SOCKS5 and UDP

Romain Vimont rom at rom1v.com
Tue Jan 17 20:05:24 AEDT 2017


Le mardi 17 janvier 2017 à  9:20 +1100, Darren Tucker a écrit :
> On Tue, Jan 17, 2017 at 1:30 AM, Romain Vimont <rom at rom1v.com> wrote:
> [...]
> > As a consequence, in particular, a SOCKS5 server started with "ssh -D"
> > cannot proxify UDP packets.
> >
> > Are there deep reasons why OpenSSH does not implement them (security, or
> > whatever)?
> 
> ssh -D accepts SOCKS CONNECT requests and maps them to SSH
> "direct-tcpip" requests (see RFC4254 section 7.2).  These are only
> defined for TCP, there's no equivalent for UDP.

Thank you for your answer.

So if I understand correctly, making "ssh -D" create a "full" SOCKS5
server, including UDP relay¹, would require to add a new SSH request
type (like "relay-udp")?

Here is some context: I would like to provide a reverse tethering tool
for Android that redirects all the packets to a SOCKS5 server. Since
"ssh -D" is the simplest way to create a SOCKS5 server (and everyone has
an ssh client), starting a reverse tethering would have been easy.
Unfortunately, if UDP packets are not relayed, it does not work.

An alternative would be to use a tun device on the host and forward the
packets (what SimpleRT² does), but this requires root access on the
host.

Regards,
®om

¹ <https://tools.ietf.org/html/rfc1928#section-7>
² <https://github.com/vvviperrr/SimpleRT>


More information about the openssh-unix-dev mailing list