{"id":13775688,"url":"https://github.com/cmars/ormesh","last_synced_at":"2025-05-11T08:33:05.452Z","repository":{"id":138274598,"uuid":"110305881","full_name":"cmars/ormesh","owner":"cmars","description":"[UNMAINTAINED: Try https://github.com/cmars/oniongrok instead] onion-routed mesh","archived":true,"fork":false,"pushed_at":"2022-01-23T18:03:53.000Z","size":1321,"stargazers_count":60,"open_issues_count":0,"forks_count":5,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-08-03T17:12:10.002Z","etag":null,"topics":["hidden-services","nat","nat-traversal","networking","tor","tor-browser","tor-configuration"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cmars.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-11-11T00:38:07.000Z","updated_at":"2024-05-10T22:32:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"0b3aaee6-5228-4fc7-b3e4-b005698bc254","html_url":"https://github.com/cmars/ormesh","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmars%2Formesh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmars%2Formesh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmars%2Formesh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmars%2Formesh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cmars","download_url":"https://codeload.github.com/cmars/ormesh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225027507,"owners_count":17409448,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hidden-services","nat","nat-traversal","networking","tor","tor-browser","tor-configuration"],"created_at":"2024-08-03T17:01:46.188Z","updated_at":"2024-11-17T10:31:51.967Z","avatar_url":"https://github.com/cmars.png","language":"Go","funding_links":[],"categories":["\u003ca id=\"6e80463404d46f0493cf6e84597e4b5c\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"e99ba5f3de02f68412b13ca718a0afb6\"\u003e\u003c/a\u003eTor\u0026\u0026\u0026Onion\u0026\u0026洋葱"],"readme":"# UNMAINTAINED\n\nThis project is no longer maintained and is here for historical / archival purposes only.\n\nI've developed a better tool for this sort of thing: https://github.com/cmars/oniongrok\n\n---\n\n# ormesh - the onion-routed mesh\n\n![mesh bag of onions](onion-mesh.jpg)\n\normesh helps you connect services through [Tor](https://www.torproject.org/).\n\n## Why?\n\nAbstract away geography and network topologies.\n\nDisregard container networking, NATs, firewall policies, possibly even traffic\nshaping and protocol filtering, if you throw bridges and obfsproxy into the\nmix.\n\nAccess services running almost anywhere, from just about anywhere else.\n\n## How?\n\nTor is well-suited to traversing all kinds of networks between services and the\nclients that would consume them. Tor provides resilient network infrastructure\nwith no single point of failure.\n\nTor hidden services can be deployed in a [private, authenticated mode](https://www.torproject.org/docs/tor-manual.html.en#HiddenServiceAuthorizeClient),\nwhich keeps services from being generally accessible.\n\normesh helps manage the configuration and auth token exchange necessary to\ndeploy a private backplane to connect infrastructure.\n\n## What kind of services?\n\nHTTP, email, messaging, sensors \u0026 actuators, home automation, and file\nsynchronization are just some ideas to get you started.\n\nIn general, services that require little bandwidth or tolerate latency. With\normesh, they can be accessed without the hassle of setting up iptables, NAT\nport forwarding, VPNs, TLS, and without relying on central rendezvous servers.\n\n## What ormesh isn't\n\normesh is not a VPN in the conventional sense.\n\normesh is not intended for operating unauthenticated anonymous hidden services.\nAnonymity is an interesting side-effect of building on Tor, but it is not a\npriority for ormesh, nor it is guaranteed for all use cases. Users are\nresponsible for evaluating ormesh (and its Tor configuration) and deciding\nwhether it meets security requirements and threat models.\n\nLow-latency, high bandwidth applications may not perform well over ormesh's Tor\nconfiguration. Improvements here are possible (by trading anonymity for\nimproved latency and network throughput) but not yet implemented.\n\nTor only routes TCP traffic.\n\n# Install\n\n## macOS\n\n[Install Homebrew](https://brew.sh/). [Install Tor Browser](https://www.torproject.org/download/download-easy.html.en). Then:\n\n    brew tap cmars/ormesh\n    brew install ormesh\n\normesh operates the Tor executable that comes with Tor Browser.\n\n## Windows\n\n[Install Tor Browser](https://www.torproject.org/download/download-easy.html.en). Then,\ndownload an ormesh binary tarball [release](releases), extract and install\n`ormesh.exe` into your `%PATH%`.\n\nLike macOS, ormesh on Windows relies on Tor Browser. The Windows default config\nexpects to find Tor Browser installed to the current user's Desktop.\n\nFair warning, I've not really tested much on Windows..\n\n## Debian \u0026 Ubuntu Linux\n\n### curl | bash\n\nRead the script before running if you like. It will install ormesh to /usr/bin,\ninstall Tor standalone from official torproject archives, `setcap` ormesh to\nallow privileged port binding, and install ormesh as a systemd service.\n\n    curl https://git.io/vFN94 -sSfL | bash\n    \n### Snap packaging\n\n    sudo snap install --edge ormesh\n\nThe snap package does not work well for some use cases so it's considered\nexperimental. I've had trouble installing into containers and binding to\nprivileged ports.\n\n## Docker\n\n    docker run --name ormesh -d cmars/ormesh:0.2.0\n\nMake it persistent and automatically start up:\n\n    docker run --name ormesh -d \\\n        -v /srv/ormesh-config:/var/lib/ormesh cmars/ormesh:0.2.0\n\n## Other options\n\nDownload an ormesh binary tarball [release](releases) or build from source:\n\n[Install Go](https://golang.org/doc/install).\n\nDownload and build ormesh:\n\n    go get -u github.com/cmars/ormesh\n\n# Configuration\n\n## Exporting local services\n\nExport services running locally as Tor hidden services.\n\n```\n$ ormesh export add 22\n$ ormesh export add 80\n```\n\nExport services on other hosts.\n\n```\n$ ormesh export add 192.168.1.19:8000\n```\n\n## Adding clients\n\nEach client gets an auth token string that grants access to the exported\nservices. Without the auth token, the hidden service is not accessible.\n\nThis string should be securely sent to the user of `my-MacBook`:\n\n```\n$ ormesh client add my-MacBook\nfl3scqcsbitwf7zb.onion x29A3kzv4hrYvBhTkPMV2h\n```\n\n## Launch the agent\n\nThe agent will operate Tor, implementing the configured export and client\naccess policies.\n\n```\n$ ormesh agent run\n```\n\nOn Linux, the agent will launch Tor and run it as a subprocess until\ninterrupted or terminated.\n\nOn macOS and Windows, the agent will connect to the Tor process launched with\nthe Tor Browser and exit after applying changes to the Tor configuration --\nunless remote services are imported locally.\n\n## Add a remote service, with client authentication\n\nOn the machine `my-MacBook`, start Tor Browser, and then add a remote using the\nonion address and auth token displayed by `client add` above.\n\n```\n$ ormesh remote add my-server fl3scqcsbitwf7zb.onion x29A3kzv4hrYvBhTkPMV2h\n```\n\n```\n$ ormesh remote show my-server\nfl3scqcsbitwf7zb.onion\n```\n\n## Display an SSH config entry\n\nDisplay an ssh-config(5) stanza for the remote.\n\n```\n$ ormesh remote ssh-config my-server\nHost my-server\n  ProxyCommand nc -X 5 -x localhost:9250 %h %p\n  Hostname fl3scqcsbitwf7zb.onion\n```\n\n## Importing remote services\n\nSet up local port forwarding to remote services with _imports_. The agent will\nforward connections to local ports to the corresponding remote service until\nthe process is interrupted or terminated.\n\nForward local port 10022 to port 22 on the remote:\n\n```\n$ ormesh import add website 22 127.0.0.1:10022\n$ ormesh agent run\n```\n\nListen on all addresses to create a public ingress to a remote service. Useful\nfor circumventing inbound port blocks where the service is running. For\nexample, you want to physically locate your email server in a mobile camper,\nyour ISP blocks SMTP inbound, and your IP address changes often. Import your\nservices from a cloud instance with a public IP and DNS.\n\n```\n$ ormesh agent privbind\n$ ormesh import add mailinabox 25 0.0.0.0:25\n$ ormesh import add mailinabox 587 0.0.0.0:587\n$ ormesh agent run\n```\n\n# Operating the agent\n\n```\n$ ormesh agent run\n```\n\nConfiguration changes made while the agent is running are applied immediately.\n\n## Setting up systemd\n\nDisplay a systemd unit file that will run ormesh, from its current installed\nbinary path.\n\n```\n$ ormesh agent systemd\n[Unit]\nDescription=ormesh - onion-routed mesh\n\n[Service]\nExecStart=/path/to/ormesh agent run\nRestart=always\nUser=ubuntu\n\n[Install]\nWantedBy=default.target\n```\n\n## Docker\n\nThe ormesh image supports configuration by environment variables: \n\n    docker run --name ormesh -d \\\n        -e 'ORMESH_EXPORTS=80' \\\n        -e 'ORMESH_CLIENTS=desktop;laptop' cmars/ormesh:0.2.0\n\nwill preconfigure ormesh to export 127.0.0.1:80 to clients named \"desktop\" and\n\"laptop\".\n\nDisplay the client's onion address \u0026 auth cookie by \"adding\" them again\n(`client add` is idempotent):\n\n    docker exec ormesh /ormesh client add desktop\n\nOther configuration commands can be applied with `docker exec` while the\ncontainer is running, changes are applied immediately.\n\n# Orbot integration\n\n    ormesh client add --qr my-phone\n\nDisplays a QR code in the terminal that Orbot can read, to import the client\nauth token. For best results, make sure your terminal is at least 80x40 and\nsupports ANSI codes.\n\n- Open Orbot.\n- From the menu, choose: \"Hidden Services\" -\u003e \"Client cookies\"\n- From the menu, choose: \"Read from QR\" and then scan the QR code displayed in the\n  terminal.\n- Restart Orbot.\n\nThis authorizes Orbot to be able to connect to the hidden service.\n\nThe onion address can then be accessed from apps that connect through Tor.\nOrfox or \"Apps VPN mode\" for other applications.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcmars%2Formesh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcmars%2Formesh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcmars%2Formesh/lists"}