Settings
Language

Country

Framework language
Choose the country,language and framework settings
Privacy
HTTPS + POST : An encrypted SSL(HTTPS) connection ensuring your privacy. The search variables like keywords, etc. are encrypted and masked.
HTTPS + GET : The data transfer is enrypted but search variables displayed in the URL.
HTTP + GET : Non encrypted datatransfer
Count of search results per page
Content filter

Violence
Filter adult material


Parental lock: with setting a password you are activating the parental lock. You are able to reset it by typing in the correct password clicking reset and saving the settings. To use the child protection properly you need to create a separate system account for your child with no write access to cookies

Length of descriptions
Activate social platform plugins
With activating this option social plugins embed to this website will get loaded automatically. You will automatically accept all terms of used social plugin hosters by setting activated. Please reconsider our terms and links to related terms and datasecurity for more information
Count of ads
Color style
Thumbnails
Save Settings
Close Settings

Blog

  • Home
  • geebee.org
  • Blog
Translation in de
VPNENCAP - encapsuled VPN tunnels

Back in 2007 I wrote a script which was supposed to ease the building of multiple encapsulated VPN tunnels. With VPNEncap it is possible to build as much tunnels as you like encapsuled within each other without having to care for the apropriate routing which is done by OPENVPN and the VPNENCAP script. Depending on the VPN hosters' server configuration this will apply more anonymity and security to your connection. VPNENCAP can be used to easily build even complex Cascade Tunnel Setups. You may compare it to the technique TOR or Proxychains uses chaining 3 or more Proxy Server in a Cascade Proxy Setup but with (higher) encryption possible between each node and combining the tunnel ciphers by inlaying new tunnels within already established tunnels -  imagine a cable which is containing additional cables and each of them is containing x cables and so on. This method of multi encapsulation is applicable to create wrapped encrypted containers or packages to secure any kind of data storage or transaction; Using a traditional method of data/message transaction always offers attackers the possibility of reading your datastream without your agreement.You should use additional encryptions to secure your privacy and/or anonymity - the following example describes the application of VPNEncap with 3 VPN connections.

 

Examples with 3 Servers - 3 VPN tunnels encapsuled with n bits each key length and different authentication data.

CLIENT -> SERVER1 -> SERVER2 -> SERVER3 -> INTERNET

 

CLIENT -> (encrypted1 + (encrypted2 + (encrypted3))) -> SERVER1 ->

               -> (encrypted2 + (encrypted3)) -> SERVER2 ->

               -> (encrypted3) -> SERVER3 ---> INTERNET/Network/Server

 

this is how it looks like if you are monitoring the connection:

 

The encrypted Packages of the DNS Request

CLIENT->SERVER1

As you can see nobody between CLIENT and SERVER1 is able to read this cleartext request.

This tunnel will hold the next tunnel.

The encrypted Packages of the DNS Request

CLIENT->SERVER1

As you can see nobody between CLIENT and SERVER1 is able to read this cleartext request.

This tunnel will hold the next tunnel.

The encrypted Packages of the DNS Request

SERVER2->SERVER3

We got an encrypted connection no content sniffing possible.

Finally at the outbound server of our setup we got the unencrypted

DNS request to Google's Nameserver 8.8.8.8

SERVER3->INTERNET

anybody between SERVER3 and your target server (e.g. 8.8.8.8)

can sniff your package and its content if you do not use encryption

like HTTPS,etc.

 

Which practical application are possible this way?

- Encrypting your INTERNET Connection

- Connect to other Networks

- Connect to (File-,Mail,etc.)Servers

 

What is the advance in using encapsuled encrypted tunnels?

- High Encryption - If some attacker should be able to decrypt capsule1(encrypted1) there are still encrypted3 encapsuled within encrypted2 to make your data streams not readable for the attacker. Having i tunnels results in a i times encrypted connection to the first server decreasing for each following server instance. In most cases the attacker will take positive decryption attempts as fails and continue his attack.

- High Anonymity - It is hard to do a traceback to the original source.

 

 

Are there disadvantages?

- If you are using too many vpn tunnels and/or choose servers which are located geographically far from each other you may have a loss  of connection speed. Thats why you should use cheap combinations in relation to the geolocation of the servers or networktopology.

- Your system may be compromised if it is badly secured using unsafe VPN servers. Using a PAX Kernel+SELinux+IPTables+correct configuration will make your day.

- Some web services are using captchas to protect their apis from bots - if you are using a vpn server exit server which were massively used by a bot before you will enjoy those captchas.


 

OpenVPN or PPTP?

PPTP is outdated and connections are safe for a maximum of 24-48h if the connection is attacked. Better use OPENVPN connections by the TCP protocol.

for example: openvpn -> openvpn -> openvpn

for example: pptp -> openvpn/pptp -> openvpn

 

Where to find a documentation?

Just open up the vpnencap-x.sh in a text editor of your choice. On top you will find a documented section for setting up your VPN servers.

 

Is this compatible with other operating systems than linux?

Yes but this is not yet documented. There are several overlays for OSX to get all tools needed. Windows user may try a virtual machine embed linux system or cygwin(not tested).

 

It is up to you! Configuring your VPNENCAP setup properly will improve your level of security and anonymity.

Have fun with testing.

 

Quickstart :

 

- git clone https://github.com/whussup/vpnencap.git

 

- cd vpnencap

 

- chmod +x ./install.sh && ./install.sh

 

- open up the configuration files and setup vpnencap: vi /etc/vpnencap/vpn_config.sh

 

- openvpn config files have to use following scheme (if you have separate ca, cert and key files copy paste them as follows to your config file)

 

#config section
# ...
<ca>
    -----BEGIN CERTIFICATE-----
    CERTIFICATE STRING
    -----END CERTIFICATE-----
<ca>

# if used:

 

<cert>
    -----BEGIN CERTIFICATE-----
    CERTIFICATE STRING
    -----END CERTIFICATE-----
<cert>

 

# if used:

 

<key>
    -----BEGIN CERTIFICATE-----
    CERTIFICATE STRING
    -----END CERTIFICATE-----
<key>

 

# if used:

 

<tls-auth>
    -----BEGIN CERTIFICATE-----
    CERTIFICATE STRING
    -----END CERTIFICATE-----
<tls-auth>

 

 

 

- start vpnencap: /etc/init.d/vpnencap start && screen -r

 

- by using STRG+A+D you can detach the screen to let the process remain in the background. After doing this you need to give the screen id to reattach vpnencap to your screen: screen -r #screen_id (this should be the lowest number when you type in the command screen -r)

 

 

 

*UPDATES VPNENCAP-0.3.6 :

 

- various Bugfixes

- Iptables basic network security

 

 

*UPDATES VPNENCAP-0.3.5 :

- Bugfixes : (re)connecting - connection will now stay stable and reestablish properly

- Bugfixes : router device

- Error output cosmetics

- New options for launching vpnencap at boot/default

 

*UPDATES VPNENCAP-0.3.4 :

- Debian Bugfixes

- Router Mode

- Code Cleanup

- Tests with Debian like and Gentoo like systems.

- Pidora workaround.

 

*UPDATES VPNENCAP-0.3.3 :

- properly checking for last used server if public server check is turned off

- added option for checking connection health either by ips or ips + tunnel num

- checking server ports with netcat

 

*UPDATES VPNENCAP-0.3.1 :

- minor Bugfixes for openvpn connection setup

- new option for individual server timeout

 

 

*UPDATES VPNENCAP-0.3 :

- fixed some bugs for (auto)reconnect

- fixed PPTP setup

- improving connection setup speed

- spliting the script into functions

- added parent ui for controlling your vpn setup :  - automatic reconnect on connection lost

                                                                                    - live monitoring

 

*UPDATES VPNENCAP-0.2 :

- New Global Options:  - Randomization: will randomize your Server chain

                                        - Skip: will skip a specific number of servers in your chain

                                        - Public_Server_Check: if activated it will check any server for it's status before it will get added to the chain

- Server Options:           - enabled flag for activating or deactivating a server config

 

 

Github : https://github.com/whussup/vpnencap

Posted at 2014-10-17 12:45:52 ( updated at 2016-06-03 03:47:08 )
in Security by Bash

Tags:
VPNEncapBash ScriptLinuxVPN
Activate Facebook
Comments
  • Our oceans are mutating to dumps. The EU-Comission is going to change this development. But plastic producing companies aiming to disarm the comission's plan. By protesting we can still stop this!
    Stop plastic flood!
  • The TTIP trade agreement represents the interests of corporations over environmental, social and consumer standards.Imports of hormone meat and gene food should be facilitated and standards in data protection would be reduced.Europe's democracy is threatened by investment arbitration courts.We do not agree to this deal.
    No gifts for Bayer, BASF and Co.
  • The EU is negotiating very closely and 23 other states are negotiating the TiSA service agreement.With him, corporations want to enforce a new wave of deregulation and privatization and deny privacy.The negotiations are well advanced.
    Stop The Secret Plans Of The Syndicates!
  • Rice waffles and -poridge for babies are containing unnecessary high traces of anorganic arsenic. This was proven by a actual foodwatch lab test. Arsenic is causing cancer! We demand: The producers have to take care for not having their products poisoned by anorganic arsenic or other harmful substances. Grocery products, baby rice waffles, and products for babies in general shall have warning infos for possible poisoning of the regarding products (if harmfull chemicals were used within the production process, etc). Sign our petition to the companies Alnatura, Rossmann, Dm-Drogeriemarkt, Hipp, Holle, and Sunval!
    Protect Children from Arsenic in Baby Rice Products!
  • We urge Namibia's Ministry of the Environment to discontinue hunting for desert elephants and not to sell trophy permits to trophy hunters.
    No hunt for desert elephants in Namibia!
  • There are numerous alarming reports on the conditions in German slaughterhouses - abuse and misdemeanors are now part of the agenda.A Fehlbetaeubung means for the animal in the worst case, its decomposition
    German slaughterhouses have to be monitored by video
  • The EU is negotiating very closely and 23 other states are negotiating the TiSA service agreement.With him, corporations want to enforce a new wave of deregulation and privatization and deny privacy.The negotiations are well advanced.
    Sign now for nationwide referendums!
  • Now it's time for the coalition negotiations and right now we have the best opportunity to really influence politics, our children and the future generations!
    We want in the coalition agreement!
  • In Brazil, there is a red alert!The head of state wants to sell huge forest reserves in the Amazon to corrupt business people - in return for political feelings.The last area was half the size of Germany!
    Brazil: Protecting the Amazon forest from corruption
  • To stop elephant poaching, we must ensure that the ivory trade is banned in the EU as well.Therefore, together with us, request an EU trade ban for ivory.
    EU ivory trade threatens elephants
  • We demand the control of substances, which are categorized as "Research Chemical"(s) , "Fine Chemical" (s) or "Bath salt" (s). If substances which were prohibited can then be legalized if those are proven to be not harmful and or useful for medical application. Besides we demand control mechanisms according the trade of those goods and extended rapid tests for sweat, urin or substances and the creation of a agency for substance testing. This agency's duty shall be providing the service of testing goods sold in the EU or imported to the EU to European citizens for free. Therfore independent institutions like university labs are to be acredited.
    We demand the conrol of health harming synthetic chemicals
  • geebee.org
    • Home
    • General Information
    • Contact
    • Blog
    • Data Protection
    • Login
    • Create User Account

Spenden/Donations:
Paypal : paypal [at] geebee [dot] org

BTC :
1G3XgJzEovgyoLXn4kjFGMBJxSvyXvvNkM

SEPA:
IBAN: DE10 6104 0014 0187 0211 00
BIC: COBADEFFXXX

  • Services
    • General Information
    • VPN Services
    • Proxy Services
    • Check IP Address
  • VPN Encap
    • General Information
    • Crypt Router
    • Github

Copyright © 2013-2018 geeBee UG ( haftungsbeschränkt )

  • All
  • News
  • Projects
  • HowTo
  • Technology
  • Security
  • Campaigns
  • Hashflare
  • LTE 3000
  • Samsung Galaxy S7
  • Galaxy S6 edge+
Menu
  • geebee.org
    • Home
    • General Information
    • Contact
    • Blog
    • Data Protection
    • Login
    • Create User Account
    • Settings
  • Services
    • General Information
    • VPN Services
    • Proxy Services
    • Check IP Address
  • Tools
    • VPN Encap
      • General Information
      • Crypt Router
      • Github
gear
Language:
Sort:
Filter:
Geolocation:
Country:
Google Domain:
Simplified Chinese:
AND search query:
Search in URL:
Search in URL - Filter:
Contained search queries:
Excluded search queries:
OR search queries:
related URL:
Date:
File type (Extension):
Image size:
Image type:
Color:
Dominant color:
Copyright:
- Wikiwords
HD:3D:Game:Language-Filter:Country-Filter:Min-Length:
free shipping:Sort:
Condition:
Min.:

Max.:
- Suggestions