search

wangyu- / udp2raw

A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
MIT License
6.96k stars 1.15k forks source link

How to tunnel IKEv2 #488

Open fardindadashi opened 10 months ago

fardindadashi commented 10 months ago

Hi. I have an IKEv2 server and I ran these commands but doesn't work (there is no error, just vpn connection fails):

server side:

./udp2raw_amd64 -s -l 0.0.0.0:444 -r 127.0.0.1:4500 -k "PaSSWoRD1" --raw-mode faketcp -a &
./udp2raw_amd64 -s -l 0.0.0.0:443 -r 127.0.0.1:500 -k "PaSSWoRD2" --raw-mode faketcp -a &

client side

./udp2raw_amd64 -c -l 0.0.0.0:4500 -r 123.45.67.89:444 -k "PaSSWoRD1" --raw-mode faketcp -a &
./udp2raw_amd64 -c -l 0.0.0.0:500 -r 123.45.67.89:443 -k "PaSSWoRD2" --raw-mode faketcp -a &

what am I missing?

testcaoy7 commented 10 months ago

You need to turn on "force udp encapsulation" option in your *Swan. I think you should not use udp2raw upon udp/500. udp/500 is for phase-1 where the parameters of child SAs are exchanged, put it behind a proxy might results in error. Secured traffic happens in phase-2, and uses ESP packets, I believe they can be tunneled by udp2raw after encapsulated in udp.