• EncapIpInUdp

Encapsulation of IP in UDP

• Contents

  1. Encapsulation of IP in UDP
  2. Introduction
  3. Requirements
  4. Configuration

Introduction

Gone are the days where it was easy to pass 44 traffic over the internet, or where IPIP was a protocol that saw little hinderance. A lot of internet service providers and (from what I understand) a lot of router equipment by default now blocks this type of traffic. More accurately, many internet service providers block outgoing traffic originating from within their network IF the ip address is not from within their own allocation of numbers - meaning that IP packets having a source address of 44 will never make it out. Using both IPIP and IPUDP as the encapsulation methods can help us to overcome those obstacles, however for the new generation of home user, even IPIP will not work, since most home users are now behind a firewall or NAT router of some type. That leaves us with IPUDP, which is a simple, non complicated, and NOS friendly solution.

Now that cheap consumer firewall and NAT routers have appeared on the market, we can now make use of these nifty devices to improve AmprNet connectivity again, and at the same time keep our systems as secure as can be possible. IPUDP is where IP packets are encapsulated in UDP datagrams. For all intensive purposes, IPUDP is the same as IPIP, except that IPUDP will pass through those cheap firewall or NAT routers, where in most cases IPIP will not. K2MF (Barry), N1URO (Brian), and I discussed this some time ago. Barry should get the main credit on this one, he has implemented this on MFNOS, and then I followed up, by implementing it for JNOS 2.0.

Requirements

In order for you to make this work, you will need a static host that also has support for IPUDP. My static host is N1URO at this time, HOWEVER ... I am actually in the process of actively getting the mirrorshades system to support this new protocol, so that IPUDP can be considered a formal gateway to which mirrorshades will route direct to as it does with IPIP, but that's still in the works (who knows - it may or may not happen). I'm optimistic, and have submitted an RFC of sorts to the powers that be.

Configuration

When adding a 44 route, typically one uses something like this :

route add 44.0/8 encap a.b.c.d

The above command implies that IP-in-IP encapsulation should be used. If you want to force the use of IP-in-UDP encapsulation instead, then simply add the word 'udp' to the end of the route command, for instance :

route add 44.0/8 encap a.b.c.d udp

Our implementation of IP-in-UDP uses UDP port 94 (for both the source and destination ports). Just make sure your firewall or NAT router is configured properly to pass this port. It also makes sense to restrict access to that port to only those IPUDP hosts you link with. If your firewall or NAT router lets you do that, great ! If not, then you could use IPTABLES on linux to do it instead.

That's all there is it. Date: Mon, 16 May 2005 21:42:31 -0500 (CDT) From: maiko <...> To: TAPR xNOS Mailing List <...>