Firewall Evasion Lab: Bypassing Firewalls using VPN

profilecomputer_science
vpn.zip

vpn/README

************************************************* * vpnserver.c vpn server program via UDP * vpnclient.c vpn client program via UDP ************************************************ -------------------------- To compile the compile: -------------------------- $ make -------------------------- To run the server: -------------------------- $ sudo ./vpnserver -------------------------- To run the client: -------------------------- First change the SERVER_IP in vpnclient.c to match with the server's ip. $ sudo ./vpnclient Note: You also need to configure the TUN interfaces on both sides and set up routings. See the lab description for instructions.

vpn/vpnclient.c

#include <fcntl.h> #include <stdio.h> #include <unistd.h> #include <string.h> #include <arpa/inet.h> #include <linux/if.h> #include <linux/if_tun.h> #include <sys/ioctl.h> #define BUFF_SIZE 2000 #define PORT_NUMBER 55555 #define SERVER_IP "127.0.0.1" struct sockaddr_in peerAddr; int createTunDevice() { int tunfd; struct ifreq ifr; memset(&ifr, 0, sizeof(ifr)); ifr.ifr_flags = IFF_TUN | IFF_NO_PI; tunfd = open("/dev/net/tun", O_RDWR); ioctl(tunfd, TUNSETIFF, &ifr); return tunfd; } int connectToUDPServer(){ int sockfd; char *hello="Hello"; memset(&peerAddr, 0, sizeof(peerAddr)); peerAddr.sin_family = AF_INET; peerAddr.sin_port = htons(PORT_NUMBER); peerAddr.sin_addr.s_addr = inet_addr(SERVER_IP); sockfd = socket(AF_INET, SOCK_DGRAM, 0); // Send a hello message to "connect" with the VPN server sendto(sockfd, hello, strlen(hello), 0, (struct sockaddr *) &peerAddr, sizeof(peerAddr)); return sockfd; } void tunSelected(int tunfd, int sockfd){ int len; char buff[BUFF_SIZE]; printf("Got a packet from TUN\n"); bzero(buff, BUFF_SIZE); len = read(tunfd, buff, BUFF_SIZE); sendto(sockfd, buff, len, 0, (struct sockaddr *) &peerAddr, sizeof(peerAddr)); } void socketSelected (int tunfd, int sockfd){ int len; char buff[BUFF_SIZE]; printf("Got a packet from the tunnel\n"); bzero(buff, BUFF_SIZE); len = recvfrom(sockfd, buff, BUFF_SIZE, 0, NULL, NULL); write(tunfd, buff, len); } int main (int argc, char * argv[]) { int tunfd, sockfd; tunfd = createTunDevice(); sockfd = connectToUDPServer(); // Enter the main loop while (1) { fd_set readFDSet; FD_ZERO(&readFDSet); FD_SET(sockfd, &readFDSet); FD_SET(tunfd, &readFDSet); select(FD_SETSIZE, &readFDSet, NULL, NULL, NULL); if (FD_ISSET(tunfd, &readFDSet)) tunSelected(tunfd, sockfd); if (FD_ISSET(sockfd, &readFDSet)) socketSelected(tunfd, sockfd); } }

vpn/Makefile

all: gcc -o vpnserver vpnserver.c gcc -o vpnclient vpnclient.c clean: rm vpnserver vpnclient

vpn/vpnserver.c

#include <fcntl.h> #include <stdio.h> #include <unistd.h> #include <string.h> #include <arpa/inet.h> #include <linux/if.h> #include <linux/if_tun.h> #include <sys/ioctl.h> #define PORT_NUMBER 55555 #define BUFF_SIZE 2000 struct sockaddr_in peerAddr; int createTunDevice() { int tunfd; struct ifreq ifr; memset(&ifr, 0, sizeof(ifr)); ifr.ifr_flags = IFF_TUN | IFF_NO_PI; tunfd = open("/dev/net/tun", O_RDWR); ioctl(tunfd, TUNSETIFF, &ifr); return tunfd; } int initUDPServer() { int sockfd; struct sockaddr_in server; char buff[100]; memset(&server, 0, sizeof(server)); server.sin_family = AF_INET; server.sin_addr.s_addr = htonl(INADDR_ANY); server.sin_port = htons(PORT_NUMBER); sockfd = socket(AF_INET, SOCK_DGRAM, 0); bind(sockfd, (struct sockaddr*) &server, sizeof(server)); // Wait for the VPN client to "connect". bzero(buff, 100); int peerAddrLen = sizeof(struct sockaddr_in); int len = recvfrom(sockfd, buff, 100, 0, (struct sockaddr *) &peerAddr, &peerAddrLen); printf("Connected with the client: %s\n", buff); return sockfd; } void tunSelected(int tunfd, int sockfd){ int len; char buff[BUFF_SIZE]; printf("Got a packet from TUN\n"); bzero(buff, BUFF_SIZE); len = read(tunfd, buff, BUFF_SIZE); sendto(sockfd, buff, len, 0, (struct sockaddr *) &peerAddr, sizeof(peerAddr)); } void socketSelected (int tunfd, int sockfd){ int len; char buff[BUFF_SIZE]; printf("Got a packet from the tunnel\n"); bzero(buff, BUFF_SIZE); len = recvfrom(sockfd, buff, BUFF_SIZE, 0, NULL, NULL); write(tunfd, buff, len); } int main (int argc, char * argv[]) { int tunfd, sockfd; tunfd = createTunDevice(); sockfd = initUDPServer(); // Enter the main loop while (1) { fd_set readFDSet; FD_ZERO(&readFDSet); FD_SET(sockfd, &readFDSet); FD_SET(tunfd, &readFDSet); select(FD_SETSIZE, &readFDSet, NULL, NULL, NULL); if (FD_ISSET(tunfd, &readFDSet)) tunSelected(tunfd, sockfd); if (FD_ISSET(sockfd, &readFDSet)) socketSelected(tunfd, sockfd); } }