1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is using tomato as http-tunnel server possible ?

Discussion in 'Tomato Firmware' started by rottbert, Feb 14, 2010.

  1. rottbert

    rottbert Guest

    So here's my case: currently I'm behind a pretty restrictive firewall, which does not allow me to ssh to the outside. Usually I use a ssh tunnel to my Linksys WRT54GL, so that it acts as a proxy server. Works like a charm, with the only changes I've made activating ssh and set up port forwarding (for remote desktop to a local machine).

    So I've been looking into ways to circumvent the annoyingly restrictive firewall. What I want to do is set up a http tunnel to send my ssh traffic through, since https is allowed (I can reach the tomato remote admin page)

    So far I've been thinking of using the GNU httptunnel. The final question i guess, is it possible to make tomato (WRT54GL) act as a httptunnel "server" ? I somehow suppose it could be possible to compile the source for MIPS?

    Could someone by any chance get me in the right direction ? If this is possible, or perhaps other ways of doing it ?
     
  2. azeari

    azeari LI Guru Member

    it is possible, tho i'd personally suggest using OpenVPN on port 443 instead to save the trouble(no worries abt being blocked as OpenVPN works over SSL, so it appears as tho you're doing normal SSL traffic).

    There are some builds around here compiled with OpenVPN.

    Use the push "redirect-gateway local def1" to redirect all your traffic thru the openvpn tunnel. There should be some guides around this forum with more indepth details.
     
  3. vibe666

    vibe666 Network Guru Member

    i was trying to do the same thing and got my RDP session working fine over ssh using putty on my work PC but couldn't redirect http/https traffic without using my home pc as a proxy.

    in the end i just installed the safesquid proxy app on my home PC (actually in a 32bit XP VM (also known as XP Mode) running on my home PC as it wouldn't work natively on Win7 x64) and created an extra tunnel for it (along with my RDP tunnel) in my putty config and that's working fine for me now.

    I'm still sure there's a way to redirect web traffic over SSH to a tomato router and then back out to the internet though, I just don't know how. :(
     
  4. menses

    menses Addicted to LI Member

    I have the same situation as the original poster:
    I'm behind a very restrictive firewall that prevents all traffic except http/https. Socks proxies don't work. Neither do http proxies. Even SSH and VPN are blocked. Just http(s) goes through the firewall.
    Thus I think an http tunnel is the only way to solve the problem. What are the options? Is GNU httptunnel the only http tunnel out there? Has anyone set up an http tunnel with Tomato?

    Hmm... just found out about ping tunneling and http://www.cs.uit.no/~daniels/PingTunnel/
    Sounds too slow though.
     
  5. ntest7

    ntest7 Network Guru Member

    You can configure OpenVPN to run on tcp port 443. Looks like normal https traffic to the firewall.
     
  6. mraneri

    mraneri LI Guru Member

    Can't you just change the SSH port too?
    Is your restrictive firewall actually blocking protocols or just blocking ports? Usually, they're just blocking ports. If it's just blocking ports, you need to find an open port and use that one. You can probably still use SSH.

    As others have done, I use Putty as a SOCKS proxy to my Tomato based router with no problem. I found an open outgoing port which I could connect through the firewall, and everything works well.

    You probably just need to find an available port.
     
  7. menses

    menses Addicted to LI Member

    I guess I wasn't clear enough in my post :)

    I have tried all kinds of ports (21,22,23,80,443,..) with all protocols and only http works. So it is filtered on the protocol level.

    Hmm... I'm not that familiar with (Open)VPN but does it really look like http traffic?
     
  8. ntest7

    ntest7 Network Guru Member

    If you run OpenVPN on TCP:443 it looks like a TCP connection followed by an SSL handshake followed by an encrypted session... just like an https connection. (Note TCP:443 is not the default for OpenVPN.)

    I use this myself from time to time when find myself somewhere with a restrictive firewall, such as a hotel or conference center. If I can access https, it has never failed to work.
     
  9. menses

    menses Addicted to LI Member

    Thanks, I will try this.

    One reason I would like to avoid using VPN is that it pushes all the traffic through the VPN tunnel. However I only want to direct web browsing traffic through the firewall, not everything. I'm not that familiar with VPN... so is it possible to selectively push traffic in the tunnel? Also I'm restricted to Windows machines at the workplace with the nasty firewall and I do not have admin rights. I remember OpenVPN needs some special privileges to create the tunnel devices... is this right?
     
  10. ntest7

    ntest7 Network Guru Member

    Sorry, I didn't understand this was at your workplace.

    If the machine and internet are both provided by the company, you're treading on thin ice trying to get around their security restrictions. I expect there are company policies stating that defeating security processes are forbidden, with consequences including anything from reprimand to demotion, termination and possibly civil or criminal charges. They may very well monitor your computer to see what you're up to.

    Rather than risk possibly severe consequences, you're better off trying to get the policies changed, or save your recreational surfing for your off time.

    To more directly answer your question, you need admin access to install OpenVPN.
     

Share This Page