1badvpn-tun2socks(8)         System Manager's Manual        badvpn-tun2socks(8)
2
3
4

NAME

6       badvpn-tun2socks  -  create a TUN device to route TCP traffic through a
7       SOCKS server
8

SYNOPSIS

10       badvpn-tun2socks
11         [--help]
12         [--version]
13         [--logger <stdout/syslog>]
14         [--syslog-facility <string>] [--syslog-ident <string>]
15         [--loglevel <0-5/none/error/warning/notice/info/debug>]
16         [--channel-loglevel       <channel-name>        <0-5/none/error/warn‐
17       ing/notice/info/debug>] ...
18         [--tundev <name>]
19         --netif-ipaddr <ipaddr>
20         --netif-netmask <ipnetmask>
21         --socks-server-addr <addr>
22         [--udpgw-remote-server-addr <addr>]
23         [--udpgw-max-connections <number>]
24         [--udpgw-connection-buffer-size <number>]
25
26       Address format is a.b.c.d:port (IPv4) or [addr]:port (IPv6).
27

DESCRIPTION

29       badvpn-tun2socks  is  a  network utility used to "socksify" TCP connec‐
30       tions at the network layer. It implements a TUN  device  which  accepts
31       all  incoming  TCP connections (regardless of destination IP), and for‐
32       wards them through a SOCKS server. This allows you to forward all  con‐
33       nections  through  SOCKS,  without any need for application support. It
34       can be used, for example, to forward connections through a  remote  SSH
35       server.
36

EXAMPLE

38       This  example  demonstrates  using  tun2socks in combination with SSH's
39       dynamic forwarding feature.
40
41       Connect to the SSH server, passing -D localhost:1080 to the ssh command
42       to  enable  dynamic  forwarding.  This will make ssh open a local SOCKS
43       server which tun2socks forward connection through.
44
45       First create a TUN device (eg. using openvpn):
46
47         openvpn --mktun --dev tun0 --user <someuser>
48
49       Configure the IP of the new tun device:
50
51         ifconfig tun0 10.0.0.1 netmask 255.255.255.0
52
53       Now start the badvpn-tun2socks program:
54
55         badvpn-tun2socks --tundev tun0 --netif-ipaddr 10.0.0.2 --netif-netmask 255.255.255.0 \
56                          --socks-server-addr 127.0.0.1:1080
57
58       Note that the address 10.0.0.2 is not  a  typo.  It  specifies  the  IP
59       address  of  the virtual router inside the TUN device, and must be dif‐
60       ferent from the IP of the TUN interface itself (but in  the  same  sub‐
61       net).
62
63       Now you should be able to ping the virtual router's IP (10.0.0.2):
64
65         ping -n 10.0.0.2
66
67       All that remains is to route connections through the TUN device instead
68       of the existing default gateway. This is done as follows:
69
70       1. Add a route to the SSH server through your existing gateway, with  a
71       lower metric than the original default route.
72
73       2.  If  your  DNS servers are in a network that is not direcly attached
74       (e.g. in the Internet), also add routes for  them  (like  for  the  SSH
75       server).  This  is  needed  because  tun2socks  does not forward UDP by
76       default (see below).
77
78       3. Add a default route through the virtual router in  the  TUN  device,
79       with  a  lower  metric than the original default route, but higher than
80       the SSH and DNS routes.
81
82       This will make all external connections  go  through  the  TUN  device,
83       except  for  the  SSH  connection  (else  SSH  would go through the TUN
84       device, which would go through... SSH).
85
86       For example (assuming there are no existing default routes with  metric
87       <=6; otherwise remove them or change their metrics):
88
89         route add <IP_of_SSH_server> gw <IP_of_original_gateway> metric 5
90         <same for DNS>
91         route add default gw 10.0.0.2 metric 6
92

UDP FORWARDING

94       tun2socks  can  forward  UDP, however this requires a forwarder daemon,
95       badvpn-udpgw to run on the remote SSH server:
96
97         badvpn-udpgw --listen-addr 127.0.0.1:7300
98
99       Then tell tun2socks to forward UDP via the forwarder:
100
101         --udpgw-remote-server-addr 127.0.0.1:7300
102
104       Copyright © 2010 Ambroz Bizjak <ambrop7@gmail.com>
105       This is free software; see the source for copying conditions.  There is
106       NO  warranty;  not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
107       PURPOSE.
108
109
110
111                                 February 2012             badvpn-tun2socks(8)
Impressum