Skip to main content

Tunnelling - rathole client

Rathole is used To setup tunneling and expose the SUDA computer to the internet using NAT traversal.


Prerequisites:


- a domain name

- a server that is exposed to the internet which will stand between the intenret and tunnel all data from our home connection

- an SSL certificate (reccomended tu use certbot)


- on the client machine (the one behind a firefwall / NAT)

- make note of the secret string we used as it needs to be the same


echo $secret


- copy this to a safe place

- get rathole


wget -O $HOME/suda-git/rathole-x86_64-unknown-linux-gnu.zip https://github.com/rapiz1/rathole/releases/download/v0.4.7/rathole-x86_64-unknown-linux-gnu.zip


- make a directory for rathole


mkdir $HOME/rathole


- unzip the archive into that directory


unzip -q $HOME/suda-git/rathole-x86_64-unknown-linux-gnu.zip -d $HOME/rathole


- make the binary executable


sudo chmod +x $HOME/rathole/rathole


- move the binary to /usr/bin/ so it's accessible


sudo mv $HOME/rathole/rathole /usr/bin/


- make a directory that will hold the rathole configuration


sudo mkdir -p /etc/rathole


- copy configuration files to /etc/rathole


sudo cp $HOME/suda-git/config/app1c.toml /etc/rathole

sudo cp $HOME/suda-git/config/app2c.toml /etc/rathole

sudo cp $HOME/suda-git/config/app3c.toml /etc/rathole


- copy systemd service files to /etc/systemd/system


sudo cp $HOME/suda-git/config/ratholec@.service /etc/systemd/system/


- this will use the same generated string as before (stored in the $secret variable) as the secret for rathole


sudo sed -i "s/hackme/$secret/g" /etc/rathole/app1c.toml

sudo sed -i "s/hackme/$secret/g" /etc/rathole/app2c.toml

sudo sed -i "s/hackme/$secret/g" /etc/rathole/app3c.toml


- app1c - noVNC service running on the client machine on port 443

- app2c - icecast streaming service running on the client machine on port 8443

- app3c - icecast admin backing service running on the client on port 8080

- enable these services


sudo systemctl enable ratholec@app1 --now

sudo systemctl enable ratholec@app2 --now

sudo systemctl enable ratholec@app3 --now