Architecture Overview¶
Tunnel Whisperer creates resilient, application-layer bridges for specific ports across separated private networks. It encapsulates traffic in standard HTTPS to traverse strict firewalls, NAT, and DPI-controlled environments.
The system connects a server behind a private network to clients behind other private networks via a publicly reachable relay. All connectivity is egress-only from both sides.
graph LR
subgraph Server Network
S[Server - tw serve]
end
subgraph Public Cloud
R[Relay VM]
C_[Caddy :443]
X[Xray :10000]
end
subgraph Client Network
CL[Client - tw connect]
end
S -- "TLS :443 (Xray VLESS+XHTTP)" --> C_
CL -- "TLS :443 (Xray VLESS+XHTTP)" --> C_
C_ -- "reverse proxy /tw*" --> X
X -- "freedom outbound" --> RDocumentation Sections¶
| Section | Description |
|---|---|
| System Context | Goals, quality attributes, system scope, and protocol breakdown |
| Solution Strategy | Challenge-to-solution mapping with technology choices |
| Building Blocks | Component overview, project structure, and module responsibilities |
| Runtime Views | Sequence diagrams for provisioning, connection, and reconnection flows |
| Deployment | Configuration, file layout, Terraform templates, and build targets |
| Cross-cutting Concerns | Reconnection, security, config change detection, dashboard architecture |
Template
This documentation follows the arc42 architecture documentation template.