2022 02Feb 12, ReactorScram

Conclusion

awesome-tunneling on GitHub

I will consider Nebula and rathole as possible complete replacements for PTTH and PTTH_QUIC.

Backstory

awesome-tunneling is a GitHub repo I found from this Hacker News comment recently.

If you've read my blog, you might remember the Spacedock and POSSE entries.

You might also remember that PTTH is my pet project for solving the tunneling problem. I have a draft blog entry called Caching where I intended to explain the blog's exact setup. It's a week overdue now!

But it turns out a lot of people care about tunneling! Even though when I wrote PTTH in 2020, filled with hubris, I assumed it was a mostly-unexplored field. It turns out the problems I have are very common problems.

As I said in "POSSE", the Spacedock idea is basically POSSE + Tunneling.

With all this in mind, let's crack open a soft drink, have a caffeine relapse, and cry about how my contributions to free software will never matter and the admiration of other people is no substitute for actually loving myself and having internal happiness.

And by cry, I mean, I'm going to rag on other projects to feel better about myself.

Ragging on other projects to feel better about myself

These are written in languages I don't want to build or deploy:

• expose is written in PHP.
• jprq is written in Python.
• localtunnel is written for Node.
• PageKite is written in Python, plus the author uses the confusing terms "frontend" and "backend" in the docs.
• Telebit is written in JavaScript.
• wstunnel is written in Haskell.
• ZeroTier is written in C++.

These use TCP on the bottom, which means they have head-of-line blocking:

• boringproxy uses SSH.
• chisel uses SSH, so it may suffer head-of-line blocking. (Not that vanilla PTTH doesn't)
• Crowbar looks like the first draft I had of ptth_forwarding.
• docker-tunnel uses SSH.
• go-http-tunnel uses HTTP/2, so it's... not unlike vanilla PTTH.
• holepunch.io uses SSH.
• remotemoe uses SSH.
• SirTunnel looks like it uses SSH.
• sish uses SSH.
• SSH-J.com uses SSH.
• StaqLab Tunnel uses SSH.
• teleconsole uses SSH
• tnnlink uses SSH.
• tunnel uses TCP.
• tunneller uses MQTT and you have to set up a bus for that? I think?

These have philosophical problems:

• ngrok 2.0, TailScale, and Cloudflare Tunnel are all proprietary SaaSSes.
• Ngrok-operator is meant for Kubernetes, which I don't use.
• tunnelto seems purposely limited to only be a free trial of the hosted version.

These have weird problems:

• AirHook doesn't do encryption.
• ngrok 1.0 is no longer supported, it says.
• pritunl's docs are weird.
• sshuttle requires root on the client.
• TunSafe has almost no documentation.

These are my finalists:

• frp looks really good, but it loses a point for not enabling encryption by default.
• Nebula looks great, and I remember reading their blog post in 2019. The "lighthouse" is equivalent to PTTH's relay node, so I subconsciously ripped them off.
• rathole looks really good and it's written in Rust. I guess the Noise protocol runs over UDP and WireGuard's protocol is actually built on Noise. So this might be the PTTH killer.