Skip to main content

Testing Pomerium UDP Tunnels with Ethr

Since v0.29.0 Pomerium supports tunneling UDP traffic. This example demonstrates how to do this using Ethr, a network performance measurement tool.

You will need two machines: one running the Ethr client and the Pomerium CLI, and another running the Ethr server and Pomerium. Replace ethr.corp.example.com with your domain name.

Server

  1. Install Pomerium

  2. Install Ethr

  3. Enable QUIC by setting codec_type to http3

    codec_type: http3
    QUIC

    Pomerium also supports UDP tunneling with http1 or auto (the default), but using http3 significantly improves performance.

  4. Add a UDP route on port 8888

    - routes:
    from: udp+https://ethr.corp.example.com:8888
    to: udp://127.0.0.1:8888
    allow_any_authenticated_user: true
  5. Run Pomerium

  6. Run the Ethr server

    ethr -s

Client

  1. Install the Pomerium CLI

  2. Install Ethr

  3. Start a UDP tunnel

    pomerium-cli udp ethr.corp.example.com:8888 --listen :8888
    TLS issues

    If you don't have a valid certificate use --disable-tls-verification.

  4. Run the Ethr client

    ethr -c localhost -p udp -b 1M -l 1k -d 5s

You should see packets arrive at the Ethr server demonstrating that UDP tunneling is working.

More Resources