need help using openvpn to bypass corp firewall - Networking

This is a discussion on need help using openvpn to bypass corp firewall - Networking ; Hey all, I have a linux system at work, and have remote access to my linux box at home, so I installed OpenVPN on each. My goal, of course, is to bypass the corporate firewall (first priority is bypassing the ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: need help using openvpn to bypass corp firewall

  1. need help using openvpn to bypass corp firewall

    Hey all,

    I have a linux system at work, and have remote access to my linux box
    at home, so I installed OpenVPN on each. My goal, of course, is to
    bypass the corporate firewall (first priority is bypassing the web
    filtering) and route certain traffic (web, Email, IM, etc) to move
    over the VPN instead.

    I followed the examples at openvpn's web site, and both my local
    machine (client) and the remote machine (server) can ping each others
    VPN IP addresses, so the tunnel itself is up and running just fine. I
    guess I'm stuck on how to proceed from here, and curious as to the
    'best' (generally accepted) method to route certain traffic through
    the VPN.

    1. Should I set up multiple iptables rules on my local machine to
    route certain outgoing traffic on known ports to go through the VPN?
    2. Should I just drop the corporate network 'default gateway', and set
    my local system's default gateway to be the remote server? If so, do I
    set the VPN IP of the server as the default, or the public IP of the
    server?
    3. I suppose I'll need to add iptables rules on the server for NAT,
    since it does not currently 'act' as a gateway server for my other
    home systems.

    The OpenVPN examples I followed only seem to go far enough to actually
    built the tunnel, which I've done. Now I need some examples to play
    with for routing specific traffic over the VPN.

    Thanks for any assistance, examples or sites for how to proceed.


  2. Re: need help using openvpn to bypass corp firewall

    wild98@gmail.com writes:

    >Hey all,


    >I have a linux system at work, and have remote access to my linux box
    >at home, so I installed OpenVPN on each. My goal, of course, is to
    >bypass the corporate firewall (first priority is bypassing the web
    >filtering) and route certain traffic (web, Email, IM, etc) to move
    >over the VPN instead.


    You realise that not only might you get fired you might get thrown in jail
    as well. There was a case a few years ago where exactly this happened to a
    contractor for Intel.

    >I followed the examples at openvpn's web site, and both my local
    >machine (client) and the remote machine (server) can ping each others
    >VPN IP addresses, so the tunnel itself is up and running just fine. I
    >guess I'm stuck on how to proceed from here, and curious as to the
    >'best' (generally accepted) method to route certain traffic through
    >the VPN.


    >1. Should I set up multiple iptables rules on my local machine to
    >route certain outgoing traffic on known ports to go through the VPN?
    >2. Should I just drop the corporate network 'default gateway', and set
    >my local system's default gateway to be the remote server? If so, do I
    >set the VPN IP of the server as the default, or the public IP of the
    >server?
    >3. I suppose I'll need to add iptables rules on the server for NAT,
    >since it does not currently 'act' as a gateway server for my other
    >home systems.


    >The OpenVPN examples I followed only seem to go far enough to actually
    >built the tunnel, which I've done. Now I need some examples to play
    >with for routing specific traffic over the VPN.


    >Thanks for any assistance, examples or sites for how to proceed.



  3. Re: need help using openvpn to bypass corp firewall

    On Thu, 10 May 2007 11:22:15 -0700, wild98 rearranged some electrons to
    form:

    > Hey all,
    >
    > I have a linux system at work, and have remote access to my linux box
    > at home, so I installed OpenVPN on each. My goal, of course, is to
    > bypass the corporate firewall (first priority is bypassing the web
    > filtering) and route certain traffic (web, Email, IM, etc) to move
    > over the VPN instead.


    I would guess your employer would probably frown on this behavior.
    In fact, if you were to pull objectionable material onto your employer's
    network, it would be grounds for a harrasment suit against your company if
    someone saw it and objected to it. Not to mention you would be out on
    the street. They could also prosecute you.

    If you want to download music/porn/surf E-bay/whatever, you should
    probably do it at home on your own time.


    --
    David M (dmacchiarolo)
    http://home.triad.rr.com/redsled
    T/S 53
    sled351 Linux 2.4.18-14 has been up 6 days 13:13


  4. Re: need help using openvpn to bypass corp firewall

    On 10 May 2007, in the Usenet newsgroup comp.os.linux.networking, in article
    <1178821335.466964.231450@o5g2000hsb.googlegroups.c om>, wild98@gmail.com wrote:

    > My goal, of course, is to bypass the corporate firewall (first
    >priority is bypassing the web filtering) and route certain traffic
    >(web, Email, IM, etc) to move over the VPN instead.


    Why exactly do you feel you need to bypass the corporate firewall?
    Is this something you need to do your job? Talk to your supervisor.
    Is the unrelated to work? Quit your job so that you don't need to
    worry about the firewall.

    >I guess I'm stuck on how to proceed from here, and curious as to the
    >'best' (generally accepted) method to route certain traffic through
    >the VPN.


    You also don't know how to use the search engine you are posting from
    to research the subject directly. That figures. Here, try this:

    Web Results 1 - 10 of about 575,000 for bypass corp firewall. (0.10
    seconds)

    You may even turn up a few convictions - but that's minor, right?

    Old guy


  5. Re: need help using openvpn to bypass corp firewall

    wild98@gmail.com wrote:
    > Hey all,
    >
    > I have a linux system at work, and have remote access to my linux box
    > at home, so I installed OpenVPN on each. My goal, of course, is to
    > bypass the corporate firewall (first priority is bypassing the web
    > filtering) and route certain traffic (web, Email, IM, etc) to move
    > over the VPN instead.
    >
    > I followed the examples at openvpn's web site, and both my local
    > machine (client) and the remote machine (server) can ping each others
    > VPN IP addresses, so the tunnel itself is up and running just fine. I
    > guess I'm stuck on how to proceed from here, and curious as to the
    > 'best' (generally accepted) method to route certain traffic through
    > the VPN.
    >
    > 1. Should I set up multiple iptables rules on my local machine to
    > route certain outgoing traffic on known ports to go through the VPN?


    No. The proper tool for routing is the route table, man route.

    > 2. Should I just drop the corporate network 'default gateway', and set
    > my local system's default gateway to be the remote server? If so, do I
    > set the VPN IP of the server as the default, or the public IP of the
    > server?


    No. See above.

    > 3. I suppose I'll need to add iptables rules on the server for NAT,
    > since it does not currently 'act' as a gateway server for my other
    > home systems.


    The iptables rules are for address translations which
    you do not need here.

    > The OpenVPN examples I followed only seem to go far enough to actually
    > built the tunnel, which I've done. Now I need some examples to play
    > with for routing specific traffic over the VPN.


    OpenVPN is not the tool here, it needs holes in the
    main firewall for UDP/1194 for both directions. Are
    you sure that the tunnel is open?

    > Thanks for any assistance, examples or sites for how to proceed.


    Mostly probably the corporate firewall is closed for
    any traffic, and the connections to the outside are
    provided by application-protocol specific proxies.

    You are pretty probably limited to filtered HTTP access
    to the outside, and OpenVPN does not run on it.

    A different story is the legality of the set-up. You
    very probably risk legal actions.

    --

    Tauno Voipio
    tauno voipio (at) iki fi


  6. Re: need help using openvpn to bypass corp firewall

    wild98@gmail.com wrote:
    > I have a linux system at work, and have remote access to my linux box
    > at home, so I installed OpenVPN on each. My goal, of course, is to
    > bypass the corporate firewall [...]


    I really wish you hadn't posted that. Corporate firewalls are there for
    a reason. If you object to the implementation policies you need to follow
    this up internally.


    > [...] the tunnel itself is up and running just fine. I
    > guess I'm stuck on how to proceed from here, and curious as to the
    > 'best' (generally accepted) method to route certain traffic through
    > the VPN.


    To route by destination port you would use iptables. To route by
    destination address you would use the routing table. OpenVPN allows
    commands to be run when an interface is brought up (or torn down) so
    you could put the iptables commands in the configuration file. Routing
    commands are specifically covered in the documentation.

    Chris

  7. Re: need help using openvpn to bypass corp firewall

    On Mon, 14 May 2007, in the Usenet newsgroup comp.os.linux.networking, in
    article , Chris Davies wrote:

    >wild98@gmail.com wrote:
    >> I have a linux system at work, and have remote access to my linux box
    >> at home, so I installed OpenVPN on each. My goal, of course, is to
    >> bypass the corporate firewall [...]


    >I really wish you hadn't posted that. Corporate firewalls are there for
    >a reason.


    You should spend some time scanning the newsgroup 'comp.security.firewalls'
    where you get a number of trolls and pretenders claiming to use VPN or
    even SSH to "bypass" the company/school firewall. They all miss the
    fact that the traffic stands out like a sore thumb. They claim that
    because the traffic is encrypted, "no one will ever know" what's going
    on. I guess they've never had children, because when you hear the crash
    of broken glass in another room, and the answer to your "what happened"
    of "nothing" or "nothing happened" means it's time to wander on in and
    see what disaster just occurred.

    Old guy


  8. Re: need help using openvpn to bypass corp firewall

    Quote Originally Posted by unix View Post
    On Thu, 10 May 2007 11:22:15 -0700, wild98 rearranged some electrons to
    form:

    > Hey all,
    >
    > I have a linux system at work, and have remote access to my linux box
    > at home, so I installed OpenVPN on each. My goal, of course, is to
    > bypass the corporate firewall (first priority is bypassing the web
    > filtering) and route certain traffic (web, Email, IM, etc) to move
    > over the VPN instead.

    I would guess your employer would probably frown on this behavior.
    In fact, if you were to pull objectionable material onto your employer's
    network, it would be grounds for a harrasment suit against your company if
    someone saw it and objected to it. Not to mention you would be out on
    the street. They could also prosecute you.

    If you want to download music/porn/surf E-bay/whatever, you should
    probably do it at home on your own time.


    --
    David M (dmacchiarolo)
    http://home.triad.rr.com/redsled
    T/S 53
    sled351 Linux 2.4.18-14 has been up 6 days 13:13




    In the day and age of corporations that treat people like commodities, I don't see much wrong with someone who wants to retain some humanity by choosing how to spend his daytime hours without management watching him like a criminal. If the original poster can get the work available to him done in between checking his Ebay auctions or reading the news, then I say more power to him. And if he's savvy enough to set up OpenVPN, chances are he's not going to be using it for running his Farmville on Facebook or downloading malware, probably just wants to get those files he left on his home computer from home.

    We don't know his situation. It's entirely possible that like many worker bees, he's got crappy management that doesn't see the difference between someone who knows what they're doing and wants to use technology productively in new ways and someone who downloads screensaver malware.

    There's absolutely no reason to side with management on this unless you're a corporate shill who cares more about blind obedience than using technology in new ways to increase freedom. Which, by the way, was sort of what Linus Torvalds, the inventor of Linux, had in mind in the first place.

+ Reply to Thread