I'm connected to a network that sends and receives a bunch of data packets, but these packets are visible to others (can be sniffed) so I want to tunnel them. I don't know how! I know about socket programming, proxies, vpns, all of the protocols like PPTP, SSH, SSL, TLS, etc. I'm looking for the actual CODE that takes the packages before they're sent,*sends them by tunneling (encapsulating the data)*
How can I do this?
Any information regarding this subject or how to tunnel is appreciated!
Use ssh and socks proxy:
ssh -D 5000 remotehost.com
Then, while your SSH session is alive, you can configure your local apps (such as your web browser) to use this connection as an encrypted tunnel. Just configure them use use localhost:5000 as the socks proxy server, and you're good to go. Note that the packets will only be encrypted between your client and the remote ssh server - once they leave the server, they will be in whatever form they usually are.
If you are on windows, you can do with with putty.
Related
I connect to my remote VPS like that:
ssh -f -C2qTnN -D 1080 username#xxx.xxx.xxx.xxx
Then setup Firefox proxy setting to SOCKS5 and 127.0.0.1:1080. That's work.
Now I try to redirect all traffic from my FreeBSD to localhost:1080, but I have no idea. Can you help?
If you want to redirect all traffic, do not use SOCKS5 proxy, but rather use -w option in ssh, which creates something like VPN connection and its own TUN device, which is more suitable for tunnelling system-wide traffic.
There are many examples on the internet, for example here. But this is really advanced use case.
I want to use this as a proxy server to connect many different clients with servers. Here is what I'm looking to do:
The server software on a user's computer would connect to a proxy server that is running on a VPS. It would pass in some kind of Key or authentication info to identify itself and then would maintain a persistent TCP connection to the proxy server.
A client application running on a mobile device or other computer would connect to the proxy server and pass in some kind of Key or authentication info. The proxy server would match the connection between the client and server based on their authentication info, and then forward all data back and fourth between the connections.
The proxy server would need to be able to handle multiple clients and servers connecting to it at once and use the authentication info to pair them up. There could be multiple clients connecting to the same server at the same time too. The connection from the client and server would both be outbound so that they are not blocked by firewalls. I wrote the client and server software, so I can make them work with any specific proxy.
What is the name of this kind of proxy server? And can anyone recommend any?
Thanks!
I never figured this one out and I've been programming for years. How do P2P programs like chat programs or torrent programs manage to create connections between two peers without peers opening any ports? I know I haven't opened up a port for Skype yet I can send and receive large files to and from my friends, and I'm pretty sure all those gigabytes don't go through Skype servers. Or do they?
What about torrenting? I can upload data to peers and I haven't opened any ports either.
I'm pretty sure the answer will be language-nonspecific, but in case I'm wrong, I code mostly in C++. Thanks in advance.
You only need to "open a port" for inbound connections. One peer will open a listening port, then instruct the other peer to connect to it. If the connection fails, the peers will usually swap roles and try again. If the connection still fails, then either the transfer is aborted, or a server relay is used if feisable.
For each listening peer, if the port is behind a router/firewall, the peer can either programmably instruct the router/firewall to open a port for forwarding inbound connections to the peer (some routers support uPNP for that, and some firewalls have their own API), or the peer can try using various "hole punching" techniques to trick the router/firewall into opening a forwarding port (some routers/firewalls are not susceptible to this).
Read this for more details: How Skype & Co. get round firewalls
I have chosen QuteCom SIP client for windows to chat.I have installed and configured the account with my public server. My SIP server is kamailio.The connection to the server is not established. The application is connecting to the server for a long time.
Any help is appreciated.
If looks like keep connecting, then I guess the SIP messages don't get to the server.
You can install Wireshark to monitor traffic on windows host on port 5060 (the SIP port) in order to see if SIP messages are sent to the server.
On server, you can install ngrep for the purpose of seeing if traffic from the phone comes there. The command would be like:
ngrep -d any -qt -W byline port 5060
If you don't see traffic coming to the SIP server, then might be a firewall or an ALG between the client and the server, or, a firewall even on client host or server itself.
If it is something in between (not on client host or server), then you should try to use TCP or better TLS.
Note that if you have the firewall on the server, you will see the SIP packets coming on the network, but they will be dropped by the kernel before getting to application layer. Typically on Linux you can see the firewall rules with:
iptables -L
If the SIP packets come to the server, then set debug=3 in kamailio.cfg, restart kamailio and watch the syslog file (e.g., /var/log/syslog or /var/log/messgaes) for kamailio-specific debug messages -- you should get hints of what happens during processing.
I am developing an iPhone application which is communicating with a remote service over a tcp socket connection (the service actually listens on telnet and takes telnet commands too). The connection is of course insecure and all requests (with quite a bit of sensitive data, such as passwords) and responses are transmitted as plain text. My first reaction was to consider a web service with ssl, but developing a web service from scratch seems too lengthy.
Because of that I have been thinking of using an ssh tunnel in order to secure the traffic. Is it possible to set up an ssh tunnel in an iPhone application (with libssh2 for example) and then use that tunnel to securely connect to the remote service? If so, how should I set up the tunnel and most importantly, how should I connect to the remote service and give commands/receive responses? Lastly, what should I keep in mind regarding the tunnel?
EDIT: I forgot to mention that the server running the service is using Windows. SSH is achieved via Cygwin.
I am sorry if the question is too basic but this is really my first real brush with ssh.
I think you may have more security issues by using an ssh tunnel because there isn't a secure way to tie down the authentication information in the app and well, if someone can get that login information they could conceivably connect to your ssh session and start trying to issue arbitrary commands. Of course there are ways to lock down an ssh session, but still, I'd be very wary of that. At least with a web service, it acts as a "broker" between the iPhone app and the telnet session so you can add an extra layer of protection.