A short story:
Today, in place where I work we were cutted from Internet. I get used to have the access and I decided to deal with it in not-100%-good-way.
I have 2 PCs there, each in 2 phisicaly disconnected networks. On 1st one I have no access to the outside world at all, but I requested my admin to unlock ping to Internet (we are using it sometimes to do our job, so it will be unlocked soon). On the 2nd PC i have access to the web via proxy. The URLs that I visited are monitored so let’s assume it’s useless. I found that I can use any DNS server.
I done some googling and found lot of software that allow me to tunnel tcpip over DNS, ICMP and HTTP and bypass the restrictions. For linux, windows, and others. But! All these require me to have a gateway-PC available from Internet. That is not a problem - I will do it anyway before Monday.
Above it’s - of course - an example scenario where we can use such “features”.
I’m not type of a society-man (no facebook acount, no forums member, etc… but when I think about that how great it would be if I could use my RB750 (gateway at home) as a remote gateway for these tunnels (insted of a PC that is behind it) - I quickly decided to create accout here and write a request to see if “my dreams” can come true - to see what do you (other users and MT people) say about it
I made a quick test over LAN using two WindowsXP boxes and I managed to view a webpage using only DNS queries and answers between PCs. Used this software: http://analogbit.com/software/tcp-over-dns .
I’m sure MT developers don’t need it but source code (not only to above software) is available on the web…
So - what you think ?
PS: It would be great^2 if we get this in not-so-far v.5.x of ROS.
Can you use any protocol over those ports or do they do content filtering aswell? Check the guide for openvpn roadwarrior setup, you could run a linux server or the mikrotik openvpn server (which has some reduced functionality. Check the topics on openvpn) on any port and redirect the gateway..
The most sensible solution would be to run openvpn on port 443 tcp, the traffic itself should be SSl so I see no reason why that would be blocked..
The admin is so lazy he allowed all trafic on port 53. UDP and TCP. To all IPs on Internet. Not filtered in any way. So I’m free now. …or it’s a trap. hmmm…
@pakjebakmeel - there are many ways to “get out”, but that’s not the point!
The question is - as above - what you thing about implementing such very-rare “protocols” into ROS ?
? Combine it with some other very-rare-features and build a super-extra-bonus-package for ROS ?
That’s like convincing MikroTik guys to fully implement OpenVPN. As you’re new here, you probably don’t know it yet, but that’s synonym for “impossible”. Personally I’m for all kinds of optional packages for anything imaginable, no matter how crazy it might be, but it is simply not going to happen any time soon. Probably never.
Just a thought.. not sure if it would work, but in theory it should.
Have you tried creating a DST-NAT rule on your home RB750, to forward all incoming (incoming on external interface) traffic on port 53 to your RB750’s local IP on port 1723?
Try something like this:
/ip firewall nat add dst-port=53 protocol=tcp action=dst-nat to-ports=1723 to-addresses=127.0.0.1 in-interface=pppoe1 chain=dstnat comment=“Forwarding inbound TCP:53 traffic to PPtP Server on localhost”
and for UDP:
/ip firewall nat add dst-port=53 protocol=udp action=dst-nat to-ports=1723 to-addresses=127.0.0.1 in-interface=pppoe1 chain=dstnat comment=“Forwarding inbound TCP:53 traffic to PPtP Server on localhost”
You could replace localhost (127.0.0.1) with your Internal IP. Also, remember to change the name of you in-interface to whatever you called it.
If it doesn’t work for PPtP, try L2TP (just lookup what ports you need and change the DST-NAT rule accordingly)
but when I think about that how great it would be if I could use my RB750 (gateway at home) as a remote gateway for these tunnels (insted of a PC that is behind it) - I quickly decided to create accout here and write a request to see if “my dreams” can come true - to see what do you (other users and MT people) say about it 