udp2raw: Bypass UDP Firewalls with Encrypted FakeTCP/UDP/ICMP Tunnels

udp2raw: Bypass UDP Firewalls with Encrypted FakeTCP/UDP/ICMP Tunnels

Summary

udp2raw is a powerful tunnel that transforms UDP traffic into encrypted FakeTCP, UDP, or ICMP traffic using raw sockets. It effectively helps users bypass UDP firewalls, overcome unstable UDP environments, and improve connection stability. This tool is particularly useful when combined with UDP-based VPNs, enabling the tunneling of any traffic type.

Repository Info

Updated on November 3, 2025
View on GitHub

Tags

bypass-firewallfaketcpicmp-tunnelraw-socketudp-tunneltunnelC++network-security

Click on any tag to explore related repositories

Introduction

udp2raw is an innovative tunneling tool designed to transform standard UDP traffic into encrypted FakeTCP, UDP, or ICMP traffic. By leveraging raw sockets, udp2raw provides a robust solution for bypassing UDP firewalls, mitigating issues in unstable UDP environments, and enhancing overall connection reliability. While it primarily tunnels UDP traffic, its power is fully realized when combined with any UDP-based VPN, allowing for the secure tunneling of all types of network traffic, including TCP, UDP, and ICMP. This makes it an invaluable asset for users seeking to circumvent network restrictions and improve their online experience.

Installation

Getting started with udp2raw is straightforward. The easiest way to install it is by downloading the pre-compiled binaries for your specific platform from the official GitHub Releases page.

  1. Download Binaries: Visit the udp2raw Releases page and download the appropriate binary for your Linux host (e.g., udp2raw_amd64 for 64-bit Linux).
  2. Permissions: Ensure the downloaded binary has execute permissions. You might need to run chmod +x udp2raw_amd64.
  3. Windows and macOS: For Windows and macOS users, a separate multiplatform repository is available: udp2raw-multiplatform.

Examples

Here's a basic example demonstrating how to set up udp2raw on both the server and client sides, assuming your UDP traffic is blocked or experiencing QoS issues. Let's say your server IP is 44.55.66.77 and you have a service listening on UDP port 7777.

Server Side

Run this command on your server:

./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777 -k "passwd" --raw-mode faketcp -a
  • -s: Specifies server mode.
  • -l0.0.0.0:4096: udp2raw listens on all interfaces on port 4096 for incoming raw connections.
  • -r 127.0.0.1:7777: Redirects incoming traffic to the local UDP service on port 7777.
  • -k "passwd": Sets the shared password for encryption and authentication.
  • --raw-mode faketcp: Configures udp2raw to encapsulate UDP traffic within FakeTCP headers.
  • -a: Automatically adds necessary iptables rules to prevent the kernel from interfering with FakeTCP packets.

Client Side

Run this command on your client:

./udp2raw_amd64 -c -l0.0.0.0:3333 -r44.55.66.77:4096 -k "passwd" --raw-mode faketcp -a
  • -c: Specifies client mode.
  • -l0.0.0.0:3333: The client listens on port 3333 for local UDP traffic.
  • -r44.55.66.77:4096: Connects to the udp2raw server at 44.55.66.77 on port 4096.
  • -k "passwd": Uses the same shared password as the server.
  • --raw-mode faketcp: Matches the server's raw mode.
  • -a: Automatically adds necessary iptables rules.

After these steps, any UDP traffic sent to 0.0.0.0:3333 on the client will be securely tunneled as FakeTCP traffic to the server and then forwarded to 127.0.0.1:7777.

Why Use udp2raw?

udp2raw offers several compelling advantages for users facing network restrictions or seeking enhanced connection stability and security:

  • Bypass UDP Restrictions: Effectively circumvents UDP blocking, QoS limitations, or problematic NAT behaviors imposed by ISPs by disguising UDP traffic as FakeTCP, ICMP, or even regular UDP with added features.
  • Advanced FakeTCP Simulation: Its FakeTCP mode simulates a real TCP connection, including 3-way handshakes and sequence numbers, without the "TCP over TCP" performance issues often encountered with VPNs. This makes the traffic appear legitimate to firewalls.
  • Robust Encryption and Anti-Replay: Protects your data with AES-128-CBC encryption and ensures data integrity with HMAC-SHA1. An anti-replay window defends against replay attacks, significantly enhancing security.
  • Exceptional Connection Stability: Features heartbeat-based failure detection and automatic reconnection. Even if your network cable is unplugged or your WiFi access point changes, udp2raw can recover the connection, ensuring continuous service for applications like OpenVPN.
  • Versatile Tunneling: While primarily for UDP, when paired with a UDP-based VPN (like OpenVPN, L2TP, or tinyfecVPN), udp2raw can tunnel all types of traffic, providing a comprehensive solution for bypassing censorship and improving network performance.
  • Easy to Deploy: With no external dependencies and pre-compiled binaries available, udp2raw is simple to set up and run on various Linux-based systems, including desktops, Android devices, OpenWRT routers, and Raspberry Pi.

Links