{"id":20284509,"url":"https://github.com/artyom/tlstun","last_synced_at":"2025-07-18T00:03:18.638Z","repository":{"id":52235690,"uuid":"113593540","full_name":"artyom/tlstun","owner":"artyom","description":"Basic socks5 over TLS proxy","archived":false,"fork":false,"pushed_at":"2024-12-12T12:45:59.000Z","size":1276,"stargazers_count":64,"open_issues_count":3,"forks_count":13,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-20T10:08:39.724Z","etag":null,"topics":["socks5-proxy","tls-tunnel","vpn"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/artyom/tlstun/v2","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/artyom.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-08T16:16:26.000Z","updated_at":"2025-05-02T18:09:07.000Z","dependencies_parsed_at":"2025-02-18T22:01:22.867Z","dependency_job_id":null,"html_url":"https://github.com/artyom/tlstun","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/artyom/tlstun","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artyom%2Ftlstun","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artyom%2Ftlstun/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artyom%2Ftlstun/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artyom%2Ftlstun/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/artyom","download_url":"https://codeload.github.com/artyom/tlstun/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artyom%2Ftlstun/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265682808,"owners_count":23810742,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["socks5-proxy","tls-tunnel","vpn"],"created_at":"2024-11-14T14:19:59.234Z","updated_at":"2025-07-18T00:03:18.392Z","avatar_url":"https://github.com/artyom.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"Command tlstun implements basic VPN over TLS (both client and server).\n\nClient part is expected to be run locally and used by local services as a\nsocks5 proxy. Client establishes TLS session to the server running on some\nremote host that performs outgoing requests on behalf of requests made to\nthe client.\n\nClient and server authenticate each other with certificates which can be\ncreated with openssl or https://github.com/artyom/gencert\n\n\nUsage example\n\nGenerate server and client side certificates, they can be signed by the same\nCA and saved using PEM encoding into a single file. Certificate keys should\nalso be saved as a separate PEM-encoded files. With gencert tool from\nhttps://github.com/artyom/gencert this can be done as:\n\n    gencert -hosts my.domain.tld\n\nThis produces five files in the current directory: client certificate + key\npair, another pair for the server and a certificate authority certificate.\nNote that my.domain.tld should point to the host you plan running server\npart of tlstun.\n\nNow configure tlstun to run on the server that could be reached at\nmy.domain.tld like this:\n\n    tlstun server -addr=:9000 -ca=ca.pem \\\n    \t-cert=server-cert.pem -key=server-key.pem\n\nThe client part is expected to be running locally (on a laptop/workstation,\netc.):\n\n    tlstun client -addr=127.0.0.1:1080 -ca=ca.pem \\\n    \t-cert=client-cert.pem -key=client-key.pem \\\n    \tmy.domain.tld:9000\n\nClient is now listening on localhost port 1080 and local software can be\nconfigured to use this endpoint as a socks5 proxy.\n\nClient may be configured to work with multiple servers:\n\n    tlstun client -addr=127.0.0.1:1080 -ca=ca.pem \\\n    \t-cert=client-cert.pem -key=client-key.pem \\\n    \tmy.domain.tld:9000 other.domain.tld:9000\n\nBy default client will periodically evaluate all endpoints and prefer one\nwhich replies first. This check may be disabled with -no-check flag.\n\nInstead of listing endpoints directly, client may discover them from SRV DNS\nrecords. If -discover=domain.tld flag is set, client ignores any endpoints\ngiven on the command line and instead looks up SRV record\n_tlstun._tcp.domain.tld, which must follow standard format to specify\nhost/port pairs.\n\n\nHTTPS compatible mode\n\nServer may be configured to automatically issue certificate from ACME\nprovider (currently is's Let's Encrypt). For this to work, server must be\nexposed over port 443 and it also doubles as an https endpoint. By default\nit replies with 404 Not Found, but can optionally be configured to serve\nstatic files from file system directory:\n\n    tlstun server -addr=:443 -ca=ca.pem -acme \\\n    \t-acme-domain=domain.tld -acme-email=you@domain.tld \\\n    \t-acme-cache=/var/cache/acme \\\n    \t-httproot=/var/www/domain.tld\n\nServer may also be run with -dns-tls flag, which enables resolving via\nDNS-over-TLS providers (currently Cloudflare and Quad9).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fartyom%2Ftlstun","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fartyom%2Ftlstun","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fartyom%2Ftlstun/lists"}