Tunneling support

[formula349]

Thanks for sharing this project. I ran across this project from the NATS newsletter. I've been wanting to do something similar myself, but haven't been able to find any time.

For my use case, one of the main features is the ability to configure agents to create TCP/UDP tunnels back to the server that the user can then connect to. The primary example would be the agent creating a TCP connection to another machine on the network that doesn't/can't have an agent installed. This would be a VNC connection and it just proxies the traffic back and forth.

I've looked at RPort (and now OpenRPort) extensively for its functionality, but the UI is not what I need at all. I want the UI to grant access to users with permissions to establish/use/close tunnels that are pre-defined on each agent. RPort creates ACLs in real time that keep this tunnel secure.

Anyway I'd love to hear your thoughts on this. It might not be a good fit for what you're trying to do.

[doncicuto]

First, thanks again for opening these discussions. So far, OpenUEM’s remote assistance is designed to be used in LAN, but I understand your scenario about working with devices that cannot have an agent installed.

Implementing an Rport-like functionality in OpenUEM would be hard for me right now 😅 as I’d have to study if creating those tunnels with Go would be possible and of course study the security considerations... but I’m opened to integrations.

As OpenUEM tries to integrate with existing tools or battle-tested protocols (sftp, winget, vnc…) I’d study how OpenUEM agents could interact with an OpenRport client and how the console could work with an OpenRport server using an API.

I’ve read quickly OpenRport’s docs and as it’s a golang project like OpenUEM, that’d help to integrate it somehow. In summary, what I like most about my project is that the UI tries to be clean, so would you like to see OpenRport integrated with OpenUEM?

I like your idea, and I’ll study it thoroughly, let’s keep the discussion open and I’ll update it with my investigations.

[formula349]

OpenRPort progress is not really happening right now. I've setup some proof of concepts in the past that do what I need to do through NATS JetStream, so I know it's possible. I'm not sure it's the best way to implement tunneling though. Probably best to use SSH like rport or something different like WebRTC.

Ultimately I'm not sure our needs are aligned enough to have 1 generic platform. I am going to need multi-tenancy at the core. I also need the flexibility to monitor application-specific metrics, errors and configurations.

I do think I could end up contributing some tunneling feature that's adapted to the goals and footprint of OpenUEM.

[doncicuto]

Great, I see your point and I'd like to thank you for explaining your use case (tunneling, multi-tenancy and metrics) that helps me to shape the roadmap with real needs.

Of course, any contribution will be welcomed. In a few weeks I hope to add a CONTRIBUTING.md file about how to contribute to OpenUEM.