Skip on down to the menu.
Zebedee secure tunnel
According to the Zebedee web site:
Zebedee is a simple program to establish an encrypted, compressed “tunnel” for TCP/IP or UDP data transfer between two systems. This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression
Using Zebedee as a VPN for Laptop Users
Overview:
I cooked up a solution that, to steal an Apple term, just works
. Nothing is required of
the user.
I use an open-source program called Zebedee to create compressed and encrypted tunnels from VPN users to our server. I use pre-shared keys to make the system not vulnerable to man-in-the-middle attacks.
The original Zebedee website is not active any more, but I have archived a local copy if the manual from the Internet Archive.
With this software VPN users can get their company email and browse the company intranet whenever they are connected to the Internet.
Installing Zebedee
For Windows, I use the version 2.5.3 from SourceForge available here or my local copy of zbd253setup.exe.
For Linux clients I've had to figure out how to compile Zebedee from scratch. After much frustration I finally got it to work. I've detailed the steps taken to compile Zebedee for SuSE Linux.
I've also had success building Zebedee on Mac OS X. If you are familiar with the SuSE instructions, it should go well. You'll need to install Homebrew, and at least gcc.
Implementation and results:
Initially there was a problem with connections freezing up, but that was found to be a result of using a 16k packet size instead of the default 8k. Since I switched back to the 8k packet there has not been one lockup.
So far this solution has worked great. To make it seamless, create entries in your hosts file and then use a proxy config script to direct traffic through Zebedee where necessary. For example:
Hosts file:
127.0.0.100 vpn.localresource.mydomain.com
Proxy config script:
function FindProxyForURL(url, host) { var tunnelViaZebedee = "PROXY vpn.localresource.mydomain.com:30000"; // This assumes that Zebedee is listening on port 30000. if (dnsDomainIs(host,"localresource.mydomain.com")) { return tunnelViaZebedee; } else { return DIRECT; } }
If you don't want to tunnel traffic inside the local network, a more advanced proxy config script could decide if the user is outside the local network and only then direct traffic through Zebedee.