Rusty Penguin
A fast TCP/UDP tunnel, transported over HTTP WebSocket.
You are right. This project is inspired by jpillora/chisel (and subsequently
my fork myzhang1029/penguin), but completely rewritten in Rust without any
linkage to chisel. The logo is generated by DALL-E
with the prompt "a penguin standing behind a gear wheel, digital art, logo."
Compared to the original penguin or chisel, this project stripped away
some functionalities:
-
There is no internal SSH tunnels because it results in double encapsulation when used with HTTPS/WSS.
-
There is no user/password authentication because we do not have SSH. Instead, use PSK authentication.
-
There is no server keep-alive because client keep-alive is enough.
-
There is no reverse port forwarding because it is equivalent to spawning another server on the client side.
-
There is no support to acquire an ACME certificate on-the-fly.
Other than that, this project offers these functionalities compared to
chisel:
-
Plausible deniability with WebSocket PSK and working
backend. -
TLS certificate hot-reload with
SIGUSR1. -
Higher performance: my crude testing on my machine reveals that
penguinis approximately 2x faster thanchiselon my machine.
$ iperf3 -c 127.0.0.1 # chisel without TLS
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 6.62 GBytes 5.68 Gbits/sec sender
[ 5] 0.00-10.00 sec 6.61 GBytes 5.68 Gbits/sec receiver
$ iperf3 -c 127.0.0.1 # penguin without TLS
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 13.9 GBytes 12.0 Gbits/sec sender
[ 5] 0.00-10.18 sec 13.9 GBytes 11.7 Gbits/sec receiver
$ iperf3 -c 127.0.0.1 # chisel with TLS
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 5.59 GBytes 4.80 Gbits/sec sender
[ 5] 0.00-10.00 sec 5.58 GBytes 4.80 Gbits/sec receiver
$ iperf3 -c 127.0.0.1 # penguin with TLS
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 8.50 GBytes 7.30 Gbits/sec sender
[ 5] 0.00-10.29 sec 8.49 GBytes 7.09 Gbits/sec receiver
- All the safety Rust offers.