Reputation: 6083
UDP reverse tunnel over ssh (using socat)
I want to setup a reverse udp tunnel, because I need to connect to my openvpn server from remote and the openvpn server is behind a NAT. For this I use socat and ssh. The tcp tunnel command:
socat exec:"ssh removeserver \"socat tcp-listen:10000,fork -\"" tcp-connect:localhost:22
does work correctly and I'm then able to buildup a ssh connection to remoteserver:10000.
But when I want to do the same with udp:
socat exec:"ssh removeserver \"socat udp-listen:10000,fork -\"" udp-connect:localhost:1194
and then try to buildup the openvpn connection, I get the following error:
2011/12/23 13:27:43 socat[28241] E read(3, 0x80c3b08, 8192): Connection refused
The tunnel at first seems to work, becaues both logfiles (server and client) have entries for the connection attempt. But the connection can't be established.
Upvotes: 0
Views: 5032
Answers (1)
Reputation: 1128
I have just tried this and I believe the reason it fails is because the ssh part of the tunnel doesn't preserve the UDP datagram sizes. Ie. a 14 byte datagram and a 22 byte datagram get combined on the other end into a 26 byte datagram. Openvpn doesn't work in this scenario.
I have had proof-of-concept success with a similar construct as this, but where there is a program which reads the UDP datagrams and turns them into tcp stream with 16-bit length prefixes (i.e. a stream of length,bytes,length,bytes etc) and obviously does the reverse as well.
With this I was able to tunnel openvpn .
Upvotes: 2
Related Questions
- UDP reverse tunneling
- Bidirectional UDP tunnel with socat on Linux
- How to connect SSH tunnel tcp/udp in android
- HTTP reverse tunnel
- socat: tunnel IP through TTY
- Combining SOCAT with SSH to have dynamic port forwarding through socks proxy
- How do I tunnel udp over ssh?
- SSH Reverse tunneling in Android
- SOCAT to redirect UDP don't work!
- tunneling using SSH