tunnel-boring-machine | A ruby application for managing SSH tunnels | VPN library

 by   geoffreywiseman Ruby Version: Current License: Unlicense

kandi X-RAY | tunnel-boring-machine Summary

kandi X-RAY | tunnel-boring-machine Summary

tunnel-boring-machine is a Ruby library typically used in Networking, VPN applications. tunnel-boring-machine has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. You can download it from GitHub.

Tunnel Boring Machine is a ruby application to manage SSH tunnels, which you can use to achieve something a little like a VPN, wherein SSH access to a server can give you access to the network beyond that server. I use SSH tunnels on a regular basis to access resources at client sites that are not exposed directly to the internet as a whole. Managing those tunnels as a series of bash scripts or aliases became cumbersome. I wanted / needed something better, and the tunnel boring machine has evolved from that need.

            kandi-support Support

              tunnel-boring-machine has a low active ecosystem.
              It has 9 star(s) with 3 fork(s). There are 3 watchers for this library.
              It had no major release in the last 6 months.
              There are 24 open issues and 34 have been closed. On average issues are closed in 82 days. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of tunnel-boring-machine is current.

            kandi-Quality Quality

              tunnel-boring-machine has 0 bugs and 1 code smells.

            kandi-Security Security

              tunnel-boring-machine has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              tunnel-boring-machine code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              tunnel-boring-machine is licensed under the Unlicense License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              tunnel-boring-machine releases are not available. You will need to build from source code and install.
              Installation instructions are not available. Examples and code snippets are available.
              It has 771 lines of code, 40 functions and 12 files.
              It has medium code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi has reviewed tunnel-boring-machine and discovered the below as its top functions. This is intended to give you an instant insight into tunnel-boring-machine implemented functionality, and help decide if they suit your requirements.
            • Start the machine .
            • Parses the specified configuration .
            • Forward all port ports .
            • Parses the targets into the target .
            • Create a new alias
            • Returns whether or not valid hosts are valid or not .
            • Outputs a list of targets .
            • Determines if the given name is defined .
            • Returns true if the target has been created
            • Iterates over the configured routes .
            Get all kandi verified functions for this library.

            tunnel-boring-machine Key Features

            No Key Features are available at this moment for tunnel-boring-machine.

            tunnel-boring-machine Examples and Code Snippets

            No Code Snippets are available at this moment for tunnel-boring-machine.

            Community Discussions


            How to kill Firebird (2.1) attachment/connection if VPN was used for database session
            Asked 2022-Mar-16 at 13:46

            I am using VPN (Endpoint Security, Check Point) to establish connection to the Firebird 2.1 database from IBExpert on my computer. Sometimes I just forget disconnect from database and I cancel/disonnect VPN session only.

            When I am connectiong once more to the VPN and database I can see in the mon$attachments that the previous connection/attachment is still existing and its unresolved transactions are causing deadlock errors (that belong to the previous attachment - this can be verified exactly by the transaction number that is reported in the error message of deadlock error).

            So - VPN sometimes retains sessions and those VPN sessions keeps the Firebird attachments in existences.

            Is there way how can I (using SYSDBA connection) end those other Firebird attachments from my current Firebird session?

            I have contacted the VPN administrator to cancel VPN sessions, but it takes time. Database shutdown is out of the question - DB is in production mode. So, ending Firebird attachments using SQL is the only option left for me - if such option exists at all?



            Answered 2022-Mar-16 at 13:46

            In Firebird 2.5 and later, you can delete a connection from MON$ATTACHMENTS to kill a connection. This is not supported with the monitoring tables in Firebird 2.1 as far as I'm aware.

            Given even Firebird 2.5 is end-of-life, and Firebird 2.1 has been end-of-life since 2014, you should really consider updating.

            Normally, Firebird uses the SO_KEEPALIVE socket option to detect dead connections, but this can take a long time (depending on your OS configuration). An alternative might be to configure dummy_packet_interval in firebird.conf to a non-zero value (the value is seconds, so set it to a reasonable (read, not too low) value).

            Source https://stackoverflow.com/questions/71497306


            with gcp vpn, can resources be accessed using interal ip addresses?
            Asked 2022-Mar-07 at 20:25

            On connecting my on-prem network with GCP VPC using GCP VPN. From the on-prem network can i access the resources in GCP VPC using the internal ip address of resources.

            If the answer is yes, does this apply to all VPN's in general.

            I have searched this page for "internal" but found no clue - Cloud VPN overview



            Answered 2022-Mar-07 at 08:18

            Yes, it's the principle of a VPN: bridge 2 networks, through the public internet, but with encrypted communication to keep the traffic secret.

            Of course, there are limits and constraints: IP range overlap, routing, network announcement (BGE protocol if supported), firewalls,...

            Source https://stackoverflow.com/questions/71376593


            iOS network extension packet parsing
            Asked 2022-Jan-27 at 10:55

            I am developing a VPN (iOS Network Extension), and using C/C++ to read file-descriptor directly (instead of Swift), currently it successfully captures device's request Packets, but I don't know how to parse iOS's packets, I could not even find what network layer or protocol the packets are formatted in.

            I converted Packet's binary into Hex to be able to decode with online tools; below are samples of what I need to parse:



            Answered 2022-Jan-27 at 10:55
            It's tun-layer protocol with 4 bytes prefix:

            1. Once we use C/C++ to read file-descriptor, in NEPacketTunnelProvider like:

            Source https://stackoverflow.com/questions/69260852


            I see some big company using firefox version 45.x.x to connect to their vpn, is there any concern of doing this?
            Asked 2022-Jan-17 at 09:57

            why not just use usual vpn tools? like outline or openvpn or any else, is there any security concern? and of course that's an old version of firefox, why not use another browser with latest version? or maybe firefox with latest version



            Answered 2022-Jan-17 at 09:57

            The answer lies probably in some kind of security policies in that company.

            Maybe their VPN gateway is running an obsolete version of VPN server? Maybe, for the users' UX they're using Java Applet based VPN clients? New browsers don't allow running Java Applets (NPAPI in Firefox was abandoned in 2018).

            Why not using other VPN solutions: maybe the cost of implementation (including trainings, auditing, etc) is too high, and the company has mitigated risks in some other ways (for example with strict Internet traffic filtering, allow-lists, Intrusion Detection Systems, etc.)? Maybe there are regulatory limitations, such as FIPS requirement for a VPN solution, which can't be met with popular VPN solutions?

            If employees of that company can connect to the Internet without any restrictions (web sites' allow-list) the risk of introducing malware into company LANs is very high while using such outdated browsers. In big companies, such risks are mitigated with additional security controls.

            To sum it up: I recommend getting knowledge with that company's internal security policies to get the whole picture.

            Source https://stackoverflow.com/questions/70738376


            How to reach host behind site-to-site VPN connection through peering VPC connection
            Asked 2021-Dec-18 at 01:22

            I actually have following situation:

            I successfully reach host C from Host A using VPN static routes. I need now to reach it from host B. I thought to create a route table from VPC B that forward request with ip/32 of host C through Peering connection... But it doesn't work.

            There is a way to do that?

            N.B. I cannot use Transit Gateway




            Answered 2021-Dec-17 at 10:14

            I need now to reach it from host B.

            You can't do this. VPC peering is not transitive. You can setup VPC connection to VPC B as well instead.

            Source https://stackoverflow.com/questions/70391048


            Can AWS Lambda function call an endpoint over a VPN?
            Asked 2021-Dec-16 at 21:30

            I'm using an SMS sending service provided by a local mobile carrier. The carrier enforces clients to connect to their datacentre over a VPN in order to reach their endpoints. The VPN tunnel must always be kept open (i.e. not on demand).

            Currently, I'm using a micro EC2 instance that acts as middleware between my main production server (also an EC2 instance) and the carrier endpoint.

            Production Server --> My SMS Server --over VPN--> Carrier SMS Server

            Is there a way to replace my middleware server with an AWS Lambda function that sends HTTP requests to the carrier over an always-on VPN tunnel?

            Also, can an AWS Lambda function maintain a static IP? The carrier has to place my IP in their whitelist before I can use their service.



            Answered 2021-Dec-16 at 21:30

            s2svpn would be great but my question is can a lambda function HTTP request route through that connection?

            Sure. Lambdas can have a VPC subnet attached. It's a matter of configuring the subnet routing table / VPN configuration to route the traffic to the carrier through the VPN endpoint.

            Also, can an AWS Lambda function maintain a static IP?

            No. Depends. A VPC-attached Lambda will create an eni (network interface) in the subnet with internal (not fixed) subnet iP address. But the traffic can be routed though a fixed NAT or a VPN gateway.

            That's the reason I asked which IP address needs to be fixed, on what level. The VPN has a fixed IP address. If the carrier enforces the VPN address whitelisting, lambda clients should be working. If a fixed IP of the internal network is required then you will need a fixed network interface (e.g. using EC2)

            Source https://stackoverflow.com/questions/70384096


            OpenVPN Client in Kubernetes Pod
            Asked 2021-Nov-27 at 23:30

            I am looking at how to make OpenVPN client work on a pod's container, I explain what I do, but you can skip all my explanation and offer your solution directly, I don't care replacing all the below with your steps if it works, I want to make my container to use a VPN (ExpressVPN for example) in a way that both external and internal networking works.

            I have a docker image that is an OpenVPN Client, it works find with the command:



            Answered 2021-Nov-24 at 18:42

            Here is a minimal example of a pod with OpenVPN client. I used kylemanna/openvpn as a server and to generate a basic client config. I only added two routes to the generated config to make it working. See below:

            Source https://stackoverflow.com/questions/70089374


            stopVPNTunnel is not disconnecting the VPN connection in iOS
            Asked 2021-Nov-25 at 10:29

            I have implemented one successful vpn connection. But When i close and Open app while the VPN is connected, then i can't disconnect the VPN.



            Answered 2021-Nov-25 at 10:29

            Call stopVPNTunnel() inside loadFromPreferences closure.

            Source https://stackoverflow.com/questions/70108796


            SSH bridge between two dynamic-ip pcs through third static-ip pc for jupyter notebook
            Asked 2021-Oct-07 at 06:16

            normally I use this kind of script (this is part of a larger bash script) to connect my pc to a static-ip pc and run a jupyter notebook remotely:



            Answered 2021-Oct-07 at 06:16

            You could simplify it with your ~/.ssh/config on your local pc

            Source https://stackoverflow.com/questions/69474829


            Snowflake nodejs driver returns Unable to connect: Network error. Could not reach Snowflake
            Asked 2021-Aug-23 at 11:35

            I'm using snowflake through VPN connection and need to setup snowflake on nodejs project. I followed these steps mentioned in https://docs.snowflake.com/en/user-guide/nodejs-driver-use.html# doc.

            1. nodejs version v12.18.0
            2. installed snowflake-sdk (version 1.6.1)


            Answered 2021-Aug-23 at 11:35

            It seems your IP is blocked or not allowed in the network policy in Snowflake. Can you reach out to users having AccountAdmin/SecurityAdmin privilege to allow your IP in Snowflake?

            Ref: https://docs.snowflake.com/en/user-guide/network-policies.html

            Source https://stackoverflow.com/questions/68783194

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network


            No vulnerabilities reported

            Install tunnel-boring-machine

            You can download it from GitHub.
            On a UNIX-like operating system, using your system’s package manager is easiest. However, the packaged Ruby version may not be the newest one. There is also an installer for Windows. Managers help you to switch between multiple Ruby versions on your system. Installers can be used to install a specific or multiple Ruby versions. Please refer ruby-lang.org for more information.


            If you're using TBM and you want to talk about it or make suggestions, get in touch with me on Twitter or send me an email. If there's enough interest, I'd be happy to set up a group, but for the time being that seems like overkill.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
          • HTTPS


          • CLI

            gh repo clone geoffreywiseman/tunnel-boring-machine

          • sshUrl


          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular VPN Libraries


            by trailofbits


            by StreisandEffect


            by txthinking

            Try Top Libraries by geoffreywiseman


            by geoffreywisemanJava


            by geoffreywisemanShell


            by geoffreywisemanRuby


            by geoffreywisemanShell


            by geoffreywisemanJava