Request to support reverse socks5

[aa51513]

As a practical use, I need to share the intranet with socks5 under the protection of quic

That means the omnip client runing as socks5 service and the port listening on the omnip server:

[user with socks5 client]---->[omnip server]<---->[omnip client]---->[network out]

Is this a good idea or a bad idea?

[neevek]

Either forward or reverse proxy is supported, with the --upstream option, forward proxy becomes reverse proxy. For your case, you can run a forward proxy locally and a reverse proxy remotely, and chain them together with the --upstream option. To achieve QUIC protected, the local omnip node should should run with socks5:// scheme, and socks5+quic:// for the remote omnip node.

socks clients -> omnip client --- the internet --- omnip server -> socks server

With the above, traffic going through the internet are QUIC protected. Since omnip can be run as a normal http or socks proxy, the "socks server" at the end of the previous diagram can also be an omnip node.

[aa51513]

Either forward or reverse proxy is supported, with the --upstream option, forward proxy becomes reverse proxy. For your case, you can run a forward proxy locally and a reverse proxy remotely, and chain them together with the --upstream option. To achieve QUIC protected, the local omnip node should should run with socks5:// scheme, and socks5+quic:// for the remote omnip node.

socks clients -> omnip client --- the internet --- omnip server -> socks server

With the above, traffic going through the internet are QUIC protected. Since omnip can be run as a normal http or socks proxy, the "socks server" at the end of the previous diagram can also be an omnip node.

Thank you for your reply.

In my usage scenario, the network where the client is located cannot receive inbound traffic, which means that the client can only connect to the server, and what I want to do is to have the client run as a socks5 service so that the client can be accessed directly on the server .

I drew a simple diagram：

[neevek]

In my usage scenario, the network where the client is located cannot receive inbound traffic, which means that the client can only connect to the server, and what I want to do is to have the client run as a socks5 service so that the client can be accessed directly on the server .

omnip can only do one direction proxy, so it doesn't fit your senario.

But you can use rstun, which omnip bases on. It has two binaries, rstunc as the client and rstund as the server.

On the server:

rstund -a 0.0.0.0:6060 -p password

On the notebook:

rstunc --mode IN -r SERVER:1234 --addr-mapping 6022^22 -p password

With the above, a QUIC tunnel from SERVER:6022 to NOTEBOOK:22 is built, you can access your sshd on the notebook from anywhere though server's 6022 port, of course you can choose any port you like, read more on rstun's page.

[aa51513]

In my usage scenario, the network where the client is located cannot receive inbound traffic, which means that the client can only connect to the server, and what I want to do is to have the client run as a socks5 service so that the client can be accessed directly on the server .

omnip can only do one direction proxy, so it doesn't fit your senario.

But you can use rstun, which omnip bases on. It has two binaries, rstunc as the client and rstund as the server.

On the server:

rstund -a 0.0.0.0:6060 -p password

On the notebook:

rstunc --mode IN -r SERVER:1234 --addr-mapping 6022^22 -p password

With the above, a QUIC tunnel from SERVER:6022 to NOTEBOOK:22 is built, you can access your sshd on the notebook from anywhere though server's 6022 port, of course you can choose any port you like, read more on rstun's page.

neevek/rstun is another great tool ,it works thanks a lot