JNDC is a community-maintained intranet tunneling and proxy project. It can expose internal services, forward traffic, and concentrate management capability on the server side, so unsafe deployment may create material security risk.

Before using it in a company or production-like environment, you should complete your own security review, access control design, network isolation, audit logging, secrets management, backup, and rollback planning. This repository does not provide any SLA, security certification, compliance commitment, or fitness guarantee for a specific environment.

This repository remains licensed under Apache-2.0. The project does not add field-of-use restrictions beyond the license. Read DISCLAIMER.md, SUPPORT.md, and SECURITY.md before deployment.

• "J NDC" is the abbreviation of "java no distance connection", which is intended to provide an easy-to-use visual intranet penetration application. The application is written based on java netty.
• The application is built with the Client/Server architecture. Through the idea of "service registration", the local client side provides local services to the server side, and the server side manages and exposes the corresponding services
• The application core is supported by the ndc private protocol, providing "transmission data encryption", "ip black and white list", "client visualization", "service port timing", "domain name routing" functions
• Build and runtime now require JDK 21. Configure JAVA_HOME to a JDK 21 installation before running Maven or the startup scripts.
• The management UI is server-side only. The client no longer provides a standalone management console or client-side management API.
• Project source code directory structure

- jndc
  - jndc_core # core public implementation
  - jndc_server # server implementation
  - jndc_client # client implementation

• TCP data flow

broser     ------->               (tunnel)               ---------->local_app
client     -------> jndc server <----------> jndc client ---------->local_app
other      ------->                                      ---------->local_app

• Example

• NDC protocol
• The protocol is designed to only support ipv4
• The data length limit of a single packet, beyond which will be automatically unpacked

public static final int AUTO_UNPACK_LENGTH = 5 * 1024 * 1024

• Agreement description:

--------------------------------
  3byte      1byte      1byte
|  ndc   |  version  |  type   |
--------------------------------
            4byte
|          local ip            |
--------------------------------
            4byte
|          remote ip           |
--------------------------------
            4byte
|          local port          |
--------------------------------
            4byte
|          server port         |
--------------------------------
            4byte
|          remote port         |
--------------------------------
            4byte
|          data length         |
--------------------------------
           data length byte
|            data              |
--------------------------------

secrete: "xxx" # Server secret, very important, be sure to change it before use
loglevel: "info"
servicePort: 1081 # jndc server running listening port
bindIp: "127.0.0.1" # jndc server running ip

cleanupConfig: # runtime data cleanup
  enabled: true
  runIntervalHours: 24
  channelRecordRetentionDays: 30
  ipFilterRecordRetentionDays: 30
  trafficTrendMinuteRetentionDays: 3
  trafficTrendHourRetentionDays: 14
  trafficTrendDayRetentionDays: 90
  trafficTrendMonthRetentionDays: 1095
  vacuumAfterCleanup: true

manageConfig: # management-side api service
  managementApiPort: 1777 #Management api port
  useSsl: false # Whether to use ssl
  jksPath: "/xx.jks" #jks certificate address
  jksPass: "xxx" # jks certificate password
  loginName: "xxx" # login user name
  loginPassWord: "xxx" # login password

webConfig: # http web service
  notFoundPage: "path/to/your/404.html"
  httpPort: 1080 # http application port
  useSsl: false # Whether to use ssl
  jksPath: "/xx.jks" #jks certificate address
  jksPass: "ddd" # jks certificate password

secrete: "xxx1" # Server secret, it is very important to change it before use
loglevel: "info" # log print level
serverIp: "127.0.0.1" # Server running listening ip
serverPort: "1081" # server running port
autoReleaseTimeOut: 600000 # Client auto disconnect time (milliseconds)
authMode: 0 # 0=SELF_MANAGED, 1=FULL_AUTHORIZED
clientServiceDescriptions: # register service
  - serviceName: "xx"
    serviceIp: "xx.com"
    servicePort: "8080"
    serviceEnable: true

Client config no longer contains manageConfig. Use the server management frontend and API for management operations.

• If you have good functional requirements, or bugs in the code, please submit them in the issue

• Do not expose the management API or web entrypoint directly to the public Internet without independent authentication, transport protection, and network-layer restrictions.
• Change all default or template secrets before any real deployment, and rotate credentials if they were ever shared in plaintext.
• Treat FULL_AUTHORIZED, remote management features, and any tunnel or proxy capability as privileged operations that require explicit internal approval.
• If you are a beginner or evaluating the project for enterprise use, start in an isolated test environment instead of a production network.

• License: Apache-2.0
• Risk and warranty boundary: DISCLAIMER.md
• Community support policy: SUPPORT.md
• Security reporting policy: SECURITY.md

• Thanks to jetbrains for supporting this open source project
• OpenSourceSupport