Linux SOCKS5 tunneling not working with udp traffic

linux ssh tunnel udp socks

12,494

SOCKS 5 supports UDP. OpenSSH claims to implement SOCKS4 and SOCKS5, but it only implements a subset of the SOCKS5 protocol.

You won't find the specifics of what is, or is not supported in the documentation though, look at the source instead:

    if (s5_req.version != 0x05 ||
        s5_req.command != SSH_SOCKS5_CONNECT ||
        s5_req.reserved != 0x00) {
            debug2("channel %d: only socks5 connect supported", c->self);
            return -1;
    }

(from function channel_decode_socks5() in channels.c, OpenSSH-6.4p1 from November 8, 2013. Update this continues to be the case up to ~~OpenSSH-7.6p1, October 2017~~ OpenSSH-8.2p1, February 2020.)

SSH_SOCKS5_CONNECT is command opcode 1 which is implicitly a TCP connection. Command opcode 3 is UDP ASSOCIATE for UDP proxying (this is what was added to SOCKS5, SOCKS4 or 4a do not support UDP).

There are commercial and free (e.g. Dante) SOCKS5 proxies available that support UDP.

If you do not need dynamic UDP port forwarding, you can set up a number (choosing the destinations in advance) of UDP forwardings over an SSH connection using one of these methods: UDP traffic through SSH tunnel (I recommend the socat approach, I find it to work the best.)

12,494

user2736323

Updated on September 18, 2022

Comments

user2736323 over 1 year

I am using the command ssh -N -D 0.0.0.0:1080 localhost which works perfectly fine for my web browser, but when I try and tunnel a UDP traffic application it doesn't work.

I thought that socks5 should be able to handle UDP traffic, or is there something else that I need to setup?