This project provides a solution for tunneling UDP traffic over a TLS connection. It includes both server and client components, allowing secure communication between endpoints. The project also includes a web interface for monitoring the status and statistics of the connections.
- Secure Communication: Uses TLS to encrypt UDP traffic.
- Real-time Monitoring: Web interface to monitor connection statistics.
- Cross-Platform: Can be built and run on multiple platforms.
- Server-Initiated Connections: The server initiates connections to clients, helping to bypass some Deep Packet Inspection (DPI) tools.
/templates: Contains the HTML template for the web interface./main.go: Main entry point for the application./server.go: Contains the server logic./client.go: Contains the client logic./install.sh: Script for setting up the environment and installing the service./.gitignore: Specifies files to be ignored by git.
- Go 1.20 or later
- OpenSSL
-
Clone the repository:
git clone https://github.com/alirezasn3/reverse-udp-over-tls.git cd reverse-udp-over-tls -
Run the installation script:
sudo ./install.sh
-
Create a
config.jsonfile in the root directory with the following structure:{ "role": "server", "tcpConnect": ["client_address:port"], "udpConnect": "local_udp_service_address:port", "tcpListen": "server_address:port", "udpListen": "local_udp_listen_address:port", "monitorAddress": "monitor_address:port" } -
Start the service:
sudo systemctl start reverse-udp-over-tls sudo systemctl status reverse-udp-over-tls
- Configure the server in
config.jsonwith the role set to"server". - Start the server:
sudo systemctl start reverse-udp-over-tls
- Configure the client in
config.jsonwith the role set to"client". - Start the client:
sudo systemctl start reverse-udp-over-tls
- Access the web interface at the
monitorAddressspecified inconfig.json. - The interface displays real-time statistics for download and upload speeds, connection status, and more.
- role:
"server"or"client". - tcpConnect: List of TCP addresses the server should connect to.
- udpConnect: Local UDP service address the server should forward packets to.
- tcpListen: TCP address the client should listen on.
- udpListen: Local UDP address the client should listen on.
- monitorAddress: Address for the web interface.
One of the key features of this project is that the server initiates connections to the clients. This approach helps to bypass some Deep Packet Inspection (DPI) tools that might otherwise block or throttle client-initiated connections. By having the server initiate the connection, the traffic appears to be more legitimate and is less likely to be flagged by DPI mechanisms.
- The server continuously attempts to create a TLS connection to the client.
- Once a connection is established, the server handles the forwarding of UDP packets between the client and the local UDP service.
- This method ensures that the server is always in control of the connection, making it harder for DPI tools to detect and block the traffic.
- Build the project:
go build
- Run the application:
./reverse-udp-over-tls
This project is licensed under the MIT License.
Contributions are welcome! Please open an issue or submit a pull request.
For any questions or issues, please open an issue on the GitHub repository.
This README provides a comprehensive overview of the project, including installation, usage, and configuration details. For more information, refer to the source code and comments within the files.