Zebedee - secure TCP and UDP tunnel

The name of the Zebedee tunnel comes from its three components:
- Zlib compression
- Blowfish encryption
- Diffie-Hellman key agreement.

What is it and for what

Zebedee creates an encrypted tunnel with compression for data transmission over TCP and / or UDP protocols. Among the advantages, I would like to note the ease of installation and configuration of the client and server parts under MS Windows, Linux, FreeBSD, etc.

The following is the basic principle of operation :

  [source] <===> [client] <=====> [server] <===> [target]
             |  |  |
             + - insecure |  + insecure
                connection |  connection
                             + - secure tunnel 

')

IRL

One wonderful morning, suddenly, I needed to see the desktop server (Win 2k3), which was very far from me, in the internal subnet, behind the gateway (FreeBSD). Immediately make a reservation: I know about the existence of VPN, SSH tunnels, VNC, etc, but for some reason I used exactly what will be discussed below. Therefore, the above scheme has acquired the form:

  [my laptop] <===> [zebedee client @ WinXP] <=====> [zebedee server @ FreeBSD] <===> [Win 2k3]
                  |  |  |
                  + - insecure |  + insecure
                      connection |  connection
                                               + - secure tunnel 

Server part

In my case for FreeBSD - source :
zebedee-2.4.1A
blowfish-0.9.5a
zlib-1.2.3
bzip2-1.0.3

we collect libraries:
$cd ./blowfish-0.9.5a/
$make optimize
$cd ..
$cd ./zlib-1.2.3/
$./configure; make
$cd ..
$cd ./bzip2-1.0.3/
$make
$cd ..

and actually zebedee:
$cd ./zebedee-2.4.1A/
$make OS=freebsd
$make install

All of the above, you can also install from the ports:
$cd /usr/ports/security/zebedee
$make install

create the server configuration /usr/local/etc/zebedee.conf:
server true #
serverport 10488 #
ipmode both # TCP UDP
logfile 'var/log/zebedee.log' #
compression zlib:9 # zlib
detached true # ,
verbosity 2
target 192.168.1.5:3389 # RDP

run:
zebedee -f /usr/local/etc/zebedee.conf
and get a working server waiting for incoming connections from the client

Customer

Take zebedee for Windows and install: C: \ Program Files \ Zebedee.
To create a connection to the server, make the 2k3_rdp file with the following contents:
verbosity 1
detached false #
server false #
compression zlib:9 # zlib
serverhost ip.address.server.zebedee # , FreeBSD
serverport 10488
tunnel 3389:192.168.1.5:3389 # RDP 2k3 (192.168.1.5)

For convenience, create a shortcut, indicating in its properties:
"C:\program files\Zebedee\zebedee.exe" -f 2k3_rdp
and run it.
You can also customize the launch as a service, more details here.

It remains to run the Remote Desktop Connection Client, specifying the server address 127.0.0. 2 (in XP SP2 it fails at 127.0.0.1):
mstsc /v 127.0.0.2
and see the long-awaited result - the desktop of the server itself.

Not the end

Of course, we should not forget about security, for example, keys for identifying customers , or checking addresses .
You can use zebedee not only for tasks like the one shown above. With the help of the tunnel, you can easily organize access to the database, the X-server, to virtually any resources that use TCP / IP.