Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/parazyd/tlstun

Simple Go program to add TLS support to other listeners
https://github.com/parazyd/tlstun

client-verification go golang tcp tls tls-certificate tls-proxying

Last synced: about 1 month ago
JSON representation

Simple Go program to add TLS support to other listeners

Host: GitHub
URL: https://github.com/parazyd/tlstun
Owner: parazyd
License: agpl-3.0
Created: 2019-02-13T19:11:29.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2021-04-26T09:16:18.000Z (over 3 years ago)
Last Synced: 2024-06-20T10:03:53.281Z (5 months ago)
Topics: client-verification, go, golang, tcp, tls, tls-certificate, tls-proxying
Language: Go
Homepage:
Size: 51.8 KB
Stars: 4
Watchers: 4
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

tlstun
======

tlstun is a simple Go program that will add TLS support for your
programs that do not have it.

It simply proxies from one TLS-listening host:port to another plaintext
(or TLS if using `-forwardtls`) host:port. If TLS is not your thing,
you can also proxy plain TCP traffic.

Installation
------------

```
$ go get github.com/parazyd/tlstun
```

Make sure you generate or acquire a TLS certificate keypair to use with
tlstun.

Usage
-----

```
Usage of ./tlstun:
-cacert string
Path for CA certificate file (default "ca.pem")
-cert string
Path for Certificate file (default "server.pem")
-forward string
Forward address (default "127.0.0.1:72")
-forwardtls
Forward using TLS
-key string
Path for Key file (default "server-key.pem")
-listen string
Listen address (default "127.0.0.1:7443")
-notls
Disable TLS and tunnel plain TCP
-tlsver int
TLS version to use (11, 12, 13) (default 13)
-verbose
Verbose mode
-verifyclient
Do client verification
```

tlstun supports two different ways of multiplexing, one being normal TLS
proxying, and the other being TLS proxying with client certificate
authentication. In addition to this, tlstun can also opt-out of TLS and
proxy plain TCP without encryption by using the `-notls` flag.

### Without client verification

Start tlstun with `-cert` and `-key`, and it will simply provide a TLS
forward to its destination with the given TLS certificate.

### With client verification

With client verification, start tlstun with `-cacert`, `-cert`, `-key`,
and `-verifyclient` and it will do client certificate verification. This
means it will only allow access from clients providing a certificate
signed by the CA certificate that is being loaded/used with tlstun on
startup with `-cacert`.