Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/zbo14/tete

Encrypted p2p connections through firewalls
https://github.com/zbo14/tete

golang hole-punching nats p2p tcp tls unix

Last synced: 2 months ago
JSON representation

Encrypted p2p connections through firewalls

Host: GitHub
URL: https://github.com/zbo14/tete
Owner: zbo14
License: isc
Created: 2021-06-18T03:03:07.000Z (over 3 years ago)
Default Branch: develop
Last Pushed: 2021-07-01T15:15:01.000Z (over 3 years ago)
Last Synced: 2024-06-20T22:37:11.523Z (8 months ago)
Topics: golang, hole-punching, nats, p2p, tcp, tls, unix
Language: Go
Homepage:
Size: 33.2 KB
Stars: 4
Watchers: 3
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # tete

As in *tête-à-tête*.

Peer-to-peer TLS connections through firewalls via TCP hole-punching.

## Why?

The goal: easily allow 2 peers to establish a secure connection after exchanging public IP addresses and port numbers.

However, there are several difficulties with creating and maintaining encrypted p2p connections:

* NAT routers blocking/dropping TCP connections between peers on different networks

* Coordinating TLS negotiation when neither peer is hosting a persistent server on a domain

* Adapting to socket APIs that are based on a client-server paradigm

`tete` addresses these challenges and creates abstractions that hopefully make secure p2p communication easier for people and other applications.

This repository contains a command line tool that does the following:

* Establish TLS connections between peers on different networks

* Read data from stdin and send it over a connection

* Read encrypted data from connection and write decrypted data to stdout

This makes `tete` easy to use with other tools (e.g. by piping to UNIX commands or other CLIs).

## Install

`go get -u github.com/zbo14/tete`

## Usage

Suppose Alice (rather, the router on her home network) has public IPv4 address "1.2.3.4". Her computer has a process listening on port 12345.

Bob is behind a router with public IPv4 address "5.6.7.8". His machine is listening on port 56789.

In her terminal, Alice would type:

`$ tete -myip 1.2.3.4 -peerip 5.6.7.8 -lport 12345 -rport 56789`

In his terminal, Bob would type:

`$ tete -myip 5.6.7.8 -peerip 1.2.3.4 -lport 56789 -rport 12345`

**Note:** each peer *must* specify their own public IP address. IP address comparison determines which peer acts as a server and which acts as a client in the TLS handshake.

After pressing enter, they both should see the following printed to stderr:

`  Connected to peer!`

Now, they can write to stdin to send data over the secure connection and read data from stdout.

The connection closes when Alice or Bob issues an interrupt signal.

They should see the following printed to stderr:

`  Closed connection` or `  Peer closed connection`

```

Usage of tete:

    -h  show usage information and exit

    -k  enable TCP keepalives

    -lport int

        local port you're listening on (default 54312)

    -myip string

        your public IPv4/IPv6 address

    -peerip string

        peer's public IPv4/IPv6 address

    -rport int

        remote port the peer's listening on (default 54312)

```