wstun.js -r6666:2.2.2.2:33 wss://server:8080

In the above examples, the client asks the server to open a TCP server on port 6666 and all connections on this port are tunneled to the client that is directely connected to 2.2.2.2:33.

In above example, i am not clear, what is tunneled to the client that is directely connected to 2.2.2.2:33

What is 2.2.2.2 ? I want to expose a server on 127.0.0.1:LOCALPORT

client-reverse-wstunnel with http proxy

Is it possible to set the https_proxy from the client side of the reverse tunnel.

something similar to what wstunnel support
wstunnel -r port -p https://proxy_host:proxy_port wss://...

i didn't see this option (-p) available in reverse tunnel. Any suggestion how to achieve this ?

something inline with allowing reverse wstunnel to use HTTP_CONNECT to work across proxy.

Use on existing server

I already have a WS application server with quite some functionality, is there a way I could use the same server for wstun?