I’ve recently moved to Barcelona to continue my Computer Science studies on UB. First thing I noticed walking into the University building was my mobile happily notifying me that it has found a known network. Ah, of course: eduroam. My Slovenian eduroam account from University of Ljubljana should be valid throughout Europe for accessing the eduroam wireless network. And indeed it is. Nice.
Troubles on the horizon
Alas … there is a downside. Apparently the IT dept at UB is filtering OpenVPN and IPsec traffic. I’m soo used to having these that I feel “naked” using a public network without encrypting all my communications.
Now wait a minute, what do I see here, SSH traffic goes through without problems? If SSH goes through, then it should possible to tunnel basically anything through it. Even an OpenVPN tunnel. Yep, tunneling a tunnel over a tunnel, that’s the idea :).
After some fiddling around, this is how I did it (referencing my original setup):
Find a server somewhere on the net you can SSH to, so you can setup a SOCKS proxy:
$ ssh <some_IP_on_the_net> -D 6666
Change protocol in OpenVPN’s server.conf to use TCP rather than UDP. Normally, using UDP is better, but if you want tunneling over SOCKS, you need TCP:
Change protocol in OpenVPN’s iptables config:
iptables -I INPUT 1 -p tcp --dport 1194 -j ACCEPT
Now modify the client.conf to use TCP and to use SOCKS proxy:
proto tcp socks-proxy 127.0.0.1 6666 route <some_IP_on_the_net> 255.255.255.255 net_gateway
Notice the last line: it adds a specific rule to route traffic to your SSH server directly and not through OpenVPN. This keeps the SOCKS proxy alive and kicking. All other traffic is still routed through OpenVPN tunnel to keep your communications safe.