robinkrens.nl - On VPN and bypassing a firewall

Let's say you want to connect to a company network and access all the computers in this network (behind a firewall) One way to do this is to setup a Virtual Private Network. Although you are not physically in the same building, all the other computers will think you are, hence Virtual Private Network. After you connect to this VPN, you will be assigned a local IP (i.e. 10.0.0.5) and communicate directly to all computers in this range directly.

In case of bypassing a Internet Service Provider (ISP) or Great Firewall (GFW), you want to access all the websites that are normally not accessible. There are many ways to this. Software written to setup up VPNs are especially useful for this. Add some additional routing and you bypassed the firewall. Look at the following illustration

[Pity you] -------- [ISP/GFW: No youtube!]-------- [YouTube.com]

The ISP or GFW has some firewall rules to block certains IPs or to detect certain suspicious traffic. But let's say you have access to a server that isn't behind the firewall. Would you be able to redirect your Youtube request through this server and then send it to your PC? Well, yes.

[Pity you] -------- [ISP/GFW]----------[Not blocked server]--------[Youtube.com]

Hmm, still pity you. Although your server can access YouTube.com, if it sends traffic back it still has to send to the ISP/GFW. So unless the firewall rules

The setup is as follows

Some alternative software to bypass a huge firewall (as in your ISP or a country). A list of sample configuration.

Basic Tunneling

Basic tunneling, or IP in IP. Basically we connect to networks that normally would not be able to talk to each other (directy) This setup is straightforward like this:

ExtIP 1.2.3.4 ---- ( INTERNET ) ---- ExtIP 5.6.7.8 

        Local: 10.0.1.0/24 ----- [TUNNEL] ----- 10.0.2.0/24
        ExtIP: 1.2.3.4                          5.6.7.8
                |                                   |
                |                                   |   
                |-------- ( INTERNET ) -------------|

This version of tunneling has been supported since the early kernel versions of linux (<1.3).

No encrytion here. No IPV6 or anything other fancy. 

        ip tuntap add tun0 mode tun
        ip addr add 192.168.1.2 dev tun0
        ip add route ...