Tunnels

From Exterior Memory
Jump to: navigation, search

Introduction to Tunnels

In computer networks, tunnels are a connection between two points on the Internet that allows other IP traffic to be transported through this connection. A typical use is an employee to make a tunnel to his or her corporate network and transport all (or just work-related) traffic to the corporate network, and access all services local in that network, which are normally inaccessible from the outside world due to firewall policies.

The connections established with a tunnel are often referred to as a Virtual Private Network, VPN for short.

Two things are important to get a tunnel to work:

  1. Make a connection to a server in the remote network to set up the tunnel
  2. Make sure that data destined for the remote network uses the tunnel instead of the regular Internet.

Tunnels are not the only method to connect to a remote network, or reroute traffic. Alternatives include:

Proxy servers
where data is rerouted, but not encapsulated in a tunnel
Remote screen connections
taking over the screen of a remote desktop computer

General discussion: proxy, tunnel for one socket, tunnel for all traffic.

List of Common Tunnels

  • SSH
  • OpenVPN
  • PPTP
  • L2TP over IPsec
  • Native IPsec
  • CiscoVPN
  • Cisco Anyconnect
  • Nortel
  • Juniper/Netscreen
This article is unfinished.

SSH

Make a tunnel from localhost:8023 to remote.example.com:23:

ssh -L 8023:localhost:23 freek@remote.example.com

Make a tunnel from localhost:8023 to remote.example.com:23, via staging.example.com:

ssh -L 8023:remote.example.com:23 freek@staging.example.com

In this example, you can sent traffic to localhost:8023, and it appears at remote.example.com, and appears to be coming from staging.example.com for the application.

Alternatively, one can use a simpler command:

ssh -D 8080 user@server.com

This example creates a SOCKS5 proxy on the localhost on port 8080 through user@server.com.

OpenVPN

http://www.openvpn.net/

Installation

On Mac OS X laptop:

port install openvpn2

On Linux server at home:

apt-get install openvpn


Mac OS X additional software

You will need the [TUN/TAP driver]

To enable IP forwarding on Mac OS X, use:

sudo sysctl -w net.inet.ip.forwarding=1


The Odds and Weird Ones

This section lists a few uncommon tunnels. Mostly they have been developed as a proof of concept to show piggybacking IP traffic over some tools not originally meant for encapsulating traffic. An example use is to demonstrate how to get free wireless Internet at a paid hotspot. Some hotspots allow some traffic, only to allow potential clients to get an account, or look up the prices. Those few holes can potentially be abused to tunnel regular Internet traffic. (In case you plan to exploit this, note that most hotspots have closed these loopholes, and in my experience, setting this up is more hassle than it's worth; the resulting bandwidth is very, very small.)

Ping tunnel (ptunnel)
Tunnels IP traffic over ping (ICMP) packets.
DNS tunnel (ozymandns)
Tunnels IP traffic over DNS packets. Very slow!

Comparison

External sources: