Show HN: Pipenet – A Modern Alternative to Localtunnel

94 points by punkpeye 16 hours ago | 17 comments

Hey HN!

localtunnel's server needs random ports per client. That doesn't work on Fly.io or behind strict firewalls.

We rewrote it in TypeScript and added multiplexing over a single port. Open-source and 100% self-hostable.

Public instance at *.pipenet.dev if you don't want to self-host.

Built at Glama for our MCP Inspector, but it's a generic tunnel with no ties to our infra.

https://github.com/punkpeye/pipenet

ollybee 15 hours ago |
Add it to the list https://github.com/anderspitman/awesome-tunneling
punkpeye 15 hours ago |
That list is where my research started! Was surprised not to find a pure node.js solution that's easy to self-host and has CLI/SDK.
Added https://github.com/anderspitman/awesome-tunneling/pull/214
oakesm9 15 hours ago |
Would this be able to support TCP and UDP in the future?
punkpeye 15 hours ago |
The current implementation is HTTP-focused as that was the primary use case. TCP tunneling is possible architecturally but not something I've had in mind. I suggest start by raising an issue on GitHub and adding thumbs up. If it receives enough attention, I will prioritize it. I am less familiar with what would supporting UDP entail, so cannot answer that right now.
qudat 13 hours ago |
There are other tunneling solutions that support both and https, websockets using ssh tunnels for the communication. For example I use https://tuns.sh which is a managed sish instance
punkpeye 12 hours ago |
Indeed, there are more mature solutions. The primary reason I made Pipenet is because I needed something that can be embedded in Node.js client.
lizimo 14 hours ago |
Cool website! Did you use any web framework or just plain HTML/CSS?
punkpeye 14 hours ago |
Just plain HTML/CSS.
I did this morning in a rush. Didn't expect anyone to compliment it. Thank you!
Trufa 13 hours ago |
Nice, just today, I was trying ngrok, localtunnel, and a couple more, they all were pretty slow, fair enough for the free tier, but I'm interested in knowing is there something architecturally hard or expensive with having fast traffic?
I love this and will definitely try it.
I would honestly love to have it with a dockerized version with something like caddy that manages ssl so I can basically just run a docker command have it up and running.
Thank you very much! Great stuff will give it a try.
punkpeye 13 hours ago |
You might need to define 'fast'.
This should not add more latency than your average VPN, since the overhead of websocket is minimal and roundtrip time is about the same.
At the moment, this is running on a single-instance with no load-balancing. The intended use case was to enable streaming of MCP SSE traffic, which is very lightweight. I would expect this to be able to handle a lot of traffic just like that, but if people start using the public instance for other use cases, I will need to think of ways to scale it.
punkpeye 13 hours ago |
I am keeping one eye on how this is scaling.
At the moment there are 5 active tunnels and CPU is at 2%.
I would therefore expect that this can scale quite a bit before it becomes some sort of bottleneck.
Who knows though – maybe I am underestimating the demand. Didn't expect this to get to the front page of HN.
otabdeveloper4 2 hours ago |
The overhead of encryption is huge, comparatively speaking.
Simply using 4096 bit RSA instead of 2048 is enough to cause a denial of service attack.
Ingon 7 hours ago |
connet [1] works in p2p fashion and is pretty quick if it can establish direct connection. Most other solutions do route through a separate node, so if your direct to node latency is low it should be comparable to directly hitting that node. It also has a docker release on ghcr. There is also a saas version [2], if you just wanna try it without running the control plane.
[1] https://github.com/connet-dev/connet
[2] https://connet.dev
8964689797595 11 hours ago |
PiperNet?
punkpeye 11 hours ago |
So funny how no one picked up on this.
I was expecting this to be the first comment.
wahern 9 hours ago |
PipeNet is also the name of the scheme independently invented by Wei Dai contemporaneously with USNRL's Onion Routing: http://www.weidai.com/pipenet.txt Onion Routing is what Tor is based on. I'm not sure if the original Tor author(s) knew about PipeNet, but I wouldn't be surprised if they were familiar.
PipeNet was conceived in 1996 (https://cryptome.org/jya/pipenet.htm), before the USNRL work was made public in 1997 (IIRC), so definitely independent, in as much as these things are ever truly independent. Both are derivative of Chaum Mixes (1979), which had become popularized as anonymous e-mail remailers in the 1990s.
P.S. Not a comment about project name clashing, just thought it would be interesting to point out. Wei Dai's PipeNet is all but forgotten these days. But I had came across it (on sci.crypt?) before stumbling on the Onion Routing web page.
armeet 8 hours ago |
haha nice name :)