H2tunnel – ngrok alternative for Node.js in 600 LOC and no dependencies (opens in new tab)

(github.com)

45 pointsboronine1y ago13 comments

13 comments

I was able to keep my code small by leveraging existing protocols: TLS for authentication and HTTP2 for multiplexing, stuffing simultaneous HTTP1 requests onto a single TLS-encrypted tunnel socket.

Hopefully I'll make it on the hall of fame [1] :)

[1] https://github.com/anderspitman/awesome-tunneling

anshumankmr1y ago

Awesome. My company had blocked Ngrok, will try this out when I am back from my leave.

debarshri1y ago

There is must be a reason why they have blocked ngrok. It is not the tool, but the idea that you are opening tunnels from person machine to transport data undetect is what they don't like.

luismedel1y ago

People absurdly trying to circumvent company rules, security team trying to secure the mess and avoid data loss...the vicious circle.

boronineOP1y ago

Let me know how to goes! And watch for an update this week. I'm writing thousands of lines of tests to iron out all the event handling quirks in case of bad network conditions etc. I want to make it rock solid.

graphememes1y ago

If they blocked ngrok they will block this too

egeozcan1y ago

> My company had blocked Ngrok

may I ask why?

yawgmoth1y ago

Because punching holes in the network that makes data exfiltration simple is a generally considered a bad thing

anshumankmr1y ago

Good question.

throwaway2016a1y ago

Clearly a lot of work went into this so kudos for that.

I do think it missing the point a tiny bit though. For me the primary use of Ngrok is to automatically get sub a domain with TLS and this seems to be outsourcing that to Caddy. And also I need to run a server. If I was going to run a server and run caddy I'd probably just use SSH -L directly.

Also SSH -L is a TCP/IP level tunnel so I'm missing something regarding why the HTTP/2 multiplexing is necessary vs just using the tunnel as is.

boronineOP1y ago

SSH does some kind of lower-level multiplexing. Multiplexing is unavoidable here because the local server must maintain simultaneous TCP connections that must be somehow distinguished between each other whereas the tunnel is just a stream of binary data.

throwaway2016a1y ago

I understand multiplexing is necessary. My point is SSH tunnels already multiplex. If two people connect to the same port on the tunnel machine then that will be two seperate sockets on the destination machine. Since they are already two separate sockets what is the point of adding HTTP/2 protocol awareness at the tunnel level? Just let the endpoints handle it.

1 more reply

j / k navigate · click thread line to collapse

13 comments

boronineOP1y ago

I was able to keep my code small by leveraging existing protocols: TLS for authentication and HTTP2 for multiplexing, stuffing simultaneous HTTP1 requests onto a single TLS-encrypted tunnel socket.

Hopefully I'll make it on the hall of fame [1] :)

[1] https://github.com/anderspitman/awesome-tunneling

anshumankmr1y ago

Awesome. My company had blocked Ngrok, will try this out when I am back from my leave.

debarshri1y ago

There is must be a reason why they have blocked ngrok. It is not the tool, but the idea that you are opening tunnels from person machine to transport data undetect is what they don't like.

luismedel1y ago

People absurdly trying to circumvent company rules, security team trying to secure the mess and avoid data loss...the vicious circle.

boronineOP1y ago

graphememes1y ago

If they blocked ngrok they will block this too

egeozcan1y ago

> My company had blocked Ngrok

may I ask why?

yawgmoth1y ago

Because punching holes in the network that makes data exfiltration simple is a generally considered a bad thing

anshumankmr1y ago

Good question.