I'm considering forking OpenVPN -- or starting from scratch with my own code -- so that I can run a VPN server on a remote server without admin rights. At the beginning I'll focus specifically on Linux servers, but my idea here should work fine on a MS-Windows server also.
Here's how I'll go about it:
(1) Contrary to how things normally work, the VPN client will listen on TCP port 443 for an incoming connection. (So those of us using NAT will have to go into our router settings to open a NAT pinhole to forward port 443 to our PC). UDP would be preferable but a lot of firewalls will block it.
(2) The VPN server will connect to TCP port 443 on the client.
(3) The client will have a virtual network device, and the client's routing table will route all internet traffic through the virtual network device.
(4) The server will not have a virtual network device -- because we can't create one if we don't have admin rights.
So here are the steps for how you bring the VPN connection to life and use it for IP traffic:
(1) On your laptop, you start the client program to listen on TCP port 443
(2) On your laptop, you SSH into the Linux server and start the server program to connect to your laptop
(3) So there is now a live TCP socket between VPN server and VPN client
(4) Let's say that the client wants to send a DNS lookup request to the IP address 4.2.2.1, so the client checks its routing table and sees that "0.0.0.0/0" goes through the virtual network device, and so it sends the DNS lookup to the virtual network device.
(5) The virtual network device receives the DNS lookup, and the IP packet looks something like this:
Code: Select all
Source IP = 192.168.1.23
Destination IP = 4.2.2.1
Layer 4 Protocol = UDP
Source Port = 32359
Destination Port = 53
Payload = Tell me the IP of virjacode.com
(7) The Linux server receives this packet, and the first thing it does is perform NAT to change it to something like:
Code: Select all
Source IP = 10.0.0.7 (previously 192.168.1.23)
Destination IP = 4.2.2.1
Layer 4 Protocol = UDP
Source Port = 21769 (previously 32359)
Destination Port = 53
Payload = Tell me the IP of virjacode.com
So this means that we can have a VPN server running on a remote Linux server without the need for admin rights.
Please give me your thoughts on this. Right now in my head this definitely seems possible.
I could either fork OpenVPN on Github or alternatively start from scratch with my own code. At the beginning I'd make it very very simple: i.e. maximum one client and only IPv4. Although another idea came to me just now, instead of forking OpenVPN, I could fork the SSH client program (e.g. the DropBear SSH client program) and I could add a new command-line option to it:
Code: Select all
ssh user@remote_server.com --vpn on
Code: Select all
ssh user@remote_server.com --vpn on --vpn-route-entry 0.0.0.0/0 --vpn-address-translation on