Backhaul

Welcome to the Backhaul project! This project provides a high-performance reverse tunneling solution optimized for handling massive concurrent connections through NAT and firewalls. This README will guide you through setting up and configuring both server and client components, including details on different transport protocols.

---

Table of Contents

1. Introduction
2. Features
3. Installation
4. Usage
   • Configuration Options
   • Detailed Configuration
     • TCP Configuration
     • TCP Multiplexing Configuration
     • UDP Configuration
     • WebSocket Configuration
     • Secure WebSocket Configuration
     • WS Multiplexing Configuration
     • WSS Multiplexing Configuration
5. Generating a Self-Signed TLS Certificate with OpenSSL
6. Running backhaul as a service
7. FAQ
8. Benchmark
9. License
10. Donation

---

Introduction

This project offers a robust reverse tunneling solution to overcome NAT and firewall restrictions, supporting various transport protocols. It’s engineered for high efficiency and concurrency.

Features

• High Performance: Optimized for handling massive concurrent connections efficiently.
• Protocol Flexibility: Supports TCP, WebSocket (WS), and Secure WebSocket (WSS) transports.
• UDP over TCP: Implements UDP traffic encapsulation and forwarding over a TCP connection for reliable delivery with built-in congestion control.
• Multiplexing: Enables multiple connections over a single transport with SMUX.
• NAT & Firewall Bypass: Overcomes restrictions with reverse tunneling.
• Traffic Sniffing: Optional network traffic monitoring with logging support.
• Configurable Keepalive: Adjustable keep-alive and heartbeat intervals for stable connections.
• TLS Encryption: Secure connections via WSS with support for custom TLS certificates.
• Web Interface: Real-time monitoring through a lightweight web interface.
• Hot Reload Configuration: Supports dynamic configuration reloading without server restarts.

Installation

1. Download the latest release from the GitHub releases page.

2. Extract the archive (adjust the filename if needed):

   tar -xzf backhaul_linux_amd64.tar.gz
   

3. Run the executable:

   ./backhaul
   

4. You can also build from source if preferred:

   git clone https://github.com/musixal/backhaul.git
   cd backhaul
   go build
   ./backhaul
   

Usage

The main executable for this project is backhaul. It requires a TOML configuration file for both the server and client components.

Configuration Options

To start using the solution, you'll need to configure both server and client components. Here’s how to set up basic configurations:

• Server Configuration

  Create a configuration file named config.toml:

  [server]# Local, IRAN
  bind_addr = "0.0.0.0:3080"    # Address and port for the server to listen on (mandatory).
  transport = "tcp"             # Protocol to use ("tcp", "tcpmux", "ws", "wss", "wsmux", "wssmux". mandatory).
  accept_udp = false             # Enable transferring UDP connections over TCP transport. (optional, default: false)
  token = "your_token"          # Authentication token for secure communication (optional).
  keepalive_period = 75         # Interval in seconds to send keep-alive packets.(optional, default: 75s)
  nodelay = false               # Enable TCP_NODELAY (optional, default: false).
  channel_size = 2048           # Tunnel and Local channel size. Excess connections are discarded. (optional, default: 2048).
  heartbeat = 40                # In seconds. Ping interval for tunnel stability. Min: 1s. (Optional, default: 40s)
  mux_con = 8                   # Mux concurrency. Number of connections that can be multiplexed into a single stream (optional, default: 8).
  mux_version = 1               # SMUX protocol version (1 or 2). Version 2 may have extra features. (optional)
  mux_framesize = 32768         # 32 KB. The maximum size of a frame that can be sent over a connection. (optional)
  mux_recievebuffer = 4194304   # 4 MB. The maximum buffer size for incoming data per connection. (optional)
  mux_streambuffer = 65536      # 256 KB. The maximum buffer size per individual stream within a connection. (optional)
  sniffer = false               # Enable or disable network sniffing for monitoring data. (optional, default false)
  web_port = 2060               # Port number for the web interface or monitoring interface. (optional, set to 0 to disable).
  sniffer_log ="/root/log.json" # Filename used to store network traffic and usage data logs. (optional, default backhaul.json)
  tls_cert = "/root/server.crt" # Path to the TLS certificate file for wss/wssmux. (mandatory).
  tls_key = "/root/server.key"  # Path to the TLS private key file for wss/wssmux. (mandatory).
  log_level = "info"            # Log level ("panic", "fatal", "error", "warn", "info", "debug", "trace", optional, default: "info").
  skip_optz = true              # Skip optimizations performed by Backhaul (default: false)
  mss = 1360                    # TCP/TCPMux: Maximum Segment Size in bytes; controls max TCP payload size to avoid fragmentation. (default: system-defined)
  so_rcvbuf = 4194304           # TCP/TCPMux: Socket receive buffer size (bytes); larger buffer allows higher throughput on receive side. (default: system-defined)
  so_sndbuf = 1048576           # TCP/TCPMux: Socket send buffer size (bytes); controls send queue size to manage outgoing data flow. (default: system-defined)
  
  
  
  ports = [
  "443-600",                  # Listen on all ports in the range 443 to 600
  "443-600:5201",             # Listen on all ports in the range 443 to 600 and forward traffic to 5201
  "443-600=1.1.1.1:5201",     # Listen on all ports in the range 443 to 600 and forward traffic to 1.1.1.1:5201
  "443",                      # Listen on local port 443 and forward to remote port 443 (default forwarding).
  "4000=5000",                # Listen on local port 4000 (bind to all local IPs) and forward to remote port 5000.
  "127.0.0.2:443=5201",       # Bind to specific local IP (127.0.0.2), listen on port 443, and forward to remote port 5201.
  "443=1.1.1.1:5201",         # Listen on local port 443 and forward to a specific remote IP (1.1.1.1) on port 5201.
  "127.0.0.2:443=1.1.1.1:5201",  # Bind to specific local IP (127.0.0.2), listen on port 443, and forward to remote IP (1.1.1.1) on port 5201.
  ]
  
  

  To start the server:

  ./backhaul -c config.toml
  

• Client Configuration

  Create a configuration file named config.toml for the client:

  [client]  # Behind NAT, firewall-blocked
  remote_addr = "0.0.0.0:3080"  # Server address and port (mandatory).
  edge_ip = "188.114.96.0"      # Edge IP used for CDN connection, specifically for WebSocket-based transports.(Optional, default none)
  transport = "tcp"             # Protocol to use ("tcp", "tcpmux", "ws", "wss", "wsmux", "wssmux". mandatory).
  token = "your_token"          # Authentication token for secure communication (optional).
  connection_pool = 8           # Number of pre-established connections.(optional, default: 8).
  aggressive_pool = false       # Enables aggressive connection pool management.(optional, default: false).
  keepalive_period = 75         # Interval in seconds to send keep-alive packets. (optional, default: 75s)
  nodelay = false               # Use TCP_NODELAY (optional, default: false).
  retry_interval = 3            # Retry interval in seconds (optional, default: 3s).
  dial_timeout = 10             # Sets the max wait time for establishing a network connection. (optional, default: 10s)
  mux_version = 1               # SMUX protocol version (1 or 2). Version 2 may have extra features. (optional)
  mux_framesize = 32768         # 32 KB. The maximum size of a frame that can be sent over a connection. (optional)
  mux_recievebuffer = 4194304   # 4 MB. The maximum buffer size for incoming data per connection. (optional)
  mux_streambuffer = 65536      # 256 KB. The maximum buffer size per individual stream within a connection. (optional)
  sniffer = false               # Enable or disable network sniffing for monitoring data. (optional, default false)
  web_port = 2060               # Port number for the web interface or monitoring interface. (optional, set to 0 to disable).
  sniffer_log ="/root/log.json" # Filename used to store network traffic and usage data logs. (optional, default backhaul.json)
  log_level = "info"            # Log level ("panic", "fatal", "error", "warn", "info", "debug", "trace", optional, default: "info").
  skip_optz = true              # Skip optimizations performed by Backhaul (default: false)
  mss = 1360                    # TCP/TCPMux: Maximum Segment Size in bytes; controls max TCP payload size to avoid fragmentation. (default: system-defined)
  so_rcvbuf = 1048576           # TCP/TCPMux: Socket receive buffer size (bytes); larger buffer allows higher throughput on receive side. (default: system-defined)
  so_sndbuf = 4194304           # TCP/TCPMux: Socket send buffer size (bytes); controls send queue size to manage outgoing data flow. (default: system-defined)
  

  To start the client:

  ./backhaul -c config.toml
  

Detailed Configuration