In this diagram, the client side starts the service and the Raido proxy server on its side. Then the Agent is started on the server side to connect to our proxy server via the QUIC protocol. The client can then open a tunnel between the server, interact with local resources (access to local ports is provided by reserved addresses 240.0.0.0/4 that are generated for each tunnel when it is opened) and IP addresses of the same network where the server itself is located as if they were in the same network. Also, the Raido proxy server supports multi-connections and manual management of available addresses.
Warning
The functionality was tested only on Linux machines.
The program may work unstable because there are no tests.
- Application
- No Wireguard, SOCKS, Proxychains
- Userspace network stack with gVisor
- Traffic tunneling over QUIC
- Easy to use
- Possible to run in daemon mode
- Automatic management of TUN interfaces
- Self-signed certificates
- Pause and resume tunnels
- Loopback routing using network range (240.0.0.0/4)
- Network
- TCP
- UDP
- IPv4
- IPv6
Bidirectional UDP access to proxy on one port.
Privileged access to create and configure the TUN interface.
proxy ❯❯ raido --help # help options
proxy ❯❯ raido service run # for foreground mode
Or you can install raido as daemon and start it.
proxy ❯❯ raido service --help # servie help options
proxy ❯❯ raido service install # install raido.service
proxy ❯❯ raido service start # start raido in daemon mode
proxy ❯❯ raido service status # check raido.service status
proxy ❯❯ raido proxy start # start proxy server by default on address 0.0.0.0:8787
agent ❯❯ agent -pa 10.1.0.2:8787 -ch $(CERT_HASH)
proxy ❯❯ raido agent list # print all agents and their available routes in a table
proxy ❯❯ raido tunnel start --agent-id R6QXeSMXTL2attGG8YEsr6 # the command creates the tun interface and adds all routes
proxy ❯❯ raido tunnel list
That's it, now you can send requests directly to these addresses.
Note
Each time a new tunnel is started, raido obtains an available IP address in the 240.0.0.0/4 range and adds it to the device's routes to forward requests for that address to the localhost services on the remote host.
If necessary, you can remove and manually add an address from the 240.0.0.0/4 range
Lets run simple http server with python cli on server host on port 8080.
And then from user host we can access this servere via loopback route.
- Think about a way to transmit ICMP packets without changing the gVisor code. (Maybe use agent to detect hosts using icmp-echo requests) ¯\(ツ)/¯
- Add new transport protocols for traffic tunneling
- Add the ability to build chains of agents
- Add multiplatform support
- FIX BUGS!