If you would like to secure UDP traffic via unsecure networks or network segments you can add authentication and encryption easily.
Consider a web cam that transmits unencrypted UDP packets via the Internet and that has a dynamic IP address. How to secure this transmission?
Configure two ApplicGate instances
The ApplicGate instance at the source side (the web cam) accepts the UDP packets from the web cam and initiates a TLS session to the destination. The ApplicGate instance at the destination accepts the TLS session (with optional authentication of the source by requesting a client certificate) and sends the UDP packets to the destination. UDP replies from the destination are routed back to the source (web cam) via the TLS session.
Detailed configuration
As usual the configuration is done via keywords in the type field:
ApplicGate at source:
- UDP:IN
- SSLTARGET:servernameDestination
- SSLCC:clientCertificate … optional for client authentication
ApplicGate at destination:
- SSL:serverCertificate
- CCR:clientEmail … optional for client authentication
- ISS:clientCA … optional for client authentication
- UDP:OUT