curvetun - Linux
Overview
curvetun is a modern network tunneling utility that enables the establishment of encrypted virtual private networks (VPNs) over the Internet. It’s designed for ease of use, flexibility, and performance in a variety of networking scenarios.
Syntax
curvetun [options/flags] [local_address:]port local_endpoint remote_address:port
Options/Flags
- -h, –help: Display help information and exit.
- -v, –version: Display version information and exit.
- -d, –debug: Enable debug mode.
- -l, –listen: Specify the local address and port to listen on. Default: 0.0.0.0:2342.
- -r, –remote: Specify the remote address and port to establish a tunnel with.
- -k, –key: Path to the private key file.
- -c, –cert: Path to the certificate file.
- -C, –cipher: Cipher to use for encryption. Default: AES-256-GCM.
- -m, –max-mtu: Maximum MTU size for the tunnel. Default: 1500.
- -t, –tcp-mss: TCP MSS size to use for the tunnel. Default: 1350.
- -w, –window-size: Window size to use for the tunnel. Default: 8.
- -r, –rate-limit: Limit the tunnel’s bandwidth in bits per second.
Examples
Establish a simple VPN tunnel:
curvetun 127.0.0.1:2342 localhost:8080
Use a specific cipher and key:
curvetun -c /path/to/cert.pem -k /path/to/key.pem 127.0.0.1:2342 localhost:8080
Limit the bandwidth:
curvetun -r 100000 127.0.0.1:2342 localhost:8080
Tunnel traffic over a specific interface:
curvetun -l 192.168.1.10:2342 localhost:8080
Common Issues
Can’t establish a tunnel:
- Ensure both ends have a matching private key and certificate.
- Check that there are no firewall rules blocking the specified ports.
- Verify that the MTU size is large enough for the network.
Tunnel is slow:
- Try increasing the window size and TCP MSS size.
- Check the available bandwidth and adjust the rate limit if necessary.
Integration
Use with other commands:
- Redirect traffic through the tunnel:
nc localhost 8080 | curvetun 127.0.0.1:2342 localhost:80
- Monitor tunnel traffic:
tcpdump -i tun0
Scripts and command chains:
- Automatically establish a tunnel on boot: Create a script that runs
curvetun
at startup. - Use curvetun as a NAT gateway: Combine
curvetun
withiptables
to redirect traffic through the tunnel.
Related Commands
- OpenVPN: Another VPN tunneling utility.
- WireGuard: A modern and fast VPN tunneling tool.
- tunctl: Create and manage virtual network devices.