Organizations, Internet Service Providers (ISPs), and countries often block their internal users from accessing certain external sites. This is called egress filtering. For example, to prevent work-time distraction, many companies set up their egress firewalls to block social network sites, so their employee cannot access those sites from inside their network. For political reasons, many countries set up egress filtering at their ISPs to block their people from accessing selected foreign web sites. Unfortunately, these firewalls can be easily bypassed, and services/products that help users bypass firewalls are widely available on the Internet. The most commonly used technology to bypass egress firewalls is Virtual Private Network (VPN). In particular, this technology is widely used by smartphone users that are affected by egress filtering; there are many VPN apps (for Android, iOS, and other platforms) that can help users bypass egress firewalls.
The learning objective of this lab is for students to see how VPN works in action and how VPN can help bypass egress firewalls. We will implement a very simple VPN in this lab, and use it to bypass firewalls. A typical VPN depends on two pieces of technologies: IP tunneling and encryption. The tunneling technology is the most essential one to help bypass firewalls; the encryption technology is for protecting the content of the traffic that goes through the VPN tunnel. For the sake of simplicity, we will only focus on the tunneling part, so the traffic inside our tunnel is not encrypted. We have a separate VPN lab, which covers both tunneling and encryption. If readers are interested, they can work on our VPN lab to learn how to build a complete VPN. In this lab, we only focus on how to use VPN tunnel to bypass firewalls.