awesome-tunneling/README.md
2020-10-02 21:50:21 -06:00

8.7 KiB

The purpose of this list is to track and compare tunneling solutions. This is primarily targeting toward developers and self-hosters who want to do things like exposing a local webserver via a public address.

The dream

I started this list because I'm looking for a simple tool/service that does the following:

  • Allows me to register a domain name and automatically points the records at the server running the tunnels.
  • Automatically sets up and manages HTTPS certificates (apex and subdomains) for the domain.
  • Provides a client tool that tunnels TCP connects through the server without requiring root on the client.
  • Provides a simple interface to allow me to map X domain/subdomain to Y port on Z client, and proxy all connections to that domain.

So far I haven't found a tool that does all of this. In particular, while some of them can do automatic certs through Lets's Encrypt, none of them integrate the domain registration and DNS management.

Open source (at least with a reasonably permissive license)

  • frp frp github stars badge - Seems to be a pretty comprehensive open alternative to ngrok.
  • ngrok 1.0 ngrok 1.0 github stars badge - Original version of ngrok. No longer developed in favor of the commercial 2.0 version.
  • localtunnel localtunnel github stars badge - Written in node. Popular suggestion.
  • inlets inlets github stars badge - Open source ngrok alternative. Has pro option.
  • sshuttle sshuttle github stars badge - Open source project originally from one of the founders of Tailscale. Server doesn't require root; client does. Explicitly designed to avoid TCP-over-TCP issues.
  • ZeroTier - zerotier github stars badge Layer 2 overlay network.
  • chisel chisel github stars badge - SSH under the hood, but still uses a custom client binary. Supports auto certs from LetsEncrypt.
  • Pritunl pritunl github stars badge - Seems quite comprehensive and complicated. OpenVPN, WireGuard, and IPSec support.
  • expose expose github stars badge - ngrok alternative written in PHP.
  • teleconsole teleconsole github stars badge - SSH-based, but uses special client script. Focused on forwarding SSH console sessions, but can also forward ports.
  • go-http-tunnel go-http-tunnel github stars badge - Uses a single HTTP/2 connection for muxing. Need to manually generate certs for server and clients.
  • sish sish github stars badge - Open source ngrok/serveo alternative. SSH-based but uses a custom server written in Go. Supports WebSocket tunneling.
  • PageKite pagekite github stars badge - Comprehensive open source solution with hosted options.
  • Crowbar crowbar github stars badge - Tunnels TCP connections over HTTP GET and POST requests.
  • slt slt github stars badge - Open source TLS proxy from the creator of ngrok. Supports SNI.
  • tunneller tunneller github stars badge - Open source. Written in Go.
  • jprq jprq github stars badge - Another home-grown Golang solution. Proxies over WebSockets.
  • docker-tunnel docker-tunnel github stars badge - Simple Docker-based nginx+SSH solution.
  • holepunch.io holepunch github stars badge - Has nice hosted solution. Uses SSH for muxing.
  • SirTunnel SirTunnel github stars badge - Minimal, self-hosted, 0-config alternative to ngrok. Similar to sish but leverages Caddy+OpenSSH rather than custom server code.
  • tnnlink tnnlink github stars badge - SSH-based. Golang. Not maintained.
  • StaqLab Tunnel staqlab github stars badge - SSH-based. Client is open source. Server doesn't appear to be.
  • Telebit - Written in JS. Code.

Commercial/Closed source

  • ngrok 2.0 - Probably the gold standard and most popular. Closed source. Lots of features, including TLS and TCP tunnels. Doesn't require root to run client.
  • Tailscale - tailscale github stars badge Built on WireGuard. Easy to use. Doesn't include an HTTPS proxy on the public side, but could be combined with nginx/Caddy/etc. Some code available, but I'm not sure what the implications of the custom license is.
  • CloudFlare Argo Tunnel - $5/mo + $0.1/GB. Integrates with Argo smart routing. Client source code is available.
  • localhost.run - Simple hosted SSH option. Supports custom domains for a cost.
  • Packetriot - Comprehensive alternative to ngrok. HTTP Inspector, Let's Encrypt integration, doesn't require root and Linux repos for apt, yum and dnf. Enterprise licenses and self-hosted option.
  • serveo - Mentioned quite a bit the last couple years, but appears to be down currently. Simply uses SSH for tunneling.

Blog posts

Discussions