A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls (or Unstable UDP Environment). Its Encrypted, Anti-Replay and Multiplexed.It additionally acts as a Connection Stabilizer.
Send / Receive UDP Packet with pretend-tcp/icmp headers
Fake-tcp/icmp headers assist you bypass UDP blocking, UDP QOS or improper UDP NAT conduct on some ISPs. Raw packets with UDP headers are additionally supported.In UDP header mode, it behaves similar to a standard UDP tunnel, and you’ll simply make use of the opposite options.
Simulate TCP Handshake
Simulates the three-method handshake, together with seq and ack_seq. TCP choices MSS, sackOk, TS, TS_ack, wscale are additionally simulated. Real-time supply assured, no TCP over TCP drawback when using OpenVPN.
Encryption, Anti-Replay, No MITM
- Encrypt your site visitors with AES-128-CBC.
- Protect knowledge integrity by MD5 or CRC32.
- Defense replay assault with an anti-replay window, much like IPSec and OpenVPN.
- Authenticate mutually, no MITM assaults.
Failure Detection & Stabilization (Connection Recovery)
For instance, in the event you use UDP2RAW + OpenVPN, OpenVPN will not lose connection after any reconnect, even when the community cable is re-plugged or the WiFi entry level is modified.
- Multiplexing One consumer can deal with a number of UDP connections, all of which share the identical uncooked connection.
- Multiple Clients One server can have a number of purchasers.
- NAT Support All of the three modes work in NAT environments.
- OpenVZ Support Tested on BandwagonHost.
- OpenWRT Support No dependencies, straightforward to construct. Binary for ar71xx are included in launch.
UDP QoS Bypass
UDP Blocking Bypass
OpenVPN TCP over TCP drawback
OpenVPN over ICMP
UDP to ICMP tunnel
UDP to TCP tunnel
UDP over ICMP
UDP over TCP
Download binary launch from https://github.com/wangyu-/udp2raw-tunnel/releases
Assume your UDP is blocked or being QOS-ed or simply poorly supported. Assume your server ip is 22.214.171.124, you’ve a service listening on udp port 7777.
# Run at server aspect: ./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777 -a -k "passwd" --raw-mode faketcp # Run at consumer aspect ./udp2raw_amd64 -c -l0.0.0.0:3333 -r126.96.36.199:4096 -a -k "passwd" --raw-mode faketcp
Now, an encrypted uncooked tunnel has been established between consumer and server by means of TCP port 4096. Connecting to UDP port 3333 on the consumer aspect is equal to connecting to port 7777 on the server aspect. No UDP site visitors will likely be uncovered.
to run on Android, see Android_Guide
udp2raw-tunnel model: Aug 18 2017 00:29:11 repository: https://github.com/wangyu-/udp2raw-tunnel utilization: run as consumer : ./this_program -c -l local_listen_ip:local_port -r server_ip:server_port [options] run as server : ./this_program -s -l server_listen_ip:server_port -r remote_ip:remote_port [options] widespread choices, these choices have to be similar on each aspect: --raw-mode <string> avaliable values:faketcp(default), udp, icmp -k, --key <string> password to gen symetric key, default:"secret key" --cipher-mode <string> avaliable values:aes128cbc(default), xor, none --auth-mode <string> avaliable values:md5(default), crc32, easy, none -a, --auto-rule auto add (and delete) iptables rule -g, --gen-rule generate iptables rule then exit --disable-anti-replay disable anti-replay, not urged consumer choices: --source-ip <ip> power supply-ip for uncooked socket --source-port <port> power supply-port for uncooked socket, tcp/udp solely this selection disables port altering whereas re-connecting different choices: --log-degree <quantity> 0:by no means 1:deadly 2:error 3:warn 4:information (default) 5:debug 6:hint --log-place allow file identify, perform identify, line quantity in log --disable-shade disable log shade --disable-bpf disable the kernel house filter, most time its not needed until you think there's a bug --sock-buf <quantity> buf dimension for socket, >=10 and <=10240, unit:kbyte, default:1024 --seqmode <quantity> seq enhance mode for faketcp: 0:dont enhance 1:enhance each packet 2:enhance randomly, about each Three packets (default) --lower-degree <string> ship packet at OSI degree 2, format:'if_name#dest_mac_adress' ie:'eth0#00:23:45:67:89:b9'.Beta. -h, --help print this assist message
This program sends packets via uncooked socket. In FakeTCP mode, Linux kernel TCP packet processing must be blocked by a iptables rule on each side, in any other case the kernel will routinely ship RST for an unrecongized TCP packet and you’ll maintain from stability / peformance issues. You can use
-a choice to let this system routinely add / delete iptables rule on begin / exit. You may also use the
-g choice to generate iptables rule and add it manually.
It is usually recommended to make use of
md5 to acquire most safety. If you need to run this system on a router, you possibly can attempt
easy, which can idiot packet inspection by firewalls essentially the most of time, nevertheless it can’t defend you from severe assaults. Mode none is just for debugging goal. It will not be advisable to set the cipher-mode or auth-mode to none.
The FakeTCP mode doesn’t behave 100% like an actual tcp connection. ISPs could possibly distinguish the simulated tcp site visitors from the actual TCP site visitors (although it is pricey). seq-mode will help you modify the seq enhance conduct barely. If you expertise connection issues, attempt to change the worth.
iperf3 TCP via OpenVPN + udp2raw (iperf3 UDP mode will not be used due to a bug talked about on this situation: https://github.com/esnet/iperf/issues/296 . Instead, we package deal the TCP site visitors into UDP by OpenVPN to check the efficiency. Read Application for particulars.
iperf3 -c 10.222.2.1 -P40 iperf3 -c 10.222.2.1 -P40 -R
- Client Vultr $2.5/month-to-month plan (single core 2.4GHz cpu, 512MB RAM, Tokyo, Japan)
- Server BandwagonHost $3.99/yearly plan (single core 2.0GHz cpu, 128MB RAM, Los Angeles, USA)
raw_mode: faketcp cipher_mode: xor auth_mode: easy
(reverse velocity was simliar and never uploaded)
raw_mode: faketcp cipher_mode: aes128cbc auth_mode: md5
(reverse velocity was simliar and never uploaded)
tunneling any site visitors via uncooked site visitors by using udp2raw +openvpn
- bypasses UDP block/UDP QOS
- no TCP ovr tcp drawback (tcp over tcp drawback http://sites.inka.de/bigred/devel/tcp-tcp.html , https://community.openvpn.net/openvpn/ticket/2 )
- openvpn over icmp additionally turns into a selection
extra particulars at openvpn+udp2raw_guide
velocity-up tcp connection via uncooked site visitors by using udp2raw+kcptun
kcptun is a tcp connection velocity-up program, it speeds-up tcp connection by using kcp protocol on-prime of udp.by using udp2raw, you should utilize kcptun whereas udp is QoSed or blocked. (kcptun, https://github.com/xtaci/kcptun)
velocity-up tcp connection via uncooked site visitors by using udp2raw+finalspeed
finalspeed is a tcp connection velocity-up program similiar to kcptun, it speeds-up tcp connection by using kcp protocol on-prime of udp or tcp.however its tcp mode doesnt assist openvz, you possibly can bypass this drawback in the event you use udp2raw+finalspeed collectively, and icmp mode additionally turns into avaliable.
Easier set up on ArchLinux
yaourt -S udp2raw-tunnel # or pacaur -S udp2raw-tunnel