Client Update v0.10.8

Published at February 1, 2021 ·  4 min read

Share on:

We’ve been quietly publishing client updates since last post in December ‘20. These have been bug fixes mostly. This release includes support for a new flag that can be used for specify the destination for HTTP/S traffic that is routed through tunnels.

Upstream URL Destination

We’ve added a new flag --upstream-url and can be used with the pktriot http command. It can also be used with persistent traffic rules with the pktriot tunnel http add command.

There are two advantages using this flag. The first is that it’s just one flag in the CLI instead of two: --destination and --http. This isn’t a huge deal but it offers some convenience and it’s also similar to how many other web servers (caddy, nginx) will identify an upstream server.

The second and more interesting benefit is that now the client can forward to a local or remote HTTPS servers.

Here are some examples of using this new flag below.

[user@host ] pktriot http --upstream-url

# local https server
[user@host ] pktriot http --upstream-url

This is an example of adding a persistent traffic rule using Lets Encrypt and some other options.

[user@host ] pktriot tunnel http add --domain --letsencrypt \
	--upstream-url \
	--webroot /path/to/assets \
	--host-header \

We’ve been wanting to add this feature for some time. Thanks to users who requested it recently, your feedback always helps get ball moving with regards to new feature development.

Session Warnings

One of the most common issues that most Packetriot users run into is running multiple instances of the same tunnel. This creates a scenario where the next instance knocks off the other temporarily.

This earlier instance will pause for 30 seconds before reconnecting and knock the other off. It creates a scenario where a tunnel seems to work and then sometimes doesn’t and it’s just confusing.

Packetriot doesn’t allow several instances of the same tunnel running since we can only route traffic to one instance. So our servers will always just knock off an existing session when a new one is established.

We’ve finally added a new warning that is sent to the client to warn that multiple instances of a tunnel are running and their location.

Below is an example of the warning that is printed when a new tunnel session knocks off an older one.

[user@host ] pktriot start
Connecting to

Warning: previously running tunnel session was terminated...
| Host           | Established        | Uptime   | Client Version   | Operating System   | Arch    |
|        | Feb 2 04:27 2021   | 2 hrs    | v0.10.7          | darwin             | amd64   |

This feature was added in v0.10.7. We hope it’ll help clear some of the confusion that occurs when you run multiple instances. Thanks for the patience on this feature!

HTTP Basic Auth Bug Fix

We had an HTTP Basic Auth bug that was fixed in v0.10.5. The issue was the very basic logic used for detecting if an incoming HTTP request was using basic auth for rules where the credential is evaluated.

When incoming traffic was using a JWT for authentication, something that is becoming more common, it would trigger the logic in the client that just assume that any Authorization header was meant for it.

Our initial approach used some weak logic… it’s fixed now :)

Thanks for a great start!

This year has started off really well. We’re publishing new features and bug fixes more frequently.

We support a new target - Windows 32-bit. It works on Windows XP, which is an odd target to support and took some tricky work on our build systems. But some of our enterprise customers still support XP so we’re glad to begin supporting that target on our builders.

Our home page has been updated and we’ve recently added a new page for our on-premise server Spokes. We’re excited to expand our services and solutions for businesses.

Thank you all again. If you run into any issues please report them to us or send us a DM on Twitter.