README
¶
mqtunnel: tunnel via MQTT broker
This tool tunnels TCP Connection through the MQTT Broker.
In other words, poor-man's AWS IoT Secure tunnel.
Note: This tool is under construction. Please do not use this yet.
How to use
- Prepare config file with MQTT broker connection endpoint.
controlmeans a topic name which is used for sending control packet. The topics used for a tunnel will be created at the same level as this control topic. Therefore, wildcard permission of at least+for this level is required.
{
"host": "localhost",
"port": 1883,
"control": "device/1/control"
}
- Run on remote host
mqtunnel -c config.json - Run on local host
mqtunnel -c config.json -l 2022 -r 22with same config.json.-l: local port-r: remote port
- Enjoy!
Config file
We can use certs in Config file.
{
"host": "A11222333.iot.ap-northeast-1.amazonaws.com",
"port": 8883,
"caCert": "certs/root-CA.crt",
"clientCert": "certs/5a880e326f-certificate.pem.crt",
"privateKey": "certs/5a880e326f-private.pem.key",
"control": "device/1/control"
}
Important Notice: Security
This tool itself has no security. If encryption is required, use ssh or similar.
Also, please note that although the topics used add random strings, they can be easily sniffed by others who are authorized to read wildcards.
Architecture
Example: Local port = 2022, Remote port = 22,
sequenceDiagram
LocalTCP ->> LocalMQTunnel: conn read from port 2022
LocalMQTunnel ->> MQTTBroker: Publish to local port topic '/2022'
MQTTBroker ->> RemoteMQTunnel: Recieve from local port topic '/2022'
RemoteMQTunnel ->> RemoteTCP: conn write to port 22
RemoteTCP ->> RemoteMQTunnel: conn read from port 22
RemoteMQTunnel ->> MQTTBroker: Publish to local port topic '/22'
MQTTBroker ->> LocalMQTunnel: Recieve from local port topic '/22'
LocalMQTunnel ->> LocalTCP: conn write to port 2022
More internal architecture
sequenceDiagram
participant Remote
participant RemoteTCP
participant RemoteTCPConnection
participant RemoteMQTunnel
RemoteMQTunnel ->> RemoteMQTunnel: subscribe control topic
LocalMQTunnel ->> LocalMQTunnel: make a Tunnel instance which includes local/remote port pair
LocalMQTunnel ->> LocalTCP: NewTCPConnection()
LocalTCP ->> LocalTCP: start listening
Local ->> LocalTCP: connect
LocalTCP ->> LocalMQTunnel: OpenTunnel()
LocalMQTunnel ->> RemoteMQTunnel: Publish control packet
RemoteMQTunnel ->> RemoteTCPConnection: NewTCPConnection()
RemoteTCPConnection ->> RemoteTCP: connect()
RemoteTCP ->> Remote: connect()
License
- Apache License
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewMQTTBroker ¶
Types ¶
type Config ¶
type Config struct {
Host string `json:"host"`
Port int `json:"port"`
UserName string `json:"username"`
Password string `json:"password"`
ClientID string `json:"clientId"`
CaCert string `json:"caCert"`
ClientCert string `json:"clientCert"`
PrivateKey string `json:"privateKey"`
Control string `json:"control"`
}
func ReadConfig ¶
type MQTunnel ¶
type MQTunnel struct {
// contains filtered or unexported fields
}
MQTunnel is a main component of mqtunnel.
func NewMQTunnel ¶
type TCPConnection ¶
type TCPConnection struct {
// contains filtered or unexported fields
}
func NewTCPConnection ¶
func NewTCPConnection(port int, tun *Tunnel) (*TCPConnection, error)
type TCPListener ¶
type TCPListener struct {
// contains filtered or unexported fields
}
func NewTCPListener ¶
func NewTCPListener(conf Config, port int) (*TCPListener, error)
type Tunnel ¶
type Tunnel struct {
ID string
LocalPort int
LocalTopic string
RemotePort int
RemoteTopic string
// contains filtered or unexported fields
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.