coderrr / tunnel_splitter
- Source
- Commits
- Network (0)
- Issues (0)
- Downloads (0)
- Wiki (1)
- Graphs
-
Branch:
master
tunnel tcp connection over multiple tcp connections
| name | age | message | |
|---|---|---|---|
 |
.gitignore | Sat Apr 18 22:08:05 -0700 2009 | |
| |
README.markdown | Sun Jan 10 00:37:42 -0800 2010 | |
| |
README.shorewall | Fri Jan 08 12:35:13 -0800 2010 | |
| |
ROUTING | Mon Apr 27 21:49:52 -0700 2009 | |
| |
Rakefile | Tue Mar 24 01:10:09 -0700 2009 | |
| |
TODO | Loading commit data...  |
|
 |
lib/ | ||
| |
shorewall_config/ | Fri Jan 08 12:35:13 -0800 2010 | |
| |
test/ | Wed Aug 05 09:56:39 -0700 2009 | |
| |
ts_client.rb | Thu Jun 25 10:15:59 -0700 2009 | |
| |
ts_forwarder.rb | Sat Mar 14 10:31:19 -0700 2009 | |
| |
ts_server.rb | Sat Jun 13 17:44:36 -0700 2009 |
Tunnel Splitter
Tunnel Splitter is a client/server which allows you to split a single TCP connection over multiple TCP connections. More specifically, it opens a group of tunneling connections, then load balances your packets through them.
What's this useful for? A few things, for example:
- Using tunnel splitter to tunnel to a SOCKS proxy allows you to:
- Transparently pool multiple internet connections into a single faster connection ('mutlihoming')
- Get past ISP imposed per TCP connection caps (aka accelerate a single ISP connection, ala download accelerators, except for any type of TCP connection)
- Fight for bandwidth on a shared network by having more connections than your peers (hehe yes that's evil)
Usage
Client:
ts_client <listen_address:port> <ts_server_address:port>[:bind_dev[:bind_port]][~N] [ <ts_server_address:port>[:bind_dev[:bind_port]][~N] ... ]
~N - create N duplicate tunnels for this specific server address
bind_dev - device name to bind to, the device name is only used to lookup the current ip address of the device (via ifconfig)
bind_port - port to bind to
Server:
ts_server <listen_address:port> <tunnel_to_address:port>
Forwarder (optional):
ts_forwarder <listen_address:port> <forward_to_address:port>
Examples
Multihoming
This example requires you have multiple internet connections. Each one must be setup on your local machine as a different interface and have its own IP. When using this setup tunneling to a SOCKS proxy your bandwidth will be increased to the sum of all your ISPs' throughput, and only limited by the throughput of the remote host.
LOCAL HOST REMOTE HOST
+--> (ISP1) ---+
/ \
(SOCKS client) -> (ts_client) ---> (ISP2) ------ > (ts_server) -> (SOCKS server)
\ /
+--> (ISP3) ---+
Assume your local interfaces are setup as such, each one using a different internet connection:
- eth0 (ISP1)
- eth1 (ISP2)
- eth2 (ISP3)
LOCAL HOST:
ts_client localhost:5000 remote.host.com:6000:eth0 remote.host.com:6000:eth1 remote.host.com:6000:eth2
This will make 1 tunnel conneciton per ISP. If you wanted to make 10 on the first two ISPs and 5 on the other you would do so with:
ts_client localhost:5000 remote.host.com:6000:eth0~10 remote.host.com:6000:eth1~10 remote.host.com:6000:eth2~5
REMOTE HOST:
ts_server 0.0.0.0:6000 localhost:5000 (SOCKS server running on port 5000)
- Note that Linux by default does not route based on source address. This means that even though tunnel splitter binds the outgoing packets to the ips associated with each interface the packets will all go out through a single interface. To fix this we must create some new routing tables/rules. The simplest way to do this is with the shorewall firewall. With some minimal configuration it will set them all up for you. See README.shorewall on how to achieve this.
- BSD/OSX seems to route packets by source address correctly out of the box (although I have not done extensive testing with this).
Split Tunneling For Connection Acceleration
In this example we use tunnel splitter to get around ISP imposed per connection caps and/or throttling. This is similar to "download acceleration" but can work with any type of TCP connection. When making the endpoint a SOCKS server this can transparently accelerate any internet application which supports SOCKS proxying (this is also true for the above multihoming example).
LOCAL HOST REMOTE HOST
+---------------------+
/ \
(SOCKS client) -> (ts_client) ------------------------ > (ts_server) -> (SOCKS server)
\ /
+---------------------+
- 'SOCKS client' could be Firefox, Skype, SSH, or any other application which either lets you set a SOCKS proxy or can be socksified with a socksification utility
LOCAL HOST:
ts_client 127.0.0.1:20000 remote.host.com:20000~15 ( 15 tunnels )
REMOTE HOST:
ts_server 0.0.0.0:20000 127.0.0.1:5000 (SOCKS server running on port 5000)
Split Tunneling Over Multiple Routes (Hosts)
This example is similar to the above except that instead of directly connecting to the destination host we forward our tunnels through any number of different remote hosts. This means that snooping of any single tunnel will only provide 1/Nth of your actual connection.
LOCAL HOST FORWARDING HOSTS REMOTE HOST
+--> (ts_forwarder) --+
/ \
(client) -> (ts_client) ---> (ts_forwarder) ---- > (ts_server) -> (server)
\ /
+--> (ts_forwarder) --+
LOCAL HOST:
ts_client 127.0.0.1:10000 first.forwarder.com:20000 second.forwarder.com:20000 third.forwarder.com:20000
ON EACH FORWARDING HOST:
ts_forwarder 0.0.0.0:20000 remote.host.com:20000
REMOTE HOST:
ts_server 0.0.0.0:20000 127.0.0.1:5000
- Note, the ports that need to match here are:
- The last argument to ts_forwarder and the first argument to ts_server
- The 2nd+ arguments to ts_client and the first argument to ts_forwarder
