0

I want to setup a reverse udp tunnel, because I need to connect to my openvpn server from remote and the openvpn server is behind a NAT. For this I use socat and ssh. The tcp tunnel command:

socat exec:"ssh removeserver \"socat tcp-listen:10000,fork -\"" tcp-connect:localhost:22

does work correctly and I'm then able to buildup a ssh connection to remoteserver:10000.

But when I want to do the same with udp:

socat exec:"ssh removeserver \"socat udp-listen:10000,fork -\"" udp-connect:localhost:1194

and then try to buildup the openvpn connection, I get the following error:

2011/12/23 13:27:43 socat[28241] E read(3, 0x80c3b08, 8192): Connection refused

The tunnel at first seems to work, becaues both logfiles (server and client) have entries for the connection attempt. But the connection can't be established.

Heinzi
  • 5,793
  • 4
  • 40
  • 69

1 Answers1

2

I have just tried this and I believe the reason it fails is because the ssh part of the tunnel doesn't preserve the UDP datagram sizes. Ie. a 14 byte datagram and a 22 byte datagram get combined on the other end into a 26 byte datagram. Openvpn doesn't work in this scenario.

I have had proof-of-concept success with a similar construct as this, but where there is a program which reads the UDP datagrams and turns them into tcp stream with 16-bit length prefixes (i.e. a stream of length,bytes,length,bytes etc) and obviously does the reverse as well.

With this I was able to tunnel openvpn .

dmansfield
  • 1,108
  • 10
  • 22