Mirzad

Aug 302012
 

Foreword:
In my coorporate environment most outgoing connections are blocked, only DNS, HTTP and HTTPS are allowed. Skype works (it tunnels its way out), but ICQ/MSN/SIP/GoogleTalk/Jabber/… do not work. As a workaround I have setup a VPN running on Port 443 to tunnel my way out. Now the DNS-Servers (8.8.8.8) and my home network 192.168.2.0/24 are getting tunneled. But still, I cannot use XMPP (Facebook Chat) for example.
The setup:
Beeing able to reach my Linux box and installing a client that can use a SOCKS tunnel, I can circumvent the coorporate Firewall restrictions.
I am currently testing Jitsi (https://jitsi.org/index.php/Main/Download) as a multimessenger, because it supports VoIP/SIP (even encrypted) and all the rest (Facebook, ICQ, MSN, GTalk, AIM, Yahoo YIM,…).
On the Debian side the configuration of a SOCKS server is pretty easy. I picked danted, for beeing the first:
apt-get install dante-server
Edit the configuration:
vim /etc/danted.conf
Personally I do not want to auth myself to my own server, since its not reachable from the internet, so this is my config:

# log
logoutput: stderr
# internal listener / ip and port
internal: 192.168.2.21 port = 1080
# external (could use eth0 also)
external: 192.168.2.21
# no auth
method: none
clientmethod: none
# users for linux env
user.privileged: proxy
user.notprivileged: nobody
user.libwrap: nobody
# allow these sources
client pass {
from: 192.168.2.0/24 port 1-65535 to: 0.0.0.0/0
log: error
}
# allow these destinations
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error
}

In Jitsi I added a SOCKS5 global Proxy without Auth and voila, there goes my tunneled chat connection! :)
I verified the connection using “netstat -ln | grep 1080” and “tcpdump -vvv -n port 1080