How To Force All Network Traffic Through A Tunnel?

Written by gigmocha in Uncategorized

How To Force All Network Traffic Through A Tunnel?

Overview

Internet traffic or network traffic is the flow of data from a sender to a receiver through an electronic communications network.Network traffic through tunneling means that all network packets will pass through VPN encrypted tunnel before reaching their destination. 

From this perspective, all HTTP requests should be sent through the encrypted tunnel, including DNS requests. This is how to force all network traffic through a VPN connection in Windows 7.

Normally traffic flows from a client to a server or from a server to a client. A tunnel is used for routing network data over another network, such as the Internet. In other words, network traffic can be routed over an additional protocol layer via an encrypted SSH tunnel.

How Network Flow-Through Tunnel

Traffic from a client to a specific host and port passes through the tunnel only if the source IP address of that traffic matches the public IP address of the SSH server.

Inbound or Outbound network traffic between multiple applications use VPN encrypted tunnel, Listeners work as Inbound Service, In this case all requests from Client come through VPN connection to listen service.

We can also restrict or allow specific traffic via VPN tunnel, Like UDP packets from public networks to be allowed through VPN to internal networks. Check out the whole list of supported protocols by OpenVPN here.

Steps that are required to force all your system’s network traffic through an encrypted and secure SSH tunnel:

1) Open the terminal and type: sudo vi /etc/sysctl.conf

2) Now add this line: net.ipv4.ip_forward=1

3) Save and exit by pressing “ESC” and typing :wq!. This will save and quit.

4) To make the changes effective immediately, run the following command: sudo sysctl -p

5) Now that your system is forwarding all of its network traffic through an SSH tunnel you need to tell the ssh server on your VPS to forward all of its network traffic as well. Login to your VPS via SSH by typing: ssh user@IPADDRESS Here user is substituted by your username in DigitalOcean and IPADDRESS is substituted by your server’s IP address.

6) Now type: sudo vi /etc/ssh/sshd_config

7) Add this line to the end of the file: GatewayPorts yes

8) Save and exit by pressing “ESC” and typing :wq!. This will save and quit.

9) Now restart sshd by running this command: sudo service sshd restart

10) To make sure you are now forwarded, open another terminal window on your local system (the one connected to your home network). Type ifconfig in the terminal window. You will see something like eth0 Link encap:Ethernet HWaddr FE-CA-A8-09-32-E5 in the output.

11) Now try to ping your VPS by running: ping IP ADDRESS Here IP ADDRESS is substituted by your server’s IP address. If it worked, then good job! Now all of your network traffic on your home computer is routed through an encrypted SSH tunnel and is therefore sent over HTTPS.

12) To get this set up automatically, so you can just connect to your VPN and all of your traffic will be routed over the SSH tunnel, we need to update our OpenVPN client configuration file. We already have a file ready for you that is located at /root/vpn-config/.ovpn

13) Login to your server via SSH: ssh user@IPADDRESS

14) Type: cd /root

15) Now type: wget https://raw.githubusercontent.com/LeoNatan/nethogs-tunnel/master/nethogs-tunnel.sh

16) Now make the script executable by typing: chmod +x nethogs-tunnel.sh

17) Now that the script is ready, go back to your OpenVPN client config file which should still be opened in a text editor on your local machine. Copy all of the text from inside the <ca>…</ca> tag right up until and including <cert>…</cert>. Paste this into a new file by first typing: sudo vi nethogs-tunnel.sh

18) Now just paste over everything that’s already in the file with what you just copied from your client config file. Save and exit by pressing “ESC” and typing :wq!. This will save and quit.

19) Finally start up OpenVPN by running: sudo service openvpn start

20) To automatically start OpenVPN on login, run: sudo crontab -e

21) Now scroll down to the bottom of the file using your arrow keys and type in @reboot /usr/sbin/openvpn –config /root/vpn-config/.ovpn –route-up /root/nethogs-tunnel.sh

22) Save and exit by pressing “ESC” and typing :wq!. This will save and quit. Congratulations! You are now routing all your system’s internet traffic through an SSH tunnel that is encrypted with HTTPS. Anything you do online will be encrypted until it reaches our server which then encrypts it again, redirecting it back to you.

Conclusion

Forcing Network Through Tunnels has increased privacy and security through encrypting user data. No one can sniff in the middle to monitor the traffic. However, this increases latency since all your network packets have to go through a third party server that is longer than direct connection due to encryption overhead. It also requires a static IP address due to the permanent Routing. This is not recommended for Digital Media Streaming since the latency will make the stream Unplayable. For Online Gaming it may affect your connection speeds. In this case, it is better to use a VPN Infrastructure. However, both of these methods will still increase privacy and security while browsing the internet on a public Hotspot. This method can be used by Anonymous Communicating Users for Anonymity purposes only.

In order to break open encrypted by HTTPS, you could try using Httpsstrip- A tool made for MITM attacks. It aims at forcing https websites into http versions without alerting users or administrators. In addition it allows us to hijack redirected URLs from any site with proper redirection rules set up in the config file.

Recent Posts