- TCP sessions inside the tunnel can hold connected even if the tunnel connection will be temporarily disconnected.
$ kptunnel <mode> <server> [forwarding [forwarding [...]]] [options]
- mode
- This argument sets following mode.
- for server
- wsserver
- r-wsserver
- server
- r-server
- for client
- wsclient
- r-wsclient
- client
- r-client
- The mode has the prefix “r-” is the reverse tunnel.
- The mode has the prefix “ws” is ‘over websocket’.
- The mode does not has the prefix “ws” is to directly connect.
- The connection by tcp is experimental function.
- “r-“, “ws” of the mode must match between client and server.
- server
- This argument sets the listening port for the server, or the port of server to connect from the client.
- This argument must set with following format.
[host]:port- e.g. localhost:1234 :1234
- forwarding
- This argument sets the forwarding port.
- This option can set one or more.
- When the mode is the reverse tunnel, this argument must set from the server side.
- When the mode is the normal tunnel, this argument must set from the client side.
- This argument must set with following format.
[<r|t>,][localhost]:local-port,serverhost:server-port- r: use as the reverse tunnel
- t: use as the tunnel
- e.g.1 :20000,hoge.com:22
- e.g.2 r,:20000,hoge.com:22
- e.g.3 t,:20000,hoge.com:22
- ‘serverhost’ is sent directory widthout change to the server.
- When the forwarding is ‘:20000,localhost:22’, this ‘localhost’ shows the server.
- When server side sets the forwarding, client side’s forwarding is overridden.
It shows the sample of the command.
- server
$ kptunnel r-wsserver :6666 :8001,localhost:22 -pass XXXXXXX -encPass YYYYYYYY
This command run following server.
| option | description |
|---|---|
| r-wsserver | run reverse websocket server |
| :6666 | listen port 6666 |
| :8001,localost:22 | forwarding from server’s 8001 port to client’s 22 port |
| -pass | authentication password XXXXXXX for client |
| -encPass | password for the tunnel communication encryption |
- client
$ kptunnel r-wsclient hoge.hoge.com:80 -proxy http://user:pass@proxy.hoge.com:8080/ -pass XXXXXXX -encPass YYYYYYYY
This command run following client.
| option | description |
|---|---|
| r-wsclient | run reverse websocket client |
| hoge.hoge.com:80 | connect to hoge.hoge.com:80 port |
| -proxy | connect via proxy http://proxy.hoge.com::8080/ and authenticate with user, pass |
| -pass | authentication password XXXXXXX for client |
| -encPass | password for the tunnel communication encryption |
- connect to tunnel
Above-described samples construct reverse tunnel forwarding from server’s 8001 port to client’s 22 port. To run following command at the server side, it can connect to ssh of client side.
$ ssh -p 8001 localhost
- -proxy string
- This option set the proxy to connect websocket server.
- When the proxy needs auth, it sets with following format.
- http://user:pass@proxy.hoge.com:port/
- This tool only supports HTTP proxy.
- This option is valid for client side.
- -UA string
- This option set the user-agent to connect to the proxy.
- This option is valid for client side.
- -pass string
- This option sets password for the client authentication.
- This password must set same password at the client and the server.
- -encPass string
- This option sets the password for the tunnel communication encryption.
- This password must set same password at the client and the server.
- -encCount int
- This option sets the count for the tunnel communication encryption. (default -1)
- -1 : infinity
- 0 : plain, no encrypt.
- N > 0 : packet count
- This option sets the count for the tunnel communication encryption. (default -1)
- -ip string
- This option sets the IP address range that can connect to the server.
- When this option is omitted, the server does not limit IP address of the client.
https://ifritjp.github.io/blog2/public/posts/2020/2020-05-29-tunnel/#headline-12
localhost -- 5201 --> localhost
$ iperf3 -c localhost -p 5201
Connecting to host localhost, port 5201
[ 4] local 127.0.0.1 port 53034 connected to 127.0.0.1 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 7.23 GBytes 62.1 Gbits/sec 0 1.37 MBytes
[ 4] 1.00-2.00 sec 7.32 GBytes 62.9 Gbits/sec 0 1.37 MBytes
[ 4] 2.00-3.00 sec 7.18 GBytes 61.7 Gbits/sec 0 1.37 MBytes
[ 4] 3.00-4.00 sec 7.02 GBytes 60.3 Gbits/sec 0 1.37 MBytes
[ 4] 4.00-5.00 sec 6.87 GBytes 59.0 Gbits/sec 0 1.37 MBytes
[ 4] 5.00-6.00 sec 7.35 GBytes 63.2 Gbits/sec 0 1.50 MBytes
[ 4] 6.00-7.00 sec 7.10 GBytes 61.0 Gbits/sec 0 1.81 MBytes
[ 4] 7.00-8.00 sec 7.13 GBytes 61.2 Gbits/sec 0 2.19 MBytes
[ 4] 8.00-9.00 sec 7.14 GBytes 61.4 Gbits/sec 0 2.19 MBytes
[ 4] 9.00-10.00 sec 7.29 GBytes 62.6 Gbits/sec 0 2.19 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 71.6 GBytes 61.5 Gbits/sec 0 sender
[ 4] 0.00-10.00 sec 71.6 GBytes 61.5 Gbits/sec receiver
iperf Done.localhost -- 8001 --> tunnel client -- 8000 --> tunnel server -- 5201 --> localhost
$ iperf3 -c localhost -p 8001
Connecting to host localhost, port 8001
[ 4] local 127.0.0.1 port 40716 connected to 127.0.0.1 port 8001
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 569 MBytes 4.77 Gbits/sec 0 1.50 MBytes
[ 4] 1.00-2.00 sec 546 MBytes 4.58 Gbits/sec 0 1.50 MBytes
[ 4] 2.00-3.00 sec 562 MBytes 4.72 Gbits/sec 0 1.50 MBytes
[ 4] 3.00-4.00 sec 555 MBytes 4.65 Gbits/sec 0 1.50 MBytes
[ 4] 4.00-5.00 sec 558 MBytes 4.67 Gbits/sec 0 1.50 MBytes
[ 4] 5.00-6.00 sec 552 MBytes 4.64 Gbits/sec 0 1.50 MBytes
[ 4] 6.00-7.00 sec 555 MBytes 4.65 Gbits/sec 0 1.50 MBytes
[ 4] 7.00-8.00 sec 542 MBytes 4.55 Gbits/sec 0 1.50 MBytes
[ 4] 8.00-9.00 sec 554 MBytes 4.65 Gbits/sec 0 1.50 MBytes
[ 4] 9.00-10.00 sec 545 MBytes 4.57 Gbits/sec 0 1.50 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 5.41 GBytes 4.65 Gbits/sec 0 sender
[ 4] 0.00-10.00 sec 5.40 GBytes 4.64 Gbits/sec receiver
iperf Done.