Openvpn Over ICMP

[pada123]

Hi All,
I am trying to pass openvpn traffic over ICMP tunnel...

[ done with normal UDP over ICMP tunnel...and its working.. ]

For that in client config i given remote open vpn server as 127.0.0.1 - 53

there in ( 127.0.0.1 - 53 ) my custom UDP server is running .
It s doing following

1> receiving each udp packet from openvpn client.
2> Extracts only udp payload from each packet (not UDP header ) and passing that in ICMP payload part.

3> in internet server I am capturing sent-ICMP packet and extracting the UDP data ( which is openvpn client udp data part).

4> Now I am making A single UDP socket connection to OPENVPN server and passing all the UDP payload part to openvpn server.


Now thing is ....as I am using a single socket in my BOX for passing all UDP packets to openvpn server received from multiple client pc..so SOURCE IP and SOURCE PORT will be same for all clients ( packets ) for openvpn server perspective.

Code: Select all

My Question is..Does open VPN consider Client SOURCE IP and SOURCE PORT to distinguish client or It does by other means like  userid or session id etc.

My 2nd question is as I am carrying only UDP payload part from client machine ( not udp header ) means the UDP header generated by openvpn client will be altered when i will feed it to openvpn server from my ICMP program.
Question is when openvpn makes packet-hash something like that, does it include UDP header part too.....

as here in generated packet by openvpn client UDP destination port will be 53 and destserver will be 127.0.0.1
with proper srs ip src port
But when i feed this to openvpn server dest ip /port / src ip /port in UDP packet header will be changed ..Will OPENVPN give error saying bad packet...

this is some kind we can say of UDP port forwarder


Thanks for your time
pada

[pada123]

H All,
Here is few more update. As mentioned in earlier post..
Now I have tested the ICMP tunnel with various RUDP program..Like - UDT..and java rudp

I can transfer huge MBs of data through ICMP tunnel without any issue while using those RUDP programs.

But when I try to use Openvpn after getting successful message [ Initialization Sequence Completed] no data getting transferred. Even I cant ping vpn server ..Hence after few seconds it gives Inactivity timeout. In LOGS it does not write anything [verb 6] till it disconnects

For RUDP The model is as follows.....Working fine...
Even I get almost same speed like independently use RUDP client server

Code: Select all

RUDP Client --->  ( localhost ) [ My UDP Server ..Receives UDP packet and inject it into ICMP packet ] ----- INTERNET-------> ICMP receiver at Server--> extracts UDP data part from ICMP packet ---> Create UDP Socket with main RDUP server -->pass it to Main RUDP server.

For OpenvpnThe model is as follows.....Not working after ...[Initialization Sequence Completed]

Code: Select all

Openvpn Client ---> dummy Openvpn Server ( localhost ) [ My local UDP Server ..Receives UDP packet and inject it into ICMP packet ] ----- INTERNET-------> ICMP receiver at Server--> extracts UDP data part from ICMP packet --->Create UDP Socket with main openvpn server -->  forward it to Main Openvpn server.

I know its hard to say without examining the whole setup...but if possible pls give me any input which will be helpful here. As other RUDP stuffs are working smooth with this ICMP tunnel

Note : My Normal OPENVPN ( UDP) setup working fine without ICMP tunnel. and also checked it s not issue with MTU / Big packet size.

Just thinking...For openvpn client 127.0.0.1 is the real OPENVPN host..but when I am forwarding the packet to main Openvpn server the Openvpn server is different ( Destination IP and Source ip getting changed of each UDP packet )..has it anything to do with the problem... Does Openvpn client / server do anything with main UDP protocol header.

Does it use the Openvpn server's IP for any internal calculation.

Or what could be the possible issue

Thanks for your time
pada

[pada123]

Hi All,
Here is the latest update...Problem is resolved now.
I am posting this message using Openvpn over ICMP Tunnel.
Not sure ,, It was a Windows 7 problem. After rebooting everything started working great using self made ICMP tunnel.
Am getting almost same speed as UDP openvpn used directly.

We will wait for v3.x when Openvpn will have inbuilt support for ICMP. For now Its creating UDP packet in fast place then again I am wrapping by ICMP...and unwrapping it in server...and in server side also having two separate programs- running ICMP receiver and Openvpn main server.
Future openvpn release will reduce this small overhead without hampering speed.

Thanks Openvpn

[Dukelord]

Hi there. Please could you possible share this with me. I am trying to connect from my Windows 7 computer to my remote vps server with OpenVPN over ICMP.

[Dukelord]

Hey I am interested in your customized OpenVPN. Can you pls upload? I am trying to connct my Windows 7 computer to my remote vps and my network firewall is tight. I can only get this out through icmp. I have tried a software called pdproxy to confirm and it works, but he restricts remote servers to his own only.

[300000]

It is sound very interesting . Could you post a tutorial how to do and what software you use to get that working . I am try to do the same like that for a while but not getting it work

[Mimiko]

Dukelord, 300000:
pada123 implemented a self IGMP proxy software. Unless he will share the code, there is nothing to do.

[Dukelord]

Yeah, I figured as much. I need for private use so I hope he is willing to share.

[pada123]

Newbie,
I am not permitted to share code here. But You can send me offline message..I will try to help. But if you are a network programmer the information I provided is enough to make a quick ICMP tunnel. You need to know packet structure of both ICMP and UDP ..And if your intention is bypassing firewall ( NAT ) using ICMP..depending on Firewall you need to do extra clever coding. Maximum firewall won't support 1 echo request multiple echo reply. You may not be able to use duplicate sequence no. Even you may need to change ICMP ID for each request. The software tool you mentioned does all this clever thing. Better you have a quick look on icmptx
Hope it will help Thanks pada

[krzee]

is the code you would post icmptx or did you code a patch for openvpn? if it is an openvpn patch you certainly can post it here, but the developer channel on IRC or the dev mailing list would also be good places to post it if you are willing

[Dukelord]

Newbie,
I am not permitted to share code here. But You can send me offline message..I will try to help. But if you are a network programmer the information I provided is enough to make a quick ICMP tunnel. You need to know packet structure of both ICMP and UDP ..And if your intention is bypassing firewall ( NAT ) using ICMP..depending on Firewall you need to do extra clever coding. Maximum firewall won't support 1 echo request multiple echo reply. You may not be able to use duplicate sequence no. Even you may need to change ICMP ID for each request. The software tool you mentioned does all this clever thing. Better you have a quick look on icmptx
Hope it will help Thanks pada

PM sent to you. Thanks

[kedenya]

PM sent to you. Thanks

[neviel47]

Newbie,
I am not permitted to share code here. But You can send me offline message..I will try to help. But if you are a network programmer the information I provided is enough to make a quick ICMP tunnel. You need to know packet structure of both ICMP and UDP ..And if your intention is bypassing firewall ( NAT ) using ICMP..depending on Firewall you need to do extra clever coding. Maximum firewall won't support 1 echo request multiple echo reply. You may not be able to use duplicate sequence no. Even you may need to change ICMP ID for each request. The software tool you mentioned does all this clever thing. Better you have a quick look on icmptx
Hope it will help Thanks pada

hello pada123,

I really interested with your custom ICMP openvpn. Can you send it to me through my email, sensara.amy[@]gmail[dot]com. I couldn't PM you here, there's no PM button, maybe Im still newbie so cannot send you PM.

I appreciate for any response from you.


Thanks


TQ

[Dukelord]

He is not going to send it. I asked and he ignored.

[pada123]

As per my knowledge this is the only available ICMP tunnel use Openvpn
For a try :
http://www.icmptunnel.com
[ Help : - http://forum.tunnelguru.com/viewtopic.php?f=18&t=17684 ]

It wraps Openvpn UDP packet inside ICMP packet. You will get ~ same speed as you get using Openvpn UDP tunnel.

Thanks

[VPNTutorials]

Hi All,
Here is the latest update...Problem is resolved now.
I am posting this message using Openvpn over ICMP Tunnel.
Not sure ,, It was a Windows 7 problem. After rebooting everything started working great using self made ICMP tunnel.
Am getting almost same speed as UDP openvpn used directly.

We will wait for v3.x when Openvpn will have inbuilt support for ICMP. For now Its creating UDP packet in fast place then again I am wrapping by ICMP...and unwrapping it in server...and in server side also having two separate programs- running ICMP receiver and Openvpn main server.
Future openvpn release will reduce this small overhead without hampering speed.

Thanks Openvpn

Did OpenVPN already said anything about adding ICMP tunnel on OpenVPN 3.x?

[wangyucn]

i have a stable openvpn over icmp solution.works under NAT environment.supports latest openvpn version.

https://github.com/wangyu-/udp2raw-tunn ... aw-openvpn