Skip to content

fabi321/icmptunnel-rs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Icmptunnel-rs

A rust implementation of an icmp tunnel, complete with authentication and encryption. Inspired by https://github.com/DhavalKapil/icmptunnel

Quickstart

git clone https://github.com/fabi321/icmptunnel-rs.git
cd icmptunnel-rs
cargo build --release

or

cargo install icmptunnel-rs

running the server

sudo ./target/release/icmptunnel-rs server --password <password>

running the client

sudo ./target/release/icmptunnel-rs client --password <password> --server-address <server ip>

Features

  • Authentication
  • Transparent server (if packet is not a tunnel packet, will reply with normal icmp echo reply)
  • Encryption
  • Automatic IP allocation for connecting clients (up to 253 clients per server)
  • Session handling with timeouts
  • Session key renewal

Known limitations

  • MTU of transfer medium is hardcoded (no support if MTU between server and client are below hardcoded MTU)
  • IPv4 only, both for transmitted packets and encapsulating ICMP packets
  • Only tested on linux

Known security issues

  • Passwords are exposed as they are visible in process list
  • It is possible to reuse the hashed password. However, sessions created this way are effectively useless as the attacker would need the private dh-key in order to actually use it
  • Timing side channels allow for server discovery (at least in theory)

About

Tunnel ip packets via icmp

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages