UDP over SSH

From Gangplank
Revision as of 19:10, 1 February 2021 by HR (talk | contribs) (Created page with "== Abstract == Forward UDP traffic on a specific port to a remote client via SSH. == Background == This comes in handy if you don't want to expose the remote device's UDP p...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Abstract

Forward UDP traffic on a specific port to a remote client via SSH.

Background

This comes in handy if you don't want to expose the remote device's UDP port directly to the internet and/or you want the connection through the Internet to be encrypted.

Diagram

UDP over SSH Diagram 02.png

Implementations

Linux

Socat

Socat [1] is a command-line utility to read from and write to TCP and UDP network connections.

Requirements
  • socat
  • SSH [2]
  • remote computer that can receive SSH connections (e.g. Raspberry Pi) and whose SSH port is exposed to the internet.
Example

Connect to the remote computer (example.com) via SSH and forward our local TCP port 7000 to the remote computer:

ssh -L 7000:localhost:7000 example.com

Note: if you want to forward a port in the 1 - 1023 range you need root privileges (sudo).


Via the SSH shell on the remote computer (example.com) configure socat to listen on TCP port 7000 and forward the traffic (from port 7000) to IP address 10.0.0.2 on UDP port 6454:

sudo socat TCP-LISTEN:7000,fork UDP6:10.0.0.2:6454


On our local device we configure socat to listen on local UDP port 6454 and forward the traffic to local TCP port 7000, where the SSH port forward is configured:

sudo socat UDP-LISTEN:6454 TCP:localhost:7000


Now our local UDP traffic on port 6454 is tunneled to the remote device at 10.0.0.2 .


References