Tunnel TCP/UDP/ICMP traffic over UDP, with session password.

Felipe Astroza Araya d12d6a950b Merge pull request #12 from ExplosiveBattery/patch-1 4 years ago
include a2fa26443d new source header 9 years ago
scripts a2f0e9b9c8 Update linux_client.sh 4 years ago
.gitignore 5c01be37be Support hostname resolution 4 years ago
LICENSE f791f18b3d initial commit 13 years ago
Makefile 8fd1c39a3f + Control channel 9 years ago
README.md 5108ed260b MINOR: Added note for tuntap driver for OSX 6 years ago
client.c 5c01be37be Support hostname resolution 4 years ago
server.c a2fa26443d new source header 9 years ago
socket.c a2fa26443d new source header 9 years ago
tun.c a2fa26443d new source header 9 years ago
util.c a2fa26443d new source header 9 years ago



It allows TCP/UDP/ICMP traffic over UDP tunneling. It's useful to avoid Internet restrictions.

Demo: http://www.youtube.com/watch?v=A0jLF2ipirg


  • BSD & Mac OSX support
  • Auto-config scripts for routing

Mobile network prepaid


  • A prepaid chip
  • Edge/3G Cellphone able to share Internet
  • A full access Internet connection (home ADSL?)


So far, I've tested this technique in an OSX machine (connected to cellphone) and a Linux machine (connected to full access Internet connection). Once you have access to mobile operator's portal cautivo, you can access to limited services, such as DNS, and TCP ports distinct to 80 (HTTP). I don't use proxy over TCP because TCP connections receive an arbitrary RESET at any time. Also, I figure out that 53 UDP port has the best performance, with lower packet loss.

You must:

  • identify the public IP address of the machine connected to full access Internet connection <public_address>
  • choose a common password <your_password>

On Linux server (with full access Internet connection)

./server 53 <your_password>

On OSX client (with limited Internet access)

./client <public_address> 53 <your_password>

Note: You may need a tuntap module for OSX http://tuntaposx.sourceforge.net/download.xhtml if you get an error saying open: No such file or directory

And that's all!!, you'll have a slow (just a bit) but full access Internet connection!. I've measured 0.210 MBPS in download.

How it works

By default mobile provider blocks any packet but UDP packet, unless you pay for the service. My method consists in sending TCP/UDP/ICMP frames as payload of an UDP packet to a known host (your server). Your server reinjects these frames to Internet.

PC to Internet
PC -> Cellphone -> [limited Internet] -> Your server -> [Internet]

Internet to PC
[Internet] -> Your server -> [limited Internet] -> Cellphone -> PC

UDP Packet payload

The messages between your server and PC are UDP packets with the next payload:

 ----------- ------------ --------------------------------------------
|     1    |        2    |                        3                   |
|PACKET_TYPE| PACKET_CMD |      TCP/UDP/ICMP Packet or control data   |
| (1 byte)  | (1 byte)   |               (variable size)              |
 ----------- ------------ --------------------------------------------

Each UDP packet arrives to your server or PC must be disassembled and reinjected to OS network stack.

There are 2 packet types:

  • CONTROL: For authentication and notification
  • TRAFFIC: For transporting another packet (TCP/UDP/ICMP).

It works transparently

For reinjecting to OS network stack I use tun driver. It helps to create virtual network interfaces that receive traffic from an userspace application.

Thanks to the routing scripts (in scripts/) you don't need do anything to get the whole system with Internet access. Routing scripts are called automatically.


  • iPhone port (computer connected to cellphone will not be necessary)
  • Multi-client server (at this time, the server is one client only)
  • Data compressing

F. Astroza