Skip to content
/ QuicTunnel Public

A simple Quic Based Networking Tunnel Built with GoLang

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

td4b/QuicTunnel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
TestVMs
TestVMs
 
 
client
client
 
 
logger
logger
 
 
logo
logo
 
 
server
server
 
 
tcp
tcp
 
 
tlsconf
tlsconf
 
 
.gitignore
.gitignore
 
 
README.MD
README.MD
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

quic-tunnel

QUIC-Tunnel Logo

A simple go program that creates a networking tunnel used to route traffic between the client and the server.

Routing

You may have to add NAT rules or remove some default routes if working inside a bridged VM environment. Since the server side of the tunnel is used as the gateway.

Additional ip tables, DNAT and SNAT configuration rules can be added to the client.go or server.go configuration settings to support your routing needs.

Debug mode.

You can enable debug mode to view the TCP payloads received in the tunnel. Alternativley you can take a packet capture from one of the tunnel interfaces the program generates.

By default the debug logging is disabled to reduce round trip time and latency as the call is blocking.

Generating mTLs Certificates

How to generate the MTLs Certificates used for authentication.

Generate CA.

openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -keyout ca.key -out ca.crt -days 3650 -nodes -subj "/CN=QUIC-CA" \
-addext "basicConstraints=critical,CA:TRUE" \
-addext "keyUsage=critical,keyCertSign,cRLSign"

Generate Server cert.

openssl req -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -keyout server.key -out server.csr -nodes -subj "/CN=quic-server" \
-addext "subjectAltName=DNS:quic-server,DNS:localhost,IP:127.0.0.1" \
-addext "keyUsage=critical,digitalSignature,keyEncipherment" \
-addext "extendedKeyUsage=serverAuth"

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650 \
-extfile <(printf "basicConstraints=critical,CA:FALSE\nsubjectAltName=DNS:quic-server,DNS:localhost,IP:127.0.0.1\nkeyUsage=critical,digitalSignature,keyEncipherment\nextendedKeyUsage=serverAuth")

Generate Client Cert.

openssl req -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -keyout client.key -out client.csr -nodes -subj "/CN=quic-client" \
-addext "subjectAltName=DNS:quic-client" \
-addext "keyUsage=critical,digitalSignature,keyEncipherment" \
-addext "extendedKeyUsage=clientAuth"

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650 \
-extfile <(printf "basicConstraints=critical,CA:FALSE\nsubjectAltName=DNS:quic-client\nkeyUsage=critical,digitalSignature,keyEncipherment\nextendedKeyUsage=clientAuth")

About

A simple Quic Based Networking Tunnel Built with GoLang

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages