Availability Anywhere Part 12 — FileProxy for avoiding VPN without split tunneling (also known as TCP over File System)

This is the twelfth part of the Availability Anywhere series. For your convenience you can find other parts in the table of contents in Part 1 – Connecting to SSH tunnel automatically in Windows

Some VPN applications disallow split tunneling. This means that once you’re connected to the VPN then you can’t access your local (home) network. Effectively, you’re blocked from other computers in your subnet, you can’t easily RDP into your machine (you need to go through the VPN or reverse tunnel, which may not be possible). Let’s see how this can be avoided.

The idea is as follows: we create a virtual machine with whatever VPN software we need. Next, we share a local drive with the virtual machine, and we configure a proxy connection over the filesystem. Just like with ChannelBonder, we can then open up an SSH client from the host, and connect it to the OpenSSH server on the VM. This way we can route ports, configure SOCKS/HTTP proxy, and access the private subnet without blocking the network on the host.

How to do it? Here is a simple gist that seems to work good enough:

We need two directories. One that the client will use to write to and server to read from, and the other that the client will read from and the server will write to.

Client accepts the connection, randomizes the identifier, and then creates the file. Next, client gets the bytes from the socket, and saves them to the file.

At the same time the server reads from the file, opens another socket to the destination, and routes the traffic. When the server gets the response, it saves it to the file that is read by the client.

This way we can open up a VPN bypass. VPN software will not block the localhost connections, so we can easily communicate with sockets on the local machine. VPN will not find this bypass at all, because it’s just the content of the file.

So how do we do it together? Something like this:

Once you have the connection to the OpenSSH, you can open SOCKS proxy (dynamic port in SSH), or configure HTTP proxy on the VM (with Fiddler or whatever) and forward ports with SSH to it.

How fast is that? I tested it with machine connected to the Internet with 160 Mbps download and 600 Mbps upload. Then, I configured SOCKS proxy in Firefox. I got 30 Mbps download and 30 Mbps upload. This is expected because this is a very simple implementation (you can see sleeps in the code etc). However, 30 Mbps is good enough (it’s roughly 4 megabytes each way per second).