Narrowlink securely connects devices and services together, even when both nodes are behind separate NAT

Overview

Narrowlink

Narrowlink Logo

Narrowlink is a self-hosted platform that allows you to establish secure remote connections between devices within a network that may be hindered by network address translation (NAT) or firewalls. Whether you need to access a home computer from your laptop, share internet access with remote devices, or publish a local web server on the internet, Narrowlink provides the solution.

Use Cases

  • Port Forwarding without a Public IP Address: Access devices within your home network from external locations without public IP addresses.

  • Sharing Internet Access: Enable remote devices to access the internet through your network.

  • Publishing Your Local Webserver: Make your local webserver accessible on the internet, even without a public IP address.

Key Features

  • Covert Communications: Narrowlink disguises traffic as regular web browsing using the WebSocket over HTTP/S protocol, enhancing privacy and bypassing firewalls.

  • Fine-Grained Access Control: Control access to agents and services based on IP addresses, domains, and agent names, allowing you to implement zero trust network access (ZTNA) policies.

  • End-to-End Encryption: Secure your communications with end-to-end encryption using the Xchacha20-Poly1305 cipher and HMAC-SHA256 for tamper-proofing.

  • User Management: Create different user spaces with individual access control policies, providing services to multiple users with a single gateway.

  • Automatic Certificate Provisioning: Automatic generation and management of TLS certificates for published services using the ACME protocol.

  • SNI Proxy: Prevent the gateway from decrypting your TLS traffic by handling it on the agent's server with your certificate.

  • CDN Compatibility: Set up the gateway behind CDN services to enhance the performance of your services.

  • Flexibility: Orchestrate Narrowlink with other tools like SSH or sing-box to add more functionalities.

  • Cross-Platform and Lightweight: Written in Rust, Narrowlink is lightweight, fast, and cross-platform, supporting major desktop and mobile operating systems.

Architecture

Narrowlink's architecture consists of three main components: the Gateway, Agents, and Clients. The Gateway serves as the central hub, routing packets between agents, clients, and browsers. Agents act as proxies, forwarding packets to or from targeted hosts within the local network. Clients send and receive packets to and from agents, facilitating communication with the Agent component. The Token Generator is responsible for generating tokens used for authentication and configuration within the Narrowlink network.

Narrowlink Logo

Getting Started

To get started with Narrowlink, please refer to the documentation page. This page provides two guides: Basic and Extended, which will help you learn more about the platform and walk you through the process of setting up a Narrowlink network and configuring your agents and clients.

Contributing

We welcome contributions to the Narrowlink project. To contribute, please read the Contribution Guidelines and follow the code of conduct.

License

Narrowlink is released under the MPL-V2 and AGPL-3.0 licenses. Please see the LICENSE file for more details.

You might also like...
A program on solana blockchain to provide escrow services.

Environment Setup Install Rust from https://rustup.rs/ Install Solana from https://docs.solana.com/cli/install-solana-cli-tools#use-solanas-install-to

Bitcoin PSBT signer, descriptor exporter and more for offline devices.
Bitcoin PSBT signer, descriptor exporter and more for offline devices.

KeeChain Description KeeChain is a Bitcoin application to transform your offline computer in an AirGap Signing Device (aka Hardware Wallet). Getting s

Private payments for mobile devices.

MobileCoin Fog This is the README file for MobileCoin Fog. Note to Developers MobileCoin Fog is a prototype. Expect substantial changes before and aft

Scrub dm-integrity devices

Synopsis This tool attempts to read all logical sectors of a block device, overwriting any sector that cannot be read due to an I/O error with zeros.

Private payments for mobile devices.
Private payments for mobile devices.

Testing your first payment Please see TESTNET.md for instructions on participating in the TestNet! Sending your first payment Please see MAINNET.md fo

Left To My Own Devices - NT hash tools

ntcrack Left To My Own Devices - NT cracker A full writeup of how it works is available at the SensePost blog Invocation ./ntcrack input hashlist w

IBC modules and relayer - Formal specifications and Rust implementation

ibc-rs Rust implementation of the Inter-Blockchain Communication (IBC) protocol. This project comprises primarily four crates: The ibc crate defines t

Diem’s mission is to build a trusted and innovative financial network that empowers people and businesses around the world.
Diem’s mission is to build a trusted and innovative financial network that empowers people and businesses around the world.

Note to readers: On December 1, 2020, the Libra Association was renamed to Diem Association. The project repos are in the process of being migrated. A

Fast and efficient ed25519 signing and verification in Rust.
Fast and efficient ed25519 signing and verification in Rust.

ed25519-dalek Fast and efficient Rust implementation of ed25519 key generation, signing, and verification in Rust. Documentation Documentation is avai

Comments
  • Commit Cargo.lock to github

    Commit Cargo.lock to github

    It is helpful to people packaging Narrowlink for different distributions if you could remove Cargo.lock from your .gitignore and commit it to git.

    https://github.com/NixOS/nixpkgs/pull/248723#discussion_r1296498976

    enhancement 
    opened by alx-alexpark 2
  • [client] - how the client configure, not sure missing agent token in token-generator.yaml

    [client] - how the client configure, not sure missing agent token in token-generator.yaml

    Describe the bug I followed the basic tutorial, configured gateway/agent/client. on client when run this:

    ❯ narrowlink list
    Agent not found
    

    Additional context I am not sure when generate the client token do I need to fill in the agent token in token-generator.yaml ?

    good first issue question 
    opened by 9to1url 2
  • IPv6 support

    IPv6 support

    I wish to integrate Narrowlink into my personal private network, which currently run on IPv6. However gateway.yaml's listen_addr doesn't accept IPv6 addressed (Error: GatewayError { error_type: "Invalid Config" }).

    I see enough value to configure IPv4+6, but I'm still curious whether support for IPv6 will be added anytime in the future.

    Also, first! ;)

    good first issue question 
    opened by bbergeron0 2
Releases(Nightly)
Owner
Narrowlink
Narrowlink securely connects devices and services together, even when both nodes are behind separate NAT
Narrowlink
Demo: Connect Phala's Fat Contract to external storage services, both centralized (Amazon s3) and decentralized .

This demo shows how to connect Phala's Fat Contract to external storage services, both centralized (Amazon s3) and decentralized (Arweave/Filecoin thr

Christopher Fok 2 Aug 30, 2022
NAT Traversal techniques for p2p communication

P2P NAT-Traversal Crate Documentation Linux/OSX/Windows The goal of this crate is to provide a robust and crypto-secure NAT traversal for peer to peer

Spandan Sharma 123 Dec 24, 2022
Easily and securely share files from the command line. A fully featured Firefox Send client.

Notice: the default Send host is provided by @timvisee (info). Please consider to donate and help keep it running. ffsend Easily and securely share fi

Tim Visée 6.3k Dec 25, 2022
🧩Creating a blockchain wallet and integrating a couple of cryptographic algorithms to securely save the secrets.🧩

Rust Library For Cryptocurrency Wallet Folder Structure src : contains the source code of the library examples : contains some examples of the library

rstkey 3 Aug 12, 2024
A blazingly fast, ShareX uploader coded in Rust (using actix web) which utilizes AES-256-GCM-SIV to securely store uploaded content.

Magnesium Oxide ❔ What is this? Magnesium-Oxide (MGO) is a secure file uploader with support for ShareX. ?? Features ?? Blazingly fast uploads and enc

Nitrogen Development 26 Nov 25, 2022
Open source p2p share for devs to share anything with teammates across machines securely.

Secure share Share anything with teammates across machines via CLI. Share is a tool for secure peer-to-peer connections, enabling direct communication

Onboardbase 10 Aug 4, 2023
A simple command-line application to securely store secrets using encryption

rust-secret-vault A simple yet robust command-line tool designed to safely encrypt and store your sensitive information. Harnessing the power of AES-2

Luis Soares 4 Nov 22, 2023
A prototype project integrating jni rust into Kotlin and using protobuf to make them work together

KotlinRustProto a prototype project integrating jni rust into Kotlin and using protobuf to make them work together How to start add a RPC call in Droi

woo 11 Sep 5, 2022
egui: an easy-to-use immediate mode GUI in Rust that runs on both web and native

?? egui: an easy-to-use GUI in pure Rust ?? Click to run the web demo ?? egui is a simple, fast, and highly portable immediate mode GUI library for Ru

Cronus Diamond 7 Aug 13, 2022
Dank - The Internet Computer Decentralized Bank - A collection of Open Internet Services - Including the Cycles Token (XTC)

Dank - The Internet Computer Decentralized Bank Dank is a collection of Open Internet Services for users and developers on the Internet Computer. In t

Psychedelic 56 Nov 12, 2022