Crates.io | onionpipe |
lib.rs | onionpipe |
version | 0.4.0 |
source | src |
created_at | 2022-09-25 16:42:20.76282 |
updated_at | 2023-05-06 02:06:23.708242 |
description | Onion addresses for anything. |
homepage | https://github.com/cmars/onionpipe-rs/ |
repository | https://github.com/cmars/onionpipe-rs/ |
max_upload_size | |
id | 673723 |
size | 104,790 |
Onion addresses for anything.
onionpipe
forwards ports on the local host to remote Onion addresses as Tor
hidden services and vice-versa.
onionpipe is a decentralized way to create virtually unstoppable global network tunnels.
For example, you might want to securely publish and access a personal service from anywhere in the world, across all sorts of network obstructions -- your ISP doesn't allow ingress traffic to your home lab, your clients might be in heavily firewalled environments (public WiFi, mobile tether), etc.
With onionpipe, that service doesn't need a public IPv4 or IPv6 ingress. You can publish services with a globally-unique persistent onion address, and share access securely and privately to your own allowlist of authorized keys.
On Linux (and probably macOS? untested atm):
cargo install onionpipe
onionpipe sets up socket forwarding tunnels. It's like socat(1)
, for onions.
Export localhost port 8000 to a temporary, one-time remote onion address. Default is port 80 on the onion service.
onionpipe 8000
The forwarding address is printed to the log output:
Feb 26 09:41:18.267 [notice] Tor 0.4.7.10 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1t, Zlib 1.2.11, Liblzma N/A, Libzstd N/A and Glibc 2.35 as libc.
Feb 26 09:41:18.267 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Feb 26 09:41:18.267 [notice] Configuration file "/home/c/.torrc" not present, using reasonable defaults.
Feb 26 09:41:18.271 [notice] Opening Socks listener on /run/user/1000/.tmpfviq7N/data/socks.sock
Feb 26 09:41:18.271 [notice] Opened Socks listener connection (ready) on /run/user/1000/.tmpfviq7N/data/socks.sock
Feb 26 09:41:18.271 [notice] Opening Control listener on /run/user/1000/.tmpfviq7N/data/control.sock
Feb 26 09:41:18.271 [notice] Opened Control listener connection (ready) on /run/user/1000/.tmpfviq7N/data/control.sock
forward 127.0.0.1:8000 => pqksfxbpraiwklpx7ihu7yu7vlpkpromqojyn6goo2fl6wemi4dkieqd.onion:80
Port forwarding can be mapped. This exports localhost port 8443 to temporary remote onion port 443. ~
is shorthand
for the forward between source~destination.
onionpipe 8443~443
Local addresses may be bound. This forwards a specific interface address to an onion:
onionpipe 10.0.0.7:8443~443
onionpipe 8000@my-app
This imports an Onion site to a local listener on port 8000.
onionpipe ddosxlvzzow7scc7egy75gpke54hgbg2frahxzaw6qq5osnzm7wistid.onion~8000
Import an Onion site to a specific address. Useful for setting up an intranet or clearnet ingress to the onion service.
onionpipe ddosxlvzzow7scc7egy75gpke54hgbg2frahxzaw6qq5osnzm7wistid.onion~0.0.0.0:8000
All the above and more can be expressed with a JSON configuration file. See Config Rust docs and an example config.json for details.
onionpipe --config config.json