Documentation ¶
Overview ¶
udptunnel is a daemon that sets up a point-to-point virtual private network between two hosts:
- A client host that may be behind an obtrusive NAT that frequently drops TCP connections, but happens to pass UDP traffic reliably.
- A server host that is internet-accessible.
This only supports Linux.
Example Setup ¶
The udptunnel is setup by running it on two different hosts, one in a server configuration, and the other in client configuration. The difference between a server or client is determined by the NetworkAddress field in the configuration. If the address has an empty host portion, then the daemon operates in server mode. Otherwise, the daemon operates in client mode and will use the host to dial the server.
Example server config:
{"TunnelAddress": "10.0.0.1", "NetworkAddress": ":8000", "AllowedPorts": [22]}
Example client config:
{"TunnelAddress": "10.0.0.2", "NetworkAddress": "example.com:8000", "AllowedPorts": [22]}
See the TunnelConfig struct for more details.
Security Considerations ¶
TUN traffic is sent ad-verbatim between the two endpoints via unencrypted UDP traffic. The intended use case is to run a secure protocol (like SSH; see github.com/dsnet/sshtunnel) on top of this simple VPN. In order to prevent attackers from connecting to other locally binded sockets on the endpoints, a simple port filter is built-in to restrict IP traffic to only the specified ports. Users of udptunnel should also setup iptable rules as a secondary measure to restrict malicious traffic.