A work in progress generic tunneling (VPN-like) solution using HTTP 2/3 as transport loosely based on the IETF MASQUE WG effort but not affiliated with the IETF in any way. Built on top of hyper as a single self-contained binary.
HTTP 2/3 is an inconspicuous transport layer which enables collateral freedom when it is used to circumvent network censorship. Our goal is for Wireskip traffic to be indistinguishable from regular web browsing to an outside observer.
Currently implemented features:
- RFC 9113: HTTP/2 CONNECT method
- RFC 9298: Proxying UDP in HTTP
- RFC 9297: HTTP Datagrams and the Capsule Protocol
- RFC 1928: SOCKS Protocol Version 5:
CONNECT,UDP ASSOCIATEcommands - Arbitrary number of onion-routed hops before arriving at the target; no relay knows your entire circuit
Planned for the future / needs a helping hand:
- RFC 9484: Proxying IP in HTTP
- The SOCKSv5 code is very barebones and needs to be improved
- An easy built-in way to deploy to cloud instances via
ssh - System-wide traffic tunneling through
tundevice - Authentication mechanisms to control access
- Unit / integration test coverage
- User-friendly platform apps
- Docs!
- Please note that code is far from stable yet
- Nightly Rust und unstable features are OK
- Be very careful about adding new deps
- Do one thing and do it well
- Use
clippyandrustfmt
In contrib/test.sh you will find a very simple testing scenario for tunneling TCP and UDP through a local 3-relay circuit.
If you have any questions, feel free to join our Discord!