Identity-Aware UDP Tunneling

Pomerium can now protect UDP-based services with the same identity-aware access controls you use for web apps. In v0.29.0, you’re able to tunnel UDP traffic over HTTP, enforcing who can access your UDP services. This means you can secure things like DNS servers, game servers, and other UDP apps without a VPN.

Highlights:

• UDP over HTTPS – Pomerium uses HTTP/3 datagram support (MASQUE’s CONNECT-UDP) under the hood to forward UDP packets securely. No modifications to your UDP applications are required.

• Consistent policy enforcement – Apply Pomerium’s access policies to UDP routes just like HTTP routes. If a user isn’t authorized, their UDP traffic won’t go through.

• Easy client access – Use the pomerium-cli or Pomerium Desktop to connect. For example, pomerium-cli udp myservice.corp.example:1234 spins up a local proxy for your UDP app.

• Works with any UDP service – Protect game servers, database UDP ports, time servers, or any custom UDP protocol with identity-based authentication and logging, bringing zero trust to new protocols.

See the docs, and factorio and dns examples for more information!