qTunnel - a simpler and (possibily) faster tunnel program
qtunnel is a network tunneling software working as an encryption wrapper between clients and servers (remote/local). It can work as a Stunnel/stud replacement.
qtunnel has been serving over 10 millions connections on Qu Jing each day for the past few months.
Why Another Wrapper
Stunnel/stud is great in SSL/TLS based environments, but what we want is a lighter and faster solution that only does one job: transfer encrypted data between servers and clients. We don't need to deal with certification settings and we want the transfer is as fast as possible. So we made qTunnel. Basically, it's a Stunnel/stud without certification settings and SSL handshakes, and it's written in Go.
qtunnel is writen in golang 1.3.1, after building it can run on almost every OS.
$ make test
$ ./bin/qtunnel -h Usage of ./bin/qtunnel: -backend="127.0.0.1:6400": host:port of the backend -clientmode=false: if running at client mode -crypto="rc4": encryption method -listen=":9001": host:port qtunnel listen on -logto="stdout": stdout or syslog -secret="secret": password used to encrypt the data
qtunnel supports two encryption methods:
aes256cfb. Both servers and clients should use the same
crypto and same
Let's say, you have a
redis server on
host-a, you want to connect to it from
host-b, normally, just use:
$ redis-cli -h host-a -p 6379
will do the job. The topology is:
redis-cli (host-b) <------> (host-a) redis-server
If the host-b is in some insecure network environment, i.e. another data center or another region, the clear-text based redis porocol is not good enough, you can use
qtunnel as a secure wrapper
$ qtunnel -listen=127.1:6379 -backend=host-a:6378 -clientmode=true -secret=secret -crypto=rc4
$ qtunnel -listen=:6378 -backend=127.1:6379 -secret=secret -crypto=rc4
Then connect on
$ redis-cli -h 127.1 -p 6379
This will establish a secure tunnel between your
redis server, the topology is:
redis-cli (host-b) <--> qtunnel (client,host-b) <--> qtunnel (host-a) <--> redis-server
After this, you can communicate over a encrypted wrapper rather than clear text.
Special thanks to Paul for reviewing the code.
qtunnel is released under the Apache License 2.0.