The name of the
Zebedee tunnel comes from its three components:
- Zlib compression
- Blowfish encryption
- Diffie-Hellman key agreement.
What is it and for what
Zebedee creates an encrypted tunnel with compression for data transmission over TCP and / or UDP protocols. Among the advantages, I would like to note the ease of installation and configuration of the client and server parts under MS Windows, Linux, FreeBSD, etc.
The following is the
basic principle of operation :
[source] <===> [client] <=====> [server] <===> [target]
| | |
+ - insecure | + insecure
connection | connection
+ - secure tunnel
')
IRL
One wonderful morning, suddenly, I needed to see the desktop server (Win 2k3), which was very far from me, in the internal subnet, behind the gateway (FreeBSD). Immediately make a reservation: I know about the existence of VPN, SSH tunnels, VNC, etc, but for some reason I used exactly what will be discussed below. Therefore, the above scheme has acquired the form:
[my laptop] <===> [zebedee client @ WinXP] <=====> [zebedee server @ FreeBSD] <===> [Win 2k3]
| | |
+ - insecure | + insecure
connection | connection
+ - secure tunnel
Server part
In my case for FreeBSD -
source :
zebedee-2.4.1A
blowfish-0.9.5a
zlib-1.2.3
bzip2-1.0.3we collect libraries:
$cd ./blowfish-0.9.5a/
$make optimize
$cd ..
$cd ./zlib-1.2.3/
$./configure; make
$cd ..
$cd ./bzip2-1.0.3/
$make
$cd ..
and actually zebedee:
$cd ./zebedee-2.4.1A/
$make OS=freebsd
$make install
All of the above, you can also install from the ports:
$cd /usr/ports/security/zebedee
$make install
create the server configuration /usr/local/etc/zebedee.conf:
server true #
serverport 10488 #
ipmode both # TCP UDP
logfile 'var/log/zebedee.log' #
compression zlib:9 # zlib
detached true # ,
verbosity 2
target 192.168.1.5:3389 # RDP
run:
zebedee -f /usr/local/etc/zebedee.conf
and get a working server waiting for incoming connections from the client
Customer
Take zebedee for Windows and install: C: \ Program Files \ Zebedee.
To create a connection to the server, make the 2k3_rdp file with the following contents:
verbosity 1
detached false #
server false #
compression zlib:9 # zlib
serverhost ip.address.server.zebedee # , FreeBSD
serverport 10488
tunnel 3389:192.168.1.5:3389 # RDP 2k3 (192.168.1.5)
For convenience, create a shortcut, indicating in its properties:
"C:\program files\Zebedee\zebedee.exe" -f 2k3_rdp
and run it.
You can also customize the launch as a service, more details
here.It remains to run the Remote Desktop Connection Client, specifying the server address 127.0.0.
2 (in XP SP2 it fails at 127.0.0.1):
mstsc /v 127.0.0.2
and see the long-awaited result - the desktop of the server itself.
Not the end
Of course, we should not forget about security, for example, keys for
identifying customers , or
checking addresses .
You can use zebedee not only for tasks like the one shown above. With the help of the tunnel, you can easily organize access to the database, the X-server, to virtually any resources that use TCP / IP.