TCP Wireguard with socat

Matthias Urlichs matthias at
Mon Mar 12 19:47:35 CET 2018

On 12.03.2018 15:37, Gianluca Gabrielli wrote:
> BTW on this thread ( they show how to perform UDP over TCP tunnel.

Yeah, and in the comments people explain why this is a bad idea.

Look, this is fairly easy to understand. TCP is a byte stream. It does
not know about packets; if you read from it you get N of the bytes the
other side has written, no matter in what chunks. TUN/TAP on the other
hand is a packet interface. It doesn't understand partial or aggregated
packets – it wants exactly one complete packet per write() call.

It's like pouring multiple cups of water at a time through a funnel. If
you pour slowly enough, each distinct chunk of water arrives at the
other end so that you can distinguish the original amounts, but if you
pour too fast or if there's an obstruction in the flow the distinction
gets lost and you lose packets (or, worse, the receiver sees additional
gibberish at their end).

Just use ssf. It's a tool that's built to do the job right. socat is
not, and it will not.

-- Matthias Urlichs

More information about the WireGuard mailing list