Develop Reference

How to start all tunnels defined in ngrok.yaml PyNgrok

I have a custom config here is the sample:
log_level: info
region: ap
tunnels:
http:
addr: 5000
proto: http
ssh:
addr: 22
proto: tcp
I specify the config path on pyngrok but when I try to run ngrok.connect() only HTTP part is working and show on my ngrok dashboard, no ssh tunnel. When I try the ngrok binary provided by pyngrok:
ngrok start --all --config=/ngrok.yaml
It works! On my ngrok dashboard I have HTTP, HTTPS and TCP.

These commands do not map to each other, which is why they do not do the same thing. connect() calls ngrok start --none, so it starts the ngrok process and API with no tunnels running, then it starts a tunnel using the API with the params you've passed to connect(). To start multiple tunnels, just call connect() more than once with different params.
from pyngrok import ngrok
conf.get_default().region = "ap"
tunnel1 = ngrok.connect(addr=5000)
tunnel2 = ngrok.connect(addr=22, proto="tcp")
In the above example, the config file isn't even necessary. If you already have tunnel definitions in your config though, you can use them by just passing their name.
from pyngrok import ngrok
conf.get_default().config_path = "/ngrok.yml"
tunnel1 = ngrok.connect(name="http")
tunnel1 = ngrok.connect(name="tcp")
The docs, which have many examples of this and other usage, can be found here.

Can an OpenVPN Route over TEST-NET-1 (RFC 5735)

Background
I have a strange use-case where my VPN cannot be on any of the private subnets, but, also cannot use a TAP interface. The machine will be moving through different subnets, and requires access to the entire private address space by design. A single blocked IP would be considered a failure of design.
So, these are all off limits:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
169.254.0.0/16
In searching for a solution, I came across RFC 5735, which defines:
192.0.2.0/24 TEST-NET-1
198.51.100.0/24 TEST-NET-2
203.0.113.0/24 TEST-NET-3
As:
For use in documentation and example code. It is often used in conjunction with domain names
example.com or example.net in vendor and protocol documentation. As described in [RFC5737], addresses within this block do not legitimately appear on the public Internet and can be used without any coordination with IANA or an Internet registry.
Which, was a "Jackpot" moment for me and my use case.
Config
I configured an OpenVPN server as such:
local 0.0.0.0
port 443
proto tcp
dev tun
topology subnet
server 203.0.113.0 255.255.255.0 # TEST-NET-3 RFC 5735
push "route 203.0.113.0 255.255.255.0"
...[Snip]...
With Client:
client
nobind
dev tun
proto tcp
...[Snip]...
And ufw rules:
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 203.0.113.0/24 -o ens160 -j MASQUERADE
COMMIT
However, upon running I get /sbin/ip route add 203.0.113.0/24 via 203.0.113.1 RTNETLINK answers: File exists in the error logs. While the VPN completes the rest of its connection successfully.
No connection
Running the following commands:
Server: sudo python3 -m http.server 80
Client: curl -X GET / 203.0.113.1
Results in:
curl: (28) Failed to connect to 203.0.113.1 port 80: Connection timed out
I have tried:
/sbin/ip route replace 203.0.113.0/24 dev tun 0 on client and server.
/sbin/ip route change 203.0.113.0/24 dev tun 0 on client and server.
Adding route 203.0.113.0 255.255.255.0 to the server.
Adding push "route 203.0.113.0 255.255.255.0 127.0.0.1" to server
And none of it seems to work.
Does anyone have any idea how I can force the client to push this traffic over the VPN to my server, instead of to the public IP?

This does actually work!
Just dont forget to allow connections within your firewall. I fixed my config with:
sudo ufw allow in on tun0
However, 198.18.0.0/15 and 100.64.0.0/10 defined as Benchmarking and Shared address space respectively, may be more appropriate choices, since being able to forward TEST-NET addresses may be considered a bug.

How to make ngrok client listen a specific hostname instead of localhost?

My yaml config is like this:
yarn:
hostname: "ngrok.xfl.me:810"
remote_port: 810
proto:
tcp: 8088
My purpose is:
Forwarding https://ngrok.xfl.me:810-> 192.168.0.104:8088
But by default, as the config above, ngrok client just listen to 127.0.0.1. So it failed to connect.
How can I make the ngrok client listen to a certain hostname 192.168.0.104 instead of localhost
Thanks a lot!

It was solved with:
yarn:
hostname: "ngrok.xfl.me:810"
remote_port: 810
proto:
tcp: 192.168.0.104:8088

NGROK, can't assign port on URL

I was wondering if there's a way to assign a specific port using TCP to the URL that ngrok generates.
i tried with config.yml file, it has this code but it doesn't work
tunnels:
blueiris:
remote_port: 5666
proto: tcp
addr: 123
it generates this URL: Forwarding tcp://0.tcp.ngrok.io:18777 -> localhost:123
the port of the localhost pretty much it doesn't matter. I wan't to assign the port 5666 to the URL 0.tcp.ngrok.io so it can be: 0.tcp.ngrok.io:5666
Thanks.

Linux squid proxy configuration

I have 3 virtual machines. I have Squid proxy installed on one of them which functions as a router. I need to configure it to accept HTTP requests from only one of the other 2 machines(IP - 172.16.2.2). The change I made to the squid.conf file is:
http_port 172.16.2.2:3128
I then changed the firewall rule in the route machine so that it redirects traffic from 172.16.2.2 bound for 80 (HTTP port number) to the default squid port 3128. The command is given below:
sudo iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
Machine 172.16.2.2 is connected to the router on eth1. However, whenn I am making sending a HTTP request from 172.16.2.2, I get a 403 Forbidden error. It says:
X-Squid-Error: ERR_ACCESS_DENIED 0
I can't understand it. Please help.
(edited for style)

http_port is used to configure where squid is listening for request, so if you include an ip address, it should be configured in the same machine that is listening. So, in your case 172.16.2.2 (the "other" machine) is not a correct configuration.