wstunnel
headscale
wstunnel | headscale | |
---|---|---|
16 | 222 | |
3,256 | 20,212 | |
- | - | |
9.6 | 9.3 | |
5 days ago | 3 days ago | |
Rust | Go | |
GNU General Public License v3.0 or later | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wstunnel
-
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
wstunnel - Proxies over WebSockets. Focus on proxying from behind networks that block certain protocols. Written in Rust with executables provided.
-
Russia has started indiscriminately blocking all OpenVPN/WireGuard connections
Shameless plug, there is also wstunnel (i am its author) https://github.com/erebe/wstunnel/, hope you enjoy.
- Tunnel all your traffic over WebSocket protocol
-
SSH3: SSH using HTTP/3 and QUIC
If you want to tunnel UDP (WireGuard) or TCP (SSH) over WebSocket protocol, check out https://github.com/erebe/wstunnel
-
Russia starts blocking VPN at the protocol (WireGuard, OpenVPN) level
While working in an environment where VPN connections were pretty much all blocked⁰ a friend of mine had success using https://guacamole.apache.org/ to access a remote machine¹. Not quite the same as a direct VPN connection but worth a try if nothing else functions, it looks enough like normal HTTPS traffic that he got away with it.
To keep your wireguard setup more as-is, you could try https://kirill888.github.io/notes/wireguard-via-websocket/ to tunnel that via a web server. In fact https://github.com/erebe/wstunnel which that uses could be used just as well with any other UDP based VPN.
I once tinkered with https://github.com/yarrick/iodine and successfully connected to resources over the wireless on a train, bypassing its traffic capture and sign-up requirement, so that might be an option, though I think fully blocking external DNS is more common now so this is less likely to work²³.
--
[0] practically only HTTP(S) permitted, not even SSH, DPI in use that detected just using SSH or OpenVPN over port 443
[1] NOTE: be careful breaching restrictions like this, you are at risk of an insta-sacking if discovered, or worse if operating in some securiry environments!
[2] and the latency when it does work is significant!
[3] and that much traffic over port 53 might get noticed by the heuristics of data exfiltration scanner, encouraging sysadmins to notice and implement a way to block it
- Wireguard over WebSocket Tunnel
-
Requesting Help bypassing CGNAT with Wireguard - Connecting Plex to a VPS and then to a domain.
You can try with this project, https://github.com/erebe/wstunnel.
- wstunnel - Tunneling over websocket protocol
- GoodbyeDPI: Deep Packet Inspection circumvention utility
-
Wireguard over Websockets over Cloudfare Tunnel
There are projects out there (like this) which run wireguard traffic through websocket.
headscale
-
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
headscale - Open source implementation of Tailscale control server. Can be used with Tailscale's official open source client. Written in Go.
-
Building a Managed Service Provider Business With Open Source
Headscale
-
Russia has started indiscriminately blocking all OpenVPN/WireGuard connections
You can always use headscale. https://github.com/juanfont/headscale
-
Securely Accessing Private AWS Resources from GitHub Actions with TailScale
One more thing, you can host Tailscale Control Server yourself if you want, which is a plus.
-
A word of caution about Tailscale
https://github.com/juanfont/headscale not to mention but Tailscale has a very good culture, I’m sure they would give notice if they pull the rug. There are also many alternatives such as Zerotier and more are showing up every day and open source options.
- Is HTTPS necessary?
-
Connecting several hundreds IoT (raspberry pi's) devices with a VPN
How about self-hosted Tailscale, known as Headscale
-
Tailscale Kubernetes Operator
Would be nice if https://github.com/juanfont/headscale can be managed by the Tailscale operator.
-
Mullvad on Tailscale: Privately browse the web
You can run your own "head scale" control server and use their clients with it: https://github.com/juanfont/headscale
Requires a lot more setup, but it is an option. I've been self-hosting headscale for some time and it is quite stable.
-
Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
There's an alternative to tailscale service called headscale https://github.com/juanfont/headscale (CLI only server compatible with official tailscale clients)
What are some alternatives?
docker-wireguard
tailscale - The easiest, most secure way to use WireGuard and 2FA.
udptunnel - It allows TCP/UDP/ICMP traffic over UDP tunneling. It's useful to avoid Internet restrictions.
Netmaker - Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
udp2raw - A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
zero-ui - ZeroUI - ZeroTier Controller Web UI - is a web user interface for a self-hosted ZeroTier network controller.
shadowsocks-rust - A Rust port of shadowsocks
netbird - Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
Cloak - A censorship circumvention tool to evade detection by authoritarian state adversaries
ZeroTier - A Smart Ethernet Switch for Earth
outline-apps - Outline Client and Manager, developed by Jigsaw. Outline Manager makes it easy to create your own VPN server. Outline Client lets you share access to your VPN with anyone in your network, giving them access to the free and open internet.
Nebula - A scalable overlay networking tool with a focus on performance, simplicity and security