Page 1 of 1
Openvpn Over ICMP
Posted: Thu Jul 05, 2012 6:46 pm
by pada123
Hi All,
I am trying to pass openvpn traffic over ICMP tunnel...
[ done with normal UDP over ICMP tunnel...and its working.. ]
For that in client config i given remote open vpn server as 127.0.0.1 - 53
there in ( 127.0.0.1 - 53 ) my custom UDP server is running .
It s doing following
1> receiving each udp packet from openvpn client.
2> Extracts only udp payload from each packet (not UDP header ) and passing that in ICMP payload part.
3> in internet server I am capturing sent-ICMP packet and extracting the UDP data ( which is openvpn client udp data part).
4> Now I am making A single UDP socket connection to OPENVPN server and passing all the UDP payload part to openvpn server.
Now thing is ....as I am using a single socket in my BOX for passing all UDP packets to openvpn server received from multiple client pc..so SOURCE IP and SOURCE PORT will be same for all clients ( packets ) for openvpn server perspective.
Code: Select all
My Question is..Does open VPN consider Client SOURCE IP and SOURCE PORT to distinguish client or It does by other means like userid or session id etc.
My 2nd question is as I am carrying only UDP payload part from client machine ( not udp header ) means the UDP header generated by openvpn client will be altered when i will feed it to openvpn server from my ICMP program.
Question is when openvpn makes packet-hash something like that, does it include UDP header part too.....
as here in generated packet by openvpn client UDP destination port will be 53 and destserver will be 127.0.0.1
with proper srs ip src port
But when i feed this to openvpn server dest ip /port / src ip /port in UDP packet header will be changed ..Will OPENVPN give error saying bad packet...
this is some kind we can say of UDP port forwarder
Thanks for your time
pada
Re: Openvpn Over ICMP
Posted: Tue Jul 10, 2012 3:27 pm
by pada123
H All,
Here is few more update. As mentioned in earlier post..
Now I have tested the ICMP tunnel with various RUDP program..Like - UDT..and java rudp
I can transfer huge MBs of data through ICMP tunnel without any issue while using those RUDP programs.
But when I try to use Openvpn after getting successful message [ Initialization Sequence Completed] no data getting transferred. Even I cant ping vpn server ..Hence after few seconds it gives Inactivity timeout. In LOGS it does not write anything [verb 6] till it disconnects
For RUDP The model is as follows.....Working fine...
Even I get almost same speed like independently use RUDP client server
Code: Select all
RUDP Client ---> ( localhost ) [ My UDP Server ..Receives UDP packet and inject it into ICMP packet ] ----- INTERNET-------> ICMP receiver at Server--> extracts UDP data part from ICMP packet ---> Create UDP Socket with main RDUP server -->pass it to Main RUDP server.
....Not working after ...[Initialization Sequence Completed]
Code: Select all
Openvpn Client ---> dummy Openvpn Server ( localhost ) [ My local UDP Server ..Receives UDP packet and inject it into ICMP packet ] ----- INTERNET-------> ICMP receiver at Server--> extracts UDP data part from ICMP packet --->Create UDP Socket with main openvpn server --> forward it to Main Openvpn server.
I know its hard to say without examining the whole setup...but if possible pls give me any input which will be helpful here. As other RUDP stuffs are working smooth with this ICMP tunnel
Note : My Normal OPENVPN ( UDP) setup working fine without ICMP tunnel. and also checked it s not issue with MTU / Big packet size.
Just thinking...For openvpn client 127.0.0.1 is the real OPENVPN host..but when I am forwarding the packet to main Openvpn server the Openvpn server is different ( Destination IP and Source ip getting changed of each UDP packet )..has it anything to do with the problem... Does Openvpn client / server do anything with main UDP protocol header.
Does it use the Openvpn server's IP for any internal calculation.
Or what could be the possible issue
Thanks for your time
pada
Re: Openvpn Over ICMP
Posted: Wed Jul 11, 2012 5:32 am
by pada123
Hi All,
Here is the latest update...Problem is resolved now.
I am posting this message using Openvpn over ICMP Tunnel.
Not sure ,, It was a Windows 7 problem. After rebooting everything started working great using self made ICMP tunnel.
Am getting almost same speed as UDP openvpn used directly.
We will wait for v3.x when Openvpn will have inbuilt support for ICMP. For now Its creating UDP packet in fast place then again I am wrapping by ICMP...and unwrapping it in server...and in server side also having two separate programs- running ICMP receiver and Openvpn main server.
Future openvpn release will reduce this small overhead without hampering speed.
Thanks Openvpn
Re: Openvpn Over ICMP
Posted: Wed Jul 11, 2012 8:25 am
by Dukelord
Hi there. Please could you possible share this with me. I am trying to connect from my Windows 7 computer to my remote vps server with OpenVPN over ICMP.
Re: Openvpn Over ICMP
Posted: Thu Jul 12, 2012 7:52 am
by Dukelord
Hey I am interested in your customized OpenVPN. Can you pls upload? I am trying to connct my Windows 7 computer to my remote vps and my network firewall is tight. I can only get this out through icmp. I have tried a software called pdproxy to confirm and it works, but he restricts remote servers to his own only.
Re: Openvpn Over ICMP
Posted: Fri Jul 13, 2012 1:15 pm
by 300000
It is sound very interesting . Could you post a tutorial how to do and what software you use to get that working . I am try to do the same like that for a while but not getting it work
Re: Openvpn Over ICMP
Posted: Tue Jul 31, 2012 5:53 am
by Mimiko
Dukelord, 300000:
pada123 implemented a self IGMP proxy software. Unless he will share the code, there is nothing to do.
Re: Openvpn Over ICMP
Posted: Tue Jul 31, 2012 1:53 pm
by Dukelord
Yeah, I figured as much. I need for private use so I hope he is willing to share.
Re: Openvpn Over ICMP
Posted: Wed Aug 01, 2012 6:55 pm
by pada123
Newbie,
I am not permitted to share code here. But You can send me offline message..I will try to help. But if you are a network programmer the information I provided is enough to make a quick ICMP tunnel. You need to know packet structure of both ICMP and UDP ..And if your intention is bypassing firewall ( NAT ) using ICMP..depending on Firewall you need to do extra clever coding. Maximum firewall won't support 1 echo request multiple echo reply. You may not be able to use duplicate sequence no. Even you may need to change ICMP ID for each request. The software tool you mentioned does all this clever thing. Better you have a quick look on icmptx
Hope it will help Thanks pada
Re: Openvpn Over ICMP
Posted: Wed Aug 01, 2012 7:03 pm
by krzee
is the code you would post icmptx or did you code a patch for openvpn? if it is an openvpn patch you certainly can post it here, but the developer channel on IRC or the dev mailing list would also be good places to post it if you are willing
Re: Openvpn Over ICMP
Posted: Wed Aug 01, 2012 7:22 pm
by Dukelord
pada123 wrote:Newbie,
I am not permitted to share code here. But You can send me offline message..I will try to help. But if you are a network programmer the information I provided is enough to make a quick ICMP tunnel. You need to know packet structure of both ICMP and UDP ..And if your intention is bypassing firewall ( NAT ) using ICMP..depending on Firewall you need to do extra clever coding. Maximum firewall won't support 1 echo request multiple echo reply. You may not be able to use duplicate sequence no. Even you may need to change ICMP ID for each request. The software tool you mentioned does all this clever thing. Better you have a quick look on icmptx
Hope it will help Thanks pada
PM sent to you. Thanks
Re: Openvpn Over ICMP
Posted: Thu Aug 16, 2012 5:45 pm
by kedenya
PM sent to you. Thanks
Re: Openvpn Over ICMP
Posted: Mon Sep 03, 2012 10:40 am
by neviel47
pada123 wrote:Newbie,
I am not permitted to share code here. But You can send me offline message..I will try to help. But if you are a network programmer the information I provided is enough to make a quick ICMP tunnel. You need to know packet structure of both ICMP and UDP ..And if your intention is bypassing firewall ( NAT ) using ICMP..depending on Firewall you need to do extra clever coding. Maximum firewall won't support 1 echo request multiple echo reply. You may not be able to use duplicate sequence no. Even you may need to change ICMP ID for each request. The software tool you mentioned does all this clever thing. Better you have a quick look on icmptx
Hope it will help Thanks pada
hello pada123,
I really interested with your custom ICMP openvpn. Can you send it to me through my email, sensara.amy[@]gmail[dot]com. I couldn't PM you here, there's no PM button, maybe Im still newbie so cannot send you PM.
I appreciate for any response from you.
Thanks
TQ
Re: Openvpn Over ICMP
Posted: Wed Sep 05, 2012 8:04 am
by Dukelord
He is not going to send it. I asked and he ignored.
Re: Openvpn Over ICMP
Posted: Tue Nov 13, 2012 6:20 am
by pada123
As per my knowledge this is the only available ICMP tunnel use Openvpn
For a try :
http://www.icmptunnel.com
[ Help : -
http://forum.tunnelguru.com/viewtopic.php?f=18&t=17684 ]
It wraps Openvpn UDP packet inside ICMP packet. You will get ~ same speed as you get using Openvpn UDP tunnel.
Thanks
Re: Openvpn Over ICMP
Posted: Thu Jan 17, 2013 12:25 pm
by VPNTutorials
pada123 wrote:Hi All,
Here is the latest update...Problem is resolved now.
I am posting this message using Openvpn over ICMP Tunnel.
Not sure ,, It was a Windows 7 problem. After rebooting everything started working great using self made ICMP tunnel.
Am getting almost same speed as UDP openvpn used directly.
We will wait for v3.x when Openvpn will have inbuilt support for ICMP. For now Its creating UDP packet in fast place then again I am wrapping by ICMP...and unwrapping it in server...and in server side also having two separate programs- running ICMP receiver and Openvpn main server.
Future openvpn release will reduce this small overhead without hampering speed.
Thanks Openvpn
Did OpenVPN already said anything about adding ICMP tunnel on OpenVPN 3.x?
Re: Openvpn Over ICMP
Posted: Thu Aug 10, 2017 2:54 pm
by wangyucn
i have a stable openvpn over icmp solution.works under NAT environment.supports latest openvpn version.
https://github.com/wangyu-/udp2raw-tunn ... aw-openvpn