分类: VPN
-
setup reverse tunnel with stunnel
Unlike ssh, stunnel dosen’t support the reverse tunnel by it’s self.
With the help of tgcd ( TCP/IP Gender Changer Daemon ), we are able to setup a reverse tunnel by chain the tgcd and stunnel:
For example:
We try to access the corp server from home, but due to the NAT firewall of the corp, only out going 80/443 port are opened:
client ==> tgcd LL node (home server) ==> tgcd CC node (corp agent) ==> corp server:
Home Server:
Launching tgcd daemon in LL mode:
tgcd -L -q 2222 -p 22222
Listen on port 2222 for client access
Listen on port 22222 for tgcd CC access
Launching stunnel in server mode:
/usr/local/bin/stunnel /etc/stunnel/stunnel_server.conf
Listen on port 443 for incoming ssl connection
Forward link with sni=tgcd to port 2222
cat /etc/stunnel/stunnel_server.conf
[tls]
accept = 0.0.0.0:443
connect = 127.0.0.1:1080[tgcd]
sni = tls:tgcd
connect = 127.0.0.1:2222Corp Agent Server:
Launching tgcd daemon in CC mode:
tgcd -C -s 127.0.0.1:222 -c 127.0.0.227:2222
Connect to tgcd LL node at: 127.0.0.227:2222
Connect to sshd server at: 127.0.0.1:222
Launching stunnel in client mode:
/usr/local/bin/stunnel /etc/stunnel/stunnel_client.conf
Listen on port 127.0.0.227:2222 from tgcd CC, and
Access Home server via port 443 behind NAT and http proxy
cat /etc/stunnel/stunnel_client.conf
[ssh-tgcd-home]
accept = 127.0.0.227:2222
protocolHost = home.serverip:443connect = http_proxy_ip:http_proxy_port
protocol = connect
sni = tgcd******************************************
With such configuration, we can login into the corp server by means of:
ssh -p 22222 home.server.ip
-
WPAC file for windows 10
Using socks instead of socket in windows 10,
cat wpad.us:
function FindProxyForURL(url, host)
{
if (isInNet(host, “172.16.0.0”, “255.240.0.0”)||
isInNet(host, “192.168.0.0”, “255.255.0.0”)||
isInNet(host, “10.0.0.0”,”255.0.0.0″)||
isInNet(host, “127.0.0.0”,”255.0.0.0″)||
isInNet(host, “comforthost.net”,”255.255.255.255″)||
isInNet(host, “www.comforthost.net”,”255.255.255.255″)||
isInNet(host, “panel.comforthost.net”,”255.255.255.255″)||
dnsDomainIs(host, “.cn”)||
dnsDomainIs(host, “.jd.com”)||
dnsDomainIs(host, “.baidu.com”)||
dnsDomainIs(host, “.taobao.com”)||
dnsDomainIs(host, “.tmall.com”)||
dnsDomainIs(host, “.springtour.com”))
{ return “DIRECT“; }
if ( isInNet(host,”60.254.128.0”, “255.255.192.0”)||
isInNet(host,”103.246.248.0″, “255.255.255.0”)||
isInNet(host,”113.29.0.0″, “255.255.128.0”)||
isInNet(host,”117.74.96.0″, “255.255.240.0”)||
isInNet(host,”171.16.0.0″, “255.240.0.0”)||
isInNet(host,”171.32.0.0″, “255.254.0.0”)||
isInNet(host,”171.64.0.0″, “255.240.0.0”)||
isInNet(host,”202.2.96.0″, “255.255.224.0”)||
isInNet(host,”202.72.96.0″, “255.255.224.0”)||
isInNet(host,”203.31.234.0″, “255.255.255.0”)||
isInNet(host,”203.144.48.0″, “255.255.240.0”)||
isInNet(host,”203.187.128.0″, “255.255.224.0”)||
isInNet(host,”216.0.0.0″, “254.0.0.0”)
)
{ return “SOCKS 127.0.0.1: 1080″; }
if ( isInNet(host,”1.0.0.0″, “255.0.0.0”)||
isInNet(host,”14.0.0.0″, “255.0.0.0”)||
isInNet(host,”27.0.0.0″, “255.0.0.0”)||
isInNet(host,”36.0.0.0″, “255.0.0.0”)||
isInNet(host,”39.0.0.0″, “255.0.0.0”)||
isInNet(host,”42.0.0.0″, “254.0.0.0”)||
isInNet(host,”45.64.112.0″, “255.255.254.0”)||
isInNet(host,”49.0.0.0″, “255.0.0.0”)||
isInNet(host,”54.222.0.0″, “255.254.0.0”)||
isInNet(host,”58.0.0.0″, “254.0.0.0”)||
isInNet(host,”60.0.0.0″, “254.0.0.0”)||
isInNet(host,”91.234.36.0″, “255.255.255.0”)||
isInNet(host,”101.0.0.0″, “255.0.0.0”)||
isInNet(host,”103.0.0.0″, “255.0.0.0”)||
isInNet(host,”106.0.0.0″, “255.0.0.0”)||
isInNet(host,”110.0.0.0″, “254.0.0.0”)||
isInNet(host,”112.0.0.0″, “240.0.0.0”)||
isInNet(host,”139.9.0.0″, “255.255.0.0”)||
isInNet(host,”139.129.0.0″, “255.255.0.0”)||
isInNet(host,”139.148.0.0″, “255.255.0.0”)||
isInNet(host,”139.155.0.0″, “255.255.0.0”)||
isInNet(host,”139.159.0.0″, “255.255.0.0”)||
isInNet(host,”139.170.0.0″, “255.255.0.0”)||
isInNet(host,”139.176.0.0″, “255.255.0.0”)||
isInNet(host,”139.183.0.0″, “255.255.0.0”)||
isInNet(host,”139.186.0.0″, “255.255.0.0”)||
isInNet(host,”139.189.0.0″, “255.255.0.0”)||
isInNet(host,”139.192.0.0″, “255.240.0.0”)||
isInNet(host,”139.208.0.0″, “255.248.0.0”)||
isInNet(host,”139.216.0.0″, “255.252.0.0”)||
isInNet(host,”139.220.0.0″, “255.254.0.0”)||
isInNet(host,”139.224.0.0″, “255.255.0.0”)||
isInNet(host,”139.226.0.0″, “255.254.0.0”)||
isInNet(host,”140.75.0.0″, “255.255.0.0”)||
isInNet(host,”140.143.0.0″, “255.255.0.0”)||
isInNet(host,”140.205.0.0″, “255.255.0.0”)||
isInNet(host,”140.206.0.0″, “255.254.0.0”)||
isInNet(host,”140.210.0.0″, “255.255.0.0”)||
isInNet(host,”140.224.0.0″, “255.255.0.0”)||
isInNet(host,”140.237.0.0″, “255.255.0.0”)||
isInNet(host,”140.240.0.0″, “255.255.0.0”)||
isInNet(host,”140.243.0.0″, “255.255.0.0”)||
isInNet(host,”140.246.0.0″, “255.255.0.0”)||
isInNet(host,”140.249.0.0″, “255.255.0.0”)||
isInNet(host,”140.250.0.0″, “255.255.0.0”)||
isInNet(host,”140.255.0.0″, “255.255.0.0”)||
isInNet(host,”144.0.0.0″, “255.254.0.0”)||
isInNet(host,”144.7.0.0″, “255.255.0.0”)||
isInNet(host,”144.12.0.0″, “255.255.0.0”)||
isInNet(host,”144.52.0.0″, “255.255.0.0”)||
isInNet(host,”144.123.0.0″, “255.255.0.0”)||
isInNet(host,”144.255.0.0″, “255.255.0.0”)||
isInNet(host,”150.0.0.0″, “255.255.0.0”)||
isInNet(host,”150.115.0.0″, “255.255.0.0”)||
isInNet(host,”150.121.0.0″, “255.255.0.0”)||
isInNet(host,”150.122.0.0″, “255.255.0.0”)||
isInNet(host,”150.129.0.0″, “255.255.0.0”)||
isInNet(host,”150.138.0.0″, “255.254.0.0”)||
isInNet(host,”150.223.0.0″, “255.255.0.0”)||
isInNet(host,”150.242.0.0″, “255.255.0.0”)||
isInNet(host,”150.255.0.0″, “255.255.0.0”)||
isInNet(host,”152.104.128.0″, “255.255.128.0”)||
isInNet(host,”153.0.0.0″, “255.255.0.0”)||
isInNet(host,”153.3.0.0″, “255.255.0.0”)||
isInNet(host,”153.34.0.0″, “255.254.0.0”)||
isInNet(host,”153.36.0.0″, “255.254.0.0”)||
isInNet(host,”153.99.0.0″, “255.255.0.0”)||
isInNet(host,”153.101.0.0″, “255.255.0.0”)||
isInNet(host,”153.118.0.0″, “255.254.0.0”)||
isInNet(host,”157.0.0.0″, “255.255.0.0”)||
isInNet(host,”157.18.0.0″, “255.255.0.0”)||
isInNet(host,”157.61.0.0″, “255.255.0.0”)||
isInNet(host,”157.122.0.0″, “255.255.0.0”)||
isInNet(host,”157.148.0.0″, “255.255.0.0”)||
isInNet(host,”157.156.0.0″, “255.255.0.0”)||
isInNet(host,”157.255.0.0″, “255.255.0.0”)||
isInNet(host,”159.226.0.0″, “255.255.0.0”)||
isInNet(host,”161.207.0.0″, “255.255.0.0”)||
isInNet(host,”162.105.0.0″, “255.255.0.0”)||
isInNet(host,”163.0.0.0″, “255.255.0.0”)||
isInNet(host,”163.47.4.0″, “255.255.252.0”)||
isInNet(host,”163.48.0.0″, “255.248.0.0”)||
isInNet(host,”163.125.0.0″, “255.255.0.0”)||
isInNet(host,”163.142.0.0″, “255.255.0.0”)||
isInNet(host,”163.177.0.0″, “255.255.0.0”)||
isInNet(host,”163.179.0.0″, “255.255.0.0”)||
isInNet(host,”163.204.0.0″, “255.255.0.0”)||
isInNet(host,”166.111.0.0″, “255.255.0.0”)||
isInNet(host,”167.139.0.0″, “255.255.0.0”)||
isInNet(host,”167.189.0.0″, “255.255.0.0”)||
isInNet(host,”168.160.0.0″, “255.255.0.0”)||
isInNet(host,”171.0.0.0″, “255.128.0.0”)||
isInNet(host,”171.208.0.0″, “255.240.0.0”)||
isInNet(host,”175.0.0.0″, “255.0.0.0”)||
isInNet(host,”180.0.0.0″, “255.0.0.0”)||
isInNet(host,”182.0.0.0″, “254.0.0.0”)||
isInNet(host,”192.124.154.0″, “255.255.255.0”)||
isInNet(host,”192.188.170.0″, “255.255.254.0”)||
isInNet(host,”192.188.172.0″, “255.255.255.0”)||
isInNet(host,”202.0.0.0″, “254.0.0.0”)||
isInNet(host,”210.0.0.0″, “254.0.0.0”)||
isInNet(host,”216.0.0.0″, “248.0.0.0”)||
isPlainHostName(host)
)
{ return “DIRECT“; }
return “SOCKS 127.0.0.1: 1080″
} -
Setup SSH VPN between two linux device
https://help.ubuntu.com/community/SSH_VPN
SSH_VPN
work with ddwrt (with openssh+ ip installed)
-
NaCl: Networking and Cryptography library
Introduction
NaCl (pronounced “salt”) is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl’s goal is to provide all of the core operations needed to build higher-level cryptographic tools.
Of course, other libraries already exist for these core operations. NaCl advances the state of the art by improving security, by improving usability, and by improving speed.