Reputation: 4610
Using socat and openssl as DTLS/PSK tunnel
I want to combine openssl and socat to add encryption to plain-text UDP sockets. Specifically,
My app opens an UDP socket and sends plain-text data to 127.0.0.1:8032. I want socat to establish a DTLS session with a remote openssl server and encrypt the plain-text data sent by me app, as well as decrypt and relay back the response.
I've managed to handshake using openssl s_client:
openssl s_client -dtls1_2 -psk <KEY> -psk_identity <ID> -connect <IP>:<PORT>
but I can't get the socat tunnel to work:
socat -x -vvvvvvv SYSTEM:'openssl s_client -dtls1_2 -psk <KEY> -psk_identity <ID> -connect <IP>:<PORT>' UDP-LISTEN:8032
It seems that socat relays the plain-text data, but
I'm not sure the handshake ever gets done, and I'm not sure socat will relay the response correctly anyway with this setup. Help?
Upvotes: 2
Views: 1363
Answers (1)
Reputation: 4610
I managed to get it work with the following modification. Instead of -connect <IP>:<PORT>, use -connect <IP> -port <PORT>. Not particularily intuitive imo, but dumping the traffic with wireshark made it fairly easy to figure out. Yay wireshark.
Upvotes: 2
Related Questions
- socat openssl-listen - ensuring TLSv1.3 is in use
- Bidirectional UDP tunnel with socat on Linux
- socat port forwarding for https
- WebRTC DTLS-SRTP OpenSSL Server Handshake Failure
- socat - how to listen on non-ssl TCP and forward to ssl TCP endpoint?
- Connecting QSslSocket with OpenSSL server
- Combining SOCAT with SSH to have dynamic port forwarding through socks proxy
- Socat forwarder over a single secure connection
- UDP reverse tunnel over ssh (using socat)
- DTLS over SCTP using OpenSSL