Tunnel Types

TLS

TLS tunnels allow you to locally terminate TLS traffic before forwarding it on to the target service.

By default, TunnelBat will automatically generate your certificates. To override this functionality, use the --key and --cert options.

Options

  Usage: tunnelbat tls [options]

  TLS tunnels forward TLS traffic to either TCP or TLS targets.

  Options:
    --allowlist <multiFlag> Allowlist of remote address CIDRs to allow through the tunnel.
    --target <string> The target host and port we are forwarding to.
    --targetport <int> The target port we are forwarding to.
    --expire <duration> The duration of time before the tunnel expires. (default 1h)
    --cert <cert path> The path to a certificate file. (Blank will use autocert)
    --key <key path> The path to a private key file for TLS termination. (Blank will use autocert)
    --max_concurrent <int> The maximum number of concurrent connections allowed. (default 100)
    --max_connections <int> Terminate the tunnel after this many connections. (default 0)
    --tls <boolean> Negotiate TLS with the target (default: false)
    --tls-pin-cert <string> Pin the TLS certificate. (TLS enabled tunnels only)
    --tls-skip-verify <boolean> Skip TLS certificate verification. (TLS enabled tunnels only)

TCP

TCP tunnels do not perform TLS termination and simply forward the traffic to your intended target.

Options

  Usage: tunnelbat tcp [options]
  
  TCP tunnels forward TCP traffic.

  Options:
    --allowlist <multiFlag> Allowlist of remote address CIDRs to allow through the tunnel.
    --target <string> The target host and port we are forwarding to.
    --targetport <int> The target port we are forwarding to.
    --expire <duration> The duration of time before the tunnel expires. (default 1h)
    --max_concurrent <int> The maximum number of concurrent connections allowed. (default 100)
    --max_connections <int> Terminate the tunnel after this many connections. (default 0)
    --tls <boolean> Negotiate TLS with the target (default: false)
    --tls-pin-cert <string> Pin the TLS certificate. (TLS enabled tunnels only)
    --tls-skip-verify <boolean> Skip TLS certificate verification. (TLS enabled tunnels only)