{"id":21814312,"url":"https://github.com/snawoot/steady-tun","last_synced_at":"2025-06-21T13:36:21.739Z","repository":{"id":49435375,"uuid":"248045777","full_name":"Snawoot/steady-tun","owner":"Snawoot","description":"Secure TLS tunnel with pool of prepared upstream connections","archived":false,"fork":false,"pushed_at":"2024-12-07T13:05:06.000Z","size":76,"stargazers_count":98,"open_issues_count":0,"forks_count":4,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-05-19T20:06:17.602Z","etag":null,"topics":["network-wrapper","pool-server","pooling","pooling-utility","security","ssl","ssl-pool","tcp-proxy","tls","tls-proxy","tls-tunnel"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Snawoot.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-17T18:35:33.000Z","updated_at":"2025-04-23T02:38:18.000Z","dependencies_parsed_at":"2024-06-19T04:10:42.849Z","dependency_job_id":"4fd65210-6175-4f2f-bffc-8d03d77c21e6","html_url":"https://github.com/Snawoot/steady-tun","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/Snawoot/steady-tun","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Snawoot%2Fsteady-tun","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Snawoot%2Fsteady-tun/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Snawoot%2Fsteady-tun/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Snawoot%2Fsteady-tun/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Snawoot","download_url":"https://codeload.github.com/Snawoot/steady-tun/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Snawoot%2Fsteady-tun/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261130017,"owners_count":23113926,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["network-wrapper","pool-server","pooling","pooling-utility","security","ssl","ssl-pool","tcp-proxy","tls","tls-proxy","tls-tunnel"],"created_at":"2024-11-27T14:37:37.392Z","updated_at":"2025-06-21T13:36:16.711Z","avatar_url":"https://github.com/Snawoot.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# steady-tun\n\n[![steady-tun](https://snapcraft.io//steady-tun/badge.svg)](https://snapcraft.io/steady-tun)\n\nSecure TLS tunnel with pool of prepared upstream connections\n\nAccepts TCP connections on listen port and forwards them, wrapped in TLS, to destination port. steady-tun maintains pool of fresh established TLS connections effectively cancelling delay caused by TLS handshake. Optionally it can be used as just TCP connection pool (option `-tls-enabled=false`).\n\nsteady-tun may serve as drop-in replacement for stunnel or haproxy for purpose of secure tunneling of TCP connections. Thus, it is intended for use with stunnel or haproxy on server side, accepting TLS connections and forwarding them, for example, to SOCKS proxy. In such configuration make sure your server timeouts long enough to allow fit lifetime of idle client TLS sessions (-T option).\n\nsteady-tun can be used with custom CAs and/or mutual TLS auth with certificates.\n\n---\n\n:heart: :heart: :heart:\n\nYou can say thanks to the author by donations to these wallets:\n\n- ETH: `0xB71250010e8beC90C5f9ddF408251eBA9dD7320e`\n- BTC:\n  - Legacy: `1N89PRvG1CSsUk9sxKwBwudN6TjTPQ1N8a`\n  - Segwit: `bc1qc0hcyxc000qf0ketv4r44ld7dlgmmu73rtlntw`\n\n---\n\n## Features\n\n* Based on proven TLS security and works with well-known server side daemons for TLS termination like haproxy and stunnel.\n* Firewall- and DPI-proof: connections are indistinguishable from HTTPS traffic.\n* Greater practical performance comparing to other TCP traffic forwading solutions thanks to separate TLS session for each TCP connection.\n* Hides TLS connection delay with connection pooling.\n* Supports TLS SNI (server name indication) spoof - it may be useful to bypass SNI based filters in firewalls.\n* Cross-plaform: runs on Linux, macOS, Windows and other Unix-like systems.\n\n## Installation\n\n#### Pre-built binaries\n\nPre-built binaries available on [releases](https://github.com/Snawoot/steady-tun/releases/latest) page.\n\n#### From source\n\nAlternatively, you may install steady-tun from source:\n\n```\ngo install github.com/Snawoot/steady-tun@latest\n```\n\n#### From Snap Store\n\n[![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-black.svg)](https://snapcraft.io/steady-tun)\n\n```sh\nsudo snap install steady-tun\n```\n\n#### Docker\n\n```sh\ndocker run -it --rm -v certs:/certs -p 57800:57800 \\\n    yarmak/steady-tun \\\n    -dsthost proxy.example.com \\\n    -dstport 443 \\\n    -cert /certs/user.pem \\\n    -key /certs/user.key \\\n    -cafile /certs/ca.pem \\\n    -ttl 300s\n```\n\n## Usage example\n\n```sh\n~/go/bin/steady-tun \\\n    -dsthost proxy.example.com \\\n    -dstport 443 \\\n    -cert user.pem \\\n    -key user.key \\\n    -cafile ca.pem \\\n    -ttl 300s\n```\n\nCommand in this example will start forwarding TCP connections from default local port 57800 to `proxy.example.com:443`. Authentication is performed with client certificate and key. Server verification is performed with custom certificate in file ca.pem.\n\n## Synopsis\n\n```\n$ ~/go/bin/steady-tun -h\nUsage of steady-tun:\n  -backoff duration\n    \tdelay between connection attempts (default 5s)\n  -bind-address string\n    \tbind address (default \"127.0.0.1\")\n  -bind-port uint\n    \tbind port (default 57800)\n  -cafile string\n    \toverride default CA certs by specified in file\n  -cert string\n    \tuse certificate for client TLS auth\n  -dialers uint\n    \tconcurrency limit for TLS connection attempts (default 16)\n  -dns-cache-ttl duration\n    \tDNS cache TTL (default 30s)\n  -dns-neg-cache-ttl duration\n    \tnegative DNS cache TTL (default 1s)\n  -dsthost string\n    \tdestination server hostname\n  -dstport uint\n    \tdestination server port\n  -hostname-check\n    \tcheck hostname in server cert subject (default true)\n  -key string\n    \tkey for TLS certificate\n  -pool-size uint\n    \tconnection pool size (default 50)\n  -timeout duration\n    \tserver connect timeout (default 4s)\n  -tls-enabled\n    \tenable TLS client for pool connections (default true)\n  -tls-servername string\n    \tspecifies hostname to expect in server cert\n  -tls-session-cache\n    \tenable TLS session cache (default true)\n  -ttl duration\n    \tlifetime of idle pool connection in seconds (default 30s)\n  -verbosity int\n    \tlogging verbosity (10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical) (default 20)\n  -version\n    \tshow program version and exit\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnawoot%2Fsteady-tun","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsnawoot%2Fsteady-tun","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnawoot%2Fsteady-tun/lists"}