QUIC Transport implementation

Author: deluxetiky

Cargo.lock

@@ -654,6 +654,36 @@ like normal traffic to bypass your firewall/proxy.
 Some firewall may not like to see request with content-length not set, or with content-type set to
 application/octet-stream
 
+### Use QUIC instead of websocket for the transport protocol <a name="quic"></a>
+
+Use this if TCP is blocked by your firewall/proxy, but UDP is allowed. It provides better performance on lossy networks.
+
+Start your wstunnel server as usual (it listens on both TCP and UDP if configured):
+
+```bash
+wstunnel server wss://[::]:8080
+```
+
+On the client the only difference is to specify quic:// instead of wss://
+
+```bash
+wstunnel client -L socks5://127.0.0.1:8888 quic://myRemoteHost:8080
+```
+
+**Note**: QUIC always uses TLS. A TLS certificate configuration is required on the server side, similar to WSS and HTTPS. The client will validate the certificate by default.
+
+#### Server Scheme Selection
+
+When TLS is enabled (by using `wss://`, `https://`, or `quic[s]://`), the server automatically binds to **both** TCP and UDP on the specified port.
+
+| Server Command Scheme | TLS Enabled? | Listeners Started | Clients that can connect |
+| :--- | :--- | :--- | :--- |
+| `wss://0.0.0.0:443` | **YES** | TCP:443 **AND** UDP:443 | `wss://`, `https://`, `quic://` |
+| `https://0.0.0.0:443` | **YES** | TCP:443 **AND** UDP:443 | `wss://`, `https://`, `quic://` |
+| `quic://0.0.0.0:443` | **YES** | TCP:443 **AND** UDP:443 | `wss://`, `https://`, `quic://` |
+| `wss://0.0.0.0:443 --quic-listen 0.0.0.0:4433` | **YES** | TCP:443 **AND** UDP:4433 | `wss://`, `https://` (on 443); `quic://` (on 4433) |
+| `ws://0.0.0.0:80` | NO | TCP:80 only | `ws://`, `http://` |
+
 ### Maximize your stealthiness/Make your traffic discrete <a name="stealth"></a>
 
 * Use wstunnel with TLS activated (wss://) and use your own certificate

README.md

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCTCCAvGgAwIBAgIUdKwpCc9t8ghwb1iRTdeUgvLOhjcwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MTIxMzE0Mjk1OFoXDTI2MTIx
+MzE0Mjk1OFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA4eIk/zQ0DJpmNDQimQgAr3K+zp0OheAGLoTyWNSWX6IU
+cMBU9Ibwu0QNBTUDLWvCleRdNBvslOcoeMRsGU694NBdHOqWcWfXBJ2IiE3lvNMZ
+5Yk3UR3+kYxO0XnFaCvI04/yC5aL8qo/uo+l6osi17nlXSX3rMEvLlAptNi9Xtot
+s7kpEAbya8xF9qERCAgUBXCqrAxuXIZfA4c1LzyyUzqixqfJVpDEuu6KwdX/iXAG
+LBSw6NJwvUTRnk7iTJlhriPEhUbxT58SYFzKi1KfjYR+XCer1lGf1XvRXCoQJwld
+hNAXiHugmNC7SSQfTGxU2UPe6QqDdeng99eyuawy4BIzgLbkRjaFDNaDA4qJuSgp
+VZWqKtaVd/ExJ8hpN4QStbx/iSbXzB6NOKwW3mZZsUePTZ+fQ0hLg6yAkCqxoPtg
+T5mUFgcf5PaGdhZCGYFPcwPH41Wk6Mwr4EPlvxvGJlYIkRQRazNIVYLEJPmqIJG3
+sPVLkm+s7bHa4B670zcoDko6Zu/wHvCDVnIREplhJ8HfABJk/XhZ4K/8jqIr5hOG
+UcjpjtgUt6u7cDxF5juG0+j3sOoHkqe8nsZ9Jfo94r26mTlPK4sti/M9zIONOyDA
+sqGeSAbfhPPnoJLGMCKjTNZneo1gK38nVmGDJ9dOCW44+Wa3deuSKffnQfYvFk0C
+AwEAAaNTMFEwHQYDVR0OBBYEFEvj/z6qOB7mYqgqURSAms7WojRGMB8GA1UdIwQY
+MBaAFEvj/z6qOB7mYqgqURSAms7WojRGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggIBAErWRNwfzkgs9aMu7mLU0/RDnOnRxn38mOy5tTm8yRwh9Bz3
+A3Br4UdtOzwZJWBcKPG9v+mP66O+iDGdwHLp4a46jzTeyfdGj8TTy9Zb8HQYwtit
+aePBWXrLQqG0rd/AjAV+4ZIv6uQcKJu+8dmsDxKart9rf+5k5bk7RY3atWmc6Zcm
+8VNwHrP6zRzjxI0MrQK/VFZiYq4hRtp2aEx6yA98knufq49Kz1IueL/f32KDCjJ7
+iAH16yPQ2lqNY8IE61CXVMoIVI6uMT3s9+M8bNEj5KzLJkiSnfLNOyXUYJd4enC1
+LwvTmCIYI4X8xcSHTzRSB8He3h/yeaY6LKlF2big56r6ssEQaUf/BIOEhvV9/Wg6
+f09FdkMQHZi/q0KcgsC34NtGg647sMZi0GUjtkboAGbLhOI+t9xyJks2uQTuB9u6
+iJACHneET9aLCvsPM62t6W6T2cYyjAGo+HIN2v8C1h22VfT+p/MSFT0tKRCFI5vG
+bmgUUTH4g68/791mGbD/bRiKyemzLtREuXEDxiDjgGawVGkjqwV8bj9wyuHldSRb
+Mnfp5NFUopOAd/yNYlrrvj6L6EFt51Zmz9BLV3EvT+WRCXf8If8XTigyxuN0BKnx
+rVev2mOltq4zEKWQPGViatbd+uta56uavnk1oALKXK+GIgzRIIs+Tu1ttxkQ
+-----END CERTIFICATE-----

cert.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDh4iT/NDQMmmY0
+NCKZCACvcr7OnQ6F4AYuhPJY1JZfohRwwFT0hvC7RA0FNQMta8KV5F00G+yU5yh4
+xGwZTr3g0F0c6pZxZ9cEnYiITeW80xnliTdRHf6RjE7RecVoK8jTj/ILlovyqj+6
+j6XqiyLXueVdJfeswS8uUCm02L1e2i2zuSkQBvJrzEX2oREICBQFcKqsDG5chl8D
+hzUvPLJTOqLGp8lWkMS67orB1f+JcAYsFLDo0nC9RNGeTuJMmWGuI8SFRvFPnxJg
+XMqLUp+NhH5cJ6vWUZ/Ve9FcKhAnCV2E0BeIe6CY0LtJJB9MbFTZQ97pCoN16eD3
+17K5rDLgEjOAtuRGNoUM1oMDiom5KClVlaoq1pV38TEnyGk3hBK1vH+JJtfMHo04
+rBbeZlmxR49Nn59DSEuDrICQKrGg+2BPmZQWBx/k9oZ2FkIZgU9zA8fjVaTozCvg
+Q+W/G8YmVgiRFBFrM0hVgsQk+aogkbew9UuSb6ztsdrgHrvTNygOSjpm7/Ae8INW
+chESmWEnwd8AEmT9eFngr/yOoivmE4ZRyOmO2BS3q7twPEXmO4bT6Pew6geSp7ye
+xn0l+j3ivbqZOU8riy2L8z3Mg407IMCyoZ5IBt+E8+egksYwIqNM1md6jWArfydW
+YYMn104Jbjj5Zrd165Ip9+dB9i8WTQIDAQABAoIB/xgeDSqHvbGayqQdl5QUm/4f
+l5UihRUbgOLL+b7XnovswkHyRx/Und9gugMppdfeVD2szvFsCdaG18tigtLblWpr
+f4WW286VR7U2cggbnmvgHjkObYQ7r50wCI+qcL6umMKom9n2OPsFMnNjjajSh5CA
+81GpZshggqkZ5gS+dM8BJzVej657uhEdvlqW1+VY93TykpvMDVHTsaauyP7s0XK8
+JU+7RRlOW7LvGoxCTQZfmkkalx5Erxow6YX9kNac3yZjVe2PpYmFcnDXd3NotEsS
+hRX8e7G7r//F4z9JPnBB5Q+efY9qTmYCjfyWiWufesUNJL+9Ckw3VyMfOfXubNVM
+a5xEak4HDnSty82HgeLkIr5/fdLVLblZgbP3+XC09hShyYRtT8RWwJaGaIs9Z9yg
+szf3rN3pYf16MPbJp0MDESdfEFRrvq5iXGj2mrdC7i+XOCxEJgIGpnJ0yosmlxMg
+1O/lbUZawuXnQ8n1W8mzzqnRxRMxtrPHtDO05+jqloNdl8rNxStLjmRkKyzqsNru
+V9Wx7JK2rDIfXH26YvOqvb4mp8VescBLWcung5zZeLzZeImAecT7KB+J9YtpWlDx
+usIBLGxPOGU0/ERggRYPfyqBiSz15naIFHHZn55l+komFNT3Gt6Yy+wmgl0PIky8
+I6Z1MhOWGXCnJuIH1mkCggEBAPQp2o6qbKTnn/5TIh1BC+0UOjlgUQ0gS+k77WI8
+eCdTIQj5cQFCRABuE4mU9dspPwOTla607G7k0i2XyVfrhSQnEZofzxL40gfiVbnn
+Ex8tSQfv+w5xoWgxeLfBr+pdwuLL8MartwlHUke81LO1zFrDHJbQN/+2pbEQvLeS
+J1wuPxWcIbfkLlvdWbaNhWHEoN/X/2M9ck1oxe4BaQKGYgQisxL005DxkdDaqtgC
+FXzIddWU0/A+bUpNNZt4lKhanK3N78kcRlfQAQlJRHM8HqZzZgQM42fK8csxFkrG
+TvyxCe9zBDSvj2dysfyGjSA/ITHGo/qaFtJMNqyL4LdlcQcCggEBAOzVbcQVRc/K
+2XgrXmEDORuoIemw/Da0o/YwDVy1Z8+fOto5xPhbhSW/DK8HgbEf4leyOw4Bvp7e
+P0tCTUOgLpW0kU6WS8e/F/ecsA4sFCDDcAeoK4jfinCL09G2yw3QbFTkmXvwlv31
+R+6Tj75UXQKNQHNmfR2mFIyYWt/olItjDhRnuCMrabmP8LyBXZaFr+NKweNdOkS8
+4Vv7pMlgtYKnllrP/7lp0asYH+FdaW/nsnuUUL5ZVikNp1X0LRFJueoIbX1UWm7m
+jSfzNp7yPKbLLV7MkexrJPfr1d02zjY2vpiNnn6+pSETrkG5WhMt4zhVwDh8RQsj
+XKN4s9QjLQsCggEAZXdbNzyFp8YGDCe6HpQgg6aLR7rKE/1e7o8T6GYevKDkMpmO
+p6pFHjSgc+VugmRSpobXhmHze2YmHgJdDud2Tf7aZsVfRZAXoGUjoPzxSlyEZAML
+vwXjwKwGcb7Q/0F1stBzv+wuRXHZNKy5a/FZ+kHpCJeBHghmNP4ynsrjBoDFgJKA
+xK3TwiNrm9yWGHohLMTTggdQD/FBh9YYMI9t/i/5YSBTJ4HsSfIFW30KNvALX/XY
+WZdnzZ/mbjSe+pOlVuklA9t3NBjhxV0oUAck6aE9POOqQUDqWLmOfQaKXqKn8VVH
+4ykuHBxi8QFtdoAlqEzXalZMs5ougmgiu7QxUwKCAQEAxscEEBXCuHsLN/8+gbJQ
+1lOx0xDHP6syCsmeDXf8n5iHru3Z0pIOGPZXUPi988pNEUn4ovL36SOkgCgv7Vie
+gOxDIXCoPgi3tw39/ockhbNDbknJ8GGfMoNJz7TajMeohUAxSoNOV+zs6ONVPGxW
+fHPN6o3U6XOhv7eIXnI5axxCjwHW3T3syOB1L+JsiI/AZscyIQD4jQTzKV72mkbf
+UcATRDlb62VTo4TmDSN4AYK4nVyIwJr+5Aofrtb4lJAKyNE2BIEuPfKn+yX5bELo
+gR37AJw2xfXP235HzBnZzkr4gdYrdznQIwj/sw48+egD1B607TPwRz7w3AvM83pq
+rQKCAQATp1u3H6ePfbi7Mz1lpdo4FHw4n0bYfBPQPXSB1NHsFchlWoLIYrT5+nkD
+nQObBICXXw527sCbvKZtLswXAzi8d+WQ6blgaixz1DGmBpOkJLYDVkv6VCb3VDJZ
+Viokvfu3ADapO30JZ5pGD6KJSQ4oWZ6XKpu7YNDePDm9sCtnH7QvGgGo2f/nEjQE
+10cw5/AJWMKh84JZcv5diz6loVDK2mW7yZEs+Kn6Pbf4+A7ggJr7JslBfZ9AcKWB
+bb61Aq+n2CjWCGeMfphdvKlL7LrGJImAG3Lf897+O+aVW+gxzcRX0bu9KHNbhgui
+5A3DqjO0OI52QtHNxY9Iu0W32DkK
+-----END PRIVATE KEY-----

key.pem

@@ -1,6 +1,6 @@
 [package]
 name = "wstunnel-cli"
-version = "10.5.2"
+version = "10.6.0"
 edition = "2024"
 
 [dependencies]

wstunnel-cli/Cargo.toml

@@ -61,6 +61,7 @@ pub enum Commands {
 
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
+    wstunnel::init_crypto();
     let args = Wstunnel::parse();
 
     // Setup logging

wstunnel-cli/src/main.rs

@@ -1,6 +1,6 @@
 [package]
 name = "wstunnel"
-version = "10.5.2"
+version = "10.6.0"
 edition = "2024"
 repository = "https://github.com/erebe/wstunnel.git"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@@ -53,6 +53,7 @@ uuid = { version = "1.18.1", features = ["v7", "serde"] }
 derive_more = { version = "2.0.1", features = ["display", "error"] }
 
 tokio-rustls = { version = "0.26.4", default-features = false, features = ["logging", "tls12"] }
+quinn = { version = "0.11", default-features = false, features = ["rustls", "runtime-tokio"] }
 rcgen = { version = "0.14.5", default-features = false, features = [] }
 hickory-resolver = { version = "0.25.2", default-features = false, features = [
   "system-config",