gjedeer / tuntox Goto Github PK

View Code? Open in Web Editor NEW

342.0 35.0 56.0 540 KB

Tunnel TCP connections over the Tox protocol

Home Page: https://gdr.name/tuntox/

License: Other

Makefile 0.35% C 96.12% Shell 2.33% Python 0.97% Dockerfile 0.23%

tox-protocol tox tuntox-server c tunneling nat p2p toxcore

tuntox's Introduction

Introduction

Tuntox is a program which forwards TCP connections over the Tox protocol. This allows low-latency access to distant machines behind a NAT you can't control or with a dynamic IP address.

Tuntox is a single binary which may run in client mode or server mode. As a rule of thumb, run the server on the remote machine you want to access and the client on your local computer from which you want to access the server.

Tuntox is in early work in progress stage. It won't kill your goats but it may segfault, leak memory or have security issues (although I tried to make it rather secure).

If you don't know what Tox is - it's an instant messenger protocol which is fully P2P, supports audio/video calls and file transfers. Unlike Skype it's fully open and unlike, say, XMPP - the calls and file transfers actually work P2P. Check out https://tox.chat/ and download a client when you have a chance.

Binary

Get the binaries from Releases tab on github. Just download the correct file for your architecture, execute chmod +x and you're done. The binaries are signed with my PGP key, 11C1 B15A 5D5D D662 E469 928A EBDA 6B97 4ED3 D2B7.

If you miss the times when men wrote their own device drivers, see BUILD.md.

Running the server

Run the Tuntox server on a laptop which connects via 3G, on your home computer behind six NATs or on your Raspberry Pi. No ports need to be forwarded to its public IP - the machine will be accessible via the Tox overlay network.

./tuntox

runs the server in the foreground. When the server starts, it will print its Tox ID to the output - note it, you will need it later to access the machine from outside.

If you terminate the server (Ctrl-C) and start again, it will generate a new Tox ID and you'll need to write it down again. It kind of defeats the purpose, so you'll want to help the server store its Tox ID somewhere. By default it saves a file in /etc/tuntox/, so if you create this directory and chown it so that it's accessible to tuntox, it will have a fixed Tox ID.

Alternatively you may use the -C switch instead:

./tuntox -C /path/to/the/config/directory/

To daemonize on startup, add -z:

/path/to/tuntox -z

Or, if you run something like supervisord or systemd, you're welcome to contribute a configuration file for the system of your choice (see #3, #4, #6). There's absolutely no need to run the server as root.

Client

So, the laptop now has the Tuntox server installed. How do you connect to it?

./tuntox -i <ToxID> -L 2222:127.0.0.1:22

where <ToxID> is the ID you noted down when setting up the server. You didn't forget to write it down, did you?

After you run this command, open a second terminal window and execute:

ssh -p 2222 myuser@localhost

Magic, port 2222 on your localhost is now the SSH server on the machine which runs the Tuntox server.

The -L switch works (almost) the same way it does in SSH. For the uninitiated, -L A:B:C means "forward port C on ip B to port A on localhost". Unlike SSH, you can't use hostnames for B (unless you link the binary dynamically).

Alternatively, SSH ProxyCommand mode works too:

ssh -o ProxyCommand='./tuntox -i <ToxID> -W localhost:22' gdr@localhost

Fun stuff: VPN over Tox

Client can be ran as a regular non-root user, unless A < 1024 ("A" is the local port). There's a workaround available.

Security / threat model

TUNTOX IS NOT SECURE WITHOUT THE -s SWITCH. Supply -s yourpassword both on the server and the client, and you will be fine. This switch is introduced in 0.0.4, codename "Mr. Lahey's Got My Porno Tape!". Even better, run TUNTOX_SHARED_SECRET=yourpassword tuntox ... on both sides.

The Tuntox server generates a new Tox ID on every startup, or saves its private key in a file. Anyone who wants to connect to this server needs its Tox ID, which consists of the publicly-known pubkey and a secret 32-bit "antispam" value. Then, the client sends a shared secret which is then compared to the secred supplied on server's command line. If they don't match, friend request is left unanswered.

Therefore, posession of the server's Tox ID and a secret should be considered equivalent to posession of an Unix account with SSH access. Tuntox does not implement remote shell capability, but it is possible that it's exploitable.

PSK authentication is optional but recommended - it's only enabled when -s switch is present on server side or the TUNTOX_SHARED_SECRET environment variable is set. PSK is sent as Tox friend request message - as far as the author understands libtoxcore code, it's encrypted using server's public EC key.

The Tuntox Server can optionally allow only whitelisted ToxIDs. Supply -i yourallowedtoxid one time or more to add a ToxID to the whitelist. Note: The default client behavior is to generate a new ToxID for every run (because author thinks it's a nice privacy feature). You will want to use the -C switch in client to force reading a saved identity from tox_save.

Tuntox is piggybacking on the Tox protocol, which itself has not been audited by security researchers. Tox crypto has been implemented with libsodium (which is based on Bernstein's NaCl) and thus uses the ecliptic curve 25519 for key exchange and salsa20 for stream encryption. According to the author's best knowledge, libsodium makes it as hard as possible to get crypto wrong, but we don't know until Tox has been audited.

FAQ

yes, there is one

License

Sorry about GPLv3 - both toxcore and utox (from which I borrowed some code) are GPLv3.

Thank you to the toxcore and utox developers without whom this program would never exist.

Thank you Mr_4551 for your help and motivation.

tuntox's People

Contributors

Stargazers

Watchers

tuntox's Issues

Create systemd startup files for server

Write a manual page

This is a great project, Congratulations

Hello,
This is the project that I have been waiting for a long time. I am going to communicate through all the networks. Thank you all.

Allow to obtain shared secret from environment variable or key file

Now shared secret passed as -s option is visible to all through ps command for example. Seems it will be more secure to pass shared key as environment variable (or key file).

Debian package

The work is basically done: https://github.com/abbat/tox.pkg/commit/44f27bc69be059b5d6356e5b9e71fb5aaf2b83e0

Make a Raspberry Pi build

Currently the build succeeds but parse_lossless_packet() receives invalid arguments from toxcore. The arguments are correct in the calling function in toxcore. This must be a calling convention problem or something similar.

Make tuntox faster with the new tox_loop API

#40 (comment)

TokTok/c-toxcore#131

TokTok/c-toxcore#335

Don't sorry for GPLv3 in README

GPLv3 is good.

GPLv3+ is better, though.

question about a little modification

Can I replace the function tox_friend_send_lossless_packet with a tox_friend_send_lossy_packet? Should I replace the packet header?

High server cpu usage after client killing

For some reason server use 100% of one core after client killing by ctrl+c.

Use syslog for logging messages

Can't compile on MacOS

Hi, I'm having some problems trying to compile for MacOS.

First of all, I have almost zero experience with MacOS, I'm a Linux user and I'm trying to compile for MacOS using a VM (QEMU) to be able to share this tool with a friend of mine who uses MacOS. If there is a precompiled version for MacOS, I would like to know, so I don't need to compile it myself.

So, I compiled TokTok/c-toxcore and installed it without any problems.
I had to copy/link the .pc file because pkg-config did not find it (toxcore.pc -> libtoxcore.pc).
Then I ran the make -f Makefile.mac command and got the following output:

gcc -g  -I/usr/local/include -I/usr/local/Cellar/libsodium/1.0.18_1/include mach.c -c -o mach.o
In file included from mach.c:2:
./mach.h:8:9: warning: 'CLOCK_REALTIME' macro redefined [-Wmacro-redefined]
#define CLOCK_REALTIME 0
        ^
/Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/time.h:154:9: note: previous definition is here
#define CLOCK_REALTIME _CLOCK_REALTIME
        ^
In file included from mach.c:2:
./mach.h:9:9: warning: 'CLOCK_MONOTONIC' macro redefined [-Wmacro-redefined]
#define CLOCK_MONOTONIC 0
        ^
/Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/time.h:156:9: note: previous definition is here
#define CLOCK_MONOTONIC _CLOCK_MONOTONIC
        ^
mach.c:5:5: error: conflicting types for 'clock_gettime'
int clock_gettime(int clk_id, struct timespec *t)
    ^
/Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/time.h:177:5: note: previous declaration is here
int clock_gettime(clockid_t __clock_id, struct timespec *__tp);
    ^
2 warnings and 1 error generated.
make: *** [mach.o] Error 1

That's it. Sorry if the problem is too stupid, I don't really know how things work on MacOS yet.

Add ability to forward stdin/out instead of local ports

for ssh -o ProxyCommand

Create build instructions

SIGBUS

2016-11-26 22:45:39: [INFO]     Deleting tunnel #11686
2016-11-26 22:45:39: [DEBUG]    Packet succeeded at try 3

Program received signal SIGBUS, Bus error.
0x00000000004067fa in do_server_loop () at main.c:965
965                     if(FD_ISSET(tun->sockfd, &fds))
(gdb) bt full
#0  0x00000000004067fa in do_server_loop () at main.c:965
        tmp_isconnected = TOX_CONNECTION_UDP
        tox_do_interval_ms = 12
        select_rv = 2
        tv = {tv_sec = 0, tv_usec = 11996}
        tv_start = {tv_sec = 1480200339, tv_usec = 689869}
        tv_end = {tv_sec = 1480200339, tv_usec = 677790}
        ms_start = 1480200339677
        ms_end = 1480200339677
        fds = {__fds_bits = {2112, 0 <repeats 15 times>}}
        tox_packet_buf = "\242j\006\000\252\367\005U\377\327\001G\003!\377\327\001G\003#\377\327\001G\003%\377\327\001G\003'\377\327\001G\003)\377\327\001G\003+\377\327\001G\003-\377\327\001G\003/\377\327\001G\003\061\377\327\001G\003\063\377\327\001G\003o\377\354\001G\003q\377\354\001G\003s\377\354\001G\003\217\377\303\001V\000\005\377q\001V\000\n\377q\001V\001f\377\327\001V\001m\377\327\001V\001q\377q\001V\001r\377\205\001V\001s\377\327\001V\001u\377\256\001V\001x\377\205\001V\002\a\377q\001V\002\v\377q\001V\002T\377\205\001[\000\017\377\256\001[\000\021\377\256\001[\001V\377\327\001[\001_\377\327\001[\001b\377\327\001[\001d"...
        tun = 0x78ad80
        tmp = 0x78b1e0
        connected = TOX_CONNECTION_UDP
#1  0x0000000000407988 in main (argc=2, argv=0x7fffffffe768) at main.c:1404
        tox_id = "\"\376\016\331\316\070\001j\270\a\017\247*\240\221\033&1>6\361\203 W;c\247Z\v\212\274\v\375\225\002|\362\354"
        tox_printable_id = "22FE0ED9CE38016AB8070FA72AA0911B26313E36F18320573B63A75A0B8ABC0BFD95027CF2EC"
        tox_new_err = TOX_ERR_NEW_OK
        oc = -1
        save_size = 0
        save_data = 0x0
        allowed_toxid_obj = 0x0
(gdb)

win32/64 bin?

Is it possible to make a porting code so that it works on windows ?

Thank you .

Fix coverity errors

Subject: New Defects reported by Coverity Scan for gjedeer/tuntox
Date: Sat, 17 Nov 2018 11:40:52 +0000 (UTC)

Hi,

Please find the latest report on new defect(s) introduced to gjedeer/tuntox found with Coverity Scan.

3 new defect(s) introduced to gjedeer/tuntox found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 184347:  Uninitialized variables  (MISSING_RETURN)
/client.c: 262 in client_close_tunnel()


________________________________________________________________________________________________________
*** CID 184347:  Uninitialized variables  (MISSING_RETURN)
/client.c: 262 in client_close_tunnel()
256         if(tun->sockfd)
257         {
258             FD_CLR(tun->sockfd, &client_master_fdset);
259         }
260     
261         tunnel_delete(tun);
>>>     CID 184347:  Uninitialized variables  (MISSING_RETURN)
>>>     Arriving at the end of a function without returning a value.  
262     }
263     
264     /* Close and delete all tunnels (when server went offline) */
265     int client_close_all_connections()
266     {
267     	tunnel *tmp = NULL;

** CID 184346:  Control flow issues  (MISSING_BREAK)
/client.c: 662 in do_client_loop()


________________________________________________________________________________________________________
*** CID 184346:  Control flow issues  (MISSING_BREAK)
/client.c: 662 in do_client_loop()
656     						{
657     							state = CLIENT_STATE_FORWARDING;
658     						}
659     					}
660     				}
661     				break;
>>>     CID 184346:  Control flow issues  (MISSING_BREAK)
>>>     The case for value "-1" is not terminated by a 'break' statement.  
662     			case 0xffffffff:
663     				log_printf(L_ERROR, "You forgot a break statement\n");
664                 case CLIENT_STATE_SHUTDOWN:
665                     exit(0);
666                     break;
667             }
668     
669             usleep(tox_iteration_interval(tox) * 1000);
670         }

** CID 184345:  Uninitialized variables  (MISSING_RETURN)
/client.c: 274 in client_close_all_connections()


________________________________________________________________________________________________________
*** CID 184345:  Uninitialized variables  (MISSING_RETURN)
/client.c: 274 in client_close_all_connections()
268     	tunnel *tun = NULL;
269     
270     	HASH_ITER(hh, by_id, tun, tmp)
271     	{
272     		client_close_tunnel(tun);
273     	}
>>>     CID 184345:  Uninitialized variables  (MISSING_RETURN)
>>>     Arriving at the end of a function without returning a value.  
274     }
275     
276     /* Main loop for the client */
277     int do_client_loop(uint8_t *tox_id_str)
278     {
279         unsigned char tox_packet_buf[PROTOCOL_MAX_PACKET_SIZE];

Error in server mode

After using a tuntox client connected to port 22 of the tuntox server for several minutes, the following error occurs on the server


Created a new tunnel object connid=61202 sockfd=11
2018-01-29 12:21:23: [WARNING]	conn closed!
2018-01-29 12:21:23: [INFO]	Deleting tunnel #61202 ptr 0x1b2f060
2018-01-29 12:21:23: [INFO]	Deleting tunnel #0 ptr 0x1b2f060
*** Error in `/home/username/.tuntox/./tuntox-x64': double free or corruption (fasttop): 0x0000000001b2f060 ***
======= Backtrace: =========
[0x476581]
[0x47eac6]
[0x482af7]
[0x403f76]
[0x406d37]
[0x40822b]
[0x4568b6]
[0x456aaa]
[0x400929]
======= Memory map: ========
00400000-0054c000 r-xp 00000000 08:06 23082910                           /home/username/.tuntox/tuntox-x64
0074b000-00750000 rw-p 0014b000 08:06 23082910                           /home/username/.tuntox/tuntox-x64
00750000-00757000 rw-p 00000000 00:00 0 
01adc000-01b4f000 rw-p 00000000 00:00 0                                  [heap]
7f383c000000-7f383c025000 rw-p 00000000 00:00 0 
7f383c025000-7f3840000000 ---p 00000000 00:00 0 
7f38412c6000-7f38419f1000 rw-p 00000000 00:00 0 
7ffe65745000-7ffe6576a000 rw-p 00000000 00:00 0                          [stack]
7ffe657e2000-7ffe657e4000 r--p 00000000 00:00 0                          [vvar]
7ffe657e4000-7ffe657e6000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
./Enlace hacia Soporte remoto: línea 3: 11095 Violación de segmento  /home/username/.tuntox/./tuntox-x64 -C /home/username/.tuntox/ -s "soporte123456789"

There is no error in the client mode.

build error

GEN gitversion.h
CC log.o
CC client.o
CC mach.o
CC main.o
CC util.o
CC gitversion.o
gcc -o tuntox log.o client.o mach.o main.o util.o gitversion.o -lpthread -g -pthread -lm -static -lrt -ltoxcore -lrt -lsodium -lopus -lvpx -lm -lpthread
/usr/bin/ld: cannot find -lpthread
/usr/bin/ld: cannot find -lm
/usr/bin/ld: cannot find -lrt
/usr/bin/ld: cannot find -lrt
/usr/bin/ld: cannot find -lsodium
/usr/bin/ld: cannot find -lopus
/usr/bin/ld: cannot find -lvpx
/usr/bin/ld: cannot find -lm
/usr/bin/ld: cannot find -lpthread
/usr/bin/ld: cannot find -lpthread
/usr/bin/ld: cannot find -lc
collect2: ld errorlvel 1
make: *** [tuntox] Error 1

"ldconfig -p" output
libsodium.so.23 (libc6,x86-64) => /lib64/libsodium.so.23
libsodium.so.13 (libc6,x86-64) => /lib64/libsodium.so.13
libsodium.so (libc6,x86-64) => /lib64/libsodium.so

Switch to c-toxcore

Hi,
will this project switch to c-toxcore as it is the new upstream toxcore source now? Every other tox client switches to c-toxcore over time now and it would be essential for you to do so too if people want to use tuntox in their linux distribution.

Also some website links are offline:
https://git.moe/gdr/tuntox
http://tuntox.pl/

Consider stdout as (default?) output option

Right now, while the choices are stderr and syslog, it might be worth having output default to stdout, or at least have it be an option. When packaging tuntox for nix, (NixOS/nixpkgs#160548), lack of stdout has made it more difficult to quickly check for a working build.

Even if it's decided to keep default behavior as is, having a version check, likely with --version or -v, should default to stdout.

create raspberry pi binary asset

can you also build a binary for the pi on the CI and make it available on github releases?

Split -h into server and client options

Tuntox seems to be not accessible if running too long and network is too unstable

I am running tuntox on my ARM server in my university dorm. Server is connected through wireless network, because I don't have access to Ethernet cable.

When tuntox is running too long, it seems not accessible anymore. Maybe it depends on network, when server changes IP address.

I will continue watching to know which exactly causing this bug.

Empty -s should ask for password

As suggested by @fabrixxm in #38 (comment)

Add an option to daemonize and drop privileges

Make DNS work in static builds (uDNS library?)

Add support for multiple -L options

Forward multiple local ports

SOCKS5 support

similar to -D in SSH

-f option is not documented

It would be great if there would be a switch for the server to whitelist allowed ports, like

tuntox -s 123456 -w 22

to only forward ssh port.

Please provide the signature for 0.0.7 source code

Please provide the signature for 0.0.7 source code.
Thank you!

closed 22 and 222 ports on the host

What if ports 22 and 2222 are closed on the server? Like it is with mine? I tried to connect with the right server port, but it failed. Could you give more examples or make a youtube video or other ways to explain the the appl better? Also think about a GUI for the appl. Thx...

Tuntox has connection speed problems

A partner who has developed a package called "Asistec" (Technical Support) for the EterTICs GNU Linux distribution uses tuntox to provide remote support via vnc to its customers.
A few days ago he told me that he noticed a slowdown of tuntox using version 0.0.8. He told me that in previous versions it worked faster and that he has noticed this change.
He told me that his connection is as follow:

Testing download speed................................................................................
Download: 4.83 Mbit/s
Testing upload speed................................................................................................
Upload: 0.80 Mbit/s

He also told me that his client's connection speed is very similar and that the VNC server configuration is as follows:

x11vnc -display :0 -ncache 10 -forever -usepw -rfbport 5900 -bg -8to24

I just wanted to send this news to get more information about the situation. Maybe my friend can get help determining how tuntox can work best.

Thank you very much

Makefile requires building from git checkout

But the released tarball only have source codes.
So the build will fail with

make: *** No rule to make target '.git/HEAD', needed by 'gitversion.h'.  Stop.

GPG signatures for source validation

As we all know, today more than ever before, it is crucial to be able to trust our computing environments. One of the main difficulties that package maintainers of Linux distributions face, is the difficulty to verify the authenticity and the integrity of the source code.

The Arch Linux team would appreciate it if you would provide us GPG signatures in order to verify easily and quickly of your source code releases.

Overview of the required tasks:

Create and/or use a 4096-bit RSA keypair for the file signing
The key may be used for email encryption too
Keep your key secret, use a strong unique passphrase for the key
Upload the public key to a key server
Sign every new commit by default
Sign new tags
Verify the Github Release tarball download against your local source
Sign Github Release tarballs

Additional Information:

Thanks.

Cann't connect to the server after double ssh connection

When I connected to the ssh twice and stopped second connection by ctrl+d the first connection was stuck and I wasn't be able to connect to ssh anymore. Here is server log with debug key:

2015-12-29 09:25:55: [INFO] Tuntox built from git commit 8d4dd7660af8cd3856d0d54d92386ce3ef1bc333
2015-12-29 09:25:55: [DEBUG]    Read 981 bytes (/home/kurnevsky/.tuntox/tox_save)
2015-12-29 09:25:55: [DEBUG]    Saved data
2015-12-29 09:25:55: [INFO] Using Tox ID: [...]
2015-12-29 09:26:04: [INFO] Connection status changed: An UDP connection has been established
2015-12-29 09:26:04: [DEBUG]    Connected to Tox network
2015-12-29 10:43:20: [DEBUG]    Got friend request
2015-12-29 10:43:20: [INFO] Accepted friend request from [...] as 0
2015-12-29 10:43:22: [DEBUG]    Got protocol frame magic 0xa26a type 0x602 from friend 0
2015-12-29 10:43:22: [INFO] Got a request to forward data from 127.0.0.1:22
2015-12-29 10:43:22: [DEBUG]    Tunnel ID: 41490
2015-12-29 10:43:22: [DEBUG]    connecting to 127.0.0.1
2015-12-29 10:43:22: [DEBUG]    Connected to 127.0.0.1:22
2015-12-29 10:43:22: [INFO] Created a new tunnel object connid=41490 sockfd=7
2015-12-29 10:43:22: [DEBUG]    Created tunnel, yay!
2015-12-29 10:43:22: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:43:23: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:43:23: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:43:23: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:43:23: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:43:23: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:43:23: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:22: [WARNING]  conn closed!
2015-12-29 10:45:22: [INFO] Deleting tunnel #41490
2015-12-29 10:45:31: [DEBUG]    Got protocol frame magic 0xa26a type 0x602 from friend 0
2015-12-29 10:45:31: [INFO] Got a request to forward data from 127.0.0.1:22
2015-12-29 10:45:31: [DEBUG]    Tunnel ID: 62263
2015-12-29 10:45:31: [DEBUG]    connecting to 127.0.0.1
2015-12-29 10:45:31: [DEBUG]    Connected to 127.0.0.1:22
2015-12-29 10:45:31: [INFO] Created a new tunnel object connid=62263 sockfd=7
2015-12-29 10:45:31: [DEBUG]    Created tunnel, yay!
2015-12-29 10:45:31: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:31: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:31: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:31: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:32: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:32: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:32: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:36: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:36: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:36: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:36: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:39: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:39: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:41: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:42: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:42: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:44: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:44: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:45: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:45: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:46: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:46: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:50: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:50: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:50: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:50: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:51: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:51: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:51: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:52: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:45:53: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:49:45: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:49:46: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:51:00: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:51:00: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:54:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:54:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:54:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:54:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:54:50: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:54:50: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:54:50: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:54:50: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:54:50: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:54:51: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:10: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:10: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:10: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:11: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:11: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:11: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:11: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:12: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:12: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:13: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:14: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:14: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:14: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:15: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:15: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:15: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:15: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:16: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:17: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:17: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:18: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:18: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:19: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:20: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:21: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:21: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:21: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:21: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:21: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:22: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:22: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:23: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:23: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:23: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:23: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:24: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:24: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:25: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:27: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:27: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:27: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:27: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:27: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:27: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:28: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:28: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:28: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:28: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:29: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:29: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:29: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:46: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:46: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:47: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:47: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:47: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:47: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:48: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:49: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:49: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:49: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:49: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:49: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:49: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 10:57:50: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:08:50: [INFO] Connection status changed: There is no connection
2015-12-29 11:08:54: [DEBUG]    Disconnected from Tox network
2015-12-29 11:08:57: [INFO] Connection status changed: An UDP connection has been established
2015-12-29 11:08:57: [DEBUG]    Connected to Tox network
2015-12-29 11:11:52: [DEBUG]    Got protocol frame magic 0xa26a type 0x602 from friend 0
2015-12-29 11:11:52: [INFO] Got a request to forward data from 127.0.0.1:22
2015-12-29 11:11:52: [DEBUG]    Tunnel ID: 1326
2015-12-29 11:11:52: [DEBUG]    connecting to 127.0.0.1
2015-12-29 11:11:52: [DEBUG]    Connected to 127.0.0.1:22
2015-12-29 11:11:52: [INFO] Created a new tunnel object connid=1326 sockfd=8
2015-12-29 11:11:52: [DEBUG]    Created tunnel, yay!
2015-12-29 11:11:52: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:11:54: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:11:54: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:11:54: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:11:54: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:11:54: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:11:54: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:11:55: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:11:59: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:12:00: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:12:00: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:12:01: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:12:04: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:12:04: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:12:04: [DEBUG]    Got protocol frame magic 0xa26a type 0x600 from friend 0
2015-12-29 11:12:04: [WARNING]  conn closed!
2015-12-29 11:12:04: [INFO] Deleting tunnel #1326

Option to detect failures

Sometimes when leaving the process running and the server disconnects or crashes, the client continues to send packages to the already dead server and never tries to reconnect even if the server is back online.
Is there a way of detecting when the server disconnected so the client can be restarted? Or a way that makes the client recreate the tunnel automatically?
And on a different context, is there a way of setting a timeout or retry count? When connecting with bad secret, the client keeps trying infinitely, and sometimes it would be a good behaviour to fail after some retries or even a timeout.

Manually supply bootstrap nodes

tuntox -b 94750E94013586CCD989233A621747E2646F08F31102339452CADCF6DC2A760A@46.146.229.184:33445
tuntox -b 28DB44A3CEEE69146469855DFFE5F54DA567F5D65E03EFB1D38BBAEFF2553255@[2605:6400:10:caa:1:be:a:7001]:33445

Tighter authentication

Support presharing both client and server pubkeys

i.e. add on both ends just pubkeys instead of sending FR → you get friends without relying on nospam, which can be changed ever $time interval (shorter → better, but not too often

Your build instructions don't have a complete list of requisite libraries

I've only gotten this far through guesswork.

I had to symlink /usr/lib/pkgconfig/libtoxcore.pc to /usr/lib/pkgconfig/toxcore.pc to get it to even compile, which makes me think the name is probably out of date or something? Don't know the history of that. I am using the TokTok/c-toxcore fork.

Then I got more errors, and based on them guessed I needed libevent-dev (from Ubuntu 16.04 packages), which turned out to be right.

Now I am getting these errors during compiling, which are extra strange. Maybe I'm using the wrong version of libsodium. I have libsodium-dev installed from the official Ubuntu repos. I can't be sure if that's the problem, because your build instructions don't have a complete list of requisite libraries.

These are the errors I'm stuck on: https://gist.github.com/avrildev/640c6df779ba4fec241601e31142f7e9

Can someone please help? Thanks!

it is unlikely to use it on Windows for remote connection

I transplanted it to Windows for remote connection, but found that the speed was too slow, and there were always data encryption errors, and then disconnected.

Implement handle_server_tcp_fin_frame

Init scripts for Debian, Redhat

Why no option to allow particular addresses keys?

Seems like a fairly obvious thing to do?

Wouldnt this control access equally well, assuming the password is always provided when the address is used. If you use the address much more than you use it for tuntox, a compromised machine will have to wait until you provide the password.(aswel)

locks after 2-3 tunneling

it is working ok but after 2-3 tunneling later it locks,cant receive new tunnel requests

Second connection issue

i am using tuntox,at first connection is ok but when i want to refresh to connect second attempt,it doesnt response and it needs to restart by client side

Two minor bugs

util.c to_hex
a = '\0'; <<< should be *a = '\0';
main.c send_tunnel_request_packet
data = calloc(1, packet_length); <<< should be packet_length + 1
or later instead of strcpy use memcpy:
memcpy((char *)data+PROTOCOL_BUFFER_OFFSET, remote_host, strlen(remote_host));

Default configuration file

Hello,

The default configuration file shouldn't be in a location default user can't write. You should:

create ~/.config/tuntox directory
push the configuration file

All of that by default, else people just won't use it because it requires arguments for nothing — in addition, doing as proposed above meets the current usage for many other apps.

Cheers,

Tunnel to VNC

Hello,
Is it possible with tuntox to create a tunnel for VNC or perhaps for mysql?
Thanks.

Binary compiled for windows.

Hello,
It would be interesting to have a binary compiled for Windows or write to the wiki as compile for windows, especially for server mode. Thanks