Skip to content
/ goldy-client Public

goldy-client is lightweight DTLS proxy which allows adding DTLS encryption (using mbed TLS ) to UDP servers without modifying their code.

License

Apache-2.0 license
9 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fortitudepub/goldy-client

BranchesTags

Repository files navigation

Goldy-client

goldy-client is lightweight DTLS proxy which allows adding DTLS encryption (using mbed TLS ) to UDP servers without modifying their code.

Note this project is modified based on ibm-security-innovation's goldy, which is targeted for UDP server that does not support DTLS while its client does; similarly this project is targeted for UDP client that does not support DTLS while the server does (server can support DTLS using goldy).

To build goldy-client from source:

git clone .../goldy-client.git
cd goldy-client
make

Use make V=1 for a verbose build output and make DEBUG=1 to enable debug info (-g3).

Help

Usage: goldy-client [-hvd] [-g log_level] [-t seconds] -l listen_host:port
             -b backend_host:port -c cert_pem_file

Options:
  -h, --help                 this help
  -v, --version              show version and exit
  -d, --daemonize            run as a daemon
  -g, --log=LEVEL            log level DEBUG/INFO/ERROR
  -t, --timeout=SECONDS      Session timeout (seconds)
  -l, --listen=ADDR:PORT     listen for incoming plain UDP packet on addr and UDP port
  -b, --backend=ADDR:PORT    proxy UDP traffic to addr and port with DTLS encrypted
  -c, --cert=FILE            server CA certificate PEM filename

Deploy guide

By using goldy and goldy-client, user can made a encrypted tunnel which can be used to break GF*W...

You can delopy the service as following...:

Server side

run goldy and openvpn server(udp mode), openvpn will only accept client proxed from goldy.

Client side

run goldy-client and openvpn client(udp mode), openvpn will connect to the port goldy-client listens.

License

Goldy is distributed under the Apache License, version 2.0 .

(c) Copyright IBM Corp. 2015, 2016

Authors: Dov Murik, Shmulik Regev

Contributions are gladly welcome. Please see the requirement for Developer Certificate of Origin .

Dependencies & 3rd Party

mbedTLS is used as the underlying DTLS implementation.

libev is used as an event library. It's BSD 2 clause license is used.

Contribution

Contributions to the project are welcomed. It is required however to provide alongside the pull request one of the contribution forms (CLA) that are a part of the project. If the contributor is operating in his individual or personal capacity, then he/she is to use the individual CLA; if operating in his/her role at a company or entity, then he/she must use the corporate CLA.

CAVEATS

Although I can use cacert to verify server certificate now, however I did not enable it due to some reason.

User can modify the code and enable it manually.

About

goldy-client is lightweight DTLS proxy which allows adding DTLS encryption (using mbed TLS ) to UDP servers without modifying their code.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

9 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages