Linux SOCKS5 tunneling not working with udp traffic
SOCKS 5 supports UDP. OpenSSH claims to implement SOCKS4 and SOCKS5, but it only implements a subset of the SOCKS5 protocol.
You won't find the specifics of what is, or is not supported in the documentation though, look at the source instead:
if (s5_req.version != 0x05 ||
s5_req.command != SSH_SOCKS5_CONNECT ||
s5_req.reserved != 0x00) {
debug2("channel %d: only socks5 connect supported", c->self);
return -1;
}
(from function channel_decode_socks5()
in channels.c
, OpenSSH-6.4p1 from November 8, 2013. Update this continues to be the case up to OpenSSH-7.6p1, October 2017 OpenSSH-8.2p1, February 2020.)
SSH_SOCKS5_CONNECT
is command opcode 1 which is implicitly a TCP connection. Command opcode 3 is UDP ASSOCIATE
for UDP proxying (this is what was added to SOCKS5, SOCKS4 or 4a do not support UDP).
There are commercial and free (e.g. Dante) SOCKS5 proxies available that support UDP.
If you do not need dynamic UDP port forwarding, you can set up a number (choosing the destinations in advance) of UDP forwardings over an SSH connection using one of these methods: UDP traffic through SSH tunnel
(I recommend the socat
approach, I find it to work the best.)
Related videos on Youtube
user2736323
Updated on September 18, 2022Comments
-
user2736323 over 1 year
I am using the command
ssh -N -D 0.0.0.0:1080 localhost
which works perfectly fine for my web browser, but when I try and tunnel a UDP traffic application it doesn't work.I thought that socks5 should be able to handle UDP traffic, or is there something else that I need to setup?