I write a secure UDP tunnel

Hi, I am new to the community, I just started learning rust and created a secure UDP tunnel based on the Quinn library, thanks to Quinn, I didn’t need to go into the detail of the QUIC protocol and quickly created a UDP tunnel, and thanks to the BBR congestion control algorithm it uses, the tunnel performs quite well with lousy and long fat network, I didn’t do any benchmark, but it performs a lot better (higher throughput with LFN) than most of other TCP tunnel implementations I used before.

Go check it out :slight_smile:

neevek/rstun: A secured UDP tunnel written in Rust. (github.com)

QUIC is good at multiplexing multiple streams over a single connection, so it may be entirely appropriate for a tunnel. That said

but it performs a lot better (higher throughput with LFN) than most of other TCP tunnel implementations I used before.

Most TCP connections are configured or used suboptimally. On any recent linux system BBR can be enabled for TCP sockets. Queueing delays can be reduced by setting the NOTSENT_LOWAT socketopt, at the expense of a few more userspace wakups. Depending on IO patterns not accounting for nagle/incorrectly using corking can also be an issue.

QUIC does perform better in the presence of HOL-blocking, but that depends on packet drop rates and reorderings.

What QUIC doesn’t solve is that tunneling TCP over it means nesting two congestion controllers in each other. And that it requires its own acknowledgements. UDP + dTLS would be closer to ideal since it lets the upper protocol layers do their job.

RFC 9221 (“Unreliable Datagram Extension to QUIC”) gets half-way there by avoiding retransmits but datagrams still cause ACKs on the QUIC layer and are subject to congestion control. If Quinn supports this extension then it would be a good choice for a tunnel.

Edit: I now realize this is a TCP forwarding kind of tunnel, not handling IP or ethernet frames. In that case the nesting issues don’t arise.

hey, i want to try using this to host my cs2 server. it needs a udp connection so i thought this would work. i am a noob pretty much, so can u help me using your code ? i have it loaded into vs code. i suppose i can type smt in the console to use the program. i want to tunnel the 27015 port to my friends, so that we can play :slight_smile:

Quinn does support datagrams (and I don’t think they cause ACKs to be sent?).

cc /u/Ralith

Section 5.2 says even unreliable datagrams should trigger ACKs and loss probe packets.