diff --git a/modules/proxy.nix b/modules/proxy.nix
index 1432ad7..85993e7 100644
--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@@ -21,6 +21,7 @@ let
     25567
     30058
     51820
+    5349
   ];
 
   wellKnownServer = builtins.toJSON {
@@ -195,6 +196,7 @@ in
   systemd.services = lib.listToAttrs (
     (map (port: mkSocatService port "tcp") streamPorts)
     ++ (map (port: mkSocatService port "udp") streamPorts)
+    ++ [ (mkSocatService 3478 "udp") ]
   );
 
   networking.firewall = {
@@ -203,7 +205,7 @@ in
       443
     ]
     ++ streamPorts;
-    allowedUDPPorts = streamPorts;
+    allowedUDPPorts = streamPorts ++ [ 3478 ];
   };
 
   security.acme = {