search

xjasonlyu / tun2socks

tun2socks - powered by gVisor TCP/IP stack
https://github.com/xjasonlyu/tun2socks/wiki
GNU General Public License v3.0
3.13k stars 433 forks source link

[Feature suggestion] Provide services in the tunnel interface #150

Closed phantomcraft closed 2 years ago

phantomcraft commented 2 years ago

Description

@xjasonlyu This is only a suggestion, if you find irrelevant please tell me and I will close this topic.

Let me explain how I use tun2socks and why this would be useful.

I fire tun2socks up and move the tunnel interface to a network namespace:

ip netns add nsx
tun2socks --device tun://tun0 --proxy socks5://127.0.0.1:9050 # 9050 is Tor port
ip li set tun0 netns nsx

After this I add the addresses and setup the route in the network name:

ip netns exec nsx ip li set tun0 up
ip netns exec nsx ip address add 10.0.0.2 peer 10.0.0.1 dev tun0
ip netns exec nsx ip route add default via 10.0.0.1 dev tun0

I can connect to Internet using the network namespace, and I use to connect to my private VPN service (VPN over Tor) with OpenVPN easily using this method.

But I have some programs that need to connect via Tor while OpenVPN has configured its routes inside the network namespace. This could be solved if a HTTP/SOCKS5 proxy was available in the default gateway of tunnel interface of tun2socks.

Also, the network namespace needs a DNS resolver, and inside a enclosed network stack with no UDP connection available through tun2socks would lead to the need of using external tools, such as dns2tcp.

All these problem would be solved just providing services in the default gateway of tun2socks tunnel interface.

The services could be:

==> DNS resolving: provide a DNS resolver in the gateway of tunnel interface that forwards the DNS queries to a previously selected DNS server through the proxy server (of course, with an option for choosing TCP mode for outgoing queries, as most proxies don't support UDP).

==> Internal local proxies: Local proxy servers in the gateway address that forwards all the incoming requests to the upstream proxy in which tun2socks sends its traffic. They could be HTTP, SOCKS5 and/or SOCKS4.

==> Port forwarding: Forwards addresses:ports from the host to the default gateway of tunnel interface, making possible containers (such as LXC. Docker, systemd-nspawn and others) and network namespaces connect to services in the host side.

============================

Providing services could be very useful for containers and network namespaces.

Is this feature related to a specific bug?

No.

Do you have a specific solution in mind?

This package implements HTTP/SOCKS4 proxy: https://github.com/dumpmemory/proxy

This implements SOCKS4/SOCKS4a: https://github.com/h12w/socks

This implements DNS: https://github.com/miekg/dns

These 2 packages implement port forwarding: https://github.com/joegrasse/goburrow -- https://github.com/vladikr/goforwarding

github-actions[bot] commented 2 years ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days