Firewall-VPN Lab -- Bypassing Firewalls using VPN

Overview

Organizations, Internet Service Providers (ISPs), and countries often block their internal users from accessing certain external sites. This is called egress filtering. For example, to prevent work-time distraction, many companies set up their egress firewalls to block social network sites, so their employee cannot access those sites from inside their network. For political reasons, many countries set up egress filtering at their ISPs to block their people from accessing selected foreign web sites. Unfortunately, these firewalls can be easily bypassed, and services/products that help users bypass firewalls are widely available on the Internet. The most commonly used technology to bypass egress firewalls is Virtual Private Network (VPN). In particular, this technology is widely used by smartphone users that are affected by egress filtering; there are many VPN apps (for Android, iOS, and other platforms) that can help users bypass egress firewalls.

The learning objective of this lab is for students to see how VPN works in action and how VPN can help bypass egress firewalls. We will implement a very simple VPN in this lab, and use it to bypass firewalls. A typical VPN depends on two pieces of technologies: IP tunneling and encryption. The tunneling technology is the most essential one to help bypass firewalls; the encryption technology is for protecting the content of the traffic that goes through the VPN tunnel. For the sake of simplicity, we will only focus on the tunneling part, so the traffic inside our tunnel is not encrypted. We have a separate VPN lab, which covers both tunneling and encryption. If readers are interested, they can work on our VPN lab to learn how to build a complete VPN. In this lab, we only focus on how to use VPN tunnel to bypass firewalls.

Lab Tasks

• VM version: This lab has been tested on our pre-built SEEDUbuntu16.04 VM.

Recommended Time

• Supervised situation (e.g. a closely-guided lab session):
• Unsupervised situation (e.g. take-home project):

Videos (New)

• This topic is covered in my Udemy course: Internet Security: A Hands-on Approach.
• If you are in Mainland China, you can access the same course from the NetEase platform.

Files that are Needed

• Sample VPN client and server programs (without encryption)

Suggested Reading

• SEED Book by Wenliang Du (Book website) (Chinese version)

SEED Labs

• Home Page

SEED Books

• The 2nd Edition

SEED Lectures

• Udemy Courses