This is the twelfth part of the Availability Anywhere series. For your convenience you can find other parts in the table of contents in Part 1 – Connecting to SSH tunnel automatically in Windows
Some VPN applications disallow split tunneling. This means that once you’re connected to the VPN then you can’t access your local (home) network. Effectively, you’re blocked from other computers in your subnet, you can’t easily RDP into your machine (you need to go through the VPN or reverse tunnel, which may not be possible). Let’s see how this can be avoided.
The idea is as follows: we create a virtual machine with whatever VPN software we need. Next, we share a local drive with the virtual machine, and we configure a proxy connection over the filesystem. Just like with ChannelBonder, we can then open up an SSH client from the host, and connect it to the OpenSSH server on the VM. This way we can route ports, configure SOCKS/HTTP proxy, and access the private subnet without blocking the network on the host.
How to do it? Here is a simple gist that seems to work good enough:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 |
using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net; using System.Net.Sockets; using System.Threading; namespace FileProxy { class Program { static void Main(string[] args) { if (args.Length < 2) { Exit(Usage()); } if (args[0] == "client") { Client.Start(args); } else if (args[0] == "server") { Server.Start(args); } else { Exit(Usage()); } } private static string Usage() { return "FileProxy.exe client local_port client_directory server_directory\nFileProxy.exe server destination_ip:destination_port client_directory server_directory"; } private static void Exit(string message) { Console.WriteLine(message); Environment.Exit(0); } } class Server { public static void Start(string[] args) { var destinationIp = args[1].Split(':')[0]; var destinationPort = int.Parse(args[1].Split(':')[1]); var clientDirectory = args[2]; var serverDirectory = args[3]; Console.WriteLine($"Routing to {destinationIp}:{destinationPort} via {clientDirectory}<=>{serverDirectory}"); var existingFiles = new HashSet<string>(); while (true) { try { while (true) { foreach (var file in Directory.EnumerateFiles(serverDirectory).Select(Path.GetFileName)) { if (existingFiles.Add(file)) { Console.WriteLine("New connection accepted to be scattered: " + file); IPEndPoint remoteEP = new IPEndPoint(Dns.GetHostEntry(destinationIp).AddressList[0], destinationPort); Socket senderSocket = new Socket(remoteEP.AddressFamily, SocketType.Stream, ProtocolType.Tcp); senderSocket.Connect(remoteEP); Console.WriteLine("Socket connected to {0}", senderSocket.RemoteEndPoint); new Thread(() => { var socket = new FileSocket(senderSocket, int.Parse(file), serverDirectory, clientDirectory, r => { }, s => { }); socket.Start(); }).Start(); } } Thread.Sleep(1000); } } catch (Exception e) { Console.WriteLine("Exception " + e); } } } } public class Client { private static Random random = new Random(); public static void Start(string[] args) { var localPort = int.Parse(args[1]); var clientDirectory = args[2]; var serverDirectory = args[3]; Console.WriteLine($"Routing from {localPort} via {clientDirectory}<=>{serverDirectory}"); IPEndPoint localEndPoint = new IPEndPoint(0, localPort); Socket listener = new Socket(localEndPoint.AddressFamily, SocketType.Stream, ProtocolType.Tcp); listener.Bind(localEndPoint); listener.Listen(100); var totalSent = new Dictionary<string, long>(); var totalReceived = new Dictionary<string, long>(); var totalExceptions = new Dictionary<string, long>(); var localDnss = new[] {"localhost"}; foreach (var localDns in localDnss) { totalSent[localDns] = 0; totalReceived[localDns] = 0; totalExceptions[localDns] = 0; } new Thread(() => { while (true) { Console.Write(DateTime.Now); Console.Write(" E/S/R:\t"); Console.WriteLine(string.Join("\t", localDnss.Select(dns => $"{dns}: {totalExceptions[dns]}/{totalSent[dns]}/{totalReceived[dns]}"))); Thread.Sleep(3000); } }).Start(); while (true) { try { while (true) { Socket socket = listener.Accept(); Console.WriteLine("New connection accepted to be scattered"); new Thread(() => Start(socket, localDnss, clientDirectory, serverDirectory, random.Next(), totalSent, totalReceived, totalExceptions)).Start(); } } catch (Exception e) { Console.WriteLine("Exception " + e); } } } private static void Start(Socket clientSocket,string[] localDnss, string clientDirectory, string serverDirectory, int identifier, Dictionary<string, long> sent, Dictionary<string, long> received, Dictionary<string, long> exceptions) { try { var fileSocket = new FileSocket(clientSocket, identifier, clientDirectory, serverDirectory, r => received[localDnss[0]]+= r, s => sent[localDnss[0]]+=s); fileSocket.Start(); } catch (Exception e) { Console.WriteLine("Exception " + e); } } } public class FileSocket { private Socket clientSocket; private int identifier; string readingDirectory; private string writingDirectory; private Action<int> received; private Action<int> sent; public FileSocket(Socket socket, int identifier, string readingDirectory, string writingDirectory, Action<int> received, Action<int> sent) { this.clientSocket = socket; this.identifier = identifier; this.readingDirectory = readingDirectory; this.writingDirectory = writingDirectory; this.received = received; this.sent = sent; } public void Start() { Thread clientThread = new Thread(() => { try { var buffer = new byte[100000]; while (true) { var read = clientSocket.Receive(buffer); if (read == 0) { throw new Exception("Socket was closed"); } while (true) { try { using (var stream = new FileStream(Path.Combine(writingDirectory, identifier + ""), FileMode.Append)) { stream.Write(buffer, 0, read); sent(read); break; } } catch (Exception e2) { } Thread.Sleep(10); } } } catch (Exception e) { Console.WriteLine("Exception " + e); clientSocket.Close(); } }); try { Thread senderThread = new Thread(KeepReading); senderThread.Start(); } catch (Exception e) { Console.WriteLine("Exception " + e); } clientThread.Start(); clientThread.Join(); } private void KeepReading() { int totalRead = 0; int toRead = 100024; while (true) { try { using (FileStream fileStream = new FileStream(Path.Combine(readingDirectory, identifier + ""), FileMode.Open, FileAccess.Read)) { byte[] bytes = new byte[toRead]; while (true) { fileStream.Seek(totalRead, SeekOrigin.Begin); int howMuchRead = fileStream.Read(bytes, 0, toRead); if (howMuchRead == 0) break; totalRead += howMuchRead; received(howMuchRead); Array.Resize(ref bytes, howMuchRead); clientSocket.Send(bytes); } } } catch (Exception e) { } Thread.Sleep(10); } } } } |
We need two directories. One that the client will use to write to and server to read from, and the other that the client will read from and the server will write to.
Client accepts the connection, randomizes the identifier, and then creates the file. Next, client gets the bytes from the socket, and saves them to the file.
At the same time the server reads from the file, opens another socket to the destination, and routes the traffic. When the server gets the response, it saves it to the file that is read by the client.
This way we can open up a VPN bypass. VPN software will not block the localhost connections, so we can easily communicate with sockets on the local machine. VPN will not find this bypass at all, because it’s just the content of the file.
So how do we do it together? Something like this:
|
1 |
Host SSH into localhost:54321 -> Host FileProxyClient -> Drive -> VM FileProxyServer -> VM OpenSSH:22 |
Once you have the connection to the OpenSSH, you can open SOCKS proxy (dynamic port in SSH), or configure HTTP proxy on the VM (with Fiddler or whatever) and forward ports with SSH to it.
How fast is that? I tested it with machine connected to the Internet with 160 Mbps download and 600 Mbps upload. Then, I configured SOCKS proxy in Firefox. I got 30 Mbps download and 30 Mbps upload. This is expected because this is a very simple implementation (you can see sleeps in the code etc). However, 30 Mbps is good enough (it’s roughly 4 megabytes each way per second).