Feature request: tunnels

[honwen]

Describe actual behavior

NULL

What is your expected behavior

tunnels both UDP and TCP
Example: https://github.com/shadowsocks/go-shadowsocks2

Client

Start a client connecting to the above server. The client listens on port 1080 for incoming SOCKS5
connections, and tunnels both UDP and TCP on port 8053 and port 8054 to 8.8.8.8:53 and 8.8.4.4:53
respectively.

go-shadowsocks2 -c ss://AEAD_CHACHA20_POLY1305:your-password@[server_address]:8488 \
    -verbose -socks :1080 -udptun :8053=8.8.8.8:53,:8054=8.8.4.4:53 \
                          -tcptun :8053=8.8.8.8:53,:8054=8.8.4.4:53

Specifications like the version of the project, operating system, or hardware

Ver: 714df2f

Steps to deploy the server

Steps to reproduce the problem

[txthinking]

The socks5 already supports UDP, why we still need tunnel?

…

On Sat, Nov 11, 2017 at 11:44 PM chenhw2 ***@***.***> wrote: Describe actual behavior NULL What is your expected behavior tunnels both UDP and TCP Example: https://github.com/shadowsocks/go-shadowsocks2 Client Start a client connecting to the above server. The client listens on port 1080 for incoming SOCKS5 connections, and tunnels both UDP and TCP on port 8053 and port 8054 to 8.8.8.8:53 and 8.8.4.4:53 respectively. go-shadowsocks2 -c ***@***.***_address]:8488 \ -verbose -socks :1080 -udptun :8053=8.8.8.8:53,:8054=8.8.4.4:53 \ -tcptun :8053=8.8.8.8:53,:8054=8.8.4.4:53 Specifications like the version of the project, operating system, or hardware Ver: 714df2f <714df2f> Steps to deploy the server 1. 2. 3. Steps to reproduce the problem 1. 2. 3. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#102>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABLyz4HgAaj-K8Ld7QD1AHLYtwoSlJBtks5s1cDzgaJpZM4Qah96> .

[honwen]

Not every program we need support proxy.

For example, DNS over brook, openvpn over brook, and even rdp(remote desktop of Windows ) over brook.

[txthinking]

I assume you want to talk with(both udp and tcp) 1.2.3.4:5 [your local] <----udp/tcp---->[1.2.3.4:5] Let me describe the tunnel you need: [your local]<----brook client----brook server----->[1.2.3.4:5] The command like this: brook tunnel --listen 127.0.0.1:2 --server x.x.x.x:x --password xx --forward 1.2.3.4:5 Is this right?

…

On Sun, Nov 12, 2017 at 5:36 PM chenhw2 ***@***.***> wrote: Not every program we need support proxy. For example, DNS over brook, openvpn over brook, and even rdp(remote desktop of Windows ) over brook. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#102 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABLyz1Fcz59FS54VzcH8NM-FqpkPZIzjks5s1rwNgaJpZM4Qah96> .

[txthinking]

127.0.0.1:2 is no longer a socks5. If we replace 1.2.3.4:5 with 8.8.8.8:53, then 127.0.0.1:2 is a dns server.

…

On Mon, Nov 13, 2017 at 2:48 PM Cloud ***@***.***> wrote: I assume you want to talk with(both udp and tcp) 1.2.3.4:5 [your local] <----udp/tcp---->[1.2.3.4:5] Let me describe the tunnel you need: [your local]<----brook client----brook server----->[1.2.3.4:5] The command like this: brook tunnel --listen 127.0.0.1:2 --server x.x.x.x:x --password xx --forward 1.2.3.4:5 Is this right? On Sun, Nov 12, 2017 at 5:36 PM chenhw2 ***@***.***> wrote: > Not every program we need support proxy. > > For example, DNS over brook, openvpn over brook, and even rdp(remote > desktop of Windows ) over brook. > > — > You are receiving this because you commented. > > > Reply to this email directly, view it on GitHub > <#102 (comment)>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/ABLyz1Fcz59FS54VzcH8NM-FqpkPZIzjks5s1rwNgaJpZM4Qah96> > . >

[honwen]

Yes, that's what I am talking about.

[jusss]

sorry to bother, I'd like to make brook as global proxy, like a vpn, I know how to use iptables to and
redsocks to redirect TCP datum to the port brook listen on, but I don't know how to solve the dns issue,
for example brook listen on 127.0.0.1:7070, so I should redirect the dns datum to local UDP port 7070?
or TCP port 7070?

[txthinking]

I am working on this issue, just a few days. :)

…

On Thu, Jan 11, 2018 at 9:26 PM jusss ***@***.***> wrote: sorry to bother, I'd like to make brook as global proxy, like a vpn, I know how to use iptables to and redsocks to redirect TCP datum to the port brook listen on, but I don't know how to solve the dns issue, for example brook listen on 127.0.0.1:7070, so I should redirect the dns datum to local UDP port 7070? or TCP port 7070? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#102 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABLyz3oDEJKQriKZ9mapvCRZlh9ihTbCks5tJgwUgaJpZM4Qah96> .

[txthinking]

If you has a brook server $ brook server ...
and you want start tunnel to 8.8.8.8:53
then you can create a DNS server with Brook:

$ brook tunnel -l 127.0.0.1:53 -t 8.8.8.8:53 -s your_server:port -p password

Test it:
$ dig google.com @127.0.0.1
$ dig +tcp google.com @127.0.0.1

Sure, tunnel can work with more, not only DNS.

Clouds-MacBook-Pro:brook tx$ brook tunnel -h
NAME:
   brook tunnel - Run as tunnel mode

USAGE:
   brook tunnel [command options] [arguments...]

OPTIONS:
   --listen value, -l value    Client listen address, like: 127.0.0.1:1080
   --to value, -t value        Tunnel to where, like: 8.8.8.8:53
   --server value, -s value    Server address, like: 1.2.3.4:1080
   --password value, -p value  Server password
   --tcpTimeout value          connection tcp keepalive timeout (s) (default: 60)
   --tcpDeadline value         connection deadline time (s) (default: 0)
   --udpDeadline value         connection deadline time (s) (default: 60)

[honwen]

Thanks a lot. It works very well.

[jusss]

could you write more specifically?
run brook server ... on the server and run brook tunnel ... on the client?
or run brook tunnel ... and brook server ... both on the server and run them both on the client?
thanks for your reply!

[jusss]

also if brook tunnel ... supports transparent proxy, that means I can redirect all tcp datum to the port which brook listen on directly, and without redsocks for socks5 wrap? is that right?

[txthinking]

@jusss No, it's not transparent proxy #117 .

[txthinking]

@jusss If redsocks can support UDP. You can try with your idea: #102 (comment)

[x0r2d2]

@txthinking Didn't understand the usage of tunnel. It is used with "server" or separately?
Thanks.

[jusss]

@hybtoy the tunnel only works with brook server
you run brook server on your VPS, then you can run brook tunnel on your local,
and it seems you must point the destination address if you want to use brook tunnel