(客户端程序只支持linux desktop os)
User-level IP forwarding, SOCKS proxy, and HTTP proxy for VPNs that provide tun-like interface.
User-level IP forwarding, SOCKS proxy, and HTTP proxy for VPNs that provide tun-like interface.
tunsocks is a user-level SOCKS, HTTP, and port forwarding proxy for use with
VPNs that typically interact with tun devices. Rather than passing bytes to and
from the tun device, they can pass the data to and from this user-level
program. tunsocks is implemented using lwIP.
Additionally, tunsocks provides connection sharing via NAT.
tunsocks has been tested with OpenConnect:
http://www.infradead.org/openconnect/
usage: tunsocks
-L [bind_address:]bind_port:host_address:host_port
-D [bind_address:]bind_port SOCKS4a/5 proxy
-H [bind_address:]bind_port HTTP proxy
-P proxy_pac_file:bind_port HTTP server for proxy.pac
-R bind_port:host_address:host_port
-g Allow non-local clients (command line compatibility for ocproxy)
-k keep alive interval (seconds)
-m mtu (env INTERNAL_IP4_MTU)
-s domain_search[,domain_search,...] (env CISCO_DEF_DOMAIN)
-d dns,[dns,...] (env INTERNAL_IP4_DNS)
-i ip address (env INTERNAL_IP4_ADDRESS)
-n netmask
-G gateway
-S (Use slirp interface instead VPN, useful for testing)
-l Add deLay (in ms) to inbound/outbound packets (useful for testing)
-o DrOp probability ([0.0..1.0]) for inbound/outbound (useful for testing)
-p pcap_file[:netif] (Default netif 'fd', VPN input)
-u port (UDP listener port of TAP NAT with no length header, netif=ut)
-U port (UDP listener port of TAP NAT with 2 byte length header, netif=ut)
-v VDE path (Connect NAT to a VDE switch. netif=vp)
-V VDE path (Expose NAT via a reduced functionality VDE switch. netif=vs)
-t tun name (Expose NAT via a PTP TUN device. netif=tu)
-T tap name (Expose NAT via a TAP device with DHCP. netif=ta)
Some options also accept input through environmental veriables (see env
above). By default, tunsocks accepts network traffic on stdin, and outputs
network traffic on stdout. The "VPNFD" environmental variable can be used
to pass an alternate fd.
-L [bind_address:]port:host:hostport
Listen on a local port and optional bind address. When a connection
is accepted, tunsocks makes a connection on the remote network to
host:hostport and then pipes the two connections together. If
host port is not specified, it defaults to port.
-D [bind_address:]port
Start a SOCKS proxy on a local port and optional bind address. The
SOCKS proxy supports SOCKS 4, 4A, and 5. The BIND command is
accepted. If bind_address is not specified, it defaults to
localhost.
-H [bind_address:]port
Start a http/https proxy on a local port and optional bind address.
-P proxy_pac_file:port
Start a http server on localhost at the given port serving up the
specified proxy PAC file. The server will respond to requests for
'/', '/proxy.pac', and '/wpad.dat'. The file is re-read each time
it is requested.
-R port:host:hostport
tunsocks listens on the specified port on the remote network. When
a connection is accepted, tunsocks connects to host:hostport on
the local network and then pipes the two connections together. If
hostport is not specified, it defaults to port, if host is not
specified, it defaults to localhost.
-k keep alive interval (seconds)
TCP keepalive options for all connections on the remote network.
-m mtu (env INTERNAL_IP4_MTU)
MTU used for the remote network.
-s domain_search[,domain_search,...] (env CISCO_DEF_DOMAIN)
Domain search order. Follows the same order as resolv.conf(5) search
with ndots fixed at 1.
-d dns,[dns,...] (env INTERNAL_IP4_DNS)
DNS servers for the remote network.
-i ip address (env INTERNAL_IP4_ADDRESS)
IP address to use on the remote network.
-n netmask
Netmask to use on the remote network.
-g gateway
IP gateway to use on the remote network.
-S
Use slirp interface instead VPN for outbound connection. This uses
the host's IP stack to make outbound connections.
-l delay_ms
Add a delay (in ms) to inbound/outbound packets (useful for testing).
-o probability
Set a probability for dropping packets for inbound/outbound (useful
for testing).
-p pcap_file[:netif]
If specified, all traffic is saved to the specified file in pcap
format. The default interface is 'fd', which is the VPN interface.
-u port
Provides a NAT connection to the VPN via raw packets. The network
provides a DHCP server that assigns clients an IP address, subnet,
default route, DNS server, and domain names appropriately. The network
is 10.0.4.0/24.
tunsocks will listen for raw Ethernet packets on the given UDP port.
Whenever it receives a packet, it will associated the sender's hardware
address with the sender's IP and port. Any packets destined for the
sender's IP address will be returned. Any packets destined for the
broadcast address will be sent to all current clients.
The netif name for use with -p i- 'ut'.
-U port
Like -u, but all packets include a 2 byte big-endian length header.
-v VDE path
Like -u, but connects to the given VDE switch. The network is
10.0.5.0/24. The netif name is 'vp'.
-V VDE path
Like -u, but emulates a VDE switch. The network is 10.0.6.0/24. The
netif name is 'vs'.
-T tap name
Like -u but sends and receives packets via a supplied TAP device. The
network is 10.0.7.0/24. The netif name is 'ta'.
-t tun name
Like -T but operates with TUN devices at the IP layer. This operates
as a point-to-point interface and does not supply a DHCP server. The
client must correctly configure IP and DNS settings. The IP address
of the point-to-point device is 10.0.8.1. The netif name is 'tu'.
Examples:
openconnect --script-tun --script "tunsocks -D 8080 -R ssh \
-L 8888:webproxy.example.com:80" vpn.example.com
tunsocks is configured to start a SOCKS server on localhost at port 8080.
SSH connections on the remote network to our given IP address will connect
to our local SSH server. A HTTP proxy is available on the remote network
for accessing specific hosts, it is accessible via localhost:8888.
Openconnect sets the other necessary parameters via environmental variables.
from https://github.com/russdill/tunsocks
https://github.com/russdill/tunsocks/issues/11
https://github.com/russdill/tunsocks/issues/5
No comments:
Post a Comment