Tunnelling - rathole client
Rathole is used To setup tunneling and expose the SUDA computer to the internet using NAT traversal.
Prerequisites:
- a domain name
- a server that is exposed to the internet which will stand between the intenret and tunnel all data from our home connection
- an SSL certificate (reccomended tu use certbot)
- on the client machine (the one behind a firefwall / NAT)
- make note of the secret string we used as it needs to be the same
echo $secret
- copy this to a safe place
- get rathole
wget -O $HOME/suda-git/rathole-x86_64-unknown-linux-gnu.zip https://github.com/rapiz1/rathole/releases/download/v0.4.7/rathole-x86_64-unknown-linux-gnu.zip
- make a directory for rathole
mkdir $HOME/rathole
- unzip the archive into that directory
unzip -q $HOME/suda-git/rathole-x86_64-unknown-linux-gnu.zip -d $HOME/rathole
- make the binary executable
sudo chmod +x $HOME/rathole/rathole
- move the binary to /usr/bin/ so it's accessible
sudo mv $HOME/rathole/rathole /usr/bin/
- make a directory that will hold the rathole configuration
sudo mkdir -p /etc/rathole
- copy configuration files to /etc/rathole
sudo cp $HOME/suda-git/config/app1c.toml /etc/rathole
sudo cp $HOME/suda-git/config/app2c.toml /etc/rathole
sudo cp $HOME/suda-git/config/app3c.toml /etc/rathole
- copy systemd service files to /etc/systemd/system
sudo cp $HOME/suda-git/config/ratholec@.service /etc/systemd/system/
- this will use the same generated string as before (stored in the $secret variable) as the secret for rathole
sudo sed -i "s/hackme/$secret/g" /etc/rathole/app1c.toml
sudo sed -i "s/hackme/$secret/g" /etc/rathole/app2c.toml
sudo sed -i "s/hackme/$secret/g" /etc/rathole/app3c.toml
- app1c - noVNC service running on the client machine on port 443
- app2c - icecast streaming service running on the client machine on port 8443
- app3c - icecast admin backing service running on the client on port 8080
- enable these services
sudo systemctl enable ratholec@app1 --now
sudo systemctl enable ratholec@app2 --now
sudo systemctl enable ratholec@app3 --now