Readme
NETunnel is a tool to create network tunnels over HTTP/S written in Python 3.
It can be used both in a client-server and in a server-server model.
pip install netunnel
We officially support Python 3.6+.
The following example creates an HTTP tunnel from the client to the server's port 22 (SSHD service).
Running the server: (In production, use --config-path to preserve changes)
$ python -m netunnel.server
The server is running in stateless mode. Use --config-path to generate a config file
netunnel_server - INFO - Generating default secret-key
netunnel_server - INFO - Starting server on 127.0.0.1:4040
Running the client:
$ python -m netunnel.client --remote-port 22
Opening tunnel to the server...
Tunnel entrance socket: 127.0.0.1:54781
Tunnel exit socket: 127.0.0.1:22
The server's SSHD service is now accessible from the client:
$ ssh -p 54781 localhost
Please take a look at the examples directory for additional usages.
Connection1 -> Websocket1 -> ->
Connection2 -> Tunnel Entrance -> Websocket2 -> Tunnel Exit -> Service
Connection3 -> Websocket3 -> ->
There are 2 core objects which performs the tunnelling:
When a normal tunnel is created, the client creates an InputTunnel and the server creates an OutputTunnel, while reverse tunnels are essentially the server is creating InputTunnel while the client is creating an OutputTunnel.
InputTunnel is initialized with a feeder of websockets that the client/server provides, so that the implementation can be generic. In reverse tunnels, The server uses the channel to request the client for a new websocket when it needs to feed a new websocket.
The server's configuration file is optional, but recommended in production environments.
When running the NETunnel server, you can provide a path to a configuration file using -c or --config-path flags,
and the server will generate a default configuration file at that location.
If there is an existing configuration in that path, the server will load it, and merge it with its default
configurations, and for any change that was made dynamically to the server using the API, it will commit it to
the configuration file.
The configuration file is in JSON format and support the following keys:
allowed_tunnel_destinations - A key-value mapping of IPs and ports(as strings separated by comma) allowed to be
used as a tunnel's exit sockets. The special symbol * supported to allow all ports for a certain IP.
Defaults to {"127.0.0.1": "*"}secret_key - A passphrase used as an encryption key for sensitive settings to avoid storing them in the disk as plain text.
The key is generated automatically, but we recommend using the -s/--secret-key when running the server which will avoid
storing the key in the configuration file. Setting the environment variable NETUNNEL_SECRET_KEY will behave just the
same as the flag, and won't be stored in the configuration. If you wish to decrypt, encrypt, or generate a key manually, see
python -m netunnel.common.security.peers - A list of remote NETunnel servers that can be used to set static tunnels (See Peers in the Additional Features).
For an example of how to set a peer, look at examples/server-server.allow_unverified_ssl_peers - When set to true, remote peers certificates won't be verified. Defaults to false.revision - Currently unused. This will be used for configuration migrations purposes. You should not modify
this field manually in any use case.http_proxy - Settings for an optional global HTTP proxy to use for any requests the server may need to make, for
example to remote peers. The setting include a key-value mapping of the following:
proxy_url - The URL to the remote proxy serverusername - An encrypted (using the secret_key) username stringpassword - An encrypted (using the secret_key) password stringA useful feature of NETunnel configuration is that it can parse environment variables on load to modify the default
values of any key. The configuration will search for variables starting with the prefix NETUNNEL_, following by the
uppercase of any existing key. The value is expected to be in JSON format.
For example, in POSIX environments, running:
export NETUNNEL_ALLOWED_TUNNEL_DESTINATIONS='{"127.0.0.1": "22"}'
export NETUNNEL_ALLOW_UNVERIFIED_SSL_PEERS='true'
python -m netunnel.server
Will change the default allowed_tunnel_destinations to {"127.0.0.1": "22"}
and the default allow_unverified_ssl_peers to true.
An example for a configuration file: examples/netunnel.example.conf
--proxy-url --proxy-username --proxy-password to configure a proxy
for the client. When used in a server-server model, there can be a global proxy used by the server to connect with.
The credentials of the global proxy in that case are stored encrypted in the server's configuration using a secret_key.--auth-plugin. A plugin example: examples/secret-auth-pluginimportlib-metadata to the lowest.FAQs
A tool to create network tunnels over HTTP/S written in Python 3
We found that netunnel demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.