WANProxy is an open source general-purpose TCP proxy with built in support for a standard WAN optimization technique, dictionary compression. The dictionary compressor allows data sent over a proxied connection to be sent once normally, and to be translated into a series of references to previously sent data. Inspired by an algorithm proposed for use in rsync, this compression method is robust when faced with small changes in data, and performs well even with random data.
Originally developed to store periodic backups more efficiently, this software has proved viable for basic WAN optimization and has been packaged as WANProxy. In a basic configuration, WANProxy can be used to proxy traffic from a home or branch office to a data center, main office or other remote site. In some cases, you may want to use WANProxy to leverage high-speed Internet connectivity at a remote site. In others, you may just want your WAN link to a single server in a data center to be compressed.
WANProxy is a fairly trivial program at present and does not support many key features which are necessary to build a production-deployable proxy, including persistent storage of previously sent data and the ability for proxies to request previously sent data from each other.
In a typical deployment, you would run WANProxy as a 'client' at your home or branch office on a server or device that you will be pointing your client computers at, and point it at an instance of WANProxy running as a 'server' at your main office or data center. The server-side will be configured to know which host and port to connect to next, allowing you to connect WANProxy to a web cache or SOCKS proxy at your data center or main office.
When random data is downloaded for the first time, a performance hit of up to 10% may be seen. Subsequent downloads of that same random data may see a 20x performance boost or greater, with 10x being typical on average, and 6x in the worst case. So a 200MB file with random data which normally downloads at a rate of 1MB/second would download at just under 1MB/second the first time, and at as much as 20MB/second subsequent times, though the amount of bandwidth used on your WAN link would be substantially less.
With non-random data (for example a PDF document), similar performance is seen to that of random data, although the first download may actually see a performance boost, rather than a slight degradation.
With very uniform data (for example a file containing all zeroes), performance is essentially unbounded.
Right now WANProxy runs on FreeBSD, Mac OS X and Linux. Supporting other BSD-like operating systems is trivial. Testing has only been done on Ubuntu with the pmake package installed for Linux, but other distributions should be straightforward. Windows support should be straightforward with Cygwin. To port it to your platform of choice you should expect to have to modify the build system and you may have to add a polling mechanism for your platform — currently WANProxy supports the FreeBSD-derived kqueue(2) mechanism and the widely-available poll(2).
In addition to persistent storage and an improved client-server protocol for the exchange of previously-sent data, it is likely that native SOCKS and HTTP proxy modes will be added, though they will likely be fairly minimalist. For optimal HTTP performance, proxying of client connections to Squid or some other HTTP proxy is recommended. A traditional compression algorithm may also be implemented (i.e. deflate, gzip or bzip2) to allow compression of traffic being sent for the first time. More specific protocol optimizations are unlikely to be implemented at present.
Because of the lack of a way to exchange previously-sent data, when you restart one half of a proxy it is required that you restart both. This also means that crashes may occur when dealing with multiple clients. There is also no way to resolve ambiguity in collisions between clients and servers, or between two clients using the same server, etc.
Because no authentication is currently performed between WANProxy instances, an attacker with knowledge of the WANProxy protocol could attempt to guess the symbolic identifiers that WANProxy uses to refer to previously-sent data to discover sensitive information. This will be fixed in the future.
No limits on buffering are currently set meaning that the WANProxy program can take a lot of memory for a large transfer, and that there may be a lack of backpressure on both sides of a proxy.
Connection closing is still non-ideal in a few places and may result in crashes. This should be fixed in one of the next 2 snapshots.
WANProxy 0.1.1 is available for download: wanproxy-0.1.1.tar.gz. Snapshots are being periodically released as new features are added or flaws are corrected.
Snapshots are intermittently exported online as a raw source tree here.
Development history is given in the file 'HISTORY' included in the distribution, and is also available here.
WANProxy is licensed under the 2-clause BSD license, meaning that it is free and that you can basically use it however you want, and you don't need to make your modifications available to anyone if you don't want to. Donations to support WANProxy development are welcomed, as are requests for custom development to extend WANProxy, or to incorporate WANProxy into a product.
The license is given in the file 'COPYRIGHT' included in the distribution, and the license text is also available here.
Run a BSD-compatible make in the directory programs/wanproxy of the tarball. Put the resulting wanproxy somewhere in your path. For example, the following works on Mac OS X:
tar zxf wanproxy-0.1.1.tar.gzOlder versions of Mac OS X may require bsdmake to be invoked like:
cd wanproxy-0.1.1
cd programs/wanproxy
bsdmake
cp wanproxy ~/local/bin
bsdmake NOMAN=YESOn FreeBSD, make is used instead of bsdmake. You may put wanproxy wherever you like, or test it in the directory in which you built it.
In this configuration the local port 3300 will be forwarded to port 80 on the host named intranet by the remote server. The forwarding will happen over SSH and will not be sent in the clear across the WAN.
username is your login on the server that will be running the server-side proxy for SSH.
server is the name of the server that will be running the server-side proxy.
intranet is the name of the server that the connection will be forwarded to by the proxy.
127.0.0.1 specifies the IP interface to listen on, in this case the loopback interface, so that the only connections which will be allowed to wanproxy are ones which originate on server or the system which is running the client-side proxy. Use a LAN IP address if you want to proxy connections made by users from other machines to the system which is running the client-side proxy.
client.conf is the name of the configuration file for the client-side proxy.
server.conf is the name of the configuration file for the server-side proxy.
proxy 127.0.0.1 3300 decoder none to localhost 3301 encoder xcodec
wanproxy -c client.conf
proxy 127.0.0.1 3301 decoder xcodec to intranet 80 encoder none
ssh -L 3301:127.0.0.1:3301 username@server wanproxy -c server.conf
Coming soon.
You can send any queries or problem reports to the WANProxy Team at wanproxy@wanproxy.org.