Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UDP support? #12

Open
MrCyjaneK opened this issue Aug 7, 2021 · 2 comments
Open

UDP support? #12

MrCyjaneK opened this issue Aug 7, 2021 · 2 comments

Comments

@MrCyjaneK
Copy link

Hey! I'd like to ask what's your take on UDP support for bore?

Currently it works very well as a TCP/HTTP(s) proxy but giving an option to forward UDP traffic would be great.
I currently see two possible ways of doing that:

  • Using SSH tunnel to send UDP over TCP.
  • Create a separate listener for UDP traffic, and make it a separate thing.

But that won't work in environment where both TCP and UDP traffic is used, and where the app expect the traffic it to happen on the same port.

So using an SSH session in both cases, and if there is a UDP option selected, tell server via SSH that we will connect over UDP to it, and we will get the UDP port back (preferably same as TCP - if TCP is used at same time).

What comes with that - UDP will not be encrypted on it's way to bore network but I don't see that as a huge security issue, because while with TCP forwarding you can just use HTTPS the traffic gets encrypted on the way from you to the server, and from server to the client which make it impossible for some man in the middle to get the data (except for the bore server), but with UDP if it would be somehow encrypted on the way to server, if would have to be decrypted before getting forwarded (otherwise it probably will break the protocol used by app) , which make it pointless to use the encryption in the first place. As an encrypted alternative we could extend the bore client to connect directly to the bore server, capture the UDP traffic, decrypt it and make it available over UDP on localhost.. but many people would prefer to not install anything just to see somebody's work.

@Damglador
Copy link

That would make it an ultimate tunneler

@darkanubis0100
Copy link

Hey! I'd like to ask what's your take on UDP support for bore?

Currently it works very well as a TCP/HTTP(s) proxy but giving an option to forward UDP traffic would be great. I currently see two possible ways of doing that:

  • Using SSH tunnel to send UDP over TCP.
  • Create a separate listener for UDP traffic, and make it a separate thing.

But that won't work in environment where both TCP and UDP traffic is used, and where the app expect the traffic it to happen on the same port.

So using an SSH session in both cases, and if there is a UDP option selected, tell server via SSH that we will connect over UDP to it, and we will get the UDP port back (preferably same as TCP - if TCP is used at same time).

What comes with that - UDP will not be encrypted on it's way to bore network but I don't see that as a huge security issue, because while with TCP forwarding you can just use HTTPS the traffic gets encrypted on the way from you to the server, and from server to the client which make it impossible for some man in the middle to get the data (except for the bore server), but with UDP if it would be somehow encrypted on the way to server, if would have to be decrypted before getting forwarded (otherwise it probably will break the protocol used by app) , which make it pointless to use the encryption in the first place. As an encrypted alternative we could extend the bore client to connect directly to the bore server, capture the UDP traffic, decrypt it and make it available over UDP on localhost.. but many people would prefer to not install anything just to see somebody's work.

Note that this is a feature that you asked for in 2021 and being 2024 there seems to be no sign of life.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants