Https tunnel for carrying TCP and UDP packets

https tcp udp tunneling

5,148

Solution 1

From the stunnel FAQ :

Can I forward UDP services over stunnel?

As described thus far, no. Stunnel works with SSL, which runs only on TCP. There are ways to forward UDP packets over TCP, and in principle these should be able to work over stunnel.

SSL is a connection oriented protocol, while UDP is connection-less. Therefor you can not forward udp over TCP.

Solution 2

I'm going to go out on a limb here and guess, since the details of your configuration aren't in the question...

If you just pointed OpenVPN at the stunnel port, and OpenVPN was using UDP, but stunnel was using TCP, they would never connect. A network endpoint is identified by IP address, port and protocol. If you had stunnel listening on (127.0.0.1, 4430, tcp) and OpenVPN was trying to connect to (127.0.0.1, 4430, udp), it wouldn't be able to connect to stunnel.

I don't see that stunnel has any options for UDP operation, so this must have been what happened. This jives with what you said about how it worked when you switched OpenVPN to TCP.

UDP and TCP are completely different protocols, using different APIs. So you can't just interchange them, producers and consumers need to be written specifically for the protocol. It would be possible to proxy UDP over SSL, but it would require a tunnel software specifically written for that. I'm not aware of one that supports that.

5,148

clemens utschig

Updated on September 18, 2022

Comments

clemens utschig over 1 year

I had an issue with running Openvpn over UDP in my college network. The firewall was dropping UDP connections. As http and https were working fine and assuming that the firewall was inspecting packet header, I tried to run Openvpn over a https tunnel using stunnel. I was not successful because Openvpn was using UDP. So, I got openvpn to use TCP and it worked. But, later I found that the firewall was allowing all TCP connections (and was not insepcting packet headers) and I was able to run Openvpn without the https tunnel.

My question is: Why Openvpn did not work over https tunnel while it was using UDP protocol? and Why did it work with TCP over the same https tunnel? Is it not the TCP packets that carry https traffic and not https carrying TCP or UDP packets? To put my question in a different way: by default https is run over TCP, so why should https make a fuss (as it just creates a transit tunnel) when it is made to carry UDP packets and not TCP?
- clemens utschig over 12 years
  
  I have mentioned a link in the question. I followed that howto exactly at it is written.
- MShoubaki over 12 years
  
  Ah, there's your problem! That URL is for tunneling SSH over stunnel, not OpenVPN. :-) I've replied with my guess, if it's off, please provide more details, including the OpenVPN side of it.