Experimentally improve tunneling with tls

cmd/passport/auth.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"net/url"
 	"sync"
 	"time"
@@ -9,7 +10,7 @@ import (
 	"github.com/yosebyte/passport/pkg/log"
 )
 
-func authSetups(parsedURL *url.URL, whiteList *sync.Map) {
+func authSetups(parsedURL *url.URL, whiteList *sync.Map, tlsConfig *tls.Config) {
 	if parsedURL.Fragment == "" {
 		return
 	}
@@ -20,7 +21,7 @@ func authSetups(parsedURL *url.URL, whiteList *sync.Map) {
 	log.Info("Auth mode enabled: %v", parsedAuthURL)
 	go func() {
 		for {
-			if err := internal.HandleHTTP(parsedAuthURL, whiteList); err != nil {
+			if err := internal.HandleHTTP(parsedAuthURL, whiteList, tlsConfig); err != nil {
 				log.Error("Auth mode error: %v", err)
 				log.Info("Restarting in 1s...")
 				time.Sleep(1 * time.Second)

cmd/passport/core.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"net/url"
 	"os"
 	"strings"
@@ -12,10 +13,10 @@ import (
 	"github.com/yosebyte/passport/pkg/log"
 )
 
-func coreSelect(parsedURL *url.URL, rawURL string, whiteList *sync.Map) {
+func coreSelect(parsedURL *url.URL, rawURL string, whiteList *sync.Map, tlsConfig *tls.Config) {
 	switch parsedURL.Scheme {
 	case "server":
-		runServer(parsedURL, rawURL, whiteList)
+		runServer(parsedURL, rawURL, whiteList, tlsConfig)
 	case "client":
 		runClient(parsedURL, rawURL)
 	case "broker":
@@ -26,10 +27,10 @@ func coreSelect(parsedURL *url.URL, rawURL string, whiteList *sync.Map) {
 	}
 }
 
-func runServer(parsedURL *url.URL, rawURL string, whiteList *sync.Map) {
+func runServer(parsedURL *url.URL, rawURL string, whiteList *sync.Map, tlsConfig *tls.Config) {
 	log.Info("Server core selected: %v", strings.Split(rawURL, "#")[0])
 	for {
-		if err := tunnel.Server(parsedURL, whiteList); err != nil {
+		if err := tunnel.Server(parsedURL, whiteList, tlsConfig); err != nil {
 			log.Error("Server core error: %v", err)
 			log.Info("Restarting in 1s...")
 			time.Sleep(1 * time.Second)

cmd/passport/main.go

@@ -6,6 +6,7 @@ import (
 	"sync"
 
 	"github.com/yosebyte/passport/pkg/log"
+	"github.com/yosebyte/passport/pkg/tls"
 )
 
 var (
@@ -23,6 +24,10 @@ func main() {
 	if err != nil {
 		log.Fatal("Error parsing raw URL: %v", err)
 	}
-	authSetups(parsedURL, &whiteList)
-	coreSelect(parsedURL, rawURL, &whiteList)
+	tlsConfig, err := tls.NewTLSconfig("")
+	if err != nil {
+		log.Error("Error generating TLS config: %v", err)
+	}
+	authSetups(parsedURL, &whiteList, tlsConfig)
+	coreSelect(parsedURL, rawURL, &whiteList, tlsConfig)
 }

internal/http.go

@@ -1,16 +1,16 @@
 package internal
 
 import (
+	"crypto/tls"
 	"net"
 	"net/http"
 	"net/url"
 	"sync"
 
 	"github.com/yosebyte/passport/pkg/log"
-	"github.com/yosebyte/passport/pkg/tls"
 )
 
-func HandleHTTP(parsedURL *url.URL, whiteList *sync.Map) error {
+func HandleHTTP(parsedURL *url.URL, whiteList *sync.Map, tlsConfig *tls.Config) error {
 	http.HandleFunc(parsedURL.Path, func(w http.ResponseWriter, r *http.Request) {
 		clientIP, _, err := net.SplitHostPort(r.RemoteAddr)
 		if err != nil {
@@ -30,11 +30,6 @@ func HandleHTTP(parsedURL *url.URL, whiteList *sync.Map) error {
 			return err
 		}
 	} else {
-		tlsConfig, err := tls.NewTLSconfig(parsedURL.Hostname())
-		if err != nil {
-			log.Error("Error generating TLS config: %v", err)
-			return err
-		}
 		authServer := &http.Server{
 			Addr:      parsedURL.Host,
 			TLSConfig: tlsConfig,

internal/tunnel/client.go

@@ -1,6 +1,7 @@
 package tunnel
 
 import (
+	"crypto/tls"
 	"net"
 	"net/url"
 	"strings"
@@ -25,7 +26,7 @@ func Client(parsedURL *url.URL) error {
 		log.Error("Unable to resolve target address: %v", strings.TrimPrefix(parsedURL.Path, "/"))
 		return err
 	}
-	linkConn, err := net.DialTCP("tcp", nil, linkAddr)
+	linkConn, err := tls.Dial("tcp", linkAddr.String(), &tls.Config{InsecureSkipVerify: true})
 	if err != nil {
 		log.Error("Unable to dial link address: [%v]", linkAddr)
 		return err

internal/tunnel/server.go

@@ -1,6 +1,7 @@
 package tunnel
 
 import (
+	"crypto/tls"
 	"net"
 	"net/url"
 	"strings"
@@ -9,7 +10,7 @@ import (
 	"github.com/yosebyte/passport/pkg/log"
 )
 
-func Server(parsedURL *url.URL, whiteList *sync.Map) error {
+func Server(parsedURL *url.URL, whiteList *sync.Map, tlsConfig *tls.Config) error {
 	linkAddr, err := net.ResolveTCPAddr("tcp", parsedURL.Host)
 	if err != nil {
 		log.Error("Unable to resolve link address: %v", parsedURL.Host)
@@ -25,13 +26,13 @@ func Server(parsedURL *url.URL, whiteList *sync.Map) error {
 		log.Error("Unable to resolve target address: %v", strings.TrimPrefix(parsedURL.Path, "/"))
 		return err
 	}
-	linkListen, err := net.ListenTCP("tcp", linkAddr)
+	linkListen, err := tls.Listen("tcp", linkAddr.String(), tlsConfig)
 	if err != nil {
 		log.Error("Unable to listen link address: [%v]", linkAddr)
 		return err
 	}
 	defer linkListen.Close()
-	linkConn, err := linkListen.AcceptTCP()
+	linkConn, err := linkListen.Accept()
 	if err != nil {
 		log.Error("Unable to accept connections form link address: [%v]", linkAddr)
 		return err

internal/tunnel/tcp.go

@@ -1,6 +1,7 @@
 package tunnel
 
 import (
+	"crypto/tls"
 	"net"
 	"net/url"
 	"sync"
@@ -10,7 +11,7 @@ import (
 	"github.com/yosebyte/passport/pkg/log"
 )
 
-func ServeTCP(parsedURL *url.URL, whiteList *sync.Map, linkAddr, targetAddr *net.TCPAddr, linkListen *net.TCPListener, linkConn *net.TCPConn) error {
+func ServeTCP(parsedURL *url.URL, whiteList *sync.Map, linkAddr, targetAddr *net.TCPAddr, linkListen net.Listener, linkConn net.Conn) error {
 	targetListen, err := net.ListenTCP("tcp", targetAddr)
 	if err != nil {
 		log.Error("Unable to listen target address: [%v]", targetAddr)
@@ -54,7 +55,7 @@ func ServeTCP(parsedURL *url.URL, whiteList *sync.Map, linkAddr, targetAddr *net
 				targetConn.Close()
 				return
 			}
-			remoteConn, err := linkListen.AcceptTCP()
+			remoteConn, err := linkListen.Accept()
 			if err != nil {
 				log.Error("Unable to accept connections form link address: [%v] %v", linkAddr, err)
 				return
@@ -76,7 +77,7 @@ func ClientTCP(linkAddr, targetTCPAddr *net.TCPAddr) {
 	}
 	defer targetConn.Close()
 	log.Info("Target connection established: [%v]", targetTCPAddr)
-	remoteConn, err := net.DialTCP("tcp", nil, linkAddr)
+	remoteConn, err := tls.Dial("tcp", linkAddr.String(), &tls.Config{InsecureSkipVerify: true})
 	if err != nil {
 		log.Error("Unable to dial target address: [%v], %v", linkAddr, err)
 		return

internal/tunnel/udp.go

@@ -1,6 +1,7 @@
 package tunnel
 
 import (
+	"crypto/tls"
 	"net"
 	"net/url"
 	"sync"
@@ -10,7 +11,7 @@ import (
 	"github.com/yosebyte/passport/pkg/log"
 )
 
-func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, targetAddr *net.UDPAddr, linkListen *net.TCPListener, linkConn *net.TCPConn) error {
+func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, targetAddr *net.UDPAddr, linkListen net.Listener, linkConn net.Conn) error {
 	targetConn, err := net.ListenUDP("udp", targetAddr)
 	if err != nil {
 		log.Error("Unable to listen target address: [%v]", targetAddr)
@@ -40,13 +41,13 @@ func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, ta
 			log.Error("Unable to send signal: %v", err)
 			break
 		}
-		remoteConn, err := linkListen.AcceptTCP()
+		remoteConn, err := linkListen.Accept()
 		if err != nil {
 			log.Error("Unable to accept connections from link address: [%v] %v", linkAddr, err)
 			continue
 		}
 		sem <- struct{}{}
-		go func(buffer []byte, n int, remoteConn *net.TCPConn, clientAddr *net.UDPAddr) {
+		go func(buffer []byte, n int, remoteConn net.Conn, clientAddr *net.UDPAddr) {
 			defer func() {
 				<-sem
 				remoteConn.Close()
@@ -74,7 +75,7 @@ func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, ta
 }
 
 func ClientUDP(linkAddr *net.TCPAddr, targetUDPAddr *net.UDPAddr) {
-	remoteConn, err := net.DialTCP("tcp", nil, linkAddr)
+	remoteConn, err := tls.Dial("tcp", linkAddr.String(), &tls.Config{InsecureSkipVerify: true})
 	if err != nil {
 		log.Error("Unable to dial target address: [%v] %v", linkAddr, err)
 		return

pkg/conn/conn.go

@@ -5,7 +5,7 @@ import (
 	"net"
 )
 
-func DataExchange(conn1, conn2 *net.TCPConn) {
+func DataExchange(conn1, conn2 net.Conn) {
 	done := make(chan struct{}, 2)
 	go func() {
 		io.Copy(conn1, conn2)