NetGuard

Introduction

A layer 4 Single Packet Authentication (SPA) Server, used to conceal TCP/UDP ports on public facing machines and add an extra layer of security.

Project structure

netguard-server: SPA service program responsible for authenticating knock packets and connection tracking.

netguard-tool: generate signing certificates, generate and send knock packets.

Source code directory

.
├── Makefile        # convenient compilation
├── crypto          # encryption and decryption crate
│   ├── Cargo.toml
│   └── src
├── server          # netguard-server implement
│   ├── Cargo.toml
│   ├── config      # config file used for running netguard-server
│   └── src
└── tool            # netguard-tool implement
    ├── Cargo.toml
    └── src

Basic Usage

Run server protection ports

Run netguard-server on the server side to hide tcp port 10022:

$ netguard-server -c ./netguard.toml

Run knock tool

On client site, Using netguard-tool to send TCP port knock packets.

The following command sends a knock packet to unlock TCP port 10022:

$ sudo ./netguard-tool auth --server 45.76.195.141 --protocol=tcp --unlock 10022 --key=./rsa_key

If want to unlock a UDP port, use --protocol=udp。

Example

Two devices, one listening on port 10022 and then taken over by netguard-server:

Generating an Key Pair Manually

Generating an RSA Key Pair with Default Options:

$ netguard-tool keygen

The parameters for the default option are equivalent to: netguard-tool keygen -a rsa -b 4096 -o .netguard/rsa

More parameter help:

$ netguard-tool keygen --help

Reload config

Reload netguard-server config file:

$ pkill -HUP netguard-server

Build

Build release version.

$ make release

or

$ cargo build --release

Notice

The nfqueue function is provided by iptables, before starting netguard-server, you need to make sure that iptables is started.

TODO

Add query and reject connection Interfaces
More certificate signing algorithms
Hot update bin executable program
Audit log
Knock SDK APIs

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
.github/workflows		.github/workflows
crypto		crypto
img		img
server		server
tool		tool
.gitignore		.gitignore
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
Makefile		Makefile
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

NetGuard

Introduction

Project structure

Source code directory

Basic Usage

Run server protection ports

Run knock tool

Example

Generating an Key Pair Manually

Reload config

Build

Notice

TODO

Reference

About

Uh oh!

Releases

Packages

Uh oh!

Languages

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

cppcoffee/netguard

Folders and files

Latest commit

History

Repository files navigation

NetGuard

Introduction

Project structure

Source code directory

Basic Usage

Run server protection ports

Run knock tool

Example

Generating an Key Pair Manually

Reload config

Build

Notice

TODO

Reference

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Packages