{"id":29754147,"url":"https://github.com/azumi67/icmp_tun","last_synced_at":"2025-07-26T15:19:07.833Z","repository":{"id":305211660,"uuid":"1022273567","full_name":"Azumi67/icmp_tun","owner":"Azumi67","description":"IP over ICMP - A lightweight ICMP-based tunnel over a TUN interface, written in C++17 and optional ChaCha20-Poly1305 encryption. This tool encapsulates IP traffic in ICMP echo packets, allowing you to bypass certain network restrictions.","archived":false,"fork":false,"pushed_at":"2025-07-25T16:53:34.000Z","size":46,"stargazers_count":9,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-25T23:37:15.267Z","etag":null,"topics":["azumi","icmp","icmp-tunnel"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Azumi67.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-18T18:52:08.000Z","updated_at":"2025-07-25T16:53:37.000Z","dependencies_parsed_at":"2025-07-18T23:36:01.061Z","dependency_job_id":"9bb436ce-60e8-463e-873e-35e7e6cfc410","html_url":"https://github.com/Azumi67/icmp_tun","commit_stats":null,"previous_names":["azumi67/icmp_tun"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Azumi67/icmp_tun","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azumi67%2Ficmp_tun","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azumi67%2Ficmp_tun/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azumi67%2Ficmp_tun/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azumi67%2Ficmp_tun/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Azumi67","download_url":"https://codeload.github.com/Azumi67/icmp_tun/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azumi67%2Ficmp_tun/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267184673,"owners_count":24049251,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-26T02:00:08.937Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azumi","icmp","icmp-tunnel"],"created_at":"2025-07-26T15:19:03.772Z","updated_at":"2025-07-26T15:19:07.824Z","avatar_url":"https://github.com/Azumi67.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"#IP OVER ICMP Tunnel\n-\n\n![6348248](https://github.com/Azumi67/PrivateIP-Tunnel/assets/119934376/398f8b07-65be-472e-9821-631f7b70f783)\n**آموزش نصب با اسکریپت**\n \u003cdiv align=\"right\"\u003e\n  \u003cdetails\u003e\n    \u003csummary\u003e\u003cstrong\u003e\u003cimg src=\"https://github.com/Azumi67/Rathole_reverseTunnel/assets/119934376/fcbbdc62-2de5-48aa-bbdd-e323e96a62b5\" alt=\"Image\"\u003e \u003c/strong\u003eنصب icmp_tun\u003c/summary\u003e\n\n------------------------------------ \n\u003cp align=\"right\"\u003e\n\n  - اگر بر روی سرور شما محدودیت icmp نباشد، این تانل باید کار کند و فقط برای شرایطی هست که دسترسی محدود میباشد\n- گزینه ها را به ترتیب نصب کنید\n- - اگر نیاز به encryption دارید یک psk با اسکریپت بسازید و همین کلید را در سرور بعدی هم کپی کنید. به طور مثال اگر برنامه در /usr/local/bin/icmp_tun است در سرور مقابل هم همین مسیر باید داده شود. برای فرستادن فایل از طریق scp باید ان مسیر در سرور مقایل موجود باشد. پس برای همین اول این اسکریپت را در هر دو طرف اجرا کنید و install \u0026 build کنید تا پوشه مورد نظر در هر دو طرف سرور ساخته شود و سپس فایل psk و انتقال ان را انجام دهید\n- اگر نیازی به encryption ندارید از این مورد عبور کنید\n- سپس تانل را کانفیگ میکنیم. مسیر مورد نظری که فایل را دانلود کردیم به صورت پیش فرص در مسیر usr/local/bin/icmp_tun است. گزینه enter میزنید تا سوال بعدی پرسیده شود\n- نام دیوایس را میدهیم و سپس ایپی پابلیک هر دو سرور به ترتیب لوکال و ریموت\n- سپس ایپی پرایوت 4 خود را برای سرور لوکال و ریموت مشخص میکنیم\n- اگر مایل به encryption بودید کلید psk را میسازید و در هر دو سرور کپی میکنید و سپس y میزنید\n- مقدار mtu را 1000 میدهم و batch size را 16 یا 32 وارد میکنم\n- ایدی تانل هر دو طرف باید یکسان باشد. مقدار thread بین 1 تا 3( من 3 قرار دادم)\n- اگر میخواهید root پس از نصب به nobody نغییر یابد، این گزینه را فعال کنید\n- رنگ لاگ را هم فعال میکنم و verbose را غیرفعال میکنم\n- همین کار را در سرور روبرو انجام میدهم.\n\n**- نصب پیش نیاز ها**\n```\napt install python3 -y \u0026\u0026 sudo apt install python3-pip \u0026\u0026  pip install colorama \u0026\u0026 pip install netifaces \u0026\u0026 apt install curl -y\npip3 install colorama\nsudo apt-get install python-pip -y  \u0026\u0026  apt-get install python3 -y \u0026\u0026 alias python=python3 \u0026\u0026 python -m pip install colorama \u0026\u0026 python -m pip install netifaces\nsudo apt update -y \u0026\u0026 sudo apt install -y python3 python3-pip curl \u0026\u0026 pip3 install --upgrade pip \u0026\u0026 pip3 install netifaces colorama requests\n\n```\n- اجرای اسکریپت\n```\napt install curl -y \u0026\u0026 bash -c \"$(curl -fsSL https://raw.githubusercontent.com/Azumi67/icmp_tun/refs/heads/main/icmp.sh)\"\n```\n------------------\n\n  \u003c/details\u003e\n\u003c/div\u003e  \n\n---------------\n\nA lightweight ICMP-based tunnel over a TUN interface, written in C++17 and optional ChaCha20-Poly1305 encryption. This tool encapsulates IP traffic in ICMP echo packets, allowing you to bypass certain network restrictions(IF ICMP in your server is not restricted ofc)\n\n## Features\n\n* **TUN interface**: Creates a virtual TUN device to forward IP packets.\n* **ICMP encapsulation**: Sends and receives data in ICMP ECHO/ECHOREPLY messages.\n* **Optional encryption**: ChaCha20-Poly1305 for authenticated encryption.\n* **Multi-threaded**: Worker threads for parallel handling of packets.\n* **Daemon mode**: Run in the background as a system daemon.\n* **Logging**: Configurable verbosity and optional colored output.\n* **Root drop**: Optionally drop privileges after setup for improved security.\n\n## Prerequisites\n\n* **Linux** (kernel ≥ 3.9) with support for TUN/TAP (`/dev/net/tun`).\n* **g++** (C++17)\n* **libsodium** (for optional encryption)\n* **iproute2** (for `ip` command)\n\nOn Debian/Ubuntu systems, install dependencies with:\n\n```bash\nsudo apt update\nsudo apt install -y g++ build-essential libsodium-dev iproute2\n```\n\n## Building\n\nClone the repository and compile:\n\n```bash\ngit clone https://github.com/Azumi67/icmp_tun.git\ncd icmp-tun\n#Single - file compile\ng++ -O2 -std=c++17 icmp_tun.cpp -o icmp_tun -lsodium -pthread\n```\n\n## Generating a Pre-Shared Key (PSK)\n\nIf you plan to use encryption, generate a 32-byte random key:\n\n```bash\n#Create a 32 - byte key file\nhead -c 32 /dev/urandom \u003e psk.key\nchmod 600 psk.key\n```\n\n\u003e **Note**: You must use the *same* `psk.key` on both endpoints. To copy the key securely:\n\u003e\n\u003e * **With SCP**:\n\u003e\n\u003e   ```bash\n\u003e   scp psk.key user@remote:/path/to/psk.key\n\u003e   ```\n\u003e\n\u003e * **Without SCP**: Transfer via another secure channel (e.g., encrypted email, USB drive, or other secure file transfer), ensuring the file’s integrity and confidentiality.\n\n## Usage\n\n```bash\nsudo ./icmp_tun [OPTIONS] \u003ctun\u003e \u003clocal_public_ip\u003e \u003cremote_public_ip\u003e \u003clocal_private_ip\u003e \u003cremote_private_ip\u003e\n```\n\n## Generating a Random Tunnel ID\n\nYou can generate a 16-bit random tunnel ID (in hex) using common CLI tools:\n\n* **Using OpenSSL**:\n\n  ```bash\n  ID=\"0x$(openssl rand -hex 2)\"\n  ```\n* **Using /dev/urandom and od**:\n\n  ```bash\n  ID=\"0x$(head -c2 /dev/urandom | od -An -tu2 | awk '{printf \"%04x\", $1}')\"\n  ```\n\nThen pass `--id $ID` to `icmp_tun`:\n\n```bash\nsudo ./icmp_tun --id $ID tun0 192.0.2.1 198.51.100.1 10.0.0.1 10.0.0.2\n```\n\n## Full CLI Reference\n\n```\nUsage:\n  sudo ./icmp_tun [--daemon|-d] [--color|-c] [--mtu|-b MTU]\n                  [--verbose|-v] [--batch|-n BATCH] [--id|-i ID]\n                  [--pskkey \u003cfile\u003e] [--drop-root]\n                  [--threads|-m THREADS]\n                  \u003ctun\u003e \u003clocal_pub_ip\u003e \u003cremote_pub_ip\u003e\n                  \u003clocal_tun_ip\u003e \u003cremote_tun_ip\u003e\n```\n\n### Options\n\n* `--daemon`, `-d`\n  : Run as a background daemon.\n* `--color`, `-c`\n  : Enable colored log output.\n* `--mtu \u003cMTU\u003e`, `-b \u003cMTU\u003e`\n  : Set the TUN device MTU (default: 1000).\n* `--verbose`, `-v`\n  : Increase log verbosity (INFO level).\n* `--batch \u003cBATCH\u003e`, `-n \u003cBATCH\u003e`\n  : Number of packets to batch (default: 16).\n* `--id \u003cID\u003e`, `-i \u003cID\u003e`\n  : Tunnel identifier (ICMP echo ID, default: 0x1234).\n* `--pskkey \u003cfile\u003e`\n  : Path to 32-byte PSK file to enable encryption.\n* `--drop-root`\n  : Drop root privileges after setup (to `nobody`).\n* `--threads \u003cTHREADS\u003e`, `-m \u003cTHREADS\u003e`\n  : Number of worker threads (default: 1).\n\n### Positional Arguments\n\n1. `\u003ctun\u003e`: Name of the TUN interface (e.g., `azumi`).\n2. `\u003clocal_pub_ip\u003e`: Public IP of the Local\n3. `\u003cremote_pub_ip\u003e`: Public IP of the remote peer.\n4. `\u003clocal_tun_ip\u003e`: IP address to assign to the local TUN device (in `/30`).\n5. `\u003cremote_tun_ip\u003e`: IP address for the remote TUN endpoint.\n\n## Example\n\nOn **Machine A** (`192.0.2.1`) and **Machine B** (`198.51.100.1`), create a tunnel:\n\n```bash\n#Machine A\nsudo ./icmp_tun icmptun 192.0.2.1 198.51.100.1 10.0.0.1 10.0.0.2\n\n#Machine B\nsudo ./icmp_tun icmptun 198.51.100.1 192.0.2.1 10.0.0.2 10.0.0.1\n```\n\nWith encryption (identical `psk.key` on both sides):\n\n```bash\nsudo ./icmp_tun -c -v --pskkey psk.key icmptun 192.0.2.1 198.51.100.1 10.0.0.1 10.0.0.2\n```\n\n## Daemonizing\n\nTo run in the background, add `-d`:\n\n```bash\nsudo ./icmp_tun -d --color --pskkey psk.key tun0 A_pub B_pub A_tun B_tun\n```\n\nLogs will go to stdout (redirect or configure your service manager as needed).\n\n## Logging\n\n* **ERROR** and **WARN** always print.\n* **INFO** prints when `--verbose` is enabled.\n* **DEBUG** prints when both `--verbose` and `--color` are enabled.\n\n## Dropping Privileges\n\nUse `--drop-root` to switch to `nobody` after setup:\n\n```bash\nsudo ./icmp_tun --drop-root icmptun ...\n```\n\n## Multi thread + Batch + MTU + Colorized logs\n```\nsudo ./icmp_tun -c -b 1000 -n 32 --pskkey psk.key icmptun 192.0.2.1 198.51.100.1 10.0.0.1 10.0.0.2 -m 3 --drop-root\n```\n## Firewall \u0026 ICMP Settings\n\nBy default, the kernel accepts and replies to ICMP ECHO packets. Unless you have custom firewall or sysctl settings, no additional configuration is needed. However, if you’ve hardened your system or are running a restrictive firewall, ensure the following:\n\n* **Allow ICMP echo requests and replies**:\n\n```\n#IPv4\n  sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT\n  sudo iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT\n\n```\n\n* **Verify sysctl ICMP settings**:\n\n```\n#Ensure echo requests are not ignored\n  sysctl -w net.ipv4.icmp_echo_ignore_all=0\n  sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 \n  ```\n\nIf neither firewall rules nor sysctl blocks ICMP, you can run without special ICMP configuration.\n\n## Troubleshooting\n\n* **Permission denied**: Ensure `/dev/net/tun` is accessible and you have root.\n* **IP assignment failed**: Check `iproute2` and IP syntax.\n* **No traffic**: Verify ICMP connectivity (e.g: `ping`).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazumi67%2Ficmp_tun","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fazumi67%2Ficmp_tun","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazumi67%2Ficmp_tun/lists"}