explaingit

wangyu-/udp2raw

8,453C++Audience · ops devopsComplexity · 3/5Setup · moderate

TLDR

A Linux networking tool that disguises UDP traffic as fake TCP, ICMP, or ordinary UDP to bypass firewalls that block or throttle UDP, with built-in encryption and anti-replay protection.

Mindmap

mindmap
  root((udp2raw))
    What it does
      Disguise UDP traffic
      Bypass firewalls
      Encrypt and verify data
    Disguise modes
      Fake TCP
      ICMP
      Plain UDP
    Security features
      AES-128-CBC encryption
      HMAC-SHA1 integrity
      Anti-replay window
      Auto-reconnect
    Platforms
      Desktop Linux
      Android
      OpenWRT routers
      Raspberry Pi
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Tunnel OpenVPN's UDP traffic through udp2raw so it looks like TCP or ICMP, bypassing firewalls that block UDP.

USE CASE 2

Protect VPN traffic from network throttling by disguising it as ICMP or fake TCP packets.

USE CASE 3

Deploy on an OpenWRT router or Raspberry Pi to protect all network traffic on a local network.

Tech stack

C++Linux

Getting it running

Difficulty · moderate Time to first run · 30min

Requires root access on Linux, must run the server binary on a remote machine and the client binary locally with matching passwords and ports.

In plain English

udp2raw is a networking tool that wraps UDP traffic inside a different type of network packet, making the traffic look like something else entirely. UDP is a communication protocol used by many apps and VPN services, but it gets blocked, throttled, or degraded on certain networks and by some internet service providers. udp2raw addresses that by disguising your UDP data as either fake TCP, ICMP (the protocol used by "ping"), or ordinary UDP, so firewalls that target UDP specifically will pass the traffic through without issue. To accomplish this disguise, udp2raw uses "raw sockets," which are low-level network interfaces that let the program build packet headers by hand rather than relying on the operating system's standard networking stack. Running it requires root (administrator) access on Linux. It works on desktop Linux, Android devices, OpenWRT routers, and Raspberry Pi hardware. A separate version of the project covers Windows and macOS. The tunnel encrypts traffic with AES-128-CBC and verifies data integrity using HMAC-SHA1 (or weaker alternatives). It also maintains an anti-replay window, which is a mechanism that blocks someone from recording your packets and retransmitting them later to impersonate you. If the connection drops, udp2raw detects the failure via heartbeats and automatically switches to a new port to reconnect, recovering the session so that any VPN running on top of it stays connected. One common use case is combining udp2raw with an existing VPN such as OpenVPN. OpenVPN normally runs over UDP, which can be blocked. With udp2raw in between, the VPN traffic gets disguised as TCP or ICMP, bypassing the block. The README explicitly notes this avoids the "TCP over TCP" performance problem that would occur if you just switched OpenVPN to native TCP mode. Setup is straightforward: run the server binary on your remote machine and the client binary locally, supplying matching passwords and port numbers. The tool adds the necessary system firewall rules automatically when you pass the -a flag.

Copy-paste prompts

Prompt 1
I run OpenVPN over UDP and my ISP blocks it. Walk me through setting up udp2raw on both my server and client to disguise the traffic as fake TCP.
Prompt 2
How do I run udp2raw in fake-ICMP mode and what does the server-side startup command look like with the -a flag for automatic firewall rules?
Prompt 3
I want to install udp2raw on an OpenWRT router. What are the prerequisites and where do I put the binary?
Prompt 4
udp2raw uses AES-128-CBC and HMAC-SHA1. How do I configure the password and which weaker alternatives can I choose if performance matters more than security?
Prompt 5
How does udp2raw detect a dropped connection and automatically reconnect on a new port without breaking the VPN session on top of it?
Open on GitHub → Explain another repo

← wangyu- on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.