Because friends don't let friends localhost.
Go to file
AJ ONeal e5f26a25da cancel and close connections on enoder read and write errors 2020-07-13 09:14:11 +00:00
client use DuckDNS for demo 2020-05-06 11:11:13 -06:00
cmd cancel and close connections on enoder read and write errors 2020-07-13 09:14:11 +00:00
examples fix first connection 2020-07-09 09:03:04 +00:00
html/admin make Prettier 2020-04-28 00:58:26 -06:00
log squash refactor 2020-05-01 00:12:16 -06:00
mgmt WIP: track connection table 2020-06-22 00:34:42 -06:00
mplexer cancel and close connections on enoder read and write errors 2020-07-13 09:14:11 +00:00
packer improve error handling 2020-06-03 00:35:56 -06:00
relay WIP: track connection table 2020-06-22 00:34:42 -06:00
rvpn-docker heavier refactoring 2020-04-30 04:43:36 -06:00
sni squash refactor 2020-05-01 01:06:14 -06:00
table cancel and close connections on enoder read and write errors 2020-07-13 09:14:11 +00:00
tools use vfsgen for sql file 2020-06-03 00:17:30 -06:00
vendor update deps 2020-06-29 01:27:02 -06:00
.gitignore add wsserve, and some clean up 2020-07-06 07:51:32 +00:00
.ignore cleanup 2020-04-28 00:47:31 -06:00
.jshintrc make Prettier 2020-04-28 00:58:26 -06:00
.prettierrc make Prettier 2020-04-28 00:58:26 -06:00
LICENSE add LICENSE 2020-05-06 11:11:33 -06:00
README.md update examples 2020-06-29 02:43:46 -06:00
build-client.sh file reorganization 2020-06-03 01:47:06 -06:00
build-mgmt.sh file reorganization 2020-06-03 01:47:06 -06:00
build-relay.sh add build scripts for convenience 2020-06-03 00:23:50 -06:00
debug.sh minor fs denesting 2020-04-29 23:52:44 -06:00
go.mod move connection table to own package 2020-06-29 00:35:19 -06:00
go.sum move connection table to own package 2020-06-29 00:35:19 -06:00

README.md

Telebit

A secure, end-to-end Encrypted tunnel.

Because friends don't let friends localhost.

Install Go

Installs Go to ~/.local/opt/go for MacOS and Linux:

curl https://webinstall.dev/golang | bash

For Windows, see https://golang.org/dl

Note: The minimum required go version is shown in go.mod. DO NOT use with GOPATH!

Relay Server

All dependencies are included, at the correct version in the ./vendor directory.

go generate ./...

CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod vendor -o telebit-relay-linux ./cmd/telebit-relay/*.go
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -mod vendor -o telebit-relay-macos ./cmd/telebit-relay/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -o telebit-relay-windows-debug.exe ./cmd/telebit-relay/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -ldflags "-H windowsgui" -o telebit-relay-windows.exe ./cmd/telebit-relay/*.go

Configure

Command-line flags or .env may be used.

See ./telebit-relay --help for all options, and examples/relay.env for their corresponding ENVs.

Example

./telebit-relay --acme-agree=true --auth-url=http://localhost:3010/api

Copy examples/relay.env as .env in the working directory.

Management Server

pushd mplexy/

go generate ./...

CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod vendor -o mgmt-server-linux ./cmd/mgmt/*.go
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -mod vendor -o mgmt-server-macos ./cmd/mgmt/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -o mgmt-server-windows-debug.exe ./cmd/mgmt/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -ldflags "-H windowsgui" -o mgmt-server-windows.exe ./cmd/mgmt/*.go

Example

./telebit-mgmt --domain devices.example.com --port 3010

Copy examples/mgmt.env as .env in the working directory.

Device Management API

Create a token with the same SECRET used with the mgmt server, and add a device by its subdomain.

SECRET="xxxxxxxxxxx"
TOKEN=$(go run -mod=vendor cmd/signjwt/*.go $SECRET)

Authorize a device:

my_subdomain="xxxx"
my_mgmt_host=http://mgmt.example.com:3010
curl -X POST $my_mgmt_host/api/devices \
    -H "Authorization: Bearer ${TOKEN}" \
    -H "Content-Type: application/json" \
    -d '{ "slug": "'$my_subdomain'" }'
{ "shared_key": "ZZZZZZZZ" }

Show data of a single device

my_subdomain="xxxx"
curl -L http://mgmt.example.com:3010/api/devices/${my_subdomain} -H "Authorization: Bearer ${TOKEN}"
{ "subdomain": "sub1", "updated_at": "2020-05-20T12:00:01Z" }

Get a list of connected devices:

curl -L http://mgmt.example.com:3010/api/devices -H "Authorization: Bearer ${TOKEN}"
[{ "subdomain": "sub1", "updated_at": "2020-05-20T12:00:01Z" }]

Get a list of disconnected devices:

curl -L http://mgmt.example.com:3010/api/devices?inactive=true -H "Authorization: Bearer ${TOKEN}"

Deauthorize a device:

my_subdomain="xxxx"
curl -L -X DELETE http://mgmt.example.com:3010/api/devices/${my_subdomain} -H "Authorization: Bearer ${TOKEN}"

Relay Client

All dependencies are included, at the correct version in the ./vendor directory.

pushd mplexy/

go generate ./...

CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod vendor -o telebit-client-linux ./cmd/telebit/*.go
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -mod vendor -o telebit-client-macos ./cmd/telebit/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -o telebit-client-windows-debug.exe ./cmd/telebit/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -ldflags "-H windowsgui" -o telebit-client-windows.exe ./cmd/telebit/*.go

Configure

Command-line flags or .env may be used.

See ./telebit-client --help for all options, and examples/client.env for their corresponding ENVs.

Example

./telebit-client --acme-agree=true \
    --relay wss://devices.example.com \
    --app-id test-id --secret ZR2rxYmcKJcmtKgmH9D5Qw \
    --acme-relay http://mgmt.example.com:3010/api/dns \
    --auth-url http://mgmt.example.com:3010/api \
    --locals http://xxx.devices.example.com:8080,https://xxx.devices.example.com:8080

Local Web Application

Currently only raw TCP is tunneled.

This means that either the application must handle and terminate encrypted TLS connections, or use HTTP (instead of HTTPS). This will be available in the next release.

mkdir -p tmp-app
pushd tmp-app/

cat << EOF > index.html
Hello, World!
EOF

python3 -m http.server 3000