From d325a4ef31ec906693a340498bcfb306fecb69c8 Mon Sep 17 00:00:00 2001 From: Alexander Gabriel Date: Sat, 2 May 2020 23:18:43 +0200 Subject: [PATCH] Initial Commit --- .gitignore | 1 + README.MD | 23 +++++++++++++++++ ttntunnel-in.ini | 18 +++++++++++++ ttntunnel-in.php | 66 +++++++++++++++++++++++++++++++++++++++++++++++ ttntunnel-out.ini | 3 +++ ttntunnel-out.php | 44 +++++++++++++++++++++++++++++++ 6 files changed, 155 insertions(+) create mode 100644 .gitignore create mode 100644 README.MD create mode 100644 ttntunnel-in.ini create mode 100755 ttntunnel-in.php create mode 100644 ttntunnel-out.ini create mode 100644 ttntunnel-out.php diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6bd6746 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +log.txt diff --git a/README.MD b/README.MD new file mode 100644 index 0000000..9c498f1 --- /dev/null +++ b/README.MD @@ -0,0 +1,23 @@ +# TTN Tunnel +These two scripts enable you tu run a ttn gateway behind a http proxy. +Imagine you are in secure site where no direct socket-connections to the internet are allowed and even if you are the IT-departement an don't want to open your network or even one port you can use this project to forward traffic from port 1700 to a ttn-gateway through a http proxy. + +I could not find any solution for this problem so i made two php-script that pick up UDP traffic and send it to a server in the internet (even through a http proxy) which sends it via UDP to a configured server. + +Of course, this script can be modifeid to forward any UDP-traffic for other use-cases. + +This is really brand new, not in production yet and only testet at my network at home on a raspberry pi. +Use at your own risk. +There are scripts missing to run as deamon, etc. maybe this will come in the next few weeks. + +To configure: use the ini-files. +"curlopts" can be everything, curl for php supports. + +To run: Use ttntunnel-out.php on the server in the internet +Use ttntunnel-in.php (maybe in a screen session until deamonize-function is there) local. + +I use it on a raspberry pi based gateway so started in.php locally and edited local_conf.json of the gateway to use "localhost" as server-address. + +There is no authentication-stuff in out.php because this can be done via the webserver you use. + +You need of course php-curl installed on the in-side and permission to open sockets with php on both in and outside. \ No newline at end of file diff --git a/ttntunnel-in.ini b/ttntunnel-in.ini new file mode 100644 index 0000000..4b14550 --- /dev/null +++ b/ttntunnel-in.ini @@ -0,0 +1,18 @@ +logfile=log.txt +peerurl=https://www.digital-infinity.de/ttntunnel/out.php +port=1700 +curlopts[10004]=127.0.0.1 +curlopts[59]=3128 +curlopts[101]=HTTP +curlopts[64]=0 +;curlopts +;CURLOPT_PROXY = 10004 +;CURLOPT_PROXY => "127.0.0.1" +;CURLOPT_PROXYPORT = 59 +;CURLOPT_PROXYPORT => 3128 +;CURLOPT_PROXYUSERPWD = 10006 +;CURLOPT_PROXYUSERPWD => "$proxyUsername:$proxyPassword"} +;CURLOPT_PROXYTYPE = 101 +;CURLOPT_PROXYTYPE => 'HTTP' +;CURLOPT_SSL_VERIFYPEER = 64 +;CURLOPT_SSL_VERIFYPEER => 0 \ No newline at end of file diff --git a/ttntunnel-in.php b/ttntunnel-in.php new file mode 100755 index 0000000..f5974d7 --- /dev/null +++ b/ttntunnel-in.php @@ -0,0 +1,66 @@ +#!/usr/bin/php +. +*/ + +if(file_exists("ttntunnel-in.ini") && is_readable("ttntunnel-in.ini")) { + $config = parse_ini_file("ttntunnel-in.ini"); +} +if(isset($config['logfile'])) { + error_reporting(E_ALL | E_STRICT); + ini_set("error_log", $config['logfile']); +} +$url = $config['peerurl']; +$port = $config['port']; + +$socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP); +socket_bind($socket, 0, $port); + +$from = ''; +$port = 0; +while(true) { + socket_recvfrom($socket, $buf, 32768, 0, $from, $port); + $buf = base64_encode($buf); + + $postData = array('buf' => $buf); + + $handle = curl_init(); + $ch = curl_init($url); + $curlopts = array( + CURLOPT_URL => $url + , CURLOPT_POST => true + , CURLOPT_POSTFIELDS => $postData + , CURLOPT_RETURNTRANSFER => true + ); + $newCurlopts = Array(); + if(isset($config['curlopts'])) { + $newCurlopts = $config['curlopts']; + foreach($curlopts as $key => $value) { + $newCurlopts[$key] = $value; + } + $curlopts = $newCurlopts; + } + curl_setopt_array($handle, $curlopts); + + $data = curl_exec($handle); + curl_close($handle); + + $data = base64_decode($data); + + socket_sendto($socket, $data, strlen($data), 0, $from, $port); + +} \ No newline at end of file diff --git a/ttntunnel-out.ini b/ttntunnel-out.ini new file mode 100644 index 0000000..4443870 --- /dev/null +++ b/ttntunnel-out.ini @@ -0,0 +1,3 @@ +logfile=log.txt +peer=router.eu.thethings.network +port=1700 \ No newline at end of file diff --git a/ttntunnel-out.php b/ttntunnel-out.php new file mode 100644 index 0000000..a266b21 --- /dev/null +++ b/ttntunnel-out.php @@ -0,0 +1,44 @@ +. +*/ + +if(file_exists("ttntunnel-out.ini") && is_readable("ttntunnel-out.ini")) { + $config = parse_ini_file("ttntunnel-out.ini"); +} +if(isset($config['logfile'])) { + error_reporting(E_ALL | E_STRICT); + ini_set("error_log", $config['logfile']); +} +$peer = $config['peer']; +$port = $config['port']; + +if(isset($_POST['buf'])) { + $buf = base64_decode($_POST['buf']); + + $socket = stream_socket_client("udp://$peer:$port", $errno, $errstr); + $socket_name = stream_socket_get_name($socket, FALSE); + + if (!$socket) { + error_log("ERROR: $errno - $errstr"); + } else { + fwrite($socket, $buf); + $response = fread($socket, 32768); + $response = base64_encode($response); + fclose($socket); + echo $response; + } +} \ No newline at end of file