curvetun - Linux

Overview

curvetun is a modern network tunneling utility that enables the establishment of encrypted virtual private networks (VPNs) over the Internet. It’s designed for ease of use, flexibility, and performance in a variety of networking scenarios.

Syntax

curvetun [options/flags] [local_address:]port local_endpoint remote_address:port

Options/Flags

  • -h, –help: Display help information and exit.
  • -v, –version: Display version information and exit.
  • -d, –debug: Enable debug mode.
  • -l, –listen: Specify the local address and port to listen on. Default: 0.0.0.0:2342.
  • -r, –remote: Specify the remote address and port to establish a tunnel with.
  • -k, –key: Path to the private key file.
  • -c, –cert: Path to the certificate file.
  • -C, –cipher: Cipher to use for encryption. Default: AES-256-GCM.
  • -m, –max-mtu: Maximum MTU size for the tunnel. Default: 1500.
  • -t, –tcp-mss: TCP MSS size to use for the tunnel. Default: 1350.
  • -w, –window-size: Window size to use for the tunnel. Default: 8.
  • -r, –rate-limit: Limit the tunnel’s bandwidth in bits per second.

Examples

Establish a simple VPN tunnel:

curvetun 127.0.0.1:2342 localhost:8080

Use a specific cipher and key:

curvetun -c /path/to/cert.pem -k /path/to/key.pem 127.0.0.1:2342 localhost:8080

Limit the bandwidth:

curvetun -r 100000 127.0.0.1:2342 localhost:8080

Tunnel traffic over a specific interface:

curvetun -l 192.168.1.10:2342 localhost:8080

Common Issues

Can’t establish a tunnel:

  • Ensure both ends have a matching private key and certificate.
  • Check that there are no firewall rules blocking the specified ports.
  • Verify that the MTU size is large enough for the network.

Tunnel is slow:

  • Try increasing the window size and TCP MSS size.
  • Check the available bandwidth and adjust the rate limit if necessary.

Integration

Use with other commands:

  • Redirect traffic through the tunnel: nc localhost 8080 | curvetun 127.0.0.1:2342 localhost:80
  • Monitor tunnel traffic: tcpdump -i tun0

Scripts and command chains:

  • Automatically establish a tunnel on boot: Create a script that runs curvetun at startup.
  • Use curvetun as a NAT gateway: Combine curvetun with iptables to redirect traffic through the tunnel.

Related Commands

  • OpenVPN: Another VPN tunneling utility.
  • WireGuard: A modern and fast VPN tunneling tool.
  • tunctl: Create and manage virtual network devices.