Protecting traffic with Comodo TrustConnect and DNSCrypt
Previously, I did not pay enough attention to encryption, since the data transmitted in public places was not of great importance, but today I saw this as the other side of the coin. At the institute, as usual, on a pair of computer science, students sat on VKontakte, Habré, and other resources and foreshadowed nothing. Everyone was ignorant of what was happening on the other side of the network. And there was going on WireShark, kindly showing the teacher of the addresses of the pages visited, the spurs and, accordingly, the index of the "attention" of the students. At this point, I realized - we are in danger of not passing the session.
Then I decided to find a way to hide actions on the network.
Earlier I used TOR, but its speed was low, and I didn’t trust him that he would hide all requests on all ports. Then I began, for the umpteenth time, to look for a free VPN. And then where do not take the article about Comodo TrustConnect (since my article is its logical continuation, first read it). I started to happily install packages and register, though I was confused by the phrase about blocked ports, but it was expected that at least HTTP would work tolerably. Free cheese in a mousetrap showed its true face. I launch VPN, but the pages do not open - the DNS does not pass.
Armed with Google an hour later, we find that the DNS is simply blocked and must be redirected.
I will briefly describe the VPN setup for Linux (detailed on the site after registration): we put openvpn, then just copy ca.crt and free_client.conf from the instructions on the site in / etc / openvpn.
Then you can create a pass file, write a login on the first line, a second password (but it’s better not to keep everything in clear text)
Then we run
Well, add to /etc/openvpn/free_client.conf:
And lo and behold, everything works!
That's just in tcpdump you can see how DNS requests are sent and the visited site is lit!
')
Fortunately, 10 minutes later, DNSCrypt from OpenDNS was found. Under Archlinux, it was enough to install the dnscrypt-proxy package from aur and run it. In the log gives the address through which the requests go. To work we enter instead of the DNS in the free_client.conf config this address. For example in my case
Everything, after that, all traffic goes through VPN, and DNS requests go through DNSCrypt. In tcpdump addresses are not lit. Beauty.
Then I decided to find a way to hide actions on the network.
Search for a solution
Earlier I used TOR, but its speed was low, and I didn’t trust him that he would hide all requests on all ports. Then I began, for the umpteenth time, to look for a free VPN. And then where do not take the article about Comodo TrustConnect (since my article is its logical continuation, first read it). I started to happily install packages and register, though I was confused by the phrase about blocked ports, but it was expected that at least HTTP would work tolerably. Free cheese in a mousetrap showed its true face. I launch VPN, but the pages do not open - the DNS does not pass.
Google to the rescue
Armed with Google an hour later, we find that the DNS is simply blocked and must be redirected.
I will briefly describe the VPN setup for Linux (detailed on the site after registration): we put openvpn, then just copy ca.crt and free_client.conf from the instructions on the site in / etc / openvpn.
Then you can create a pass file, write a login on the first line, a second password (but it’s better not to keep everything in clear text)
Then we run
sudo openvpn --config /etc/openvpn/free_client.conf --auth-user-pass /etc/openvpn/passWell, add to /etc/openvpn/free_client.conf:
route < DNS> 255.255.255.255 net_gatewayAnd lo and behold, everything works!
That's just in tcpdump you can see how DNS requests are sent and the visited site is lit!
')
DNS encrypted
Fortunately, 10 minutes later, DNSCrypt from OpenDNS was found. Under Archlinux, it was enough to install the dnscrypt-proxy package from aur and run it. In the log gives the address through which the requests go. To work we enter instead of the DNS in the free_client.conf config this address. For example in my case
route 208.67.220.220 255.255.255.255 net_gatewayEverything, after that, all traffic goes through VPN, and DNS requests go through DNSCrypt. In tcpdump addresses are not lit. Beauty.
Source: https://habr.com/ru/post/141825/
All Articles