Using ssh to create tunnels has been described at SecureShellTunnel.

Here I describe how I use it in conjunction with tsocks.

SOCKS service setup

I have two scripts called imsclantun and accesstun. The former is used when I have a dhcp address on the LAN (this is necessary since dhcp machines have limited access to the network) the latter when I'm outside the IMSc.

Both scripts setup a SOCKS service listening on port 1080 on the laptop and connect to my desktop machine in IMSc as the other end of the SOCKS tunnel. The scripts also appropriately chose a configuration for the socksification setup.

imsclantun

Do not use SOCKS while setting up SOCKS :-)

. tsocks -off

Do not start tunnel if it already exists

(netstat -an | grep LISTEN | grep -q ':1080' ) && \

Start tunnel to amlaka (or any other IMSc machine)

( ssh -q -f -C -N -D 1080 amlaka )

Choose the correct socks setup

rm -f $HOME/lib/tsocks.conf
ln -s tsocks.conf.imsclan $HOME/lib/tsocks.conf

Restart using socks

. tsocks -on

accesstun

This is essentially the same as above except for the setting up of the tunnel except for replacing amlaka with access.imsc.res.in. Until recently this required a /TwoStage process. We also need to choose the correct socks setup

rm -f $HOME/lib/tsocks.conf
ln -s tsocks.conf.imscwan $HOME/lib/tsocks.conf

Using the SOCKS tunnel

There are two ways to use the tunnel. One is to configure each application to use "SOCKS proxies". This is possible for thunderbird and firefox and some other programs. Most programs do not support "socks proxies" and need the setup described below.

tsocks is a library that can intercept the network connections being made by applications and re-direct them via a socks server or not according to a configuration file. To do this one must set the variable

LD_PRELOAD="/usr/lib/libtsocks.so"

in one's environment. tsocks is configured by the file specified by another environment variable.

TSOCKS_CONF_FILE="$HOME/lib/tsocks.conf"

Lan setup

Within the LAN I force all connections to go through the SOCKS service with the following tsocks.conf

local = 127.0.0.0/255.0.0.0
server = 127.0.0.1
server_type = 5
server_port = 1080 

This way I have access to whatever services I can access from my desktop system.

Non-lan setup

From outside IMSc, only the connections to ports 172.16.x.x are sent to the SOCKS server as other connections will go through the local service provider. This has a minor problem when the local service is also using these dummy addresses. Luckily that has not arisen so far.

local = 0.0.0.0/128.0.0.0
local = 128.0.0.0/224.0.0.0
local = 160.0.0.0/248.0.0.0
local = 168.0.0.0/252.0.0.0
local = 172.0.0.0/255.240.0.0
local = 172.16.16.0/255.255.240.0
local = 172.16.32.0/255.255.224.0
local = 172.16.64.0/255.255.192.0
local = 172.16.128.0/255.255.128.0
local = 172.32.0.0/255.224.0.0
local = 172.64.0.0/255.192.0.0
local = 172.128.0.0/255.128.0.0
local = 173.0.0.0/255.0.0.0
local = 174.0.0.0/254.0.0.0
local = 176.0.0.0/240.0.0.0
local = 192.0.0.0/192.0.0.0

Note the complex setup. This is because there is no way to setup no socks by default. The rest is like above.

server = 127.0.0.1
server_type = 5
server_port = 1080


CategoryComputer

IMScWiki: kapil/vpn (last edited 2010-04-01 21:34:55 by localhost)